Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect then Rootkir.0access


  • This topic is locked This topic is locked
19 replies to this topic

#1 fatnold

fatnold

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 17 October 2011 - 03:00 PM

http://www.bleepingcomputer.com/forums/topic422931.html/page__p__2436834__fromsearch__1#entry2436834

Got Malwarebytes to run in safe mode after running something else (can't remember what) It found Rootkit.0access. The process that was running previously is now not shown in task manager. With no applications running CPU usage at80% yet nothing using CPU in process list in task manager.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by CraigP at 19:41:45 on 2011-10-17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1042 [GMT 11:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Garmin\gStart.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.propac.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [gStart] c:\garmin\gStart.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr
mRun: [GoBoingo] c:\program files\boingo\goboingo\GoBoingo.lnk
mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usb cip driver package\usbciphelper\UsbCipHelper.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dloage~1.lnk - c:\program files\veritas\backup exec\nt\dlo\DLOClientu.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nextmo~1.lnk - c:\windows\installer\{75e7720f-1090-40ea-b992-6f7c9543af6f}\_C8BF5972139E_4BBF_A28E_F4205544BDCB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://mail.propac.com.au/Remote/msrdp.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{500117F1-A769-4E9A-A3FB-221001DF9C36} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2011-8-13 30656]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-11-27 81200]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\rockwell software\factorytalk activation\lmgrd.exe [2003-11-17 659456]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\rockwell software\factorytalk activation\tools\FTActivationBoost.exe [2008-9-29 66848]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-11 366152]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
R2 VRTSChangeJournalReader;Symantec Backup Exec DLO Agent Change Journal Reader;c:\program files\veritas\backup exec\nt\dlo\DLOChangeLogSvcu.exe [2005-9-10 280192]
R3 EventServer;Rockwell Event Server;c:\program files\common files\rockwell\EventServer.exe [2005-6-23 172032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-11 22216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080303.003\naveng.sys [2011-6-24 82256]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080303.003\navex15.sys [2011-6-24 895376]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-11-27 23180]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-5-7 20352]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\virtualbackplane.sys --> c:\windows\system32\drivers\VirtualBackplane.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-10 136176]
S2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-4-23 9241088]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [2007-2-21 87424]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2006-12-13 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-10 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-8-4 18432]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2007-5-7 155648]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-1-6 19056]
S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\drivers\pcidnt.sys --> c:\windows\system32\drivers\pcidnt.sys [?]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [2002-11-13 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2008-7-5 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [2002-4-23 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [2008-7-5 155440]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-12-16 11520]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-10-11 11:22:48 -------- d-sha-r- C:\cmdcons
2011-10-11 11:19:21 98816 ----a-w- c:\windows\sed.exe
2011-10-11 11:19:21 518144 ----a-w- c:\windows\SWREG.exe
2011-10-11 11:19:21 256000 ----a-w- c:\windows\PEV.exe
2011-10-11 11:19:21 208896 ----a-w- c:\windows\MBR.exe
2011-10-11 11:19:11 -------- d-----w- C:\ComboFix
2011-10-11 07:39:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 07:09:59 48016 --sha-w- c:\windows\system32\c_06393.nl_
2011-10-10 10:34:31 -------- d-----w- c:\documents and settings\craigp\application data\Malwarebytes
2011-10-10 10:28:17 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-10 10:28:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-10 10:11:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-10 10:11:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-09 10:07:02 -------- d-sh--w- c:\documents and settings\craigp\local settings\application data\b6166dca
2011-09-30 04:53:37 0 ----a-w- c:\windows\system32\V-SFT_USB.BIN
.
==================== Find3M ====================
.
2011-10-11 10:45:18 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-11 09:28:13 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-11 09:02:57 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-10-11 07:29:54 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-11 07:23:46 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-10-11 07:09:13 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-21 11:54:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:42:42.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 21 October 2011 - 01:00 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 fatnold

fatnold
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 24 October 2011 - 04:20 AM

after running combo fix, CPU usage initially at 20% (in tsk manager) re-connected to internet and ran iexplorer. very slow and stopped responding. Cpu usage back at 89%.

ComboFix 11-10-24.01 - CraigP 24/10/2011 19:13:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1262 [GMT 11:00]
Running from: E:\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\craigp\Local Settings\Application Data\b6166dca
c:\documents and settings\craigp\Local Settings\Application Data\b6166dca\@
c:\documents and settings\craigp\Local Settings\Application Data\b6166dca\U\80000000.@
c:\documents and settings\craigp\Local Settings\Application Data\b6166dca\X
c:\windows\$NtUninstallKB9251$
c:\windows\$NtUninstallKB9251$\944037757
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\c_06393.nls
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 08:06 . 2004-08-03 21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-11 07:39 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 07:09 . 2011-10-11 11:29 48016 --sha-w- c:\windows\system32\c_06393.nl_
2011-10-10 10:34 . 2011-10-10 10:34 -------- d-----w- c:\documents and settings\craigp\Application Data\Malwarebytes
2011-10-10 10:28 . 2011-10-10 10:28 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-10 10:11 . 2011-10-10 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-10 10:11 . 2011-10-11 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-30 04:53 . 2011-09-30 04:56 0 ----a-w- c:\windows\system32\V-SFT_USB.BIN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 10:45 . 2004-08-03 15:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-11 09:28 . 2004-08-11 09:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-11 09:02 . 2004-08-11 09:09 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-10-11 07:29 . 2004-08-03 14:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-11 07:23 . 2004-08-03 15:00 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-10-11 07:09 . 2004-08-11 09:00 138368 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-13_07.46.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-24 08:21 . 2011-10-24 08:21 16384 c:\windows\Temp\Perflib_Perfdata_1f0.dat
+ 2007-04-20 11:59 . 2011-10-14 09:09 13072 c:\windows\system32\nvModes.dat
+ 2004-08-11 09:00 . 2011-10-24 08:26 540704 c:\windows\system32\perfh009.dat
- 2004-08-11 09:00 . 2011-10-13 07:49 540704 c:\windows\system32\perfh009.dat
+ 2004-08-11 09:00 . 2011-10-24 08:26 109314 c:\windows\system32\perfc009.dat
- 2004-08-11 09:00 . 2011-10-13 07:49 109314 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-09 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-08 26100520]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-15 399736]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-04-17 400760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"nwiz"="nwiz.exe" [2007-04-28 1626112]
"NVHotkey"="nvHotkey.dll" [2007-04-28 67584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-10 149280]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-04-20 227328]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-01 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-05-07 2162688]
"GoBoingo"="c:\program files\Boingo\GoBoingo\GoBoingo.lnk" [2011-10-24 2155]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2008-05-27 434176]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-20 24576]
DLO Agent.lnk - c:\program files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe [2005-9-10 4118144]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
NextMove PCI Initialization.lnk - c:\windows\Installer\{75E7720F-1090-40EA-B992-6F7C9543AF6F}\_C8BF5972139E_4BBF_A28E_F4205544BDCB.exe [2007-10-22 49152]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-9-8 6144]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\lmgrd.exe"=
"c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\flexsvr.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"c:\\Program Files\\Rockwell Software\\BOOTP-DHCP Server\\BootpServer.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v17\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee Security Scan\\2.0.181\\mcuicnt.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port 135 TCP
.
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [13/08/2011 7:18 PM 30656]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [27/11/2008 9:22 AM 81200]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [17/11/2003 7:50 PM 659456]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [29/09/2008 2:49 PM 66848]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/10/2011 6:39 PM 366152]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [23/06/2005 8:27 PM 124608]
R2 VRTSChangeJournalReader;Symantec Backup Exec DLO Agent Change Journal Reader;c:\program files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe [10/09/2005 9:10 PM 280192]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/09/2010 10:41 AM 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [8/09/2010 10:45 AM 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [8/09/2010 10:44 AM 484352]
R3 EraserUtilDrv10741;EraserUtilDrv10741;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [24/06/2011 5:33 AM 109616]
R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [23/06/2005 6:29 PM 172032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/10/2011 6:39 PM 22216]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [27/11/2008 9:22 AM 23180]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [7/05/2007 7:08 PM 20352]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2010 8:43 PM 136176]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [23/04/2010 2:48 PM 9241088]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [21/02/2007 3:29 PM 87424]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [13/12/2006 7:31 PM 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2010 8:43 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 11:49 PM 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [4/08/2010 12:47 PM 18432]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [7/05/2007 10:11 PM 155648]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/01/2011 8:04 PM 19056]
S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\Drivers\pcidnt.sys --> c:\windows\system32\Drivers\pcidnt.sys [?]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [13/11/2002 3:38 PM 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [5/07/2008 6:19 PM 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [23/04/2002 8:02 PM 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/07/2008 6:19 PM 155440]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16/12/2010 3:53 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 01:34]
.
2011-09-30 c:\windows\Tasks\DLOClientu.exe - PROPAC_craigp.job
- c:\program files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe [2005-09-10 10:12]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 09:43]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 09:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.propac.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 19:23
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????j?w??????@???D????? ??|P?E????|????????????1??|????P?E?????????8???????????????????>?@?????X???<??????|?????????????$???? ???D??????>@????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Rockwell Software\RSCommon\RSOBSERV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Rockwell Software\FactoryTalk Activation\flexsvr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\progra~1\ROCKWE~1\RSLinx\RSLINX.EXE
c:\program files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
c:\program files\Common Files\Rockwell\RsvcHost.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe
c:\program files\Common Files\Rockwell\RnaDirServer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe
c:\program files\Apoint\HidFind.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\Apntex.exe
c:\windows\stsystra.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Boingo\GoBoingo\GoBoingo.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-10-24 19:29:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-24 08:29
ComboFix2.txt 2011-10-13 07:53
.
Pre-Run: 40,008,380,416 bytes free
Post-Run: 40,038,989,824 bytes free
.
- - End Of File - - BC8129CA472619A51B3D4551E8F3870B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 24 October 2011 - 12:12 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\c_06393.nl_

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 fatnold

fatnold
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 24 October 2011 - 04:02 PM

