Infected with TDSS Bing and Google redirect

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

Infected with TDSS Bing and Google redirect Need help removing

#1 noogman

Member

Group: Members
Posts: 17
Joined: 23-January 12

Posted 26 January 2012 - 10:14 PM

Web browsers redirects to advertisement after a search and clicking link. Bookmarks do not redirect when first clicked on but will redirect afterwards. Sometimes web pages slow down or stop responding and I will receive a warning that script is running and I am asked if I want to stop it or not. We have an outside IT, he looked at it and ran a couple of programs TDSS killer, ComboFix, and others to no avail. Please help. Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by gdouglas at 19:04:47 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1233 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\BingBar\BingBar.exe
C:\Program Files\Microsoft\BingBar\BingApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient_2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "c:\documents and settings\hwilli\local settings\application data\akamai\netsession_win.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230034079881
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230033763904
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{C42441BC-202C-447A-9C53-CA2F9084FD5E} : NameServer = 192.168.1.5
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\windows\system32\WowCtl2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-12 2440632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-8 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120122.004\NAVENG.SYS [2012-1-22 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120122.004\NAVEX15.SYS [2012-1-22 1576312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-01-24 00:03:51 607260 ------r- C:\dds.scr
2012-01-23 16:31:50 -------- d-----w- c:\documents and settings\all users\application data\Ricoh
2012-01-23 15:06:07 -------- d-----w- c:\program files\Kodak
2012-01-23 15:06:07 -------- d-----w- c:\program files\common files\Kodak
2012-01-23 15:04:47 -------- d-----w- c:\documents and settings\all users\application data\{A0559A84-0A11-425F-BFFC-532378694B25}
2012-01-16 17:16:32 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-16 15:43:20 -------- d-sha-r- C:\cmdcons
2012-01-16 15:30:58 98816 ----a-w- c:\windows\sed.exe
2012-01-16 15:30:58 518144 ----a-w- c:\windows\SWREG.exe
2012-01-16 15:30:58 256000 ----a-w- c:\windows\PEV.exe
2012-01-16 15:30:58 208896 ----a-w- c:\windows\MBR.exe
2011-12-30 17:29:25 -------- d-----w- c:\program files\AutoCAD 2010
2011-12-30 17:28:45 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-12-30 17:28:45 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-12-30 17:28:43 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-12-30 17:08:50 -------- d-----w- c:\program files\Autodesk V2010
2011-12-30 15:16:35 -------- d-----w- C:\iDrawingsSetup
2011-12-29 21:52:52 -------- d-----w- c:\program files\Any DWF to DWG Converter
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 12:23:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-07-14 13:12:00 1498112 ----a-w- c:\program files\checkEng.DLL
2010-07-13 15:55:36 274944 ----a-w- c:\program files\COMcheck.exe
2010-07-12 16:35:20 74 ----a-w- c:\program files\Start_COMcheck_CL.bat
2010-07-12 16:35:20 111 ----a-w- c:\program files\Start_COMcheck_CL_Log.bat
2010-07-12 16:35:18 223 ----a-w- c:\program files\unpackJars.bat
2010-07-12 16:35:16 348160 ----a-w- c:\program files\msvcr71.dll
2010-07-12 16:35:16 122880 ----a-w- c:\program files\unpack200.exe
2010-07-12 16:17:48 24576 ----a-w- c:\program files\keyHH.exe
2007-11-21 09:38:04 161344 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 19:05:36.94 ===============

Attached File(s)

ark.txt (10.24K)
Number of downloads: 7
attach.txt (24.45K)
Number of downloads: 1

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 27 January 2012 - 09:33 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Can you please post the ComboFix log and TDSSKiller log file for me to review? They can be found in your C:\ drive.

Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

NEXT:

Running OTL

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix and TDSSKiller log files.
3. aswMBR log file
4. OTL.txt & Extras.txt log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 noogman

Member

Group: Members
Posts: 17
Joined: 23-January 12

Posted 27 January 2012 - 01:13 PM

1. No questions or comments at the moment.

2. ComboFix and TDSSKiller log files:

ComboFix 12-01-16.02 - gdouglas 01/16/2012 10:47:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1267 [GMT -5:00]
Running from: c:\documents and settings\gdouglas\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\gdouglas\Application Data\Adobe\plugs
c:\documents and settings\gdouglas\Application Data\Adobe\shed
c:\documents and settings\gdouglas\Application Data\EurekaLog
c:\documents and settings\gdouglas\Local Settings\Application Data\{41FC20CA-ACB7-45B2-BBDC-1206BDC0D1EE}
c:\documents and settings\gdouglas\Local Settings\Application Data\{41FC20CA-ACB7-45B2-BBDC-1206BDC0D1EE}\chrome.manifest
c:\documents and settings\gdouglas\Local Settings\Application Data\{41FC20CA-ACB7-45B2-BBDC-1206BDC0D1EE}\chrome\content\_cfg.js
c:\documents and settings\gdouglas\Local Settings\Application Data\{41FC20CA-ACB7-45B2-BBDC-1206BDC0D1EE}\chrome\content\overlay.xul
c:\documents and settings\gdouglas\Local Settings\Application Data\{41FC20CA-ACB7-45B2-BBDC-1206BDC0D1EE}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2011-12-30 17:29 . 2011-12-30 17:33 -------- d-----w- c:\program files\AutoCAD 2010
2011-12-30 17:28 . 2008-03-05 20:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-12-30 17:28 . 2008-02-06 04:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-12-30 17:28 . 2008-03-05 20:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-12-30 17:08 . 2011-12-30 17:15 -------- d-----w- c:\program files\Autodesk V2010
2011-12-30 15:16 . 2011-12-30 15:26 -------- d-----w- C:\iDrawingsSetup
2011-12-29 21:52 . 2011-12-29 21:52 -------- d-----w- c:\program files\Any DWF to DWG Converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2008-08-27 11:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-11 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 12:23 . 2011-06-06 11:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35 . 2004-08-11 23:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-11 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-11 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-11 23:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-11 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-07-14 13:12 . 2010-07-19 13:03 1498112 ----a-w- c:\program files\checkEng.DLL
2010-07-13 15:55 . 2010-07-19 13:03 274944 ----a-w- c:\program files\COMcheck.exe
2010-07-12 16:35 . 2010-07-19 13:03 74 ----a-w- c:\program files\Start_COMcheck_CL.bat
2010-07-12 16:35 . 2010-07-19 13:03 111 ----a-w- c:\program files\Start_COMcheck_CL_Log.bat
2010-07-12 16:35 . 2010-07-19 13:03 223 ----a-w- c:\program files\unpackJars.bat
2010-07-12 16:35 . 2010-07-19 13:03 122880 ----a-w- c:\program files\unpack200.exe
2010-07-12 16:35 . 2010-07-19 13:03 348160 ----a-w- c:\program files\msvcr71.dll
2010-07-12 16:17 . 2010-07-19 13:03 24576 ----a-w- c:\program files\keyHH.exe
2007-11-21 09:38 . 2010-07-19 13:04 161344 ----a-w- c:\program files\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient_2.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-18 68856]
"Akamai NetSession Interface"="c:\documents and settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-21 8466432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1015808]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-14 724992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-07-27 01:03 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15164:UDP"= 15164:UDP:AM Agent
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 6:00 PM 14336]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 3:30 PM 79168]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/8/2011 4:00 AM 106104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 10:35 PM 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 5:17 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 10:35 PM 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 83447073
*Deregistered* - 83447073
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-11 00:12]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 03:35]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 03:35]
.
2012-01-16 c:\windows\Tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{C42441BC-202C-447A-9C53-CA2F9084FD5E}: NameServer = 192.168.1.5
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SWClient - c:\program files\AMSys\swsys.exe
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-ytccuhoo - c:\documents and settings\gdouglas\Local Settings\Application Data\kxjkotkyf\fktedahtssd.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-16 10:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1064)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2012-01-16 10:59:19
ComboFix-quarantined-files.txt 2012-01-16 15:59
.
Pre-Run: 159,769,722,880 bytes free
Post-Run: 165,571,731,456 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DB51AC950CFF11272A32D2535ADED503

