Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible ZeroAccess rootkit


  • This topic is locked This topic is locked
11 replies to this topic

#1 84xads

84xads

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 November 2011 - 12:49 AM

I've been working thru a AV Protection 2011 infection with boopme at:
http://www.bleepingcomputer.com/forums/topic428384.html/page__gopid__2481999#entry2481999

Boopme recommended that I post here to discover if I have a ZeroAccess rootkit

Here's my MiniToolbox log and dds.txt:

MiniToolBox by Farbar
Ran by bthompson (administrator) on 21-11-2011 at 08:45:13
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration



Host Name . . . . . . . . . . . . : dpahl

Primary Dns Suffix . . . . . . . : supersuppers.com

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : supersuppers.com

gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-7E-26-38

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.70

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Sunday, November 20, 2011 10:10:37 PM

Lease Expires . . . . . . . . . . : Monday, November 21, 2011 10:10:37 PM

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.225.105, 209.85.225.106, 209.85.225.147, 209.85.225.99
209.85.225.103, 209.85.225.104



Pinging google.com [209.85.225.99] with 32 bytes of data:



Reply from 209.85.225.99: bytes=32 time=57ms TTL=47

Reply from 209.85.225.99: bytes=32 time=56ms TTL=47



Ping statistics for 209.85.225.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 57ms, Average = 56ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=72ms TTL=54

Reply from 98.137.149.56: bytes=32 time=109ms TTL=54



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 72ms, Maximum = 109ms, Average = 90ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 7e 26 38 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.70 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.70 192.168.1.70 20
192.168.1.0 255.255.255.0 192.168.1.70 192.168.1.70 20
192.168.1.70 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.70 192.168.1.70 20
224.0.0.0 240.0.0.0 192.168.1.70 192.168.1.70 20
255.255.255.255 255.255.255.255 192.168.1.70 192.168.1.70 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/21/2011 02:10:56 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/20/2011 06:10:57 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/20/2011 02:50:39 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/19/2011 06:50:45 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/19/2011 11:06:25 AM) (Source: Microsoft Office 12) (User: )
Description: Faulting application outlook.exe, version 12.0.6562.5003, stamp 4e2f99fb, faulting module msvcr80.dll, version 8.0.50727.6195, stamp 4dcddbf3, debug? 0, fault address 0x00015076.

Error: (11/19/2011 10:50:43 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/19/2011 02:50:38 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/18/2011 06:36:56 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Unexpected or missing value (name: 'PackageCode', value: '') in key 'HKLM\Software\Classes\Installer\Products\56A6209C9A7D89145807EAAAC025F3EF'

Error: (11/18/2011 06:36:56 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Unexpected or missing value (name: 'PackageCode', value: '') in key 'HKLM\Software\Classes\Installer\Products\2E9EA578198BA10479DB35C323942803'

Error: (11/18/2011 06:05:05 PM) (Source: Application Hang) (User: )
Description: Hanging application notepad.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/21/2011 06:41:12 AM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/21/2011 02:56:02 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain SUPERSUPPERS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/21/2011 01:41:12 AM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 08:41:22 PM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 03:41:12 PM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 10:41:15 AM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 10:12:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl
IntelIde
SAVRT
SAVRTPEL

Error: (11/20/2011 10:12:33 AM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 10:11:43 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain SUPERSUPPERS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/20/2011 10:05:46 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain SUPERSUPPERS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================
Error: (11/19/2011 11:04:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 41809 seconds with 840 seconds of active time. This session ended with a crash.

Error: (09/14/2011 03:03:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 178459 seconds with 6120 seconds of active time. This session ended with a crash.

Error: (09/01/2011 08:30:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 74303 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (08/31/2011 11:51:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 271182 seconds with 4260 seconds of active time. This session ended with a crash.

Error: (07/07/2011 02:23:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 56405 seconds with 3360 seconds of active time. This session ended with a crash.

Error: (05/09/2011 08:41:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 161130 seconds with 4080 seconds of active time. This session ended with a crash.

Error: (05/07/2011 11:55:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 223007 seconds with 9000 seconds of active time. This session ended with a crash.

Error: (04/29/2011 07:48:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 543 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/29/2011 07:32:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 146540 seconds with 8820 seconds of active time. This session ended with a crash.