ComboFix 11-10-24.01 - CraigP 25/10/2011 7:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1386 [GMT 11:00]
Running from: E:\ComboFix.exe
Command switches used :: c:\documents and settings\craigp\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\windows\system32\c_06393.nl_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\c_06393.nl_
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 08:06 . 2004-08-03 21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-11 07:39 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-10 10:34 . 2011-10-10 10:34 -------- d-----w- c:\documents and settings\craigp\Application Data\Malwarebytes
2011-10-10 10:28 . 2011-10-10 10:28 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-10 10:11 . 2011-10-10 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-10 10:11 . 2011-10-11 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-30 04:53 . 2011-09-30 04:56 0 ----a-w- c:\windows\system32\V-SFT_USB.BIN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 10:45 . 2004-08-03 15:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-11 09:28 . 2004-08-11 09:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-11 09:02 . 2004-08-11 09:09 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-10-11 07:29 . 2004-08-03 14:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-11 07:23 . 2004-08-03 15:00 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-10-11 07:09 . 2004-08-11 09:00 138368 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-13_07.46.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-24 08:21 . 2011-10-24 08:21 16384 c:\windows\Temp\Perflib_Perfdata_1f0.dat
+ 2007-04-20 11:59 . 2011-10-14 09:09 13072 c:\windows\system32\nvModes.dat
+ 2004-08-11 09:00 . 2011-10-24 08:26 540704 c:\windows\system32\perfh009.dat
- 2004-08-11 09:00 . 2011-10-13 07:49 540704 c:\windows\system32\perfh009.dat
+ 2004-08-11 09:00 . 2011-10-24 08:26 109314 c:\windows\system32\perfc009.dat
- 2004-08-11 09:00 . 2011-10-13 07:49 109314 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-09 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-08 26100520]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-15 399736]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-04-17 400760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"nwiz"="nwiz.exe" [2007-04-28 1626112]
"NVHotkey"="nvHotkey.dll" [2007-04-28 67584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-10 149280]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-04-20 227328]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-01 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-05-07 2162688]
"GoBoingo"="c:\program files\Boingo\GoBoingo\GoBoingo.lnk" [2011-10-24 2155]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2008-05-27 434176]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-20 24576]
DLO Agent.lnk - c:\program files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe [2005-9-10 4118144]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
NextMove PCI Initialization.lnk - c:\windows\Installer\{75E7720F-1090-40EA-B992-6F7C9543AF6F}\_C8BF5972139E_4BBF_A28E_F4205544BDCB.exe [2007-10-22 49152]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-9-8 6144]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\lmgrd.exe"=
"c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\flexsvr.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"c:\\Program Files\\Rockwell Software\\BOOTP-DHCP Server\\BootpServer.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v17\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee Security Scan\\2.0.181\\mcuicnt.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port 135 TCP
.
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [13/08/2011 7:18 PM 30656]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [27/11/2008 9:22 AM 81200]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [17/11/2003 7:50 PM 659456]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [29/09/2008 2:49 PM 66848]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/10/2011 6:39 PM 366152]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [23/06/2005 8:27 PM 124608]
R2 VRTSChangeJournalReader;Symantec Backup Exec DLO Agent Change Journal Reader;c:\program files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe [10/09/2005 9:10 PM 280192]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/09/2010 10:41 AM 237056]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [8/09/2010 10:44 AM 484352]
R3 EraserUtilDrv10741;EraserUtilDrv10741;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [24/06/2011 5:33 AM 109616]
R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [23/06/2005 6:29 PM 172032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/10/2011 6:39 PM 22216]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [27/11/2008 9:22 AM 23180]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [7/05/2007 7:08 PM 20352]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2010 8:43 PM 136176]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [8/09/2010 10:45 AM 1034752]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [23/04/2010 2:48 PM 9241088]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [21/02/2007 3:29 PM 87424]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [13/12/2006 7:31 PM 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2010 8:43 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 11:49 PM 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [4/08/2010 12:47 PM 18432]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [7/05/2007 10:11 PM 155648]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/01/2011 8:04 PM 19056]
S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\Drivers\pcidnt.sys --> c:\windows\system32\Drivers\pcidnt.sys [?]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [13/11/2002 3:38 PM 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [5/07/2008 6:19 PM 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [23/04/2002 8:02 PM 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/07/2008 6:19 PM 155440]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16/12/2010 3:53 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 01:34]
.
2011-09-30 c:\windows\Tasks\DLOClientu.exe - PROPAC_craigp.job
- c:\program files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe [2005-09-10 10:12]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 09:43]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 09:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.propac.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 07:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????j?w??????@???D????? ??|P?E????|????????????1??|????P?E?????????8???????????????????>?@?????X???<??????|?????????????$???? ???D??????>@????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2011-10-25 08:00:16
ComboFix-quarantined-files.txt 2011-10-24 21:00
ComboFix2.txt 2011-10-24 08:29
ComboFix3.txt 2011-10-13 07:53
.
Pre-Run: 38,245,806,080 bytes free
Post-Run: 38,231,134,208 bytes free
.
- - End Of File - - 74A1BBEDC4A5B24C720307552EE708EC

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 24 October 2011 - 06:22 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 fatnold

fatnold
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 25 October 2011 - 02:57 AM

TDSkiller log.