10:28:51.0932 0884 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
10:28:52.0197 0884 ============================================================
10:28:52.0197 0884 Current date / time: 2012/01/16 10:28:52.0197
10:28:52.0197 0884 SystemInfo:
10:28:52.0197 0884
10:28:52.0197 0884 OS Version: 5.1.2600 ServicePack: 3.0
10:28:52.0197 0884 Product type: Workstation
10:28:52.0197 0884 ComputerName: GARYD
10:28:52.0197 0884 UserName: gdouglas
10:28:52.0197 0884 Windows directory: C:\WINDOWS
10:28:52.0197 0884 System windows directory: C:\WINDOWS
10:28:52.0197 0884 Processor architecture: Intel x86
10:28:52.0197 0884 Number of processors: 2
10:28:52.0197 0884 Page size: 0x1000
10:28:52.0197 0884 Boot type: Normal boot
10:28:52.0197 0884 ============================================================
10:28:52.0666 0884 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400, SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
10:28:52.0729 0884 Initialize success
10:28:54.0135 3496 ============================================================
10:28:54.0135 3496 Scan started
10:28:54.0135 3496 Mode: Manual;
10:28:54.0135 3496 ============================================================
10:28:55.0869 3496 Abiosdsk - ok
10:28:55.0916 3496 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:28:55.0916 3496 abp480n5 - ok
10:28:55.0947 3496 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:28:56.0010 3496 ACPI - ok
10:28:56.0041 3496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:28:56.0041 3496 ACPIEC - ok
10:28:56.0119 3496 ADIHdAudAddService (de25fc7de3a464e455c0d0012757b0ac) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:28:56.0166 3496 ADIHdAudAddService - ok
10:28:56.0213 3496 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:28:56.0213 3496 adpu160m - ok
10:28:56.0244 3496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:28:56.0260 3496 aec - ok
10:28:56.0307 3496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:28:56.0322 3496 AFD - ok
10:28:56.0354 3496 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:28:56.0369 3496 agp440 - ok
10:28:56.0401 3496 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:28:56.0401 3496 agpCPQ - ok
10:28:56.0432 3496 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:28:56.0432 3496 Aha154x - ok
10:28:56.0463 3496 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:28:56.0479 3496 aic78u2 - ok
10:28:56.0510 3496 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:28:56.0510 3496 aic78xx - ok
10:28:56.0541 3496 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:28:56.0572 3496 AliIde - ok
10:28:56.0604 3496 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:28:56.0619 3496 alim1541 - ok
10:28:56.0666 3496 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:28:56.0666 3496 amdagp - ok
10:28:56.0697 3496 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:28:56.0697 3496 amsint - ok
10:28:56.0744 3496 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:28:56.0744 3496 asc - ok
10:28:56.0791 3496 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:28:56.0807 3496 asc3350p - ok
10:28:56.0838 3496 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:28:56.0869 3496 asc3550 - ok
10:28:56.0947 3496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:28:56.0947 3496 AsyncMac - ok
10:28:56.0979 3496 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:28:57.0041 3496 atapi - ok
10:28:57.0072 3496 Atdisk - ok
10:28:57.0119 3496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:28:57.0119 3496 Atmarpc - ok
10:28:57.0135 3496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:28:57.0135 3496 audstub - ok
10:28:57.0166 3496 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:28:57.0166 3496 b57w2k - ok
10:28:57.0260 3496 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:28:57.0260 3496 BASFND - ok
10:28:57.0322 3496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:28:57.0322 3496 Beep - ok
10:28:57.0369 3496 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:28:57.0369 3496 cbidf - ok
10:28:57.0385 3496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:28:57.0385 3496 cbidf2k - ok
10:28:57.0401 3496 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:28:57.0432 3496 cd20xrnt - ok
10:28:57.0463 3496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:28:57.0463 3496 Cdaudio - ok
10:28:57.0510 3496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:28:57.0510 3496 Cdfs - ok
10:28:57.0541 3496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:28:57.0541 3496 Cdrom - ok
10:28:57.0541 3496 Changer - ok
10:28:57.0572 3496 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:28:57.0588 3496 CmdIde - ok
10:28:57.0635 3496 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
10:28:57.0651 3496 COH_Mon - ok
10:28:57.0682 3496 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:28:57.0682 3496 Cpqarray - ok
10:28:57.0697 3496 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:28:57.0713 3496 dac2w2k - ok
10:28:57.0729 3496 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:28:57.0729 3496 dac960nt - ok
10:28:57.0760 3496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:28:57.0760 3496 Disk - ok
10:28:57.0807 3496 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:28:57.0854 3496 dmboot - ok
10:28:57.0869 3496 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:28:57.0869 3496 dmio - ok
10:28:57.0885 3496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:28:57.0885 3496 dmload - ok
10:28:57.0916 3496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:28:57.0916 3496 DMusic - ok
10:28:57.0947 3496 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:28:57.0963 3496 dpti2o - ok
10:28:57.0994 3496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:28:57.0994 3496 drmkaud - ok
10:28:58.0010 3496 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:28:58.0026 3496 E100B - ok
10:28:58.0104 3496 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:28:58.0119 3496 eeCtrl - ok
10:28:58.0151 3496 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:28:58.0182 3496 EraserUtilRebootDrv - ok
10:28:58.0291 3496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:28:58.0354 3496 Fastfat - ok
10:28:58.0385 3496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:28:58.0401 3496 Fdc - ok
10:28:58.0416 3496 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:28:58.0416 3496 Fips - ok
10:28:58.0447 3496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:28:58.0447 3496 Flpydisk - ok
10:28:58.0510 3496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:28:58.0510 3496 FltMgr - ok
10:28:58.0557 3496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:28:58.0557 3496 Fs_Rec - ok
10:28:58.0588 3496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:28:58.0588 3496 Ftdisk - ok
10:28:58.0635 3496 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:28:58.0635 3496 GEARAspiWDM - ok
10:28:58.0682 3496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:28:58.0682 3496 Gpc - ok
10:28:58.0744 3496 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:28:58.0760 3496 HDAudBus - ok
10:28:58.0791 3496 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:28:58.0791 3496 HidUsb - ok
10:28:58.0822 3496 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:28:58.0838 3496 hpn - ok
10:28:58.0885 3496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:28:58.0901 3496 HTTP - ok
10:28:58.0916 3496 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:28:58.0932 3496 i2omgmt - ok
10:28:58.0963 3496 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:28:58.0963 3496 i2omp - ok
10:28:58.0979 3496 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:28:58.0994 3496 i8042prt - ok
10:28:59.0041 3496 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\WINDOWS\system32\drivers\iaStor.sys
10:28:59.0041 3496 iaStor - ok
10:28:59.0057 3496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:28:59.0057 3496 Imapi - ok
10:28:59.0088 3496 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:28:59.0104 3496 ini910u - ok
10:28:59.0119 3496 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:28:59.0135 3496 IntelIde - ok
10:28:59.0166 3496 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:28:59.0166 3496 intelppm - ok
10:28:59.0197 3496 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:28:59.0197 3496 Ip6Fw - ok
10:28:59.0229 3496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:28:59.0244 3496 IpFilterDriver - ok
10:28:59.0276 3496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:28:59.0291 3496 IpInIp - ok
10:28:59.0322 3496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:28:59.0369 3496 IpNat - ok
10:28:59.0416 3496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:28:59.0463 3496 IPSec - ok
10:28:59.0526 3496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:28:59.0526 3496 IRENUM - ok
10:28:59.0572 3496 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:28:59.0619 3496 isapnp - ok
10:28:59.0635 3496 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:28:59.0635 3496 Kbdclass - ok
10:28:59.0651 3496 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:28:59.0651 3496 kbdhid - ok
10:28:59.0666 3496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:28:59.0666 3496 kmixer - ok
10:28:59.0713 3496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:28:59.0729 3496 KSecDD - ok
10:28:59.0729 3496 lbrtfdc - ok
10:28:59.0760 3496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:28:59.0776 3496 mnmdd - ok
10:28:59.0791 3496 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:28:59.0791 3496 Modem - ok
10:28:59.0822 3496 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:28:59.0822 3496 Mouclass - ok
10:28:59.0869 3496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:28:59.0869 3496 mouhid - ok
10:28:59.0885 3496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:28:59.0885 3496 MountMgr - ok
10:28:59.0916 3496 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:28:59.0932 3496 mraid35x - ok
10:28:59.0932 3496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:28:59.0947 3496 MRxDAV - ok
10:28:59.0994 3496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:29:00.0010 3496 MRxSmb - ok
10:29:00.0026 3496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:29:00.0026 3496 Msfs - ok
10:29:00.0041 3496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:29:00.0057 3496 MSKSSRV - ok
10:29:00.0072 3496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:29:00.0088 3496 MSPCLOCK - ok
10:29:00.0119 3496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:29:00.0119 3496 MSPQM - ok
10:29:00.0151 3496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:29:00.0166 3496 mssmbios - ok
10:29:00.0213 3496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:29:00.0213 3496 Mup - ok
10:29:00.0322 3496 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120114.019\NAVENG.SYS
10:29:00.0338 3496 NAVENG - ok
10:29:00.0401 3496 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120114.019\NAVEX15.SYS
10:29:00.0463 3496 NAVEX15 - ok
10:29:00.0572 3496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:29:00.0651 3496 NDIS - ok
10:29:00.0682 3496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:29:00.0697 3496 NdisTapi - ok
10:29:00.0729 3496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:29:00.0729 3496 Ndisuio - ok
10:29:00.0744 3496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:29:00.0807 3496 NdisWan - ok
10:29:00.0854 3496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:29:00.0869 3496 NDProxy - ok
10:29:00.0885 3496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:29:00.0901 3496 NetBIOS - ok
10:29:00.0916 3496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:29:00.0932 3496 NetBT - ok
10:29:00.0963 3496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:29:00.0979 3496 Npfs - ok
10:29:01.0010 3496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:29:01.0041 3496 Ntfs - ok
10:29:01.0088 3496 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
10:29:01.0104 3496 NuidFltr - ok
10:29:01.0151 3496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:29:01.0151 3496 Null - ok
10:29:01.0307 3496 nv (5a6469d861970151e687fb76e10bbb3a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:29:01.0526 3496 nv - ok
10:29:01.0588 3496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:29:01.0588 3496 NwlnkFlt - ok
10:29:01.0619 3496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:29:01.0619 3496 NwlnkFwd - ok
10:29:01.0682 3496 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:29:01.0698 3496 Parport - ok
10:29:01.0729 3496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:29:01.0729 3496 PartMgr - ok
10:29:01.0760 3496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:29:01.0760 3496 ParVdm - ok
10:29:01.0760 3496 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:29:01.0776 3496 PCI - ok
10:29:01.0791 3496 PCIDump - ok
10:29:01.0807 3496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:29:01.0823 3496 PCIIde - ok
10:29:01.0869 3496 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:29:01.0869 3496 Pcmcia - ok
10:29:01.0885 3496 PDCOMP - ok
10:29:01.0901 3496 PDFRAME - ok
10:29:01.0916 3496 PDRELI - ok
10:29:01.0916 3496 PDRFRAME - ok
10:29:01.0979 3496 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:29:01.0979 3496 perc2 - ok
10:29:01.0994 3496 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:29:02.0010 3496 perc2hib - ok
10:29:02.0041 3496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:29:02.0088 3496 PptpMiniport - ok
10:29:02.0088 3496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:29:02.0104 3496 PSched - ok
10:29:02.0119 3496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:29:02.0135 3496 Ptilink - ok
10:29:02.0182 3496 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:29:02.0198 3496 PxHelp20 - ok
10:29:02.0229 3496 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:29:02.0244 3496 ql1080 - ok
10:29:02.0260 3496 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:29:02.0276 3496 Ql10wnt - ok
10:29:02.0291 3496 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:29:02.0291 3496 ql12160 - ok
10:29:02.0323 3496 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:29:02.0323 3496 ql1240 - ok
10:29:02.0354 3496 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:29:02.0369 3496 ql1280 - ok
10:29:02.0401 3496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:29:02.0401 3496 RasAcd - ok
10:29:02.0448 3496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:29:02.0448 3496 Rasl2tp - ok
10:29:02.0463 3496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:29:02.0479 3496 RasPppoe - ok
10:29:02.0510 3496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:29:02.0526 3496 Raspti - ok
10:29:02.0557 3496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:29:02.0573 3496 Rdbss - ok
10:29:02.0604 3496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:29:02.0604 3496 RDPCDD - ok
10:29:02.0619 3496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:29:02.0635 3496 rdpdr - ok
10:29:02.0698 3496 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:29:02.0713 3496 RDPWD - ok
10:29:02.0760 3496 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:29:02.0776 3496 redbook - ok
10:29:02.0854 3496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:29:02.0869 3496 Secdrv - ok
10:29:02.0916 3496 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
10:29:02.0916 3496 SenFiltService - ok
10:29:02.0963 3496 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:29:02.0994 3496 serenum - ok
10:29:03.0010 3496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:29:03.0026 3496 Serial - ok
10:29:03.0026 3496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:29:03.0041 3496 Sfloppy - ok
10:29:03.0057 3496 Simbad - ok
10:29:03.0088 3496 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:29:03.0104 3496 sisagp - ok
10:29:03.0151 3496 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:29:03.0151 3496 Sparrow - ok
10:29:03.0229 3496 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:29:03.0244 3496 SPBBCDrv - ok
10:29:03.0369 3496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:29:03.0369 3496 splitter - ok
10:29:03.0401 3496 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:29:03.0401 3496 sr - ok
10:29:03.0416 3496 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\WINDOWS\system32\Drivers\SRTSP.SYS
10:29:03.0432 3496 SRTSP - ok
10:29:03.0463 3496 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
10:29:03.0479 3496 SRTSPL - ok
10:29:03.0510 3496 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
10:29:03.0510 3496 SRTSPX - ok
10:29:03.0557 3496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:29:03.0573 3496 Srv - ok
10:29:03.0619 3496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:29:03.0619 3496 swenum - ok
10:29:03.0682 3496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:29:03.0682 3496 swmidi - ok
10:29:03.0713 3496 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:29:03.0729 3496 symc810 - ok
10:29:03.0744 3496 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:29:03.0760 3496 symc8xx - ok
10:29:03.0791 3496 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
10:29:03.0791 3496 SymEvent - ok
10:29:03.0838 3496 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
10:29:03.0838 3496 SYMREDRV - ok
10:29:03.0885 3496 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
10:29:03.0901 3496 SYMTDI - ok
10:29:03.0932 3496 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:29:03.0932 3496 sym_hi - ok
10:29:03.0948 3496 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:29:03.0948 3496 sym_u3 - ok
10:29:03.0994 3496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:29:03.0994 3496 sysaudio - ok
10:29:04.0041 3496 SysPlant (6ccbb4b7e72c8ee59e0b649b4feec3d1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
10:29:04.0041 3496 SysPlant - ok
10:29:04.0088 3496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:29:04.0104 3496 Tcpip - ok
10:29:04.0135 3496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:29:04.0151 3496 TDPIPE - ok
10:29:04.0166 3496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:29:04.0166 3496 TDTCP - ok
10:29:04.0213 3496 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
10:29:04.0213 3496 Teefer2 - ok
10:29:04.0244 3496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:29:04.0244 3496 TermDD - ok
10:29:04.0291 3496 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:29:04.0291 3496 TosIde - ok
10:29:04.0323 3496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:29:04.0338 3496 Udfs - ok
10:29:04.0369 3496 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:29:04.0369 3496 ultra - ok
10:29:04.0416 3496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:29:04.0432 3496 Update - ok
10:29:04.0463 3496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:29:04.0463 3496 usbccgp - ok
10:29:04.0510 3496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:29:04.0526 3496 usbehci - ok
10:29:04.0557 3496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:29:04.0619 3496 usbhub - ok
10:29:04.0682 3496 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:29:04.0682 3496 usbscan - ok
10:29:04.0729 3496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:29:04.0729 3496 USBSTOR - ok
10:29:04.0776 3496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:29:04.0791 3496 usbuhci - ok
10:29:04.0823 3496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:29:04.0823 3496 VgaSave - ok
10:29:04.0869 3496 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:29:04.0869 3496 viaagp - ok
10:29:04.0901 3496 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:29:04.0916 3496 ViaIde - ok
10:29:04.0948 3496 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:29:04.0948 3496 VolSnap - ok
10:29:04.0979 3496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:29:04.0979 3496 Wanarp - ok
10:29:05.0026 3496 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:29:05.0057 3496 Wdf01000 - ok
10:29:05.0057 3496 WDICA - ok
10:29:05.0073 3496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:29:05.0088 3496 wdmaud - ok
10:29:05.0166 3496 WPS (0cdbea86a391f11918af8576c7844a3f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
10:29:05.0166 3496 WPS - ok
10:29:05.0198 3496 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
10:29:05.0198 3496 WpsHelper - ok
10:29:05.0260 3496 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:29:05.0276 3496 WudfPf - ok
10:29:05.0307 3496 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:29:05.0307 3496 WudfRd - ok
10:29:05.0338 3496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:29:05.0510 3496 \Device\Harddisk0\DR0 - ok
10:29:05.0510 3496 Boot (0x1200) (6b560fee0a1f06ec84ac751a9974c811) \Device\Harddisk0\DR0\Partition0
10:29:05.0510 3496 \Device\Harddisk0\DR0\Partition0 - ok
10:29:05.0510 3496 ============================================================
10:29:05.0510 3496 Scan finished
10:29:05.0510 3496 ============================================================
10:29:05.0510 0324 Detected object count: 0
10:29:05.0510 0324 Actual detected object count: 0
10:29:07.0635 2776 Deinitialize success