Error: (04/27/2011 02:50:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 543668 seconds with 15540 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Flash Player 10 Plugin (Version: 10.3.183.11)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Amazon Kindle For PC
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.2.120)
Bonjour (Version: 2.0.4.0)
Business Plan Pro 15th Anniversary Edition (Version: 11.25.0009)
Cobian Backup 8
Documents To Go Desktop for iPhone (Version: 2.0000.006)
ESET Online Scanner v3
FileZilla Client 3.3.5.1 (Version: 3.3.5.1)
Google Chrome (Version: 15.0.874.121)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)
Google Update Helper (Version: 1.3.21.79)
HP USB Disk Storage Format Tool
Internet Information Services (IIS) 7 Manager (Version: 7.0.0.0)
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.2.4)
Kindle PC Converter (Version: )
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Market Samurai (Version: 0.87.5)
Marketing Plan Pro 9.0 (Version: 9.02.0004)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Project Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (PROVIDUSSTD) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox (3.6.24) (Version: 3.6.24 (en-US))
MSXML 6.0 Parser
NCH Toolbox
Nitro PDF Professional (Version: 6.2.1.10)
Palo Alto Software's Application Manager 8.2 (Version: 8.45.0004)
Panda ActiveScan 2.0 (Version: 01.04.00.0000)
QuickTime (Version: 7.71.80.42)
Revo Uninstaller Pro 2.5.5 (Version: 2.5.5)
S3 Ripper 1.3
Safari (Version: 5.33.21.1)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.111)
SoundFont Bank Manager
STOPzilla (Version: 5.0.92.3)
WebFldrs XP
WebMoney Agent (Version: 3.5)
Windows Defender (Version: 1.1.1593.21)

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 2045.98 MB
Available physical RAM: 839.96 MB
Total Pagefile: 3044.24 MB
Available Pagefile: 1888.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70.87 GB) (Free:27.62 GB) NTFS
3 Drive e: () (Fixed) (Total:93.15 GB) (Free:17.86 GB) NTFS
4 Drive f: (My Book) (Fixed) (Total:232.83 GB) (Free:103.32 GB) FAT32
5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive h: () (Removable) (Total:1.9 GB) (Free:1.74 GB) FAT

========================= Users: ========================================

User accounts for \\DPAHL

Administrator ASPNET Guest
HelpAssistant IUSR_DPAHL IWAM_DPAHL
QBDataServiceUser SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