18:52:54.0281 0884 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
18:52:54.0296 0884 ============================================================
18:52:54.0296 0884 Current date / time: 2011/10/25 18:52:54.0296
18:52:54.0296 0884 SystemInfo:
18:52:54.0296 0884
18:52:54.0296 0884 OS Version: 5.1.2600 ServicePack: 2.0
18:52:54.0296 0884 Product type: Workstation
18:52:54.0296 0884 ComputerName: PPWKS017
18:52:54.0296 0884 UserName: CraigP
18:52:54.0296 0884 Windows directory: C:\WINDOWS
18:52:54.0296 0884 System windows directory: C:\WINDOWS
18:52:54.0296 0884 Processor architecture: Intel x86
18:52:54.0296 0884 Number of processors: 2
18:52:54.0296 0884 Page size: 0x1000
18:52:54.0296 0884 Boot type: Normal boot
18:52:54.0296 0884 ============================================================
18:52:55.0406 0884 Initialize success
18:52:59.0359 3000 ============================================================
18:52:59.0359 3000 Scan started
18:52:59.0359 3000 Mode: Manual;
18:52:59.0359 3000 ============================================================
18:53:00.0281 3000 Abiosdsk - ok
18:53:00.0312 3000 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:53:00.0312 3000 abp480n5 - ok
18:53:00.0343 3000 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:53:00.0343 3000 ACPI - ok
18:53:00.0359 3000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:53:00.0359 3000 ACPIEC - ok
18:53:00.0390 3000 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:53:00.0390 3000 adpu160m - ok
18:53:00.0421 3000 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
18:53:00.0421 3000 aec - ok
18:53:00.0500 3000 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:53:00.0500 3000 AegisP - ok
18:53:00.0562 3000 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
18:53:00.0562 3000 AFD - ok
18:53:00.0609 3000 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:53:00.0609 3000 agp440 - ok
18:53:00.0656 3000 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:53:00.0656 3000 agpCPQ - ok
18:53:00.0671 3000 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:53:00.0671 3000 Aha154x - ok
18:53:00.0703 3000 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:53:00.0703 3000 aic78u2 - ok
18:53:00.0734 3000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:53:00.0734 3000 aic78xx - ok
18:53:00.0781 3000 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:53:00.0781 3000 AliIde - ok
18:53:00.0812 3000 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:53:00.0812 3000 alim1541 - ok
18:53:00.0859 3000 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:53:00.0859 3000 amdagp - ok
18:53:00.0890 3000 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:53:00.0890 3000 amsint - ok
18:53:00.0906 3000 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:53:00.0906 3000 ApfiltrService - ok
18:53:00.0953 3000 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:53:00.0953 3000 APPDRV - ok
18:53:01.0000 3000 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:53:01.0000 3000 Arp1394 - ok
18:53:01.0046 3000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:53:01.0046 3000 asc - ok
18:53:01.0078 3000 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:53:01.0078 3000 asc3350p - ok
18:53:01.0109 3000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:53:01.0109 3000 asc3550 - ok
18:53:01.0171 3000 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:53:01.0171 3000 AsyncMac - ok
18:53:01.0203 3000 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:53:01.0203 3000 atapi - ok
18:53:01.0234 3000 Atdisk - ok
18:53:01.0265 3000 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:53:01.0265 3000 Atmarpc - ok
18:53:01.0328 3000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:53:01.0328 3000 audstub - ok
18:53:01.0375 3000 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:53:01.0375 3000 b57w2k - ok
18:53:01.0406 3000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:53:01.0406 3000 Beep - ok
18:53:01.0437 3000 catchme - ok
18:53:01.0453 3000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:53:01.0453 3000 cbidf - ok
18:53:01.0468 3000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:53:01.0468 3000 cbidf2k - ok
18:53:01.0515 3000 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:53:01.0515 3000 CCDECODE - ok
18:53:01.0562 3000 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:53:01.0562 3000 cd20xrnt - ok
18:53:01.0609 3000 CdaC15BA (f76cb7259aa575cc53f3996bc6b68c18) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
18:53:01.0609 3000 CdaC15BA - ok
18:53:01.0625 3000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:53:01.0625 3000 Cdaudio - ok
18:53:01.0640 3000 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:53:01.0656 3000 Cdfs - ok
18:53:01.0671 3000 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:53:01.0671 3000 Cdrom - ok
18:53:01.0687 3000 Changer - ok
18:53:01.0718 3000 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:53:01.0718 3000 CmBatt - ok
18:53:01.0750 3000 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:53:01.0750 3000 CmdIde - ok
18:53:01.0812 3000 cmusbnet (d57d7cd061dbd3eaffd2c662773dd2c6) C:\WINDOWS\system32\DRIVERS\cmusbnet.sys
18:53:01.0812 3000 cmusbnet - ok
18:53:01.0843 3000 cmusbser (631155ce46b7da2aac47eedf7ee42ebe) C:\WINDOWS\system32\DRIVERS\cmusbser.sys
18:53:01.0843 3000 cmusbser - ok
18:53:01.0890 3000 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:53:01.0890 3000 Compbatt - ok
18:53:01.0937 3000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:53:01.0937 3000 Cpqarray - ok
18:53:01.0984 3000 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:53:01.0984 3000 CVirtA - ok
18:53:02.0031 3000 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:53:02.0031 3000 CVPNDRVA - ok
18:53:02.0078 3000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:53:02.0078 3000 dac2w2k - ok
18:53:02.0125 3000 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:53:02.0125 3000 dac960nt - ok
18:53:02.0156 3000 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:53:02.0156 3000 Disk - ok
18:53:02.0187 3000 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:53:02.0187 3000 DLABOIOM - ok
18:53:02.0203 3000 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:53:02.0203 3000 DLACDBHM - ok
18:53:02.0234 3000 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
18:53:02.0234 3000 DLADResN - ok
18:53:02.0250 3000 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:53:02.0250 3000 DLAIFS_M - ok
18:53:02.0265 3000 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:53:02.0281 3000 DLAOPIOM - ok
18:53:02.0281 3000 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:53:02.0296 3000 DLAPoolM - ok
18:53:02.0343 3000 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
18:53:02.0343 3000 DLARTL_N - ok
18:53:02.0359 3000 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:53:02.0375 3000 DLAUDFAM - ok
18:53:02.0375 3000 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:53:02.0390 3000 DLAUDF_M - ok
18:53:02.0453 3000 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
18:53:02.0468 3000 dmboot - ok
18:53:02.0500 3000 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
18:53:02.0500 3000 dmio - ok
18:53:02.0531 3000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:53:02.0531 3000 dmload - ok
18:53:02.0593 3000 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:53:02.0593 3000 DMusic - ok
18:53:02.0625 3000 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:53:02.0625 3000 DNE - ok
18:53:02.0656 3000 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:53:02.0656 3000 dpti2o - ok
18:53:02.0687 3000 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:53:02.0703 3000 drmkaud - ok
18:53:02.0734 3000 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:53:02.0734 3000 DRVMCDB - ok
18:53:02.0781 3000 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:53:02.0781 3000 DRVNDDM - ok
18:53:02.0812 3000 DS1410D - ok
18:53:02.0875 3000 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:53:02.0875 3000 E100B - ok
18:53:02.0953 3000 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:53:02.0953 3000 eeCtrl - ok
18:53:02.0984 3000 EraserUtilDrv10741 (e7d1a496c71cd56bdd97f32c9141a03b) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys
18:53:02.0984 3000 EraserUtilDrv10741 - ok
18:53:03.0093 3000 eusk2par (38008faaa9632c2ef8e98bf1614d0527) C:\WINDOWS\system32\Drivers\eusk2par.sys
18:53:03.0093 3000 eusk2par - ok
18:53:03.0171 3000 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:53:03.0171 3000 Fastfat - ok
18:53:03.0203 3000 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:53:03.0203 3000 Fdc - ok
18:53:03.0218 3000 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
18:53:03.0218 3000 Fips - ok
18:53:03.0234 3000 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:53:03.0234 3000 Flpydisk - ok
18:53:03.0281 3000 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:53:03.0281 3000 FltMgr - ok
18:53:03.0296 3000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:53:03.0296 3000 Fs_Rec - ok
18:53:03.0343 3000 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
18:53:03.0359 3000 FTDIBUS - ok
18:53:03.0390 3000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:53:03.0390 3000 Ftdisk - ok
18:53:03.0421 3000 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
18:53:03.0421 3000 FTSER2K - ok
18:53:03.0468 3000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:53:03.0468 3000 GEARAspiWDM - ok
18:53:03.0515 3000 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:53:03.0531 3000 Gpc - ok
18:53:03.0562 3000 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
18:53:03.0562 3000 grmnusb - ok
18:53:03.0593 3000 guardian2 (50113353ded9a0772741a1c6aa908fa7) C:\WINDOWS\system32\Drivers\oz776.sys
18:53:03.0593 3000 guardian2 - ok
18:53:03.0656 3000 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:53:03.0656 3000 HDAudBus - ok
18:53:03.0703 3000 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:53:03.0703 3000 HidUsb - ok
18:53:03.0718 3000 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:53:03.0718 3000 hpn - ok
18:53:03.0781 3000 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
18:53:03.0796 3000 HSF_DPV - ok
18:53:03.0843 3000 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
18:53:03.0843 3000 HSXHWAZL - ok
18:53:03.0890 3000 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
18:53:03.0906 3000 HTTP - ok
18:53:03.0937 3000 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:53:03.0937 3000 i2omgmt - ok
18:53:03.0968 3000 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:53:03.0968 3000 i2omp - ok
18:53:04.0000 3000 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:53:04.0000 3000 i8042prt - ok
18:53:04.0031 3000 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:53:04.0031 3000 Imapi - ok
18:53:04.0062 3000 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:53:04.0062 3000 ini910u - ok
18:53:04.0078 3000 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:53:04.0078 3000 IntelIde - ok
18:53:04.0109 3000 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:53:04.0109 3000 intelppm - ok
18:53:04.0140 3000 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:53:04.0140 3000 Ip6Fw - ok
18:53:04.0171 3000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:53:04.0171 3000 IpFilterDriver - ok
18:53:04.0203 3000 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:53:04.0203 3000 IpInIp - ok
18:53:04.0234 3000 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:53:04.0250 3000 IpNat - ok
18:53:04.0265 3000 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:53:04.0265 3000 IPSec - ok
18:53:04.0296 3000 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:53:04.0296 3000 IRENUM - ok
18:53:04.0312 3000 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:53:04.0312 3000 isapnp - ok
18:53:04.0375 3000 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
18:53:04.0375 3000 k750bus - ok
18:53:04.0406 3000 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
18:53:04.0406 3000 k750mgmt - ok
18:53:04.0453 3000 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:53:04.0453 3000 Kbdclass - ok
18:53:04.0500 3000 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
18:53:04.0500 3000 kmixer - ok
18:53:04.0546 3000 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
18:53:04.0546 3000 KSecDD - ok
18:53:04.0562 3000 lbrtfdc - ok
18:53:04.0609 3000 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
18:53:04.0609 3000 MBAMProtector - ok
18:53:04.0656 3000 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:53:04.0656 3000 mdmxsdk - ok
18:53:04.0687 3000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:53:04.0687 3000 mnmdd - ok
18:53:04.0718 3000 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
18:53:04.0734 3000 Modem - ok
18:53:04.0765 3000 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:53:04.0765 3000 Mouclass - ok
18:53:04.0828 3000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:53:04.0828 3000 mouhid - ok
18:53:04.0875 3000 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:53:04.0875 3000 MountMgr - ok
18:53:04.0906 3000 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:53:04.0906 3000 mraid35x - ok
18:53:04.0937 3000 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:53:04.0937 3000 MRxDAV - ok
18:53:05.0000 3000 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:53:05.0000 3000 MRxSmb - ok
18:53:05.0031 3000 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:53:05.0031 3000 Msfs - ok
18:53:05.0062 3000 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:53:05.0062 3000 MSKSSRV - ok
18:53:05.0125 3000 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:53:05.0125 3000 MSPCLOCK - ok
18:53:05.0171 3000 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:53:05.0171 3000 MSPQM - ok
18:53:05.0203 3000 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:53:05.0218 3000 mssmbios - ok
18:53:05.0281 3000 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
18:53:05.0281 3000 MSTEE - ok
18:53:05.0328 3000 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:53:05.0328 3000 Mup - ok
18:53:05.0343 3000 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:53:05.0359 3000 NABTSFEC - ok
18:53:05.0437 3000 NAVENG (872d1ad3071441d1de9d2294792c9ffe) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080303.003\naveng.sys
18:53:05.0437 3000 NAVENG - ok
18:53:05.0468 3000 NAVEX15 (6e2d8a517321ffa0b3f9e0ede9ebee8d) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080303.003\navex15.sys
18:53:05.0484 3000 NAVEX15 - ok
18:53:05.0562 3000 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:53:05.0578 3000 NDIS - ok
18:53:05.0625 3000 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:53:05.0625 3000 NdisIP - ok
18:53:05.0671 3000 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:53:05.0671 3000 NdisTapi - ok
18:53:05.0718 3000 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:53:05.0718 3000 Ndisuio - ok
18:53:05.0750 3000 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:53:05.0750 3000 NdisWan - ok
18:53:05.0796 3000 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:53:05.0796 3000 NDProxy - ok
18:53:05.0859 3000 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
18:53:05.0859 3000 Netaapl - ok
18:53:05.0890 3000 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:53:05.0906 3000 NetBIOS - ok
18:53:05.0937 3000 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:53:05.0937 3000 NetBT - ok
18:53:06.0046 3000 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:53:06.0062 3000 NETw3x32 - ok
18:53:06.0109 3000 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:53:06.0109 3000 NIC1394 - ok
18:53:06.0156 3000 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:53:06.0156 3000 Npfs - ok
18:53:06.0187 3000 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
18:53:06.0187 3000 Ntfs - ok
18:53:06.0234 3000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:53:06.0234 3000 Null - ok
18:53:06.0453 3000 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:53:06.0531 3000 nv - ok
18:53:06.0593 3000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:53:06.0593 3000 NwlnkFlt - ok
18:53:06.0640 3000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:53:06.0640 3000 NwlnkFwd - ok
18:53:06.0687 3000 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:53:06.0687 3000 ohci1394 - ok
18:53:06.0734 3000 PAC7311 (b122ed5d9f93d48fa78ac738a227daa9) C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
18:53:06.0734 3000 PAC7311 - ok
18:53:06.0781 3000 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
18:53:06.0781 3000 Parport - ok
18:53:06.0781 3000 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:53:06.0781 3000 PartMgr - ok
18:53:06.0812 3000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:53:06.0812 3000 ParVdm - ok
18:53:06.0875 3000 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
18:53:06.0875 3000 pbfilter - ok
18:53:06.0937 3000 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
18:53:06.0937 3000 PCASp50 - ok
18:53:06.0968 3000 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
18:53:06.0968 3000 PCI - ok
18:53:06.0984 3000 pcidnt - ok
18:53:07.0015 3000 PCIDump - ok
18:53:07.0015 3000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:53:07.0031 3000 PCIIde - ok
18:53:07.0078 3000 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:53:07.0078 3000 Pcmcia - ok
18:53:07.0093 3000 PDCOMP - ok
18:53:07.0125 3000 PDFRAME - ok
18:53:07.0156 3000 PDRELI - ok
18:53:07.0187 3000 PDRFRAME - ok
18:53:07.0234 3000 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:53:07.0234 3000 perc2 - ok
18:53:07.0281 3000 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:53:07.0281 3000 perc2hib - ok
18:53:07.0359 3000 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:53:07.0359 3000 PptpMiniport - ok
18:53:07.0390 3000 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:53:07.0390 3000 PSched - ok
18:53:07.0406 3000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:53:07.0406 3000 Ptilink - ok
18:53:07.0437 3000 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:53:07.0437 3000 PxHelp20 - ok
18:53:07.0468 3000 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:53:07.0468 3000 ql1080 - ok
18:53:07.0468 3000 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:53:07.0484 3000 Ql10wnt - ok
18:53:07.0515 3000 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:53:07.0515 3000 ql12160 - ok
18:53:07.0546 3000 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:53:07.0546 3000 ql1240 - ok
18:53:07.0578 3000 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:53:07.0578 3000 ql1280 - ok