3. aswMBR log file

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-27 12:31:57
-----------------------------
12:31:57.439 OS Version: Windows 5.1.2600 Service Pack 3
12:31:57.439 Number of processors: 2 586 0xF0B
12:31:57.439 ComputerName: GARYD UserName:
12:31:58.470 Initialize success
12:32:49.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:32:49.517 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
12:32:49.533 Disk 0 MBR read successfully
12:32:49.533 Disk 0 MBR scan
12:32:49.533 Disk 0 Windows XP default MBR code
12:32:49.533 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
12:32:49.549 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238355 MB offset 112455
12:32:49.549 Disk 0 scanning sectors +488263545
12:32:49.627 Disk 0 scanning C:\WINDOWS\system32\drivers
12:32:58.689 Service scanning
12:32:59.127 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
12:32:59.127 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
12:32:59.142 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
12:32:59.142 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
12:32:59.642 Modules scanning
12:33:03.408 Disk 0 trace - called modules:
12:33:03.424 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:33:03.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a62a030]
12:33:03.424 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a5fd030]
12:33:03.424 Scan finished successfully
12:34:01.424 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\gdouglas\Desktop\MBR.dat"
12:34:01.440 The log file has been saved successfully to "C:\Documents and Settings\gdouglas\Desktop\aswMBR.txt"

4. OTL.txt & Extras.txt log file

OTL logfile created on: 1/27/2012 12:36:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.15% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 153.92 Gb Free Space | 66.12% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 870.41 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 870.41 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 870.41 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 870.41 Gb Free Space | 84.12% Space Free | Partition Type: NTFS

Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 12:34:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
PRC - [2011/12/30 12:31:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/09/22 13:26:26 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/07/07 18:31:08 | 000,259,848 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/07/07 18:31:06 | 000,391,944 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/12 20:55:30 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 00:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/21 17:16:02 | 000,724,992 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/08/28 16:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/10/26 05:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/05/10 23:25:20 | 002,469,888 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2006/10/27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/30 12:31:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 21:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/28 07:40:37 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120126.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120126.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/06/12 20:45:15 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/12 20:58:06 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/05/12 20:56:32 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/04 13:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 13:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 13:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 17:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/09/11 20:23:54 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/11 19:58:28 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/06/20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp

IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1135\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1135\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1135\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1135\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1135\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1136\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1139\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1437\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1437\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1437\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1437\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-3071099048-3318752007-1861972876-1437\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2012/01/16 10:57:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1135\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1136\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1139\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1437\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1135\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1136\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1139\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1139\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1437\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3071099048-3318752007-1861972876-1437\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230034079881 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230033763904 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BlakeVaughan.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C42441BC-202C-447A-9C53-CA2F9084FD5E}: NameServer = 192.168.1.5
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software)
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/28 04:14:54 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/01/24 13:50:05 | 000,000,000 | ---D | M] - W:\AutoSave -- [ NTFS ]
O32 - AutoRun File - [2011/04/28 14:16:33 | 000,000,000 | ---D | M] - Z:\autocad 2010 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 12:34:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
[2012/01/27 12:31:38 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\gdouglas\Desktop\aswMBR.exe
[2012/01/24 17:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\gmer
[2012/01/24 07:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/23 19:03:51 | 000,607,260 | R--- | C] (Swearware) -- C:\dds.scr
[2012/01/23 19:00:38 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\gdouglas\Desktop\dds.scr
[2012/01/23 11:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ricoh
[2012/01/23 10:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/01/23 10:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2012/01/23 10:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
[2012/01/16 12:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\Desktop\RK_Quarantine
[2012/01/16 11:57:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/16 10:43:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/16 10:30:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/16 10:30:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/16 10:30:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/16 10:30:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/16 10:30:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/16 10:30:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 10:30:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gdouglas\Start Menu\Programs\Administrative Tools
[2012/01/16 10:30:01 | 004,385,658 | R--- | C] (Swearware) -- C:\Documents and Settings\gdouglas\Desktop\ComboFix.exe
[2011/12/30 12:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2011/12/30 12:28:45 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/12/30 12:28:45 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/12/30 12:28:43 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/12/30 12:28:31 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/12/30 12:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk V2010
[2011/12/30 10:16:35 | 000,000,000 | ---D | C] -- C:\iDrawingsSetup
[2011/12/29 16:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Any DWF to DWG Converter
[2011/12/29 16:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Any DWF to DWG Converter
[2010/07/19 08:04:10 | 000,161,344 | ---- | C] (Altiris) -- C:\Program Files\UNWISE.EXE
[2010/07/19 08:03:58 | 000,122,880 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\unpack200.exe
[2010/07/19 08:03:52 | 001,498,112 | ---- | C] (U.S. Department of Energy/Pacific Northwest National Laboratory) -- C:\Program Files\checkEng.DLL
[2010/07/19 08:03:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2010/07/19 08:03:52 | 000,024,576 | ---- | C] (KeyWorks Software) -- C:\Program Files\keyHH.exe
[2010/06/07 12:43:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 12:34:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
[2012/01/27 12:34:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\gdouglas\Desktop\MBR.dat
[2012/01/27 12:31:38 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\gdouglas\Desktop\aswMBR.exe
[2012/01/27 12:30:42 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
[2012/01/27 12:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 07:41:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 07:41:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/26 16:31:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/26 16:31:12 | 2144,980,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 07:57:14 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\gdouglas\Desktop\Shortcut to scans on 192.168.1.5.lnk
[2012/01/23 19:04:02 | 000,607,260 | R--- | M] (Swearware) -- C:\dds.scr
[2012/01/23 19:00:40 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\gdouglas\Desktop\dds.scr
[2012/01/23 18:55:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\gdouglas\defogger_reenable
[2012/01/23 18:27:04 | 000,069,612 | ---- | M] () -- C:\acadminidump.dmp
[2012/01/22 20:50:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/01/19 14:43:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/01/18 13:56:27 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/16 12:17:16 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/16 10:57:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/16 10:43:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/16 10:30:03 | 004,385,658 | R--- | M] (Swearware) -- C:\Documents and Settings\gdouglas\Desktop\ComboFix.exe
[2012/01/12 17:37:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 08:48:56 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/01/10 16:51:10 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/10 16:51:10 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 13:49:55 | 001,892,019 | ---- | M] () -- C:\Tambe%20Catalog.pdf
[2012/01/03 12:57:02 | 000,000,848 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\amprm.dat
[2011/12/30 13:10:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/30 12:36:31 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/30 12:31:35 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2011/12/30 10:26:45 | 004,322,979 | ---- | M] () -- C:\Documents and Settings\gdouglas\Desktop\WL-01-07AR.dxf
[2011/12/29 16:52:52 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Any DWF to DWG Converter.lnk
[2011/12/29 16:52:52 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\gdouglas\Desktop\Any DWF to DWG Converter.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 12:34:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\gdouglas\Desktop\MBR.dat
[2012/01/23 18:55:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\gdouglas\defogger_reenable
[2012/01/23 11:33:47 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\gdouglas\Desktop\Shortcut to scans on 192.168.1.5.lnk
[2012/01/16 12:16:32 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/16 12:08:40 | 2144,980,992 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/16 10:43:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/16 10:43:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/16 10:30:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/16 10:30:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/16 10:30:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/16 10:30:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/16 10:30:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/05 13:49:55 | 001,892,019 | ---- | C] () -- C:\Tambe%20Catalog.pdf
[2011/12/30 12:31:35 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2011/12/30 10:26:44 | 004,322,979 | ---- | C] () -- C:\Documents and Settings\gdouglas\Desktop\WL-01-07AR.dxf
[2011/12/29 16:52:52 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Any DWF to DWG Converter.lnk
[2011/12/29 16:52:52 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\gdouglas\Desktop\Any DWF to DWG Converter.lnk
[2011/08/23 12:48:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yviguqidefayo.dat
[2011/08/23 12:48:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ptulube.bin
[2011/04/14 10:58:23 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDIAL.EXE
[2011/01/20 15:12:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/07/27 15:33:09 | 000,824,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 08:03:58 | 000,000,223 | ---- | C] () -- C:\Program Files\unpackJars.bat
[2010/07/19 08:03:52 | 005,918,124 | ---- | C] () -- C:\Program Files\COMcheck.jar
[2010/07/19 08:03:52 | 004,565,469 | ---- | C] () -- C:\Program Files\cities.dat
[2010/07/19 08:03:52 | 000,633,516 | ---- | C] () -- C:\Program Files\counties.dat
[2010/07/19 08:03:52 | 000,274,944 | ---- | C] () -- C:\Program Files\COMcheck.exe
[2010/07/19 08:03:52 | 000,022,931 | ---- | C] () -- C:\Program Files\splash.gif
[2010/07/19 08:03:52 | 000,022,721 | ---- | C] () -- C:\Program Files\example99.cck
[2010/07/19 08:03:52 | 000,015,663 | ---- | C] () -- C:\Program Files\example.cck
[2010/07/19 08:03:52 | 000,000,299 | ---- | C] () -- C:\Program Files\defaults.dat
[2010/07/19 08:03:52 | 000,000,111 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL_Log.bat
[2010/07/19 08:03:52 | 000,000,074 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL.bat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/07 10:20:38 | 000,323,697 | ---- | C] () -- C:\WINDOWS\System32\airxwhl.dll
[2009/07/07 10:18:28 | 001,158,601 | ---- | C] () -- C:\WINDOWS\System32\refprop.dll
[2009/07/07 10:18:28 | 000,729,088 | ---- | C] () -- C:\WINDOWS\System32\r3a.dll
[2009/07/07 10:18:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\jdde.dll
[2009/07/07 10:18:20 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\sdm39.ini
[2009/07/07 09:54:56 | 000,004,497 | ---- | C] () -- C:\WINDOWS\spcfg1.ini
[2009/07/07 09:54:17 | 000,002,275 | ---- | C] () -- C:\WINDOWS\System32\FSDM.INI
[2009/07/07 09:54:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ECATENB2.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN33.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN32.DLL
[2009/06/24 12:52:48 | 000,000,848 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\amprm.dat
[2009/06/24 12:52:48 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\awmsg.dat
[2009/06/24 12:52:48 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amguid.dat
[2009/06/24 12:52:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\winam.dat
[2009/05/21 08:58:32 | 000,062,208 | ---- | C] () -- C:\WINDOWS\System32\SCP150A.DLL
[2009/05/21 08:58:32 | 000,024,065 | ---- | C] () -- C:\WINDOWS\System32\SCP150.DLL
[2008/09/16 15:02:08 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 07:45:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ESDErr1.dll
[2008/09/02 14:31:30 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/09/02 12:18:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\fusioncache.dat
[2008/09/02 12:07:14 | 000,000,140 | ---- | C] () -- C:\WINDOWS\subrules.ini
[2008/09/02 12:07:13 | 000,017,848 | ---- | C] () -- C:\WINDOWS\TOPSS.ini
[2008/09/02 12:07:13 | 000,000,135 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2008/09/02 12:07:13 | 000,000,065 | ---- | C] () -- C:\WINDOWS\dcrudll.ini
[2008/09/02 12:05:37 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt2x.dll
[2008/09/02 12:05:37 | 000,169,567 | ---- | C] () -- C:\WINDOWS\System32\LJWing.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriterX2.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriter.dll
[2008/09/02 12:05:36 | 000,410,624 | ---- | C] () -- C:\WINDOWS\System32\dforrt.dll
[2008/09/02 12:05:36 | 000,251,904 | ---- | C] () -- C:\WINDOWS\System32\orant71.dll
[2008/09/02 12:05:36 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Ivinfo.exe
[2008/09/02 12:05:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\ivtrn12.dll
[2008/09/02 12:05:36 | 000,005,792 | ---- | C] () -- C:\WINDOWS\System32\odbc16ut.dll
[2008/09/02 12:05:35 | 000,775,168 | ---- | C] () -- C:\WINDOWS\System32\corent23.dll
[2008/09/02 12:05:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/09/02 12:05:32 | 000,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2008/09/02 12:05:25 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\rcbuild.dll
[2008/09/02 12:05:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\PipelineX2.dll
[2008/09/02 12:05:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\PipelineX.dll
[2008/02/21 11:57:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/02/21 11:56:05 | 000,002,095 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/21 11:37:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/14 14:48:47 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2008/02/14 14:48:47 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2008/01/18 18:04:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/18 17:44:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/18 17:43:15 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