dds.txt is here:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by bthompson at 14:59:15 on 2011-11-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.808 [GMT -6:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\bthompson\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: $talisma_url$
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} - hxxp://dot.pima.gov/gis/pictometry/viewer/ver30b/PictImageCtrl30.cab
DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} - hxxps://accounting.quickbooks.com/c1/v23.181/qboimax6.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxp://logistics.suddath.com/Fulfillment/WareHouse/Reports/vsprint7.cab
DPF: {B66A992D-C262-496E-8328-2F14FD80443A} - hxxps://qbo.intuit.com/c32/v37.119/qboimax7.cab
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://174.120.225.198:4643/vz/ssh/wodTelnetDLX.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9F03E2F8-ECD4-4C6A-A9CE-4AA71ACF07DB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ABA83E5B-3552-43CC-AC4A-5138283E6E80} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C27296B9-9125-46A8-A36A-E9CD5728320E} : DhcpNameServer = 68.113.206.10 66.169.221.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: intelsusb - ntusbw32.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: ntusbw32 - ntusbw32.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bthompson\application data\mozilla\firefox\profiles\nwmyn1el.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\bthompson\application data\mozilla\firefox\profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\bthompson\application data\mozilla\firefox\profiles\nwmyn1el.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE} - c:\documents and settings\bthompson\local settings\application data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: KeywordSpyâ„¢ SEO/PPC: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b} - %profile%\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-7-14 28552]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-14 366152]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-2-2 315392]
R2 MSSQL$PROVIDUSSTD;SQL Server (PROVIDUSSTD);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-14 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys --> c:\program files\symantec antivirus\savrt.sys [?]
S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\savrtpel.sys --> c:\program files\symantec antivirus\Savrtpel.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S2 intelusb3;Intel USB3 Device Service;c:\windows\system32\svchost.exe -k intelusbs3 [2004-8-11 14336]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2003-1-30 18864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20070103.018\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20070103.018\naveng.sys [?]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20070103.018\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20070103.018\navex15.sys [?]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2009-7-21 434176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-7-15 27064]
S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S4 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S4 SavRoam;SAVRoam;"c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]
S4 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\rtvscan.exe" --> c:\program files\symantec antivirus\Rtvscan.exe [?]
.
=============== Created Last 30 ================
.
2011-11-19 00:57:45 -------- d-----w- c:\documents and settings\bthompson\application data\VS Revo Group
2011-11-19 00:32:34 552464 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-11-19 00:32:26 25560 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-11-19 00:32:26 140760 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-11-19 00:00:47 -------- d-----w- c:\documents and settings\bthompson\local settings\application data\Secunia PSI
2011-11-19 00:00:09 -------- d-----w- c:\program files\Secunia
2011-11-18 21:00:22 -------- d-----w- c:\documents and settings\bthompson\application data\xhYCwkUVrOtPuSi
2011-11-18 21:00:22 -------- d-----w- c:\documents and settings\bthompson\application data\JD3pnG5aQ6W8R9T
2011-11-18 20:31:39 -------- d-----w- c:\documents and settings\bthompson\application data\bmH5WJ7fE8TqCk
2011-11-18 20:31:39 -------- d-----w- c:\documents and settings\bthompson\application data\arzONtxA0v2b3
2011-11-18 19:52:03 -------- d-----w- c:\documents and settings\bthompson\application data\mon4amH5sJfLgZj
2011-11-18 19:52:00 -------- d-----w- c:\documents and settings\bthompson\application data\b6sWJ7fELgZjCk
2011-11-18 15:32:56 -------- d-----w- c:\program files\Cobian Backup 8
2011-11-18 15:21:30 -------- d-----w- c:\documents and settings\bthompson\application data\yL9hTXqjUeIrNc1
2011-11-18 15:21:30 -------- d-----w- c:\documents and settings\bthompson\application data\vG4aQH6dW7
2011-11-18 15:11:47 37888 ----a-w- c:\windows\system32\ntusbw32.dll
2011-11-17 18:39:58 -------- d-----w- c:\program files\D48E5
2011-11-17 18:39:29 -------- d-----w- c:\documents and settings\bthompson\application data\gRUIP1245JEgZhC
2011-11-17 18:39:28 -------- d-----w- c:\documents and settings\bthompson\application data\OFpGsJd89wetyio
2011-11-17 18:39:16 -------- d-----w- c:\program files\LP
2011-11-17 18:39:16 -------- d-----w- c:\documents and settings\bthompson\application data\989D4
2011-11-17 18:38:49 -------- d-----w- c:\documents and settings\bthompson\application data\sIrOyAuSoFpGsJ
2011-11-17 18:38:46 -------- d-----w- c:\documents and settings\bthompson\application data\xfRZ9hYXVtPyiDo
2011-11-15 15:59:28 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{3fc84145-4d9f-4882-8931-a9134175d4cb}\mpengine.dll
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
==================== Find3M ====================
.
2011-11-19 00:29:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 20:54:29 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:02:34.51 ===============


Also attached are my attach.txt from the DDS scan and the ark.txt from my GMER scan.

Thank you in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:15 AM

Posted 22 November 2011 - 03:52 PM

Hi,

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#3 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 November 2011 - 05:07 PM

Upon running ComboFix I received a warning...

ComboFix has detected the following real time scanner(s) to be active:
antivirus: Symantec AntiVirus Corporate Edition

Please disable these scanners before clicking 'OK'.



I no longer have Symantec installed on this machine. I will not click on 'OK' until I receive further instruction...