18:53:07.0625 3000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:53:07.0625 3000 RasAcd - ok
18:53:07.0656 3000 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:53:07.0656 3000 Rasl2tp - ok
18:53:07.0687 3000 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:53:07.0687 3000 RasPppoe - ok
18:53:07.0703 3000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:53:07.0703 3000 Raspti - ok
18:53:07.0734 3000 RCFOX (90c0d0bb55c27332d9879004accf20cd) C:\WINDOWS\system32\Drivers\RCFOX.sys
18:53:07.0734 3000 RCFOX - ok
18:53:07.0781 3000 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
18:53:07.0781 3000 rcvpn - ok
18:53:07.0828 3000 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:53:07.0828 3000 Rdbss - ok
18:53:07.0843 3000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:53:07.0843 3000 RDPCDD - ok
18:53:07.0859 3000 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:53:07.0875 3000 rdpdr - ok
18:53:07.0906 3000 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
18:53:07.0906 3000 RDPWD - ok
18:53:07.0937 3000 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:53:07.0937 3000 redbook - ok
18:53:07.0984 3000 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:53:07.0984 3000 ROOTMODEM - ok
18:53:08.0046 3000 RSI-PKTX-A (9d1aff516d727612363c03abdc203380) C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS
18:53:08.0046 3000 RSI-PKTX-A - ok
18:53:08.0109 3000 RsiKtControl (2af65117091a47732f0997330e3daae6) C:\WINDOWS\system32\RSIKT.SYS
18:53:08.0109 3000 RsiKtControl - ok
18:53:08.0156 3000 RSLINXNGKtControl (9e866a7c540c6a4b21bd5255a2a2bd0d) C:\WINDOWS\System32\drivers\RSIKTNG.SYS
18:53:08.0156 3000 RSLINXNGKtControl - ok
18:53:08.0218 3000 RSSERIAL (b089419975668e2a701178032d652a24) C:\WINDOWS\SYSTEM32\RSSERIAL.SYS
18:53:08.0218 3000 RSSERIAL - ok
18:53:08.0281 3000 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:53:08.0281 3000 s24trans - ok
18:53:08.0359 3000 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
18:53:08.0375 3000 SAVRT - ok
18:53:08.0375 3000 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:53:08.0375 3000 SAVRTPEL - ok
18:53:08.0453 3000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:53:08.0453 3000 Secdrv - ok
18:53:08.0515 3000 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
18:53:08.0515 3000 Sentinel - ok
18:53:08.0562 3000 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:53:08.0562 3000 serenum - ok
18:53:08.0578 3000 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
18:53:08.0578 3000 Serial - ok
18:53:08.0609 3000 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
18:53:08.0609 3000 sermouse - ok
18:53:08.0656 3000 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:53:08.0656 3000 Sfloppy - ok
18:53:08.0671 3000 Simbad - ok
18:53:08.0703 3000 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:53:08.0703 3000 sisagp - ok
18:53:08.0750 3000 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:53:08.0750 3000 SLIP - ok
18:53:08.0796 3000 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
18:53:08.0796 3000 Sntnlusb - ok
18:53:08.0828 3000 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:53:08.0828 3000 SONYPVU1 - ok
18:53:08.0859 3000 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:53:08.0859 3000 Sparrow - ok
18:53:08.0937 3000 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:53:08.0937 3000 SPBBCDrv - ok
18:53:09.0000 3000 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
18:53:09.0000 3000 splitter - ok
18:53:09.0031 3000 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
18:53:09.0046 3000 sr - ok
18:53:09.0093 3000 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
18:53:09.0093 3000 Srv - ok
18:53:09.0171 3000 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
18:53:09.0187 3000 STHDA - ok
18:53:09.0250 3000 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:53:09.0250 3000 streamip - ok
18:53:09.0265 3000 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:53:09.0265 3000 swenum - ok
18:53:09.0312 3000 swivsp (275cec652caa0c0e75f947682f461879) C:\WINDOWS\system32\DRIVERS\swivspnt.sys
18:53:09.0312 3000 swivsp - ok
18:53:09.0343 3000 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:53:09.0343 3000 swmidi - ok
18:53:09.0437 3000 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:53:09.0437 3000 symc810 - ok
18:53:09.0468 3000 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:53:09.0468 3000 symc8xx - ok
18:53:09.0515 3000 SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS
18:53:09.0531 3000 SymEvent - ok
18:53:09.0578 3000 SYMREDRV (8d668fe83a439e2166b7defff995cddc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:53:09.0578 3000 SYMREDRV - ok
18:53:09.0609 3000 SYMTDI (b825e10cd61046672fef234820842c42) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:53:09.0609 3000 SYMTDI - ok
18:53:09.0640 3000 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:53:09.0640 3000 sym_hi - ok
18:53:09.0656 3000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:53:09.0656 3000 sym_u3 - ok
18:53:09.0703 3000 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:53:09.0703 3000 sysaudio - ok
18:53:09.0750 3000 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:53:09.0750 3000 Tcpip - ok
18:53:09.0781 3000 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:53:09.0781 3000 TDPIPE - ok
18:53:09.0796 3000 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:53:09.0796 3000 TDTCP - ok
18:53:09.0828 3000 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:53:09.0843 3000 TermDD - ok
18:53:09.0875 3000 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:53:09.0875 3000 TosIde - ok
18:53:09.0890 3000 Tosrfbd (c1e77b1033969ea316c76f61adff2ad1) C:\WINDOWS\system32\Drivers\tosrfbd.sys
18:53:09.0906 3000 Tosrfbd - ok
18:53:09.0921 3000 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\drivers\Tosrfcom.sys
18:53:09.0921 3000 Tosrfcom - ok
18:53:09.0937 3000 Tosrfhid (7dfd6b1077b3ff19877fd67a04fed2a2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
18:53:09.0937 3000 Tosrfhid - ok
18:53:09.0968 3000 Tosrfusb (730a65f13398a1737f1a78a7b1620ec6) C:\WINDOWS\system32\Drivers\tosrfusb.sys
18:53:09.0968 3000 Tosrfusb - ok
18:53:09.0984 3000 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:53:09.0984 3000 Udfs - ok
18:53:10.0015 3000 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:53:10.0015 3000 ultra - ok
18:53:10.0078 3000 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
18:53:10.0078 3000 Update - ok
18:53:10.0125 3000 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:53:10.0125 3000 USBAAPL - ok
18:53:10.0156 3000 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
18:53:10.0156 3000 usbaudio - ok
18:53:10.0203 3000 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:53:10.0203 3000 usbccgp - ok
18:53:10.0234 3000 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:53:10.0234 3000 usbehci - ok
18:53:10.0265 3000 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:53:10.0265 3000 usbhub - ok
18:53:10.0296 3000 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:53:10.0296 3000 usbprint - ok
18:53:10.0343 3000 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:53:10.0343 3000 usbscan - ok
18:53:10.0375 3000 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:53:10.0375 3000 USBSTOR - ok
18:53:10.0406 3000 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:53:10.0406 3000 usbuhci - ok
18:53:10.0437 3000 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:53:10.0437 3000 VgaSave - ok
18:53:10.0453 3000 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:53:10.0453 3000 viaagp - ok
18:53:10.0484 3000 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:53:10.0484 3000 ViaIde - ok
18:53:10.0515 3000 VirtualBackplane - ok
18:53:10.0531 3000 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
18:53:10.0531 3000 VolSnap - ok
18:53:10.0593 3000 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
18:53:10.0593 3000 vsdatant - ok
18:53:10.0671 3000 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:53:10.0671 3000 Wanarp - ok
18:53:10.0718 3000 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:53:10.0718 3000 WDC_SAM - ok
18:53:10.0781 3000 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:53:10.0796 3000 Wdf01000 - ok
18:53:10.0828 3000 WDICA - ok
18:53:10.0859 3000 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
18:53:10.0859 3000 wdmaud - ok
18:53:10.0921 3000 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
18:53:10.0921 3000 winachsf - ok
18:53:10.0984 3000 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:53:10.0984 3000 WmiAcpi - ok
18:53:11.0046 3000 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:53:11.0046 3000 WSTCODEC - ok
18:53:11.0078 3000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:53:11.0078 3000 WudfPf - ok
18:53:11.0125 3000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:53:11.0125 3000 WudfRd - ok
18:53:11.0187 3000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:53:11.0296 3000 \Device\Harddisk0\DR0 - ok
18:53:11.0296 3000 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR7
18:53:11.0296 3000 \Device\Harddisk1\DR7 - ok
18:53:11.0296 3000 Boot (0x1200) (cf9d2e2f7e51cdc08d4f6a3762fa1dd4) \Device\Harddisk0\DR0\Partition0
18:53:11.0296 3000 \Device\Harddisk0\DR0\Partition0 - ok
18:53:11.0312 3000 Boot (0x1200) (d0d140beab3f8dfe18f400acf2a31de4) \Device\Harddisk1\DR7\Partition0
18:53:11.0312 3000 \Device\Harddisk1\DR7\Partition0 - ok
18:53:11.0312 3000 ============================================================
18:53:11.0312 3000 Scan finished
18:53:11.0312 3000 ============================================================
18:53:11.0328 4544 Detected object count: 0
18:53:11.0328 4544 Actual detected object count: 0
18:53:16.0593 5656 ============================================================
18:53:16.0593 5656 Scan started
18:53:16.0593 5656 Mode: Manual;
18:53:16.0609 5656 ============================================================
18:53:17.0156 5656 Abiosdsk - ok
18:53:17.0218 5656 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:53:17.0218 5656 abp480n5 - ok
18:53:17.0250 5656 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:53:17.0250 5656 ACPI - ok
18:53:17.0281 5656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:53:17.0281 5656 ACPIEC - ok
18:53:17.0312 5656 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:53:17.0312 5656 adpu160m - ok
18:53:17.0359 5656 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
18:53:17.0359 5656 aec - ok
18:53:17.0390 5656 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:53:17.0406 5656 AegisP - ok
18:53:17.0437 5656 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
18:53:17.0437 5656 AFD - ok
18:53:17.0468 5656 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:53:17.0484 5656 agp440 - ok
18:53:17.0531 5656 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:53:17.0531 5656 agpCPQ - ok
18:53:17.0562 5656 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:53:17.0562 5656 Aha154x - ok
18:53:17.0609 5656 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:53:17.0609 5656 aic78u2 - ok
18:53:17.0625 5656 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:53:17.0625 5656 aic78xx - ok
18:53:17.0703 5656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:53:17.0718 5656 AliIde - ok
18:53:17.0750 5656 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:53:17.0750 5656 alim1541 - ok
18:53:17.0796 5656 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:53:17.0796 5656 amdagp - ok
18:53:17.0812 5656 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:53:17.0828 5656 amsint - ok
18:53:17.0875 5656 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:53:17.0875 5656 ApfiltrService - ok
18:53:17.0906 5656 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:53:17.0906 5656 APPDRV - ok
18:53:17.0937 5656 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:53:17.0937 5656 Arp1394 - ok
18:53:17.0968 5656 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:53:17.0968 5656 asc - ok
18:53:18.0015 5656 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:53:18.0015 5656 asc3350p - ok
18:53:18.0062 5656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:53:18.0062 5656 asc3550 - ok
18:53:18.0140 5656 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:53:18.0140 5656 AsyncMac - ok
18:53:18.0187 5656 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:53:18.0187 5656 atapi - ok
18:53:18.0203 5656 Atdisk - ok
18:53:18.0250 5656 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:53:18.0250 5656 Atmarpc - ok
18:53:18.0296 5656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:53:18.0296 5656 audstub - ok
18:53:18.0375 5656 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:53:18.0375 5656 b57w2k - ok
18:53:18.0609 5656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:53:18.0609 5656 Beep - ok
18:53:18.0625 5656 catchme - ok
18:53:18.0796 5656 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:53:18.0796 5656 cbidf - ok
18:53:18.0812 5656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:53:18.0812 5656 cbidf2k - ok
18:53:18.0875 5656 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:53:18.0875 5656 CCDECODE - ok
18:53:18.0937 5656 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:53:18.0937 5656 cd20xrnt - ok
18:53:19.0000 5656 CdaC15BA (f76cb7259aa575cc53f3996bc6b68c18) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
18:53:19.0000 5656 CdaC15BA - ok
18:53:19.0031 5656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:53:19.0031 5656 Cdaudio - ok
18:53:19.0062 5656 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:53:19.0062 5656 Cdfs - ok
18:53:19.0109 5656 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:53:19.0109 5656 Cdrom - ok
18:53:19.0125 5656 Changer - ok
18:53:19.0171 5656 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:53:19.0171 5656 CmBatt - ok
18:53:19.0218 5656 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:53:19.0218 5656 CmdIde - ok
18:53:19.0250 5656 cmusbnet (d57d7cd061dbd3eaffd2c662773dd2c6) C:\WINDOWS\system32\DRIVERS\cmusbnet.sys
18:53:19.0250 5656 cmusbnet - ok
18:53:19.0281 5656 cmusbser (631155ce46b7da2aac47eedf7ee42ebe) C:\WINDOWS\system32\DRIVERS\cmusbser.sys
18:53:19.0281 5656 cmusbser - ok
18:53:19.0375 5656 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:53:19.0375 5656 Compbatt - ok
18:53:19.0562 5656 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:53:19.0562 5656 Cpqarray - ok
18:53:19.0656 5656 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:53:19.0656 5656 CVirtA - ok
18:53:19.0796 5656 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:53:19.0796 5656 CVPNDRVA - ok
18:53:19.0890 5656 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:53:19.0890 5656 dac2w2k - ok
18:53:19.0984 5656 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:53:19.0984 5656 dac960nt - ok
18:53:20.0015 5656 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:53:20.0031 5656 Disk - ok
18:53:20.0078 5656 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:53:20.0078 5656 DLABOIOM - ok
18:53:20.0125 5656 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:53:20.0125 5656 DLACDBHM - ok
18:53:20.0187 5656 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
18:53:20.0187 5656 DLADResN - ok
18:53:20.0218 5656 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:53:20.0218 5656 DLAIFS_M - ok
18:53:20.0250 5656 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:53:20.0250 5656 DLAOPIOM - ok
18:53:20.0281 5656 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:53:20.0296 5656 DLAPoolM - ok
18:53:20.0343 5656 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
18:53:20.0343 5656 DLARTL_N - ok
18:53:20.0437 5656 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:53:20.0437 5656 DLAUDFAM - ok
18:53:20.0484 5656 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:53:20.0484 5656 DLAUDF_M - ok
18:53:20.0546 5656 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
18:53:20.0562 5656 dmboot - ok
18:53:20.0593 5656 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
18:53:20.0593 5656 dmio - ok
18:53:20.0625 5656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:53:20.0625 5656 dmload - ok
18:53:20.0671 5656 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:53:20.0671 5656 DMusic - ok
18:53:20.0703 5656 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:53:20.0718 5656 DNE - ok
18:53:20.0750 5656 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:53:20.0750 5656 dpti2o - ok
18:53:20.0781 5656 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:53:20.0781 5656 drmkaud - ok
18:53:20.0843 5656 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:53:20.0843 5656 DRVMCDB - ok
18:53:20.0859 5656 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:53:20.0859 5656 DRVNDDM - ok
18:53:20.0875 5656 DS1410D - ok
18:53:20.0906 5656 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:53:20.0906 5656 E100B - ok
18:53:20.0984 5656 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:53:20.0984 5656 eeCtrl - ok
18:53:21.0015 5656 EraserUtilDrv10741 (e7d1a496c71cd56bdd97f32c9141a03b) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys
18:53:21.0015 5656 EraserUtilDrv10741 - ok
18:53:21.0140 5656 eusk2par (38008faaa9632c2ef8e98bf1614d0527) C:\WINDOWS\system32\Drivers\eusk2par.sys
18:53:21.0140 5656 eusk2par - ok
18:53:21.0218 5656 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:53:21.0234 5656 Fastfat - ok
18:53:21.0250 5656 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:53:21.0250 5656 Fdc - ok
18:53:21.0281 5656 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
18:53:21.0281 5656 Fips - ok
18:53:21.0312 5656 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:53:21.0312 5656 Flpydisk - ok
18:53:21.0359 5656 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:53:21.0375 5656 FltMgr - ok
18:53:21.0390 5656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:53:21.0390 5656 Fs_Rec - ok
18:53:21.0453 5656 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
18:53:21.0453 5656 FTDIBUS - ok
18:53:21.0515 5656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:53:21.0515 5656 Ftdisk - ok
18:53:21.0546 5656 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
18:53:21.0546 5656 FTSER2K - ok
18:53:21.0593 5656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:53:21.0593 5656 GEARAspiWDM - ok
18:53:21.0640 5656 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:53:21.0640 5656 Gpc - ok
18:53:21.0718 5656 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
18:53:21.0718 5656 grmnusb - ok
18:53:21.0765 5656 guardian2 (50113353ded9a0772741a1c6aa908fa7) C:\WINDOWS\system32\Drivers\oz776.sys