< End of report >

OTL Extras logfile created on: 1/27/2012 12:36:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.15% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 153.92 Gb Free Space | 66.12% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 870.41 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 870.41 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 870.41 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 870.41 Gb Free Space | 84.12% Space Free | Partition Type: NTFS

Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"15164:UDP" = 15164:UDP:*:Enabled:AM Agent
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"3257:TCP" = 3257:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"15164:UDP" = 15164:UDP:*:Enabled:AM Agent
"1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"\\Bvdc1\Wrightsoft HVAC\RSU.EXE" = \\Bvdc1\Wrightsoft HVAC\RSU.EXE:*:Enabled:Right-WebServer
"C:\Documents and Settings\gdouglas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\gdouglas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Documents and Settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19F1A99A-196F-4D18-BC36-C1DAD6ABCCF3}" = KODAK Share Button App
"{1BD7620A-E5D9-4E57-A7A1-08BFA9005BAC}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237a4b21-78c1-11d6-a394-00104bd190b1}" = QuickBooks Basic Edition 2003
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2b02f834-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Professional Services Edition 2004
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{5783F2D7-5106-0409-0012-0060B0CE6BBA}" = Autodesk Building Systems 2007.1
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{989C7412-E123-47B0-A8FD-CC9378E8BA34}" = iDrawings Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A09C820B-B173-47AA-9E68-C39D1F45648C}" = TREAT
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6F2A554-C572-46FD-BD7B-9CF1BCFCC8CA}" = Pipeline
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{B2093599-1478-425C-884E-677312C20424}" = TOPSS
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9693E8C-200D-4F8D-8366-2467A7F225E6}" = AccusizeSetup
"{BC1E08E0-CB2D-11DE-72AE-021CA0252CD6}" = Chvac Version 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{DD8C7B5F-7F1B-41EE-BB83-991075A30327}" = TOPSS
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.3 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AHU Selection v5.90" = AHU Selection v5.90
"AHUBuilder v6.00" = AHUBuilder v6.00
"Air Terminals Builder 1.09a" = Air Terminals Builder 1.09a
"Any DWF to DWG Converter_is1" = Any DWF to DWG Converter 2010
"Applied RTU Builder 2.03" = Applied RTU Builder 2.03
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"CAPS Engineer" = CAPS (Engineer)
"Chvac Version 7" = Chvac Version 7
"COMcheck 3.6.0" = COMcheck 3.6.0
"COMcheck 3.7.1" = COMcheck 3.7.1
"COMcheck 3.8.0 " = COMcheck 3.8.0
"Commercial Split Systems Builder v1.09g" = Commercial Split Systems Builder v1.09g
"E-CAT / E20-II Configuration Services 2.21" = E-CAT / E20-II Configuration Services 2.21
"E-CAT Enable 2.11" = E-CAT Enable 2.11
"Fan Coil Builder 3.29f" = Fan Coil Builder 3.29f
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Igneus Hydrant Flow Test" = Igneus Hydrant Flow Test 2.0
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nu-Fin Coil Selection v1.06" = Nu-Fin Coil Selection v1.06
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"Packaged RTU Builder 1.19i" = Packaged RTU Builder 1.19i
"PoolPak Selection Software" = PoolPak Selection Software
"ProjectPoint-2008" = Autodesk Buzzsaw 2008.4.10013.111
"Right-Suite Universal Workstation" = Right-Suite Universal Workstation
"SCU Builder 2.09d" = SCU Builder 2.09d
"Unit Ventilators Builder 1.10" = Unit Ventilators Builder 1.10
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WSHP Builder 4.19l" = WSHP Builder 4.19l
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Builder Framework 1.03q" = X Builder Framework 1.03q

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"FileZilla Client" = FileZilla Client 3.5.1
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2012 8:19:55 PM | Computer Name = GARYD | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\Documents and Settings\gdouglas\Local
Settings\Temporary Internet Files\Content.IE5\C5GFDE5J\gmer[1]\gmer.exe by: Auto-Protect
scan. Action: Quarantine succeeded : Access denied. Action Description: The file
was quarantined successfully.

Error - 1/24/2012 6:36:04 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/24/2012 6:37:13 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/25/2012 1:30:50 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/25/2012 2:36:10 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/25/2012 4:26:24 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/25/2012 6:05:51 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/25/2012 6:07:07 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/25/2012 6:22:35 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/25/2012 6:33:28 PM | Computer Name = GARYD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/16/2012 12:58:47 PM | Computer Name = GARYD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/16/2012 1:07:40 PM | Computer Name = GARYD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/24/2012 8:34:21 AM | Computer Name = GARYD | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 0117289c, parameter2 00000002, parameter3
00000000, parameter4 f7b51c68.

Error - 1/24/2012 4:37:28 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 1/24/2012 4:37:38 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Bing Bar Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 1/24/2012 4:38:04 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated
unexpectedly. It has done this 1 time(s).

Error - 1/24/2012 4:38:19 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/24/2012 4:38:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/24/2012 4:40:23 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.

Error - 1/24/2012 4:40:23 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.

< End of report >

5. Computer seems to be running ok except for the internet. It has been about 2 weeks when I noticed the first redirects though I am experiencing a lot more of web pages "not responding." I have stop using the internet on this computer.

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 28 January 2012 - 02:03 AM

Hi noogman!

Do you recognize these files?

[2010/07/19 08:03:58 | 000,000,223 | ---- | C] () -- C:\Program Files\unpackJars.bat
[2010/07/19 08:03:52 | 005,918,124 | ---- | C] () -- C:\Program Files\COMcheck.jar
[2010/07/19 08:03:52 | 004,565,469 | ---- | C] () -- C:\Program Files\cities.dat
[2010/07/19 08:03:52 | 000,633,516 | ---- | C] () -- C:\Program Files\counties.dat
[2010/07/19 08:03:52 | 000,274,944 | ---- | C] () -- C:\Program Files\COMcheck.exe
[2010/07/19 08:03:52 | 000,022,931 | ---- | C] () -- C:\Program Files\splash.gif
[2010/07/19 08:03:52 | 000,022,721 | ---- | C] () -- C:\Program Files\example99.cck
[2010/07/19 08:03:52 | 000,015,663 | ---- | C] () -- C:\Program Files\example.cck
[2010/07/19 08:03:52 | 000,000,299 | ---- | C] () -- C:\Program Files\defaults.dat

Can you just confirm that you enabled these?

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

Do you recognize this open port?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

Please delete the current copy of TDSSKiller from your desktop and download a new copy below.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

NEXT:

OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
:OTL
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/08/23 12:48:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yviguqidefayo.dat
[2011/08/23 12:48:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ptulube.bin
:Files
dir /s /a "C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}" /c
type "C:\WINDOWS\tasks\defrag.job" /c
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Remove Program
We need to remove a program. To do this please do the following:

Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for the following (if present):
- J2SE Runtime Environment 5.0 Update 6
- Java™ 6 Update 3
- Java™ 6 Update 5
- Java™ 6 Update 7
- Java 2 Runtime Environment, SE v1.4.2_19
- Google Toolbar for Internet Explorer <== If you don't use it, then I suggest removing it.
- Bing Bar <== If you don't use it, then I suggest removing it.