Here is my TDSSKiller log:
15:43:37.0699 40336 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
15:43:38.0292 40336 ============================================================
15:43:38.0292 40336 Current date / time: 2011/11/22 15:43:38.0292
15:43:38.0292 40336 SystemInfo:
15:43:38.0292 40336
15:43:38.0292 40336 OS Version: 5.1.2600 ServicePack: 3.0
15:43:38.0292 40336 Product type: Workstation
15:43:38.0308 40336 ComputerName: DPAHL
15:43:38.0308 40336 UserName: bthompson
15:43:38.0308 40336 Windows directory: C:\WINDOWS
15:43:38.0308 40336 System windows directory: C:\WINDOWS
15:43:38.0308 40336 Processor architecture: Intel x86
15:43:38.0308 40336 Number of processors: 1
15:43:38.0308 40336 Page size: 0x1000
15:43:38.0308 40336 Boot type: Normal boot
15:43:38.0308 40336 ============================================================
15:43:43.0886 40336 Initialize success
15:44:16.0823 42956 ============================================================
15:44:16.0823 42956 Scan started
15:44:16.0823 42956 Mode: Manual; SigCheck; TDLFS;
15:44:16.0823 42956 ============================================================
15:44:20.0713 42956 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
15:44:26.0963 42956 61883 - ok
15:44:27.0463 42956 Abiosdsk - ok
15:44:28.0416 42956 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:44:28.0541 42956 abp480n5 - ok
15:44:29.0354 42956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:44:29.0557 42956 ACPI - ok
15:44:30.0135 42956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:44:30.0276 42956 ACPIEC - ok
15:44:30.0854 42956 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:44:31.0119 42956 adpu160m - ok
15:44:31.0697 42956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:44:31.0932 42956 aec - ok
15:44:32.0494 42956 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:44:32.0635 42956 AFD - ok
15:44:33.0260 42956 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:44:33.0416 42956 agp440 - ok
15:44:33.0994 42956 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:44:34.0166 42956 agpCPQ - ok
15:44:34.0713 42956 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:44:34.0791 42956 Aha154x - ok
15:44:35.0401 42956 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:44:35.0604 42956 aic78u2 - ok
15:44:36.0260 42956 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:44:36.0463 42956 aic78xx - ok
15:44:37.0041 42956 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:44:37.0291 42956 AliIde - ok
15:44:37.0822 42956 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:44:38.0072 42956 alim1541 - ok
15:44:38.0682 42956 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:44:38.0854 42956 amdagp - ok
15:44:39.0963 42956 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:44:40.0057 42956 amsint - ok
15:44:40.0604 42956 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:44:40.0775 42956 asc - ok
15:44:41.0432 42956 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:44:41.0525 42956 asc3350p - ok
15:44:42.0104 42956 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:44:42.0260 42956 asc3550 - ok
15:44:42.0854 42956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:44:43.0010 42956 AsyncMac - ok
15:44:43.0588 42956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:44:43.0729 42956 atapi - ok
15:44:44.0291 42956 Atdisk - ok
15:44:44.0838 42956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:44:45.0025 42956 Atmarpc - ok
15:44:45.0557 42956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:44:45.0713 42956 audstub - ok
15:44:46.0353 42956 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
15:44:46.0525 42956 Avc - ok
15:44:47.0088 42956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:44:47.0244 42956 Beep - ok
15:44:47.0900 42956 bvrp_pci - ok
15:44:48.0760 42956 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:44:48.0932 42956 cbidf - ok
15:44:49.0447 42956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:44:49.0588 42956 cbidf2k - ok
15:44:50.0416 42956 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:44:50.0635 42956 CCDECODE - ok
15:44:51.0369 42956 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:44:51.0447 42956 cd20xrnt - ok
15:44:51.0994 42956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:44:52.0150 42956 Cdaudio - ok
15:44:52.0728 42956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:44:52.0900 42956 Cdfs - ok
15:44:53.0494 42956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:44:53.0650 42956 Cdrom - ok
15:44:54.0181 42956 Changer - ok
15:44:54.0728 42956 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:44:54.0900 42956 CmdIde - ok
15:44:55.0463 42956 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:44:55.0635 42956 Cpqarray - ok
15:44:56.0291 42956 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:44:56.0478 42956 ctsfm2k - ok
15:44:57.0072 42956 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
15:44:57.0166 42956 CTUSFSYN - ok
15:44:57.0884 42956 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:44:58.0228 42956 dac2w2k - ok
15:44:58.0759 42956 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:44:58.0931 42956 dac960nt - ok