18:53:21.0765 5656 guardian2 - ok
18:53:21.0828 5656 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:53:21.0828 5656 HDAudBus - ok
18:53:21.0875 5656 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:53:21.0875 5656 HidUsb - ok
18:53:21.0906 5656 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:53:21.0906 5656 hpn - ok
18:53:21.0953 5656 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
18:53:21.0968 5656 HSF_DPV - ok
18:53:21.0984 5656 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
18:53:21.0984 5656 HSXHWAZL - ok
18:53:22.0031 5656 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
18:53:22.0031 5656 HTTP - ok
18:53:22.0078 5656 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:53:22.0078 5656 i2omgmt - ok
18:53:22.0109 5656 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:53:22.0109 5656 i2omp - ok
18:53:22.0156 5656 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:53:22.0156 5656 i8042prt - ok
18:53:22.0171 5656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:53:22.0171 5656 Imapi - ok
18:53:22.0203 5656 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:53:22.0203 5656 ini910u - ok
18:53:22.0218 5656 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:53:22.0218 5656 IntelIde - ok
18:53:22.0250 5656 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:53:22.0250 5656 intelppm - ok
18:53:22.0265 5656 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:53:22.0265 5656 Ip6Fw - ok
18:53:22.0296 5656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:53:22.0296 5656 IpFilterDriver - ok
18:53:22.0328 5656 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:53:22.0328 5656 IpInIp - ok
18:53:22.0375 5656 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:53:22.0390 5656 IpNat - ok
18:53:22.0421 5656 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:53:22.0421 5656 IPSec - ok
18:53:22.0453 5656 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:53:22.0453 5656 IRENUM - ok
18:53:22.0484 5656 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:53:22.0484 5656 isapnp - ok
18:53:22.0531 5656 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
18:53:22.0531 5656 k750bus - ok
18:53:22.0578 5656 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
18:53:22.0578 5656 k750mgmt - ok
18:53:22.0656 5656 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:53:22.0656 5656 Kbdclass - ok
18:53:22.0828 5656 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
18:53:22.0843 5656 kmixer - ok
18:53:22.0906 5656 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
18:53:22.0906 5656 KSecDD - ok
18:53:22.0937 5656 lbrtfdc - ok
18:53:23.0000 5656 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
18:53:23.0000 5656 MBAMProtector - ok
18:53:23.0062 5656 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:53:23.0062 5656 mdmxsdk - ok
18:53:23.0093 5656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:53:23.0093 5656 mnmdd - ok
18:53:23.0140 5656 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
18:53:23.0140 5656 Modem - ok
18:53:23.0156 5656 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:53:23.0156 5656 Mouclass - ok
18:53:23.0187 5656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:53:23.0187 5656 mouhid - ok
18:53:23.0234 5656 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:53:23.0234 5656 MountMgr - ok
18:53:23.0265 5656 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:53:23.0265 5656 mraid35x - ok
18:53:23.0296 5656 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:53:23.0312 5656 MRxDAV - ok
18:53:23.0359 5656 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:53:23.0359 5656 MRxSmb - ok
18:53:23.0390 5656 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:53:23.0390 5656 Msfs - ok
18:53:23.0437 5656 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:53:23.0437 5656 MSKSSRV - ok
18:53:23.0484 5656 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:53:23.0484 5656 MSPCLOCK - ok
18:53:23.0500 5656 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:53:23.0500 5656 MSPQM - ok
18:53:23.0515 5656 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:53:23.0515 5656 mssmbios - ok
18:53:23.0578 5656 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
18:53:23.0578 5656 MSTEE - ok
18:53:23.0609 5656 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:53:23.0609 5656 Mup - ok
18:53:23.0656 5656 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:53:23.0656 5656 NABTSFEC - ok
18:53:23.0734 5656 NAVENG (872d1ad3071441d1de9d2294792c9ffe) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080303.003\naveng.sys
18:53:23.0734 5656 NAVENG - ok
18:53:23.0765 5656 NAVEX15 (6e2d8a517321ffa0b3f9e0ede9ebee8d) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080303.003\navex15.sys
18:53:23.0781 5656 NAVEX15 - ok
18:53:23.0875 5656 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:53:23.0875 5656 NDIS - ok
18:53:23.0921 5656 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:53:23.0937 5656 NdisIP - ok
18:53:23.0968 5656 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:53:23.0968 5656 NdisTapi - ok
18:53:24.0015 5656 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:53:24.0015 5656 Ndisuio - ok
18:53:24.0031 5656 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:53:24.0031 5656 NdisWan - ok
18:53:24.0062 5656 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:53:24.0062 5656 NDProxy - ok
18:53:24.0093 5656 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
18:53:24.0093 5656 Netaapl - ok
18:53:24.0140 5656 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:53:24.0140 5656 NetBIOS - ok
18:53:24.0218 5656 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:53:24.0218 5656 NetBT - ok
18:53:24.0343 5656 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:53:24.0359 5656 NETw3x32 - ok
18:53:24.0390 5656 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:53:24.0390 5656 NIC1394 - ok
18:53:24.0421 5656 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:53:24.0421 5656 Npfs - ok
18:53:24.0468 5656 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
18:53:24.0484 5656 Ntfs - ok
18:53:24.0531 5656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:53:24.0531 5656 Null - ok
18:53:24.0781 5656 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:53:24.0843 5656 nv - ok
18:53:24.0968 5656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:53:24.0968 5656 NwlnkFlt - ok
18:53:25.0000 5656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:53:25.0000 5656 NwlnkFwd - ok
18:53:25.0031 5656 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:53:25.0031 5656 ohci1394 - ok
18:53:25.0109 5656 PAC7311 (b122ed5d9f93d48fa78ac738a227daa9) C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
18:53:25.0109 5656 PAC7311 - ok
18:53:25.0125 5656 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
18:53:25.0140 5656 Parport - ok
18:53:25.0171 5656 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:53:25.0171 5656 PartMgr - ok
18:53:25.0218 5656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:53:25.0218 5656 ParVdm - ok
18:53:25.0281 5656 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
18:53:25.0281 5656 pbfilter - ok
18:53:25.0328 5656 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
18:53:25.0328 5656 PCASp50 - ok
18:53:25.0390 5656 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
18:53:25.0390 5656 PCI - ok
18:53:25.0406 5656 pcidnt - ok
18:53:25.0453 5656 PCIDump - ok
18:53:25.0500 5656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:53:25.0500 5656 PCIIde - ok
18:53:25.0531 5656 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:53:25.0546 5656 Pcmcia - ok
18:53:25.0562 5656 PDCOMP - ok
18:53:25.0609 5656 PDFRAME - ok
18:53:25.0640 5656 PDRELI - ok
18:53:25.0671 5656 PDRFRAME - ok
18:53:25.0703 5656 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:53:25.0703 5656 perc2 - ok
18:53:25.0750 5656 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:53:25.0750 5656 perc2hib - ok
18:53:25.0812 5656 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:53:25.0812 5656 PptpMiniport - ok
18:53:25.0843 5656 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:53:25.0843 5656 PSched - ok
18:53:25.0859 5656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:53:25.0859 5656 Ptilink - ok
18:53:25.0906 5656 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:53:25.0906 5656 PxHelp20 - ok
18:53:25.0937 5656 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:53:25.0937 5656 ql1080 - ok
18:53:25.0953 5656 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:53:25.0953 5656 Ql10wnt - ok
18:53:25.0968 5656 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:53:25.0968 5656 ql12160 - ok
18:53:25.0984 5656 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:53:26.0000 5656 ql1240 - ok
18:53:26.0031 5656 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:53:26.0031 5656 ql1280 - ok
18:53:26.0093 5656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:53:26.0093 5656 RasAcd - ok
18:53:26.0125 5656 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:53:26.0140 5656 Rasl2tp - ok
18:53:26.0171 5656 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:53:26.0171 5656 RasPppoe - ok
18:53:26.0203 5656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:53:26.0203 5656 Raspti - ok
18:53:26.0250 5656 RCFOX (90c0d0bb55c27332d9879004accf20cd) C:\WINDOWS\system32\Drivers\RCFOX.sys
18:53:26.0250 5656 RCFOX - ok
18:53:26.0296 5656 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
18:53:26.0296 5656 rcvpn - ok
18:53:26.0359 5656 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:53:26.0359 5656 Rdbss - ok
18:53:26.0390 5656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:53:26.0390 5656 RDPCDD - ok
18:53:26.0437 5656 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:53:26.0437 5656 rdpdr - ok
18:53:26.0500 5656 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
18:53:26.0500 5656 RDPWD - ok
18:53:26.0546 5656 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:53:26.0546 5656 redbook - ok
18:53:26.0625 5656 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:53:26.0625 5656 ROOTMODEM - ok
18:53:26.0828 5656 RSI-PKTX-A (9d1aff516d727612363c03abdc203380) C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS
18:53:26.0828 5656 RSI-PKTX-A - ok
18:53:26.0968 5656 RsiKtControl (2af65117091a47732f0997330e3daae6) C:\WINDOWS\system32\RSIKT.SYS
18:53:26.0984 5656 RsiKtControl - ok
18:53:27.0140 5656 RSLINXNGKtControl (9e866a7c540c6a4b21bd5255a2a2bd0d) C:\WINDOWS\System32\drivers\RSIKTNG.SYS
18:53:27.0140 5656 RSLINXNGKtControl - ok
18:53:27.0390 5656 RSSERIAL (b089419975668e2a701178032d652a24) C:\WINDOWS\SYSTEM32\RSSERIAL.SYS
18:53:27.0390 5656 RSSERIAL - ok
18:53:27.0593 5656 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:53:27.0593 5656 s24trans - ok
18:53:27.0671 5656 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
18:53:27.0671 5656 SAVRT - ok
18:53:27.0687 5656 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:53:27.0687 5656 SAVRTPEL - ok
18:53:27.0734 5656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:53:27.0734 5656 Secdrv - ok
18:53:27.0781 5656 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
18:53:27.0781 5656 Sentinel - ok
18:53:27.0812 5656 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:53:27.0812 5656 serenum - ok
18:53:27.0859 5656 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
18:53:27.0859 5656 Serial - ok
18:53:27.0906 5656 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
18:53:27.0906 5656 sermouse - ok
18:53:27.0953 5656 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:53:27.0953 5656 Sfloppy - ok
18:53:27.0984 5656 Simbad - ok
18:53:28.0031 5656 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:53:28.0031 5656 sisagp - ok
18:53:28.0078 5656 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:53:28.0078 5656 SLIP - ok
18:53:28.0125 5656 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
18:53:28.0125 5656 Sntnlusb - ok
18:53:28.0171 5656 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:53:28.0171 5656 SONYPVU1 - ok
18:53:28.0203 5656 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:53:28.0203 5656 Sparrow - ok
18:53:28.0281 5656 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:53:28.0281 5656 SPBBCDrv - ok
18:53:28.0343 5656 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
18:53:28.0343 5656 splitter - ok
18:53:28.0406 5656 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
18:53:28.0406 5656 sr - ok
18:53:28.0453 5656 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
18:53:28.0453 5656 Srv - ok
18:53:28.0515 5656 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
18:53:28.0531 5656 STHDA - ok
18:53:28.0578 5656 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:53:28.0578 5656 streamip - ok
18:53:28.0609 5656 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:53:28.0625 5656 swenum - ok
18:53:28.0656 5656 swivsp (275cec652caa0c0e75f947682f461879) C:\WINDOWS\system32\DRIVERS\swivspnt.sys
18:53:28.0656 5656 swivsp - ok
18:53:28.0703 5656 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:53:28.0703 5656 swmidi - ok
18:53:28.0812 5656 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:53:28.0812 5656 symc810 - ok
18:53:28.0843 5656 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:53:28.0843 5656 symc8xx - ok
18:53:28.0890 5656 SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS
18:53:28.0890 5656 SymEvent - ok
18:53:28.0937 5656 SYMREDRV (8d668fe83a439e2166b7defff995cddc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:53:28.0937 5656 SYMREDRV - ok
18:53:28.0984 5656 SYMTDI (b825e10cd61046672fef234820842c42) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:53:28.0984 5656 SYMTDI - ok
18:53:29.0031 5656 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:53:29.0031 5656 sym_hi - ok
18:53:29.0062 5656 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:53:29.0062 5656 sym_u3 - ok
18:53:29.0125 5656 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:53:29.0125 5656 sysaudio - ok
18:53:29.0187 5656 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:53:29.0187 5656 Tcpip - ok
18:53:29.0234 5656 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:53:29.0234 5656 TDPIPE - ok
18:53:29.0265 5656 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:53:29.0265 5656 TDTCP - ok
18:53:29.0296 5656 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:53:29.0296 5656 TermDD - ok
18:53:29.0328 5656 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:53:29.0328 5656 TosIde - ok
18:53:29.0359 5656 Tosrfbd (c1e77b1033969ea316c76f61adff2ad1) C:\WINDOWS\system32\Drivers\tosrfbd.sys
18:53:29.0359 5656 Tosrfbd - ok
18:53:29.0375 5656 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\drivers\Tosrfcom.sys
18:53:29.0375 5656 Tosrfcom - ok
18:53:29.0406 5656 Tosrfhid (7dfd6b1077b3ff19877fd67a04fed2a2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
18:53:29.0406 5656 Tosrfhid - ok
18:53:29.0421 5656 Tosrfusb (730a65f13398a1737f1a78a7b1620ec6) C:\WINDOWS\system32\Drivers\tosrfusb.sys
18:53:29.0421 5656 Tosrfusb - ok
18:53:29.0468 5656 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:53:29.0468 5656 Udfs - ok
18:53:29.0500 5656 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:53:29.0515 5656 ultra - ok
18:53:29.0546 5656 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
18:53:29.0562 5656 Update - ok
18:53:29.0625 5656 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:53:29.0625 5656 USBAAPL - ok
18:53:29.0671 5656 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
18:53:29.0671 5656 usbaudio - ok
18:53:29.0703 5656 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:53:29.0703 5656 usbccgp - ok
18:53:29.0750 5656 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:53:29.0750 5656 usbehci - ok
18:53:29.0765 5656 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:53:29.0765 5656 usbhub - ok
18:53:29.0812 5656 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:53:29.0812 5656 usbprint - ok
18:53:29.0859 5656 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:53:29.0859 5656 usbscan - ok
18:53:29.0906 5656 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:53:29.0906 5656 USBSTOR - ok
18:53:29.0937 5656 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:53:29.0937 5656 usbuhci - ok
18:53:29.0968 5656 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:53:29.0968 5656 VgaSave - ok
18:53:30.0000 5656 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:53:30.0000 5656 viaagp - ok
18:53:30.0031 5656 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:53:30.0046 5656 ViaIde - ok
18:53:30.0046 5656 VirtualBackplane - ok
18:53:30.0078 5656 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
18:53:30.0093 5656 VolSnap - ok
18:53:30.0156 5656 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
18:53:30.0156 5656 vsdatant - ok
18:53:30.0218 5656 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:53:30.0218 5656 Wanarp - ok
18:53:30.0265 5656 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:53:30.0265 5656 WDC_SAM - ok
18:53:30.0453 5656 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:53:30.0468 5656 Wdf01000 - ok
18:53:30.0546 5656 WDICA - ok
18:53:30.0578 5656 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
18:53:30.0578 5656 wdmaud - ok
18:53:30.0656 5656 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
18:53:30.0656 5656 winachsf - ok
18:53:30.0718 5656 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:53:30.0718 5656 WmiAcpi - ok
18:53:30.0781 5656 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:53:30.0781 5656 WSTCODEC - ok
18:53:30.0828 5656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:53:30.0828 5656 WudfPf - ok
18:53:30.0875 5656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:53:30.0875 5656 WudfRd - ok
18:53:30.0937 5656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:53:31.0093 5656 \Device\Harddisk0\DR0 - ok
18:53:31.0093 5656 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR7
18:53:31.0109 5656 \Device\Harddisk1\DR7 - ok
18:53:31.0125 5656 Boot (0x1200) (cf9d2e2f7e51cdc08d4f6a3762fa1dd4) \Device\Harddisk0\DR0\Partition0
18:53:31.0125 5656 \Device\Harddisk0\DR0\Partition0 - ok
18:53:31.0125 5656 Boot (0x1200) (d0d140beab3f8dfe18f400acf2a31de4) \Device\Harddisk1\DR7\Partition0
18:53:31.0125 5656 \Device\Harddisk1\DR7\Partition0 - ok
18:53:31.0125 5656 ============================================================
18:53:31.0125 5656 Scan finished
18:53:31.0125 5656 ============================================================
18:53:31.0140 5744 Detected object count: 0
18:53:31.0140 5744 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 25 October 2011 - 07:30 AM