#5 noogman

Member

Group: Members
Posts: 17
Joined: 23-January 12

Posted 28 January 2012 - 10:14 AM

1. Yes, files are an old program. Can be removed if you wish.

2. I will ask IT guy about enabled ports.

3. I will ask IT guy about open port.

4. TDSSKiller log. FYI ... program did not ask me to reboot.

09:00:48.0507 1296 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
09:00:48.0726 1296 ============================================================
09:00:48.0726 1296 Current date / time: 2012/01/28 09:00:48.0726
09:00:48.0726 1296 SystemInfo:
09:00:48.0726 1296
09:00:48.0726 1296 OS Version: 5.1.2600 ServicePack: 3.0
09:00:48.0726 1296 Product type: Workstation
09:00:48.0726 1296 ComputerName: GARYD
09:00:48.0726 1296 UserName: gdouglas
09:00:48.0726 1296 Windows directory: C:\WINDOWS
09:00:48.0726 1296 System windows directory: C:\WINDOWS
09:00:48.0726 1296 Processor architecture: Intel x86
09:00:48.0726 1296 Number of processors: 2
09:00:48.0726 1296 Page size: 0x1000
09:00:48.0726 1296 Boot type: Normal boot
09:00:48.0726 1296 ============================================================
09:00:49.0038 1296 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:00:49.0069 1296 Initialize success
09:01:36.0724 2332 ============================================================
09:01:36.0724 2332 Scan started
09:01:36.0724 2332 Mode: Manual; SigCheck; TDLFS;
09:01:36.0724 2332 ============================================================
09:01:37.0052 2332 Abiosdsk - ok
09:01:37.0083 2332 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:01:37.0349 2332 abp480n5 - ok
09:01:37.0411 2332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:01:37.0489 2332 ACPI - ok
09:01:37.0567 2332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:01:37.0661 2332 ACPIEC - ok
09:01:37.0724 2332 ADIHdAudAddService (de25fc7de3a464e455c0d0012757b0ac) C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:01:37.0755 2332 ADIHdAudAddService - ok
09:01:37.0802 2332 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:01:37.0896 2332 adpu160m - ok
09:01:37.0942 2332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:01:38.0036 2332 aec - ok
09:01:38.0114 2332 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:01:38.0146 2332 AFD - ok
09:01:38.0192 2332 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:01:38.0286 2332 agp440 - ok
09:01:38.0333 2332 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:01:38.0427 2332 agpCPQ - ok
09:01:38.0474 2332 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:01:38.0536 2332 Aha154x - ok
09:01:38.0567 2332 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:01:38.0646 2332 aic78u2 - ok
09:01:38.0708 2332 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:01:38.0786 2332 aic78xx - ok
09:01:38.0833 2332 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:01:38.0927 2332 AliIde - ok
09:01:38.0974 2332 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:01:39.0052 2332 alim1541 - ok
09:01:39.0145 2332 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:01:39.0239 2332 amdagp - ok
09:01:39.0286 2332 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:01:39.0333 2332 amsint - ok
09:01:39.0380 2332 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:01:39.0489 2332 asc - ok
09:01:39.0552 2332 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:01:39.0614 2332 asc3350p - ok
09:01:39.0645 2332 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:01:39.0739 2332 asc3550 - ok
09:01:39.0802 2332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:01:39.0880 2332 AsyncMac - ok
09:01:39.0942 2332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:01:40.0020 2332 atapi - ok
09:01:40.0052 2332 Atdisk - ok
09:01:40.0083 2332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:01:40.0177 2332 Atmarpc - ok
09:01:40.0224 2332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:01:40.0317 2332 audstub - ok
09:01:40.0349 2332 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:01:40.0395 2332 b57w2k - ok
09:01:40.0458 2332 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
09:01:40.0677 2332 BASFND ( UnsignedFile.Multi.Generic ) - warning
09:01:40.0677 2332 BASFND - detected UnsignedFile.Multi.Generic (1)
09:01:40.0739 2332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:01:40.0833 2332 Beep - ok
09:01:40.0911 2332 catchme - ok
09:01:40.0958 2332 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:01:41.0036 2332 cbidf - ok
09:01:41.0099 2332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:01:41.0177 2332 cbidf2k - ok
09:01:41.0224 2332 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:01:41.0286 2332 cd20xrnt - ok
09:01:41.0317 2332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:01:41.0411 2332 Cdaudio - ok
09:01:41.0474 2332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:01:41.0567 2332 Cdfs - ok
09:01:41.0599 2332 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:01:41.0692 2332 Cdrom - ok
09:01:41.0739 2332 Changer - ok
09:01:41.0786 2332 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:01:41.0880 2332 CmdIde - ok
09:01:41.0927 2332 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
09:01:41.0942 2332 COH_Mon - ok
09:01:41.0989 2332 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:01:42.0083 2332 Cpqarray - ok
09:01:42.0130 2332 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:01:42.0208 2332 dac2w2k - ok
09:01:42.0302 2332 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:01:42.0395 2332 dac960nt - ok
09:01:42.0458 2332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:01:42.0536 2332 Disk - ok
09:01:42.0598 2332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:01:42.0692 2332 dmboot - ok
09:01:42.0770 2332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:01:42.0864 2332 dmio - ok
09:01:42.0895 2332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:01:42.0989 2332 dmload - ok
09:01:43.0052 2332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:01:43.0145 2332 DMusic - ok
09:01:43.0208 2332 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:01:43.0270 2332 dpti2o - ok
09:01:43.0348 2332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:01:43.0427 2332 drmkaud - ok
09:01:43.0489 2332 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:01:43.0567 2332 E100B - ok
09:01:43.0645 2332 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:01:43.0661 2332 eeCtrl - ok
09:01:43.0677 2332 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:01:43.0692 2332 EraserUtilRebootDrv - ok
09:01:43.0770 2332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:01:43.0880 2332 Fastfat - ok
09:01:43.0927 2332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:01:44.0005 2332 Fdc - ok
09:01:44.0052 2332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:01:44.0145 2332 Fips - ok
09:01:44.0208 2332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:01:44.0286 2332 Flpydisk - ok
09:01:44.0348 2332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:01:44.0427 2332 FltMgr - ok
09:01:44.0489 2332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:01:44.0567 2332 Fs_Rec - ok
09:01:44.0630 2332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:01:44.0723 2332 Ftdisk - ok
09:01:44.0786 2332 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:01:44.0786 2332 GEARAspiWDM - ok
09:01:44.0833 2332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:01:44.0927 2332 Gpc - ok
09:01:44.0989 2332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:01:45.0067 2332 HDAudBus - ok
09:01:45.0098 2332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:01:45.0192 2332 HidUsb - ok
09:01:45.0255 2332 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:01:45.0333 2332 hpn - ok
09:01:45.0395 2332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:01:45.0442 2332 HTTP - ok
09:01:45.0489 2332 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:01:45.0583 2332 i2omgmt - ok
09:01:45.0661 2332 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:01:45.0755 2332 i2omp - ok
09:01:45.0770 2332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:01:45.0864 2332 i8042prt - ok
09:01:45.0911 2332 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\WINDOWS\system32\drivers\iaStor.sys
09:01:45.0926 2332 iaStor - ok
09:01:45.0958 2332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:01:46.0051 2332 Imapi - ok
09:01:46.0114 2332 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:01:46.0192 2332 ini910u - ok
09:01:46.0239 2332 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:01:46.0333 2332 IntelIde - ok
09:01:46.0395 2332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:01:46.0473 2332 intelppm - ok
09:01:46.0520 2332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:01:46.0614 2332 Ip6Fw - ok
09:01:46.0676 2332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:01:46.0770 2332 IpFilterDriver - ok
09:01:46.0880 2332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:01:46.0958 2332 IpInIp - ok
09:01:47.0020 2332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:01:47.0114 2332 IpNat - ok
09:01:47.0145 2332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:01:47.0239 2332 IPSec - ok
09:01:47.0301 2332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:01:47.0348 2332 IRENUM - ok
09:01:47.0395 2332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:01:47.0489 2332 isapnp - ok
09:01:47.0520 2332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:01:47.0630 2332 Kbdclass - ok
09:01:47.0676 2332 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:01:47.0755 2332 kbdhid - ok
09:01:47.0817 2332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:01:47.0895 2332 kmixer - ok
09:01:47.0973 2332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:01:48.0005 2332 KSecDD - ok
09:01:48.0083 2332 lbrtfdc - ok
09:01:48.0130 2332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:01:48.0223 2332 mnmdd - ok
09:01:48.0286 2332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:01:48.0411 2332 Modem - ok
09:01:48.0473 2332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:01:48.0551 2332 Mouclass - ok
09:01:48.0614 2332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:01:48.0692 2332 mouhid - ok
09:01:48.0754 2332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:01:48.0833 2332 MountMgr - ok
09:01:48.0879 2332 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:01:48.0973 2332 mraid35x - ok
09:01:49.0051 2332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:01:49.0129 2332 MRxDAV - ok
09:01:49.0239 2332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:01:49.0270 2332 MRxSmb - ok
09:01:49.0348 2332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:01:49.0426 2332 Msfs - ok
09:01:49.0458 2332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:01:49.0551 2332 MSKSSRV - ok
09:01:49.0614 2332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:01:49.0708 2332 MSPCLOCK - ok
09:01:49.0786 2332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:01:49.0879 2332 MSPQM - ok
09:01:49.0942 2332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:01:50.0004 2332 mssmbios - ok
09:01:50.0036 2332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:01:50.0083 2332 Mup - ok
09:01:50.0176 2332 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120127.019\NAVENG.SYS
09:01:50.0192 2332 NAVENG - ok
09:01:50.0239 2332 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120127.019\NAVEX15.SYS
09:01:50.0333 2332 NAVEX15 - ok
09:01:50.0411 2332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:01:50.0504 2332 NDIS - ok
09:01:50.0583 2332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:01:50.0629 2332 NdisTapi - ok
09:01:50.0645 2332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:01:50.0739 2332 Ndisuio - ok
09:01:50.0786 2332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:01:50.0879 2332 NdisWan - ok
09:01:50.0926 2332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:01:50.0958 2332 NDProxy - ok
09:01:51.0036 2332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:01:51.0129 2332 NetBIOS - ok
09:01:51.0176 2332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:01:51.0270 2332 NetBT - ok
09:01:51.0317 2332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:01:51.0395 2332 Npfs - ok
09:01:51.0458 2332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:01:51.0583 2332 Ntfs - ok
09:01:51.0676 2332 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
09:01:51.0692 2332 NuidFltr - ok
09:01:51.0723 2332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:01:51.0801 2332 Null - ok
09:01:51.0989 2332 nv (5a6469d861970151e687fb76e10bbb3a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:01:52.0270 2332 nv - ok
09:01:52.0301 2332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:01:52.0395 2332 NwlnkFlt - ok
09:01:52.0457 2332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:01:52.0551 2332 NwlnkFwd - ok
09:01:52.0582 2332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:01:52.0676 2332 Parport - ok
09:01:52.0692 2332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:01:52.0786 2332 PartMgr - ok
09:01:52.0801 2332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:01:52.0895 2332 ParVdm - ok
09:01:52.0957 2332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:01:53.0051 2332 PCI - ok
09:01:53.0098 2332 PCIDump - ok
09:01:53.0114 2332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:01:53.0192 2332 PCIIde - ok
09:01:53.0239 2332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:01:53.0317 2332 Pcmcia - ok
09:01:53.0395 2332 PDCOMP - ok
09:01:53.0411 2332 PDFRAME - ok
09:01:53.0411 2332 PDRELI - ok
09:01:53.0426 2332 PDRFRAME - ok
09:01:53.0473 2332 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:01:53.0567 2332 perc2 - ok
09:01:53.0629 2332 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:01:53.0692 2332 perc2hib - ok
09:01:53.0770 2332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:01:53.0848 2332 PptpMiniport - ok
09:01:53.0879 2332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:01:53.0957 2332 PSched - ok
09:01:54.0020 2332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:01:54.0114 2332 Ptilink - ok
09:01:54.0161 2332 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:01:54.0176 2332 PxHelp20 - ok
09:01:54.0207 2332 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:01:54.0301 2332 ql1080 - ok
09:01:54.0348 2332 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:01:54.0442 2332 Ql10wnt - ok
09:01:54.0489 2332 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:01:54.0582 2332 ql12160 - ok