15:44:59.0884 42956 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
15:44:59.0931 42956 dfmirage - ok
15:45:00.0572 42956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:45:00.0728 42956 Disk - ok
15:45:01.0713 42956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:45:02.0431 42956 dmboot - ok
15:45:03.0103 42956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:45:03.0306 42956 dmio - ok
15:45:03.0884 42956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:45:04.0041 42956 dmload - ok
15:45:04.0619 42956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:45:04.0775 42956 DMusic - ok
15:45:05.0447 42956 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:45:05.0666 42956 dot4 - ok
15:45:06.0291 42956 Dot4 HPH09 (577dc4c5f7102ba9957f302942eb2da4) C:\WINDOWS\system32\DRIVERS\hphid409.sys
15:45:06.0384 42956 Dot4 HPH09 - ok
15:45:07.0087 42956 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:45:07.0244 42956 Dot4Print - ok
15:45:08.0072 42956 Dot4Print HPH09 (d559e03b3168bc00011dd2b6f443ac71) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
15:45:08.0275 42956 Dot4Print HPH09 - ok
15:45:08.0806 42956 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
15:45:08.0962 42956 Dot4Scan - ok
15:45:09.0947 42956 Dot4Storage HPH09 (7e90e0199786c4bda3cf675b93544939) C:\WINDOWS\system32\Drivers\hphs2k09.sys
15:45:10.0025 42956 Dot4Storage HPH09 - ok
15:45:10.0556 42956 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:45:10.0728 42956 dot4usb - ok
15:45:11.0306 42956 Dot4Usb HPH09 (afcaa5b28bd1a3f9645e7ebee217c365) C:\WINDOWS\system32\drivers\hphius09.sys
15:45:11.0353 42956 Dot4Usb HPH09 - ok
15:45:12.0009 42956 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:45:12.0197 42956 dpti2o - ok
15:45:12.0744 42956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:45:12.0884 42956 drmkaud - ok
15:45:13.0509 42956 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
15:45:13.0556 42956 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
15:45:13.0556 42956 drvmcdb - detected UnsignedFile.Multi.Generic (1)
15:45:14.0119 42956 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
15:45:14.0150 42956 drvnddm ( UnsignedFile.Multi.Generic ) - warning
15:45:14.0150 42956 drvnddm - detected UnsignedFile.Multi.Generic (1)
15:45:14.0728 42956 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:45:14.0853 42956 E100B - ok
15:45:14.0978 42956 eeCtrl - ok
15:45:15.0587 42956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:45:15.0775 42956 Fastfat - ok
15:45:16.0353 42956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:45:16.0509 42956 Fdc - ok
15:45:17.0353 42956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:45:17.0587 42956 Fips - ok
15:45:18.0181 42956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:45:18.0337 42956 Flpydisk - ok
15:45:18.0915 42956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:45:19.0337 42956 FltMgr - ok
15:45:19.0868 42956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:45:20.0025 42956 Fs_Rec - ok
15:45:20.0712 42956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:45:20.0915 42956 Ftdisk - ok
15:45:21.0509 42956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:45:21.0525 42956 GEARAspiWDM - ok
15:45:22.0118 42956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:45:22.0275 42956 Gpc - ok
15:45:22.0868 42956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:45:23.0009 42956 HidUsb - ok
15:45:23.0587 42956 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:45:23.0743 42956 hpn - ok
15:45:24.0306 42956 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:45:24.0321 42956 HPZid412 ( UnsignedFile.Multi.Generic ) - warning
15:45:24.0321 42956 HPZid412 - detected UnsignedFile.Multi.Generic (1)
15:45:24.0868 42956 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:45:24.0900 42956 HPZipr12 ( UnsignedFile.Multi.Generic ) - warning
15:45:24.0900 42956 HPZipr12 - detected UnsignedFile.Multi.Generic (1)
15:45:25.0446 42956 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:45:25.0478 42956 HPZius12 ( UnsignedFile.Multi.Generic ) - warning
15:45:25.0478 42956 HPZius12 - detected UnsignedFile.Multi.Generic (1)
15:45:26.0181 42956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:45:26.0368 42956 HTTP - ok
15:45:26.0931 42956 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:45:27.0103 42956 i2omgmt - ok
15:45:27.0650 42956 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:45:27.0946 42956 i2omp - ok
15:45:28.0900 42956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:45:29.0087 42956 i8042prt - ok
15:45:30.0087 42956 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:45:31.0181 42956 ialm - ok
15:45:31.0759 42956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:45:31.0915 42956 Imapi - ok
15:45:32.0556 42956 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:45:32.0728 42956 ini910u - ok
15:45:33.0743 42956 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
15:45:34.0743 42956 IntelC51 - ok
15:45:35.0540 42956 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
15:45:35.0993 42956 IntelC52 - ok
15:45:36.0556 42956 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
15:45:36.0618 42956 IntelC53 - ok