How are things running now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 fatnold

fatnold
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 25 October 2011 - 03:20 PM

62% cpu usage in task manager with only internet explorer running. Internet explorer seems to be working at usual speed and not hanging.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 26 October 2011 - 07:06 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 fatnold

fatnold
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 26 October 2011 - 02:35 PM

Just noticed the following 2 URLS in browsing history as soon as i start iexplorer and before i browse anywhere.

http://www.socialgrowthtechnologies.com/couponbuddy_v001/index.php?ctid=CT2786678
http://cap1.conduit-apps.com/uTorrent/20110207/maincomp.php

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-27 06:27:34
-----------------------------
06:27:34.406 OS Version: Windows 5.1.2600 Service Pack 2
06:27:34.406 Number of processors: 2 586 0xF06
06:27:34.406 ComputerName: PPWKS017 UserName: CraigP
06:27:35.250 Initialize success
06:27:45.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:27:45.390 Disk 0 Vendor: ST9160823AS 3.ADB Size: 152627MB BusType: 3
06:27:47.484 Disk 0 MBR read successfully
06:27:47.500 Disk 0 MBR scan
06:27:47.500 Disk 0 Windows XP default MBR code
06:27:47.515 Disk 0 scanning sectors +312576705
06:27:47.609 Disk 0 scanning C:\WINDOWS\system32\drivers
06:27:57.640 Service scanning
06:27:59.062 Modules scanning
06:28:04.859 Disk 0 trace - called modules:
06:28:04.875
06:28:04.890 Scan finished successfully
06:28:27.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\craigp\Desktop\MBR.dat"
06:28:27.968 The log file has been saved successfully to "C:\Documents and Settings\craigp\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 26 October 2011 - 02:52 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fatnold

fatnold
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 30 October 2011 - 02:22 AM

OTL logfile created on: 30/10/2011 6:11:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\craigp.PI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.72% Memory free
3.85 Gb Paging File | 2.83 Gb Available in Paging File | 73.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.99 Gb Total Space | 38.15 Gb Free Space | 25.61% Space Free | Partition Type: NTFS

Computer Name: PPWKS017 | User Name: CraigP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\craigp.PI\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe (Rockwell Automation Inc.)
PRC - C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE (Rockwell Automation, Inc.)
PRC - C:\Program Files\Common Files\Rockwell\RsvcHost.exe (Rockwell Automation, Inc.)
PRC - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe (Rockwell Automation Inc.)
PRC - C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.)
PRC - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE (Rockwell Automation, Inc.)
PRC - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe (Telstra)
PRC - C:\Program Files\Boingo\GoBoingo\GoBoingo.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe (Google)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
PRC - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe (Rockwell Software Inc.)
PRC - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe (Rockwell Software Inc.)
PRC - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe (Rockwell Software Inc.)
PRC - C:\Program Files\Common Files\Rockwell\EventServer.exe (Rockwell Software Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
PRC - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe (Rockwell Automation)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe (Macrovision Corporation)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\autodeskdm_services\f924c671\35d0f680\App_global.asax.rr-ecmxx.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_06a0d8f9\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e6215f06\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll ()
MOD - c:\windows\assembly\gac\rockwellsoftware.factorytalk.diagnostics.readerlib\2.10.1.16__55624f8ac7c20aa6\rockwellsoftware.factorytalk.diagnostics.readerlib.dll ()
MOD - C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\rausbciplib.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
MOD - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxOPCMsgs.dll ()
MOD - C:\Program Files\Rockwell Software\RSLinx Enterprise\Logger.dll ()
MOD - C:\WINDOWS\system32\PAStiSvc.exe ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
MOD - C:\Program Files\Rockwell Software\RSLinx Enterprise\LocalServices.dll ()
MOD - C:\Program Files\NetWaiting\netwaiting.exe ()