09:01:54.0645 2332 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:01:54.0723 2332 ql1240 - ok
09:01:54.0770 2332 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:01:54.0848 2332 ql1280 - ok
09:01:54.0911 2332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:01:55.0004 2332 RasAcd - ok
09:01:55.0067 2332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:01:55.0145 2332 Rasl2tp - ok
09:01:55.0192 2332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:01:55.0285 2332 RasPppoe - ok
09:01:55.0332 2332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:01:55.0410 2332 Raspti - ok
09:01:55.0473 2332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:01:55.0582 2332 Rdbss - ok
09:01:55.0629 2332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:01:55.0707 2332 RDPCDD - ok
09:01:55.0817 2332 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:01:55.0895 2332 rdpdr - ok
09:01:55.0957 2332 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:01:55.0973 2332 RDPWD - ok
09:01:56.0035 2332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:01:56.0129 2332 redbook - ok
09:01:56.0207 2332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:01:56.0270 2332 Secdrv - ok
09:01:56.0332 2332 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
09:01:56.0348 2332 SenFiltService - ok
09:01:56.0395 2332 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:01:56.0489 2332 serenum - ok
09:01:56.0535 2332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:01:56.0614 2332 Serial - ok
09:01:56.0660 2332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:01:56.0754 2332 Sfloppy - ok
09:01:56.0785 2332 Simbad - ok
09:01:56.0832 2332 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:01:56.0926 2332 sisagp - ok
09:01:56.0973 2332 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:01:57.0020 2332 Sparrow - ok
09:01:57.0129 2332 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:01:57.0145 2332 SPBBCDrv - ok
09:01:57.0223 2332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:01:57.0301 2332 splitter - ok
09:01:57.0332 2332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:01:57.0379 2332 sr - ok
09:01:57.0379 2332 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\WINDOWS\system32\Drivers\SRTSP.SYS
09:01:57.0395 2332 SRTSP - ok
09:01:57.0457 2332 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
09:01:57.0473 2332 SRTSPL - ok
09:01:57.0504 2332 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
09:01:57.0520 2332 SRTSPX - ok
09:01:57.0551 2332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:01:57.0598 2332 Srv - ok
09:01:57.0645 2332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:01:57.0739 2332 swenum - ok
09:01:57.0785 2332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:01:57.0864 2332 swmidi - ok
09:01:57.0942 2332 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:01:58.0020 2332 symc810 - ok
09:01:58.0035 2332 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:01:58.0129 2332 symc8xx - ok
09:01:58.0207 2332 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:01:58.0207 2332 SymEvent - ok
09:01:58.0270 2332 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:01:58.0285 2332 SYMREDRV - ok
09:01:58.0348 2332 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:01:58.0364 2332 SYMTDI - ok
09:01:58.0410 2332 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:01:58.0488 2332 sym_hi - ok
09:01:58.0520 2332 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:01:58.0598 2332 sym_u3 - ok
09:01:58.0660 2332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:01:58.0738 2332 sysaudio - ok
09:01:58.0801 2332 SysPlant (6ccbb4b7e72c8ee59e0b649b4feec3d1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
09:01:58.0817 2332 SysPlant - ok
09:01:58.0895 2332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:01:58.0957 2332 Tcpip - ok
09:01:59.0020 2332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:01:59.0113 2332 TDPIPE - ok
09:01:59.0145 2332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:01:59.0223 2332 TDTCP - ok
09:01:59.0301 2332 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
09:01:59.0317 2332 Teefer2 - ok
09:01:59.0363 2332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:01:59.0457 2332 TermDD - ok
09:01:59.0504 2332 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:01:59.0598 2332 TosIde - ok
09:01:59.0660 2332 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
09:01:59.0676 2332 TrueSight ( UnsignedFile.Multi.Generic ) - warning
09:01:59.0676 2332 TrueSight - detected UnsignedFile.Multi.Generic (1)
09:01:59.0723 2332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:01:59.0817 2332 Udfs - ok
09:01:59.0863 2332 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:01:59.0926 2332 ultra - ok
09:01:59.0973 2332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:02:00.0067 2332 Update - ok
09:02:00.0160 2332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:02:00.0254 2332 usbccgp - ok
09:02:00.0301 2332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:02:00.0395 2332 usbehci - ok
09:02:00.0442 2332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:02:00.0520 2332 usbhub - ok
09:02:00.0598 2332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:02:00.0692 2332 usbscan - ok
09:02:00.0770 2332 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:02:00.0848 2332 USBSTOR - ok
09:02:00.0926 2332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:02:01.0004 2332 usbuhci - ok
09:02:01.0067 2332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:02:01.0145 2332 VgaSave - ok
09:02:01.0207 2332 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:02:01.0285 2332 viaagp - ok
09:02:01.0363 2332 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:02:01.0457 2332 ViaIde - ok
09:02:01.0504 2332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:02:01.0582 2332 VolSnap - ok
09:02:01.0629 2332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:02:01.0691 2332 Wanarp - ok
09:02:01.0910 2332 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:02:01.0941 2332 Wdf01000 - ok
09:02:02.0004 2332 WDICA - ok
09:02:02.0051 2332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:02:02.0129 2332 wdmaud - ok
09:02:02.0207 2332 WPS (0cdbea86a391f11918af8576c7844a3f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
09:02:02.0223 2332 WPS - ok
09:02:02.0285 2332 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
09:02:02.0301 2332 WpsHelper - ok
09:02:02.0379 2332 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:02:02.0457 2332 WS2IFSL - ok
09:02:02.0520 2332 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:02:02.0566 2332 WudfPf - ok
09:02:02.0582 2332 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:02:02.0613 2332 WudfRd - ok
09:02:02.0629 2332 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:02:02.0801 2332 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:02:02.0801 2332 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:02:02.0801 2332 Boot (0x1200) (6b560fee0a1f06ec84ac751a9974c811) \Device\Harddisk0\DR0\Partition0
09:02:02.0801 2332 \Device\Harddisk0\DR0\Partition0 - ok
09:02:02.0801 2332 ============================================================
09:02:02.0801 2332 Scan finished
09:02:02.0801 2332 ============================================================
09:02:02.0910 1576 Detected object count: 3
09:02:02.0910 1576 Actual detected object count: 3
09:04:43.0326 1576 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
09:04:43.0326 1576 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:04:43.0326 1576 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
09:04:43.0326 1576 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:04:43.0326 1576 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:04:43.0326 1576 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:07:02.0961 0224 ============================================================
09:07:02.0961 0224 Scan started
09:07:02.0961 0224 Mode: Manual; SigCheck; TDLFS;
09:07:02.0961 0224 ============================================================
09:07:03.0227 0224 Abiosdsk - ok
09:07:03.0258 0224 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:07:03.0399 0224 abp480n5 - ok
09:07:03.0461 0224 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:07:03.0555 0224 ACPI - ok
09:07:03.0602 0224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:07:03.0696 0224 ACPIEC - ok
09:07:03.0758 0224 ADIHdAudAddService (de25fc7de3a464e455c0d0012757b0ac) C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:07:03.0789 0224 ADIHdAudAddService - ok
09:07:03.0821 0224 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:07:03.0914 0224 adpu160m - ok
09:07:03.0946 0224 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:07:04.0039 0224 aec - ok
09:07:04.0102 0224 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:07:04.0133 0224 AFD - ok
09:07:04.0196 0224 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:07:04.0289 0224 agp440 - ok
09:07:04.0336 0224 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:07:04.0430 0224 agpCPQ - ok
09:07:04.0461 0224 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:07:04.0524 0224 Aha154x - ok
09:07:04.0555 0224 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:07:04.0633 0224 aic78u2 - ok
09:07:04.0664 0224 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:07:04.0742 0224 aic78xx - ok
09:07:04.0805 0224 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:07:04.0899 0224 AliIde - ok
09:07:04.0945 0224 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:07:05.0024 0224 alim1541 - ok
09:07:05.0102 0224 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:07:05.0195 0224 amdagp - ok
09:07:05.0242 0224 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:07:05.0274 0224 amsint - ok
09:07:05.0367 0224 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:07:05.0445 0224 asc - ok
09:07:05.0524 0224 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:07:05.0570 0224 asc3350p - ok
09:07:05.0617 0224 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:07:05.0711 0224 asc3550 - ok
09:07:05.0789 0224 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:07:05.0867 0224 AsyncMac - ok
09:07:05.0899 0224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:07:05.0992 0224 atapi - ok
09:07:06.0024 0224 Atdisk - ok
09:07:06.0055 0224 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:07:06.0149 0224 Atmarpc - ok
09:07:06.0195 0224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:07:06.0274 0224 audstub - ok
09:07:06.0336 0224 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:07:06.0367 0224 b57w2k - ok
09:07:06.0414 0224 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
09:07:06.0445 0224 BASFND ( UnsignedFile.Multi.Generic ) - warning
09:07:06.0445 0224 BASFND - detected UnsignedFile.Multi.Generic (1)
09:07:06.0508 0224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:07:06.0570 0224 Beep - ok
09:07:06.0633 0224 catchme - ok
09:07:06.0680 0224 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:07:06.0758 0224 cbidf - ok
09:07:06.0789 0224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:07:06.0867 0224 cbidf2k - ok
09:07:06.0899 0224 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:07:06.0961 0224 cd20xrnt - ok
09:07:07.0008 0224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:07:07.0086 0224 Cdaudio - ok
09:07:07.0133 0224 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:07:07.0227 0224 Cdfs - ok
09:07:07.0274 0224 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:07:07.0367 0224 Cdrom - ok
09:07:07.0399 0224 Changer - ok
09:07:07.0477 0224 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:07:07.0555 0224 CmdIde - ok
09:07:07.0617 0224 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
09:07:07.0633 0224 COH_Mon - ok
09:07:07.0664 0224 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:07:07.0758 0224 Cpqarray - ok
09:07:07.0805 0224 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:07:07.0898 0224 dac2w2k - ok
09:07:07.0961 0224 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:07:08.0055 0224 dac960nt - ok
09:07:08.0102 0224 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:07:08.0180 0224 Disk - ok
09:07:08.0242 0224 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:07:08.0352 0224 dmboot - ok
09:07:08.0414 0224 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:07:08.0508 0224 dmio - ok
09:07:08.0539 0224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:07:08.0633 0224 dmload - ok
09:07:08.0711 0224 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:07:08.0805 0224 DMusic - ok
09:07:08.0852 0224 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:07:08.0930 0224 dpti2o - ok
09:07:08.0992 0224 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:07:09.0070 0224 drmkaud - ok
09:07:09.0133 0224 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:07:09.0211 0224 E100B - ok
09:07:09.0289 0224 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:07:09.0305 0224 eeCtrl - ok
09:07:09.0320 0224 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:07:09.0336 0224 EraserUtilRebootDrv - ok
09:07:09.0430 0224 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:07:09.0539 0224 Fastfat - ok
09:07:09.0586 0224 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:07:09.0664 0224 Fdc - ok
09:07:09.0711 0224 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:07:09.0805 0224 Fips - ok
09:07:09.0883 0224 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:07:09.0961 0224 Flpydisk - ok
09:07:10.0023 0224 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:07:10.0102 0224 FltMgr - ok
09:07:10.0133 0224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:07:10.0211 0224 Fs_Rec - ok
09:07:10.0305 0224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:07:10.0383 0224 Ftdisk - ok
09:07:10.0445 0224 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:07:10.0461 0224 GEARAspiWDM - ok
09:07:10.0508 0224 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:07:10.0602 0224 Gpc - ok
09:07:10.0664 0224 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:07:10.0742 0224 HDAudBus - ok
09:07:10.0789 0224 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:07:10.0883 0224 HidUsb - ok
09:07:10.0945 0224 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:07:11.0023 0224 hpn - ok
09:07:11.0070 0224 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:07:11.0117 0224 HTTP - ok
09:07:11.0164 0224 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:07:11.0258 0224 i2omgmt - ok