========== Win32 Services (SafeList) ==========

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (AllShare) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (FTActivationBoost) -- C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe (Rockwell Automation Inc.)
SRV - (RSLinx) -- C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE (Rockwell Automation, Inc.)
SRV - (RsvcHost) -- C:\Program Files\Common Files\Rockwell\RsvcHost.exe (Rockwell Automation, Inc.)
SRV - (RNADiagReceiver) -- C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe (Rockwell Automation, Inc.)
SRV - (RNADiagnosticsService) -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe (Rockwell Automation Inc.)
SRV - (dnWhoDisp) -- C:\Program Files\Rockwell Software\RSLinx\dnwhodisp.exe (Rockwell Automation, Inc.)
SRV - (Harmony) -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE (Rockwell Automation, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (Autodesk Data Management Job Dispatch) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
SRV - (Autodesk EDM Server) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (Bluetooth Hid Switch Service) -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe (Cambridge Silicon Radio)
SRV - (RNADirMultiplexor) -- C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe (Rockwell Software Inc.)
SRV - (RNADirectory) -- C:\Program Files\Common Files\Rockwell\RnaDirServer.exe (Rockwell Software Inc.)
SRV - (EventClientMultiplexer) -- C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe (Rockwell Software Inc.)
SRV - (EventServer) -- C:\Program Files\Common Files\Rockwell\EventServer.exe (Rockwell Software Inc.)
SRV - (RSLinxNG) -- C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe (Rockwell Automation)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
SRV - (OpcEnum) -- C:\WINDOWS\system32\OpcEnum.exe (OPC Foundation)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FactoryTalk Activation Service) -- C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111027.022\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111027.022\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RSSERIAL) -- C:\WINDOWS\SYSTEM32\RSSERIAL.SYS (Rockwell Software Inc.)
DRV - (RsiKtControl) -- C:\WINDOWS\system32\RSIKT.SYS (Rockwell Software Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cmusbnet) WAN Driver @ 3GPP (6280) -- C:\WINDOWS\system32\drivers\cmusbnet.sys (Cmotech Co., Ltd)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (cmusbser) -- C:\WINDOWS\system32\drivers\cmusbser.sys (Cmotech Co.,Ltd)
DRV - (eusk2par) -- C:\WINDOWS\system32\drivers\eusk2par.sys (Eutron)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (swivsp) -- C:\WINDOWS\system32\drivers\swivspnt.sys (Sierra Wireless Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (PAC7311) -- C:\WINDOWS\system32\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (Tosrfcom) -- C:\WINDOWS\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (RCFOX) -- C:\WINDOWS\system32\drivers\RCFOX.SYS (SonicWALL, Inc.)
DRV - (rcvpn) -- C:\WINDOWS\system32\drivers\rcvpn.sys (SonicWALL, Inc.)
DRV - (RSI-PKTX-A) -- C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS (Rockwell Automation)
DRV - (RSLINXNGKtControl) -- C:\WINDOWS\System32\drivers\RSIKTNG.SYS (Rockwell Software Inc.)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row-rel&channel=au&ibd=0070420
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row-rel&channel=au&ibd=0070420


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row-rel&channel=au&ibd=0070420
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row-rel&channel=au&ibd=0070420
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.propac.com.au/
IE - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/10/25 07:58:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll (Telstra)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe (Telstra)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [GoBoingo] C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.)
O4 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NextMove PCI Initialization.lnk = C:\WINDOWS\Installer\{75E7720F-1090-40EA-B992-6F7C9543AF6F}\_C8BF5972139E_4BBF_A28E_F4205544BDCB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab (Image Uploader Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.propac.com.au/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pi.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{500117F1-A769-4E9A-A3FB-221001DF9C36}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB7E4ED3-ACF3-4CD9-B5C0-EAB080B4E0AB}: DhcpNameServer = 192.168.168.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\craigp.PI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\craigp.PI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 20:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 18:08:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\craigp.PI\Desktop\OTL.exe
[2011/10/28 21:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\My Documents\hurt
[2011/10/28 20:05:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\craigp.PI\PrivacIE
[2011/10/28 14:42:57 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/28 14:42:56 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/28 14:42:15 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2011/10/28 14:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/10/28 14:39:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/28 14:30:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/28 12:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Application Data\Apple Computer
[2011/10/28 12:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\Western Digital
[2011/10/28 12:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\VERITAS
[2011/10/28 12:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\Apple Computer
[2011/10/28 12:29:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\craigp.PI\IETldCache
[2011/10/28 12:29:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\craigp.PI\Cookies
[2011/10/28 12:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Application Data\Windows Small Business Server
[2011/10/28 12:29:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\craigp.PI\Application Data\Microsoft
[2011/10/28 12:29:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\craigp.PI\SendTo
[2011/10/28 12:29:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\craigp.PI\Recent
[2011/10/28 12:29:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\craigp.PI\Application Data
[2011/10/28 12:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\craigp.PI\Start Menu\Programs\Startup
[2011/10/28 12:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\craigp.PI\Start Menu
[2011/10/28 12:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\craigp.PI\My Documents\My Pictures
[2011/10/28 12:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\craigp.PI\My Documents\My Music
[2011/10/28 12:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\craigp.PI\My Documents
[2011/10/28 12:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\craigp.PI\Favorites
[2011/10/28 12:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\craigp.PI\Start Menu\Programs\Accessories
[2011/10/28 12:29:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\craigp.PI\Templates
[2011/10/28 12:29:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\craigp.PI\PrintHood
[2011/10/28 12:29:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\craigp.PI\NetHood
[2011/10/28 12:29:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\craigp.PI\Local Settings
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\My Documents\My Google Gadgets
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\Microsoft Help
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\Microsoft
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Application Data\Macromedia
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Application Data\Intel
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Application Data\Identities
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\Google
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Desktop
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Start Menu\Programs\Dell
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\BVRP Software
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\ApplicationHistory
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\Adobe
[2011/10/28 12:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2011/10/28 12:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Small Business Server
[2011/10/28 09:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/10/28 09:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/10/27 06:20:40 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\craigp.PI\Desktop\aswMBR.exe
[2011/10/25 18:51:30 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\craigp.PI\Desktop\tdsskiller.exe
[2011/10/18 14:14:51 | 000,625,032 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2011/10/18 14:14:51 | 000,242,056 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2011/10/18 14:14:51 | 000,107,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2011/10/18 14:14:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2011/10/18 14:14:51 | 000,087,456 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2011/10/18 14:14:50 | 000,321,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
[2011/10/18 14:14:50 | 000,287,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
[2011/10/18 14:14:50 | 000,043,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2011/10/18 14:14:43 | 000,188,080 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2011/10/18 14:14:43 | 000,145,968 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symfw.sys
[2011/10/18 14:14:43 | 000,039,856 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symids.sys
[2011/10/18 14:14:43 | 000,038,448 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndisv.sys
[2011/10/18 14:14:43 | 000,035,120 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndis.sys
[2011/10/18 14:14:43 | 000,026,416 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symredrv.sys
[2011/10/18 14:14:43 | 000,012,720 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symdns.sys
[2011/10/17 19:41:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\craigp.PI\Desktop\dds.com
[2011/10/11 22:22:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/11 22:19:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/11 22:19:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/11 22:19:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/11 22:19:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/11 22:19:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/11 22:18:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/11 22:18:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\craigp.PI\Start Menu\Programs\Administrative Tools
[2011/10/11 18:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/11 18:39:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/10 21:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craigp.PI\Application Data\Malwarebytes
[2011/10/10 21:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/10 21:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 18:08:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\craigp.PI\Desktop\OTL.exe
[2011/10/30 18:05:09 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/30 18:05:07 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NextMove PCI Initialization.lnk
[2011/10/30 18:04:44 | 000,026,828 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/10/30 18:04:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/30 18:04:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/30 18:01:55 | 000,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/10/30 18:00:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/30 18:00:41 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 16:36:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 14:43:07 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/28 14:43:07 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/28 14:43:07 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/28 14:43:07 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/28 14:18:11 | 000,540,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/28 14:18:11 | 000,109,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/28 14:15:46 | 000,026,828 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/10/28 14:10:39 | 000,009,558 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/28 12:00:04 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\DLOClientu.exe - PROPAC_craigp.job
[2011/10/27 06:28:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\craigp.PI\Desktop\MBR.dat
[2011/10/27 06:20:40 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\craigp.PI\Desktop\aswMBR.exe
[2011/10/25 07:58:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/25 07:38:31 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\craigp.PI\Desktop\Shortcut (2) to ComboFix.exe.lnk
[2011/10/24 19:02:32 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\craigp.PI\Desktop\Shortcut to ComboFix.exe.lnk
[2011/10/21 21:39:08 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\craigp.PI\Desktop\tdsskiller.exe
[2011/10/18 14:14:51 | 000,625,032 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2011/10/18 14:14:51 | 000,242,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2011/10/18 14:14:51 | 000,107,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2011/10/18 14:14:51 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2011/10/18 14:14:51 | 000,087,456 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2011/10/18 14:14:50 | 000,321,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
[2011/10/18 14:14:50 | 000,287,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
[2011/10/18 14:14:50 | 000,043,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2011/10/18 14:14:50 | 000,007,454 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.cat
[2011/10/18 14:14:50 | 000,007,454 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.cat
[2011/10/18 14:14:50 | 000,007,450 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.cat
[2011/10/18 14:14:50 | 000,001,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.inf
[2011/10/18 14:14:50 | 000,001,421 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.inf
[2011/10/18 14:14:50 | 000,001,415 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.inf
[2011/10/18 14:14:43 | 000,188,080 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2011/10/18 14:14:43 | 000,145,968 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symfw.sys
[2011/10/18 14:14:43 | 000,039,856 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symids.sys
[2011/10/18 14:14:43 | 000,038,448 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndisv.sys
[2011/10/18 14:14:43 | 000,035,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndis.sys
[2011/10/18 14:14:43 | 000,026,416 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symredrv.sys
[2011/10/18 14:14:43 | 000,012,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symdns.sys
[2011/10/18 14:14:43 | 000,009,892 | ---- | M] () -- C:\WINDOWS\System32\drivers\SymRedir.cat
[2011/10/18 14:14:43 | 000,001,356 | ---- | M] () -- C:\WINDOWS\System32\drivers\SymRedir.inf
[2011/10/17 19:32:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\craigp.PI\Desktop\dds.com
[2011/10/17 19:22:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\craigp.PI\defogger_reenable
[2011/10/11 22:22:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/11 20:11:47 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/11 18:39:34 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/09 12:03:16 | 000,254,073 | ---- | M] () -- C:\Documents and Settings\craigp.PI\My Documents\home 3108.dwg
[2011/10/09 11:23:33 | 000,253,776 | ---- | M] () -- C:\Documents and Settings\craigp.PI\My Documents\home 3108.bak
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/28 14:42:56 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/28 14:42:56 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/28 12:29:58 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Start Menu\Programs\Windows Media Player.lnk
[2011/10/28 12:29:58 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Desktop\Windows Media Player.lnk
[2011/10/28 12:29:48 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/28 12:29:48 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\fusioncache.dat
[2011/10/28 12:29:48 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/28 12:29:47 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Start Menu\Programs\Remote Assistance.lnk
[2011/10/28 12:29:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Start Menu\Programs\Internet Explorer.lnk
[2011/10/28 12:29:47 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Start Menu\Programs\Outlook Express.lnk
[2011/10/27 06:28:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Desktop\MBR.dat
[2011/10/25 07:38:31 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Desktop\Shortcut (2) to ComboFix.exe.lnk
[2011/10/24 19:02:32 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Desktop\Shortcut to ComboFix.exe.lnk
[2011/10/18 14:14:50 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.cat
[2011/10/18 14:14:50 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.cat
[2011/10/18 14:14:50 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.cat
[2011/10/18 14:14:50 | 000,001,430 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.inf
[2011/10/18 14:14:50 | 000,001,421 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.inf
[2011/10/18 14:14:50 | 000,001,415 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.inf
[2011/10/18 14:14:43 | 000,009,892 | ---- | C] () -- C:\WINDOWS\System32\drivers\SymRedir.cat
[2011/10/18 14:14:43 | 000,001,356 | ---- | C] () -- C:\WINDOWS\System32\drivers\SymRedir.inf
[2011/10/17 19:46:25 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Desktop\gmer.exe
[2011/10/17 19:22:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\craigp.PI\defogger_reenable
[2011/10/17 19:21:51 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Desktop\Defogger.exe
[2011/10/11 22:29:15 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/11 22:22:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/11 22:22:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/11 22:19:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/11 22:19:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/11 22:19:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/11 22:19:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/11 22:19:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/11 20:11:47 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/11 18:39:34 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/30 15:53:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\V-SFT_USB.BIN
[2011/05/09 21:31:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Application Data\winscp.rnd
[2011/03/21 16:51:46 | 000,221,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/11 11:54:21 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/19 19:51:22 | 000,073,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/06 21:07:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/25 11:15:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/06 10:20:49 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2008/07/25 10:08:34 | 000,036,408 | ---- | C] () -- C:\WINDOWS\System32\LINXVDD.DLL
[2008/07/05 18:19:52 | 000,007,449 | ---- | C] () -- C:\WINDOWS\System32\drivers\SDDHP.BIN
[2008/07/05 18:19:52 | 000,006,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\slcnewkt.bin
[2008/07/05 18:19:52 | 000,005,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\SDDH.BIN
[2008/07/05 18:19:50 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTC.BIN
[2008/07/05 18:19:50 | 000,015,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMK485.BIN
[2008/07/05 18:19:50 | 000,015,557 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTX485.BIN
[2008/07/05 18:19:50 | 000,009,282 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKPCL.BIN
[2008/07/05 18:19:50 | 000,009,139 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXPCL.BIN
[2008/07/05 18:19:50 | 000,007,575 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLPCL.BIN
[2008/07/05 18:19:50 | 000,001,825 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST2.BIN
[2008/07/05 18:19:50 | 000,001,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST3.BIN
[2008/07/05 18:19:50 | 000,001,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST2.BIN
[2008/07/05 18:19:50 | 000,001,801 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST1.BIN
[2008/07/05 18:19:50 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST1.BIN
[2008/07/05 18:19:50 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXST1.BIN
[2008/07/05 18:19:50 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST1.BIN
[2008/07/05 18:19:50 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST0.BIN
[2008/07/05 18:19:50 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXST0.BIN
[2008/07/05 18:19:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST0.BIN
[2008/07/05 18:19:50 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST0.BIN
[2008/07/05 18:19:50 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST2.BIN
[2008/03/26 17:25:22 | 000,000,299 | ---- | C] () -- C:\WINDOWS\CTWIN.INI
[2008/03/26 17:25:10 | 000,000,108 | ---- | C] () -- C:\WINDOWS\HIGHEDIT.INI
[2008/03/26 17:24:15 | 000,000,281 | ---- | C] () -- C:\WINDOWS\nmbench.ini
[2008/03/26 17:02:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/02/18 10:32:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EVMOVE.INI
[2007/10/06 21:06:40 | 000,002,244 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/24 16:40:35 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/06/17 12:48:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/12 12:14:24 | 000,000,123 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2007/06/12 12:14:23 | 000,000,227 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2007/06/12 12:14:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2007/05/25 15:24:36 | 000,126,704 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2007/05/25 15:24:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2007/05/08 13:20:33 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2007/05/07 22:21:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2007/05/07 20:04:34 | 000,001,564 | ---- | C] () -- C:\WINDOWS\SYSWIN.INI
[2007/05/07 19:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2007/05/07 19:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2007/05/07 19:24:02 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\craigp.PI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/07 12:36:35 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EvMoveW.INI
[2007/05/07 12:35:18 | 000,001,778 | ---- | C] () -- C:\WINDOWS\EDS.INI
[2007/05/07 12:35:18 | 000,000,247 | ---- | C] () -- C:\WINDOWS\RLEIcons.ini
[2007/05/07 11:29:26 | 000,000,128 | ---- | C] () -- C:\WINDOWS\rocksoft.ini
[2007/04/20 23:42:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/20 23:31:25 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/20 23:27:02 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/04/20 23:17:14 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2007/04/20 22:59:43 | 000,026,828 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/04/20 22:54:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/04/20 22:54:11 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/20 22:54:11 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/04/20 22:54:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/20 22:54:10 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/20 22:54:09 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/20 22:54:09 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/04/20 22:54:07 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/04/20 22:54:07 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/04/20 22:52:26 | 000,000,434 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/20 14:32:00 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006/09/08 11:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2006/05/05 19:26:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll
[2005/11/10 04:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 00:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/11 20:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 20:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 20:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 20:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 20:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 20:06:43 | 001,615,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 20:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 20:00:28 | 000,540,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 20:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 20:00:28 | 000,109,314 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 20:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 20:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 20:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 20:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 20:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 20:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 20:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 20:00:04 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/10/29 01:51:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2000/01/31 09:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 30 October 2011 - 05:54 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    IE - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
     O3 - HKU\S-1-5-21-1005158233-3823122298-4136515416-1173\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 fatnold

fatnold
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 30 October 2011 - 03:56 PM

56% cpu usage. iexplorer using 38% cpu.

Seems to run normally except evry few minutes you hear a 'click' sound similar to that when you click an 'OK' button in a dialogue box or when an info balloon pops uip yet there is nothing poppinhg up on screen or tool tray.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
File {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1005158233-3823122298-4136515416-1173\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files\uTorrentBar\prxtbuTo2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_USERS\S-1-5-21-1005158233-3823122298-4136515416-1173\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo2.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\craigp.PI\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\craigp.PI\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: cn_support
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: cn_support.PI
->Temp folder emptied: 300325 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: craigp

User: craigp.PI
->Temp folder emptied: 31657902 bytes
->Temporary Internet Files folder emptied: 56583261 bytes
->Java cache emptied: 488 bytes
->Flash cache emptied: 42542 bytes

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: TEMP
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: TEMP.PROPAC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3845137 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 161731 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 104 bytes

Total Files Cleaned = 89.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: cn_support

User: cn_support.PI
->Flash cache emptied: 0 bytes

User: craigp

User: craigp.PI
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: owner

User: TEMP

User: TEMP.PROPAC

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_074357

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DF5DBF.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DFDDFD.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DFF668.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DFF672.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DFF6EE.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DFF705.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DFF70F.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DFF7BF.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temp\~DFF7FC.tmp not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\WWBVDLI7\622075,123607bf21864b4,msc,ax.80-ns.moosappl_l;;ppos=atf;kw=;tile=2;sz=300x250,336x280;net=ns;cmw=owl;contx=msc;an=80;dc=s;btg=ns[1].moosappl_l;ord=5947314940280616 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\K8V0CDS3\1a6MEcofn-_biuVh6Nwoo8kijDHfJxXO1F_gl7TwW3jbA5gzoE-8sGuKWIYMr2P4MvuNW3i4nIG046QTKYZ9kmrRlp1-NnePQsZPG3j31CZceAD8xiUFHzmYlOxWOJJDR24ZrLWRnxbCGbtCKEh8kJwvw7DGI[1].gif not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\K8V0CDS3\4,moosappl,ax.80-ns.moosappl_l;;ppos=btf;kw=;tile=1;dcopt=ist;sz=728x90,970x90;net=ns;cmw=owl;contx=moosappl;an=80;dc=s;btg=ns[1].moosappl_l;ord=%203715644568516079 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\K8V0CDS3\=,ns-30421802900_1319573803,123607bf21864b4,moosappl,ax[1].;;ppos=btf;kw=;tile=3;sz=120x600,160x600;net=ns;cmw=owl;contx=moosappl;an=;dc=s;btg=;ord=3715644568516079 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\K8V0CDS3\ns.moosappl_l-ns.cesoanti_l;;ppos=atf;kw=;tile=1;sz=300x250,336x280;net=ns;cmw=owl;contx=msc;an=140;dc=s;btg=ns.moosappl_l;btg=ns[1].cesoanti_l;ord=1671842092171632 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\K8V0CDS3\ns.moosappl_l-ns.cesoanti_l;;ppos=atf;kw=;tile=1;sz=300x250,336x280;net=ns;cmw=owl;contx=msc;an=140;dc=s;btg=ns.moosappl_l;btg=ns[1].cesoanti_l;ord=3802145963978025 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\K8V0CDS3\ns.moosappl_l-ns.cesoanti_l;;ppos=atf;kw=;tile=2;sz=300x250,336x280;net=ns;cmw=owl;contx=msc;an=140;dc=s;btg=ns.moosappl_l;btg=ns[1].cesoanti_l;ord=3802145963978025 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\K8V0CDS3\ti,ax.-ns.moosappl_l-ns.cesoanti_l;;ppos=atf;kw=;tile=1;sz=970x90;net=ns;cmw=owl;contx=cesoanti;an=;dc=s;btg=ns.moosappl_l;btg=ns[1].cesoanti_l;ord=5791579688979311 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\INDM7R1O\-30409850355_1319573791,123607bf21864b4,moosappl,;;ppos=atf;kw=;tile=1;dcopt=ist;sz=728x90,970x90;net=ns;cmw=owl;contx=moosappl;dc=s;btg=;ord=%203715644568516079[1] not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\INDM7R1O\319656737,123607bf21864b4,cesoanti,ax.-ns.moosappl_l;;ppos=atf;kw=;tile=1;sz=970x90;net=ns;cmw=owl;contx=cesoanti;an=;dc=s;btg=ns[1].moosappl_l;ord=2233198925438935 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\INDM7R1O\ns.moosappl_l-ns.cesoanti_l;;ppos=atf;kw=;tile=2;sz=300x250,336x280;net=ns;cmw=owl;contx=msc;an=140;dc=s;btg=ns.moosappl_l;btg=ns[1].cesoanti_l;ord=1671842092171632 not found!
C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\HMLC68B1\facebook_com[1].htm moved successfully.
C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\HMLC68B1\morestories[1].htm moved successfully.
C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\HMLC68B1\page__pid__2458484[1].htm moved successfully.
C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\D88HSIQ1\ai[1].htm moved successfully.
C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\D88HSIQ1\index[1].htm moved successfully.
C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\9J50HUZL\12[2].htm moved successfully.
C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\2EZ0HBQ9\maincomp[1].htm moved successfully.
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\28E3K3Y7\2065,123607bf21864b4,msc,ax.140-ns.moosappl_l;;ppos=atf;kw=;tile=1;sz=300x250,336x280;net=ns;cmw=owl;contx=msc;an=140;dc=s;btg=ns[1].moosappl_l;ord=5947314940280616 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\28E3K3Y7\319622062,123607bf21864b4,moosappl,ax.-ns.moosappl_l;;ppos=atf;kw=;tile=1;sz=970x90;net=ns;cmw=owl;contx=moosappl;an=;dc=s;btg=ns[1].moosappl_l;ord=8636932127413410 not found!
File\Folder C:\Documents and Settings\craigp.PI\Local Settings\Temporary Internet Files\Content.IE5\28E3K3Y7\l7TwW3jbA5gzoE-8sGuKWIYMr2P4MvuNW3i4nIG046QTKYZ9kmrRlp1-NnePQsZPG3j31CZceAD8xiUFHzmYlOxWOJJDR24ZrLWRnxbCGbtCKEh8kJwvw7DGI&callback=google.LU[1].loadFeaturemap_827_0 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_944.dat not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_968.dat not found!

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users