09:07:11.0289 0224 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:07:11.0383 0224 i2omp - ok
09:07:11.0430 0224 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:07:11.0523 0224 i8042prt - ok
09:07:11.0586 0224 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\WINDOWS\system32\drivers\iaStor.sys
09:07:11.0601 0224 iaStor - ok
09:07:11.0648 0224 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:07:11.0726 0224 Imapi - ok
09:07:11.0789 0224 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:07:11.0867 0224 ini910u - ok
09:07:11.0914 0224 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:07:12.0008 0224 IntelIde - ok
09:07:12.0070 0224 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:07:12.0148 0224 intelppm - ok
09:07:12.0211 0224 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:07:12.0289 0224 Ip6Fw - ok
09:07:12.0367 0224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:07:12.0461 0224 IpFilterDriver - ok
09:07:12.0539 0224 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:07:12.0617 0224 IpInIp - ok
09:07:12.0680 0224 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:07:12.0773 0224 IpNat - ok
09:07:12.0836 0224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:07:12.0914 0224 IPSec - ok
09:07:12.0976 0224 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:07:13.0008 0224 IRENUM - ok
09:07:13.0070 0224 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:07:13.0164 0224 isapnp - ok
09:07:13.0211 0224 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:07:13.0289 0224 Kbdclass - ok
09:07:13.0336 0224 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:07:13.0414 0224 kbdhid - ok
09:07:13.0476 0224 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:07:13.0555 0224 kmixer - ok
09:07:13.0617 0224 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:07:13.0633 0224 KSecDD - ok
09:07:13.0695 0224 lbrtfdc - ok
09:07:13.0758 0224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:07:13.0836 0224 mnmdd - ok
09:07:13.0898 0224 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:07:13.0992 0224 Modem - ok
09:07:14.0070 0224 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:07:14.0148 0224 Mouclass - ok
09:07:14.0195 0224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:07:14.0273 0224 mouhid - ok
09:07:14.0336 0224 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:07:14.0414 0224 MountMgr - ok
09:07:14.0461 0224 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:07:14.0554 0224 mraid35x - ok
09:07:14.0617 0224 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:07:14.0695 0224 MRxDAV - ok
09:07:14.0789 0224 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:07:14.0804 0224 MRxSmb - ok
09:07:14.0867 0224 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:07:14.0945 0224 Msfs - ok
09:07:14.0976 0224 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:07:15.0070 0224 MSKSSRV - ok
09:07:15.0148 0224 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:07:15.0226 0224 MSPCLOCK - ok
09:07:15.0289 0224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:07:15.0367 0224 MSPQM - ok
09:07:15.0429 0224 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:07:15.0508 0224 mssmbios - ok
09:07:15.0554 0224 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:07:15.0586 0224 Mup - ok
09:07:15.0695 0224 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120127.019\NAVENG.SYS
09:07:15.0711 0224 NAVENG - ok
09:07:15.0758 0224 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120127.019\NAVEX15.SYS
09:07:15.0804 0224 NAVEX15 - ok
09:07:15.0914 0224 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:07:16.0008 0224 NDIS - ok
09:07:16.0086 0224 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:07:16.0117 0224 NdisTapi - ok
09:07:16.0179 0224 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:07:16.0273 0224 Ndisuio - ok
09:07:16.0320 0224 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:07:16.0398 0224 NdisWan - ok
09:07:16.0461 0224 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:07:16.0492 0224 NDProxy - ok
09:07:16.0523 0224 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:07:16.0617 0224 NetBIOS - ok
09:07:16.0664 0224 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:07:16.0742 0224 NetBT - ok
09:07:16.0804 0224 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:07:16.0883 0224 Npfs - ok
09:07:16.0929 0224 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:07:17.0054 0224 Ntfs - ok
09:07:17.0133 0224 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
09:07:17.0133 0224 NuidFltr - ok
09:07:17.0164 0224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:07:17.0258 0224 Null - ok
09:07:17.0429 0224 nv (5a6469d861970151e687fb76e10bbb3a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:07:17.0601 0224 nv - ok
09:07:17.0648 0224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:07:17.0726 0224 NwlnkFlt - ok
09:07:17.0804 0224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:07:17.0882 0224 NwlnkFwd - ok
09:07:17.0961 0224 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:07:18.0039 0224 Parport - ok
09:07:18.0086 0224 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:07:18.0164 0224 PartMgr - ok
09:07:18.0226 0224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:07:18.0320 0224 ParVdm - ok
09:07:18.0382 0224 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:07:18.0476 0224 PCI - ok
09:07:18.0507 0224 PCIDump - ok
09:07:18.0554 0224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:07:18.0632 0224 PCIIde - ok
09:07:18.0679 0224 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:07:18.0757 0224 Pcmcia - ok
09:07:18.0836 0224 PDCOMP - ok
09:07:18.0851 0224 PDFRAME - ok
09:07:18.0882 0224 PDRELI - ok
09:07:18.0914 0224 PDRFRAME - ok
09:07:18.0945 0224 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:07:19.0039 0224 perc2 - ok
09:07:19.0101 0224 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:07:19.0179 0224 perc2hib - ok
09:07:19.0257 0224 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:07:19.0336 0224 PptpMiniport - ok
09:07:19.0367 0224 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:07:19.0445 0224 PSched - ok
09:07:19.0492 0224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:07:19.0586 0224 Ptilink - ok
09:07:19.0632 0224 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:07:19.0648 0224 PxHelp20 - ok
09:07:19.0679 0224 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:07:19.0757 0224 ql1080 - ok
09:07:19.0804 0224 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:07:19.0882 0224 Ql10wnt - ok
09:07:19.0929 0224 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:07:20.0023 0224 ql12160 - ok
09:07:20.0070 0224 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:07:20.0148 0224 ql1240 - ok
09:07:20.0226 0224 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:07:20.0304 0224 ql1280 - ok
09:07:20.0367 0224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:07:20.0461 0224 RasAcd - ok
09:07:20.0554 0224 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:07:20.0632 0224 Rasl2tp - ok
09:07:20.0664 0224 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:07:20.0757 0224 RasPppoe - ok
09:07:20.0820 0224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:07:20.0898 0224 Raspti - ok
09:07:20.0960 0224 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:07:21.0054 0224 Rdbss - ok
09:07:21.0117 0224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:07:21.0195 0224 RDPCDD - ok
09:07:21.0273 0224 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:07:21.0351 0224 rdpdr - ok
09:07:21.0414 0224 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:07:21.0429 0224 RDPWD - ok
09:07:21.0492 0224 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:07:21.0585 0224 redbook - ok
09:07:21.0664 0224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:07:21.0726 0224 Secdrv - ok
09:07:21.0789 0224 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
09:07:21.0804 0224 SenFiltService - ok
09:07:21.0867 0224 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:07:21.0945 0224 serenum - ok
09:07:21.0992 0224 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:07:22.0070 0224 Serial - ok
09:07:22.0132 0224 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:07:22.0226 0224 Sfloppy - ok
09:07:22.0257 0224 Simbad - ok
09:07:22.0304 0224 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:07:22.0398 0224 sisagp - ok
09:07:22.0445 0224 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:07:22.0507 0224 Sparrow - ok
09:07:22.0601 0224 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:07:22.0617 0224 SPBBCDrv - ok
09:07:22.0695 0224 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:07:22.0773 0224 splitter - ok
09:07:22.0804 0224 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:07:22.0851 0224 sr - ok
09:07:22.0882 0224 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\WINDOWS\system32\Drivers\SRTSP.SYS
09:07:22.0898 0224 SRTSP - ok
09:07:22.0945 0224 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
09:07:22.0960 0224 SRTSPL - ok
09:07:23.0023 0224 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
09:07:23.0039 0224 SRTSPX - ok
09:07:23.0085 0224 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:07:23.0117 0224 Srv - ok
09:07:23.0148 0224 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:07:23.0226 0224 swenum - ok
09:07:23.0257 0224 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:07:23.0335 0224 swmidi - ok
09:07:23.0398 0224 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:07:23.0460 0224 symc810 - ok
09:07:23.0476 0224 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:07:23.0570 0224 symc8xx - ok
09:07:23.0632 0224 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:07:23.0648 0224 SymEvent - ok
09:07:23.0679 0224 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:07:23.0710 0224 SYMREDRV - ok
09:07:23.0742 0224 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:07:23.0757 0224 SYMTDI - ok
09:07:23.0804 0224 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:07:23.0882 0224 sym_hi - ok
09:07:23.0960 0224 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:07:24.0054 0224 sym_u3 - ok
09:07:24.0117 0224 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:07:24.0195 0224 sysaudio - ok
09:07:24.0288 0224 SysPlant (6ccbb4b7e72c8ee59e0b649b4feec3d1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
09:07:24.0304 0224 SysPlant - ok
09:07:24.0382 0224 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:07:24.0413 0224 Tcpip - ok
09:07:24.0476 0224 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:07:24.0570 0224 TDPIPE - ok
09:07:24.0617 0224 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:07:24.0695 0224 TDTCP - ok
09:07:24.0757 0224 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
09:07:24.0773 0224 Teefer2 - ok
09:07:24.0820 0224 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:07:24.0913 0224 TermDD - ok
09:07:24.0976 0224 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:07:25.0054 0224 TosIde - ok
09:07:25.0117 0224 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
09:07:25.0148 0224 TrueSight ( UnsignedFile.Multi.Generic ) - warning
09:07:25.0148 0224 TrueSight - detected UnsignedFile.Multi.Generic (1)
09:07:25.0195 0224 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:07:25.0304 0224 Udfs - ok
09:07:25.0351 0224 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:07:25.0398 0224 ultra - ok
09:07:25.0476 0224 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:07:25.0554 0224 Update - ok
09:07:25.0617 0224 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:07:25.0710 0224 usbccgp - ok
09:07:25.0773 0224 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:07:25.0851 0224 usbehci - ok
09:07:25.0913 0224 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:07:25.0992 0224 usbhub - ok
09:07:26.0054 0224 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:07:26.0148 0224 usbscan - ok
09:07:26.0210 0224 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:07:26.0273 0224 USBSTOR - ok
09:07:26.0335 0224 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:07:26.0413 0224 usbuhci - ok
09:07:26.0460 0224 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:07:26.0554 0224 VgaSave - ok
09:07:26.0601 0224 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:07:26.0695 0224 viaagp - ok
09:07:26.0773 0224 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:07:26.0867 0224 ViaIde - ok
09:07:26.0913 0224 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:07:26.0976 0224 VolSnap - ok
09:07:27.0023 0224 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:07:27.0101 0224 Wanarp - ok
09:07:27.0163 0224 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:07:27.0195 0224 Wdf01000 - ok
09:07:27.0210 0224 WDICA - ok
09:07:27.0273 0224 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:07:27.0366 0224 wdmaud - ok
09:07:27.0398 0224 WPS (0cdbea86a391f11918af8576c7844a3f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
09:07:27.0413 0224 WPS - ok
09:07:27.0445 0224 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
09:07:27.0460 0224 WpsHelper - ok
09:07:27.0476 0224 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:07:27.0554 0224 WS2IFSL - ok
09:07:27.0585 0224 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:07:27.0616 0224 WudfPf - ok
09:07:27.0648 0224 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:07:27.0679 0224 WudfRd - ok
09:07:27.0695 0224 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:07:27.0882 0224 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:07:27.0882 0224 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:07:27.0882 0224 Boot (0x1200) (6b560fee0a1f06ec84ac751a9974c811) \Device\Harddisk0\DR0\Partition0
09:07:27.0882 0224 \Device\Harddisk0\DR0\Partition0 - ok
09:07:27.0882 0224 ============================================================
09:07:27.0882 0224 Scan finished
09:07:27.0882 0224 ============================================================
09:07:27.0882 2192 Detected object count: 3
09:07:27.0882 2192 Actual detected object count: 3
09:07:54.0569 2192 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
09:07:54.0569 2192 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:07:54.0569 2192 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
09:07:54.0569 2192 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:07:54.0569 2192 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:07:54.0569 2192 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:11:20.0858 1096 Deinitialize success

5. OTL report

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\Yviguqidefayo.dat moved successfully.
C:\WINDOWS\Ptulube.bin moved successfully.
========== FILES ==========
< dir /s /a "C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}" /c >
Volume in drive C has no label.
Volume Serial Number is 3437-42F2
Directory of C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
01/23/2012 10:04 AM <DIR> .
01/23/2012 10:04 AM <DIR> ..
01/23/2012 10:04 AM 3,584 1033.MST
01/23/2012 10:04 AM 19,041,280 default.msi
2 File(s) 19,044,864 bytes
Total Files Listed:
2 File(s) 19,044,864 bytes
2 Dir(s) 167,627,980,800 bytes free
C:\Documents and Settings\gdouglas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\gdouglas\Desktop\cmd.txt deleted successfully.
< type "C:\WINDOWS\tasks\defrag.job" /c >

C:\Documents and Settings\gdouglas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\gdouglas\Desktop\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\gdouglas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\gdouglas\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\gdouglas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\gdouglas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 781403 bytes
->Java cache emptied: 7434872 bytes
->Flash cache emptied: 405 bytes

User: administrator.BV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: All Users

User: asuchta
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 770236 bytes
->Java cache emptied: 228485 bytes
->Flash cache emptied: 348 bytes

User: asuchta.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1256908 bytes
->Java cache emptied: 233125 bytes
->Flash cache emptied: 1527423 bytes

User: BV User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 348 bytes

User: dblake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 984 bytes

User: dblake.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 1199835 bytes
->Flash cache emptied: 1224 bytes

User: dburcham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: gdouglas
->Temp folder emptied: 52209836 bytes
->Temporary Internet Files folder emptied: 333048819 bytes
->Java cache emptied: 17631134 bytes
->Flash cache emptied: 11447033 bytes

User: jvaughan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: jvaughan.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Java cache emptied: 94177 bytes
->Flash cache emptied: 434 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 5256 bytes

User: User1.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 781403 bytes
->Java cache emptied: 4635 bytes
->Flash cache emptied: 2466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13882782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1540872 bytes

Total Files Cleaned = 424.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes

User: administrator.BV

User: All Users

User: asuchta
->Flash cache emptied: 0 bytes

User: asuchta.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes

User: BV User
->Flash cache emptied: 0 bytes

User: dblake
->Flash cache emptied: 0 bytes

User: dblake.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes

User: dburcham
->Flash cache emptied: 0 bytes

User: Default User

User: gdouglas
->Flash cache emptied: 0 bytes

User: jvaughan

User: jvaughan.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: user1
->Flash cache emptied: 0 bytes

User: User1.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: Administrator.BLAKEVAUGHAN
->Java cache emptied: 0 bytes

User: administrator.BV

User: All Users

User: asuchta
->Java cache emptied: 0 bytes

User: asuchta.BLAKEVAUGHAN
->Java cache emptied: 0 bytes

User: BV User

User: dblake

User: dblake.BLAKEVAUGHAN
->Java cache emptied: 0 bytes

User: dburcham

User: Default User

User: gdouglas
->Java cache emptied: 0 bytes

User: jvaughan

User: jvaughan.BLAKEVAUGHAN
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: user1

User: User1.BLAKEVAUGHAN
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01282012_091704

Files\Folders moved on Reboot...
C:\Documents and Settings\gdouglas\Local Settings\Temp\ExchangePerflog_8484fa31dd3425cbf59f10c8.dat moved successfully.
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temp\~DF8D11.tmp not found!
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temp\~DF8D21.tmp not found!
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temp\~DF8D86.tmp not found!
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temp\~DF8D96.tmp not found!
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temp\~DF8DE8.tmp not found!
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temp\~DF8DF8.tmp not found!
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.Word\~WRS{7CF1417A-F111-45C8-B18A-8B98AB7863A7}.tmp moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.IE5\TUV86USP\sia[2].htm moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.IE5\RV3WTWUI\ads[1].htm moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.IE5\QCDIHCXX\si[3].htm moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.IE5\N27J3W1J\ads[1].htm moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.IE5\C5GFDE5J\ads[2].htm moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.IE5\7KQFGN5P\si[1].htm moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.IE5\7FP1GCS5\si[1].htm moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.IE5\3YW62H5D\page__pid__2574229[1].htm moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

6. All programs removed as requested.

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 29 January 2012 - 02:35 AM

Hi!

As long as you recognize those files it's fine.

Quote

2. I will ask IT guy about enabled ports.

3. I will ask IT guy about open port.

Okay, please let me know once you find out.

Are you still experiencing issues with the redirects?

OTL Custom Scan

We need to create a new OTL Report

Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Click on the NONE button at the top.

In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
BASFND.sys
TrueSight.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Push the button.
One report will open, copy and paste it in a reply here:
- OTL.txt <-- Will be opened

#7 noogman

Member

Group: Members
Posts: 17
Joined: 23-January 12

Posted 29 January 2012 - 03:18 PM

SweetTech,

Before proceeding I have some comments and questions.

1. Internet explorer is still redirecting.

2. The advertisements are connected to jeetyetmedia.com. When clicking on links browser connects to http://edge.jeetyetmedia.com and redirects to advertisement. Similar to what is happening to kakamp in topic 439703 (link: http://www.bleepingcomputer.com/forums/topic439703.html). I am wondering if it is as simple as removing and reinstalling browser? Soon I plan to switch to google chrome as I believe it is more secure. With that being said, I do want to rid the computer of whatever is causing issues with IE.

3. Ports have been enabled to allow for remote assistant and remote desktop by IT. I will check on 3rd port.

Thanks

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 30 January 2012 - 02:45 AM

Hi!

I don't think it's as simple as re-installing the internet browser.

Thanks for the information regarding the open ports.

I'd like to see the results from the OTL Custom Scan log.

#9 noogman

Member

Group: Members
Posts: 17
Joined: 23-January 12

Posted 01 February 2012 - 08:36 AM

SweetTech

1. Below is OTL report.

OTL logfile created on: 2/1/2012 8:28:55 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.19% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 155.97 Gb Free Space | 67.00% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 868.65 Gb Free Space | 83.95% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 868.65 Gb Free Space | 83.95% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 868.65 Gb Free Space | 83.95% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 868.65 Gb Free Space | 83.95% Space Free | Partition Type: NTFS

Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {276B13EC-63FC-1659-C1CF-1F86509C43BB} - DirectX
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {435F0015-EF44-DE33-C2D9-FBB3E1374E5B} - Java (Sun)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4D9CAF39-0F8D-C0ED-8AE2-130392E13336} - Java (Sun)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/01/16 12:17:16 | 000,111,872 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/14 17:26:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/14 17:26:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: BASFND.SYS >
[2007/06/20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) MD5=5C68AC6F3E5B3E6D6A78E97D05E42C3A -- C:\Program Files\Broadcom\ASFConfig\BASFND.sys
[2007/06/20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) MD5=5C68AC6F3E5B3E6D6A78E97D05E42C3A -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
[2007/06/20 13:49:04 | 000,010,480 | ---- | M] (Broadcom Corporation) MD5=5C68AC6F3E5B3E6D6A78E97D05E42C3A -- C:\Program Files\Broadcom\BACS\BASFND.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: TRUESIGHT.SYS >
[2012/01/16 12:17:16 | 000,111,872 | ---- | M] () MD5=F69641EFDB19ACB4753B0155F7FDEED5 -- C:\WINDOWS\system32\drivers\TrueSight.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

< End of report >

#10 noogman

Member

Group: Members
Posts: 17
Joined: 23-January 12

Posted 01 February 2012 - 08:46 AM

SweetTech,

See previous post for OTL report. I wanted to let you know IE is still redirecting after reboot.

#11 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 01 February 2012 - 08:53 AM

Hi!

Thanks for the information.

Lets try this tool;

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

#12 noogman

Member

Group: Members
Posts: 17
Joined: 23-January 12

Posted 01 February 2012 - 04:08 PM

SweetTech,

1. Computer seems to be running the same. It is still redirecting.

2. ComboFix log below:

ComboFix 12-02-01.01 - gdouglas 02/01/2012 15:44:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1360 [GMT -5:00]
Running from: c:\documents and settings\gdouglas\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-01-28 14:41 . 2012-01-28 14:42 -------- d-----w- c:\program files\Temp
2012-01-28 14:17 . 2012-01-28 14:17 -------- d-----w- C:\_OTL
2012-01-23 16:31 . 2012-01-23 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Ricoh
2012-01-23 15:06 . 2012-01-23 15:06 -------- d-----w- c:\program files\Common Files\Kodak
2012-01-23 15:04 . 2012-01-23 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
2012-01-16 17:16 . 2012-01-16 17:17 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2008-08-27 11:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-11 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 12:23 . 2011-06-06 11:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35 . 2004-08-11 23:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-11 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-11 23:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec
2010-07-14 13:12 . 2010-07-19 13:03 1498112 ----a-w- c:\program files\checkEng.DLL
2010-07-13 15:55 . 2010-07-19 13:03 274944 ----a-w- c:\program files\COMcheck.exe
2010-07-12 16:35 . 2010-07-19 13:03 74 ----a-w- c:\program files\Start_COMcheck_CL.bat
2010-07-12 16:35 . 2010-07-19 13:03 111 ----a-w- c:\program files\Start_COMcheck_CL_Log.bat
2010-07-12 16:35 . 2010-07-19 13:03 223 ----a-w- c:\program files\unpackJars.bat
2010-07-12 16:35 . 2010-07-19 13:03 122880 ----a-w- c:\program files\unpack200.exe
2010-07-12 16:35 . 2010-07-19 13:03 348160 ----a-w- c:\program files\msvcr71.dll
2010-07-12 16:17 . 2010-07-19 13:03 24576 ----a-w- c:\program files\keyHH.exe
2007-11-21 09:38 . 2010-07-19 13:04 161344 ----a-w- c:\program files\UNWISE.EXE
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-16_15.57.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-01 13:39 . 2012-02-01 13:39 16384 c:\windows\Temp\Perflib_Perfdata_1f0.dat
+ 2009-09-10 07:26 . 2009-09-10 07:26 73728 c:\windows\system32\spool\drivers\w32x86\3\MFRICRES.dll
- 2008-02-07 19:03 . 2012-01-13 22:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-02-07 19:03 . 2012-01-20 22:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-20 22:03 . 2012-01-20 22:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-02-07 19:03 . 2012-01-13 22:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-31 05:10 . 2012-01-31 05:10 22016 c:\windows\Installer\13f93ca.msi
+ 2010-02-22 12:33 . 2010-02-22 12:33 249856 c:\windows\system32\spool\drivers\w32x86\3\Rc4manNT.dll
+ 2010-05-19 22:29 . 2010-05-19 22:29 266240 c:\windows\system32\spool\drivers\w32x86\3\E150PSRE.DLL
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2010-06-25 09:50 . 2010-06-25 09:50 1617920 c:\windows\system32\spool\drivers\w32x86\3\MP241dat.dll
+ 2010-05-19 22:29 . 2010-05-19 22:29 1511424 c:\windows\system32\spool\drivers\w32x86\3\E150PSUI.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-21 8466432]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1015808]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-14 724992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-07-27 01:03 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15164:UDP"= 15164:UDP:AM Agent
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 3:30 PM 79168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/8/2011 4:00 AM 106104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 10:35 PM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 5:17 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 10:35 PM 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-11 00:12]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 03:35]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 03:35]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143Core.job
- c:\documents and settings\gdouglas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 23:05]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143UA.job
- c:\documents and settings\gdouglas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 23:05]
.
2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{C42441BC-202C-447A-9C53-CA2F9084FD5E}: NameServer = 192.168.1.5
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\documents and settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe
AddRemove-Adobe Digital Editions - c:\documents and settings\gdouglas\application data\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\gdouglas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-01 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1064)
c:\program files\Bonjour\mdnsNSP.dll
.
- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-01 15:54:54
ComboFix-quarantined-files.txt 2012-02-01 20:54
.
Pre-Run: 167,548,809,216 bytes free
Post-Run: 167,627,091,968 bytes free
.
- - End Of File - - 01B929B47E22244DCF7203203EA0D811

#13 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 02 February 2012 - 01:12 AM

Hi!

Sorry to hear you're still experiencing issues with redirects.

Please do me a favor and run this script;

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
DirLook::
c:\documents and settings\all users\application data\{A0559A84-0A11-425F-BFFC-532378694B25}

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Then run this scanner for me:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

#14 noogman

Member

Group: Members
Posts: 17
Joined: 23-January 12

Posted 03 February 2012 - 08:25 AM

SweetTech,

I am hesitant to make any further changes to this computer as I have noticed some changes. Nothing that I cant work around. I decided to unistall IE 8 and using IE 7 instead redirection is gone. I dont know how you want to proceed from here, but I rather not push my luck.