15:45:37.0306 42956 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:45:37.0462 42956 IntelIde - ok
15:45:38.0634 42956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:45:38.0868 42956 intelppm - ok
15:45:39.0524 42956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:45:39.0681 42956 Ip6Fw - ok
15:45:40.0259 42956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:45:40.0415 42956 IpFilterDriver - ok
15:45:40.0962 42956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:45:41.0102 42956 IpInIp - ok
15:45:41.0712 42956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:45:41.0915 42956 IpNat - ok
15:45:42.0634 42956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:45:42.0790 42956 IPSec - ok
15:45:43.0384 42956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:45:43.0524 42956 IRENUM - ok
15:45:44.0102 42956 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
15:45:44.0368 42956 is3srv - ok
15:45:44.0930 42956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:45:45.0087 42956 isapnp - ok
15:45:45.0649 42956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:45:45.0790 42956 Kbdclass - ok
15:45:46.0384 42956 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:45:46.0524 42956 kbdhid - ok
15:45:47.0165 42956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:45:47.0321 42956 kmixer - ok
15:45:47.0915 42956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:45:48.0009 42956 KSecDD - ok
15:45:48.0993 42956 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:45:49.0259 42956 L8042Kbd - ok
15:45:49.0821 42956 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:45:49.0852 42956 L8042mou - ok
15:45:50.0430 42956 lbrtfdc - ok
15:45:50.0993 42956 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:45:51.0008 42956 LHidFilt - ok
15:45:51.0602 42956 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:45:51.0618 42956 LMouFilt - ok
15:45:52.0196 42956 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:45:52.0227 42956 LMouKE - ok
15:45:52.0930 42956 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
15:45:53.0024 42956 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
15:45:53.0024 42956 MarvinBus - detected UnsignedFile.Multi.Generic (1)
15:45:53.0602 42956 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:45:53.0618 42956 MBAMProtector - ok
15:45:54.0102 42956 MBAMSwissArmy - ok
15:45:54.0618 42956 mcdbus - ok
15:45:55.0165 42956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:45:55.0321 42956 mnmdd - ok
15:45:55.0883 42956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:45:56.0040 42956 Modem - ok
15:45:56.0665 42956 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:45:56.0821 42956 MODEMCSA - ok
15:45:57.0540 42956 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
15:45:57.0836 42956 mohfilt - ok
15:45:58.0446 42956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:45:58.0680 42956 Mouclass - ok
15:45:59.0274 42956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:45:59.0430 42956 mouhid - ok
15:46:00.0008 42956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:00.0180 42956 MountMgr - ok
15:46:00.0758 42956 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:46:00.0915 42956 mraid35x - ok
15:46:01.0102 42956 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:46:01.0133 42956 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:46:01.0133 42956 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:46:01.0290 42956 MREMPR5 - ok
15:46:01.0508 42956 MRENDIS5 - ok
15:46:01.0711 42956 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:46:01.0743 42956 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:46:01.0743 42956 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:46:02.0415 42956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:02.0727 42956 MRxDAV - ok
15:46:03.0446 42956 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:03.0774 42956 MRxSmb - ok
15:46:04.0336 42956 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
15:46:04.0539 42956 MSDV - ok
15:46:05.0086 42956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:46:05.0227 42956 Msfs - ok
15:46:05.0836 42956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:05.0977 42956 MSKSSRV - ok
15:46:06.0758 42956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:06.0899 42956 MSPCLOCK - ok
15:46:07.0477 42956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:07.0774 42956 MSPQM - ok
15:46:08.0289 42956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:08.0446 42956 mssmbios - ok
15:46:08.0977 42956 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:46:09.0133 42956 MSTEE - ok
15:46:09.0727 42956 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:46:09.0821 42956 Mup - ok
15:46:10.0367 42956 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:46:10.0571 42956 NABTSFEC - ok
15:46:10.0711 42956 NAVENG - ok
15:46:10.0742 42956 NAVEX15 - ok
15:46:11.0336 42956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:46:11.0602 42956 NDIS - ok
15:46:12.0133 42956 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:46:12.0289 42956 NdisIP - ok
15:46:12.0977 42956 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:13.0024 42956 NdisTapi - ok
15:46:13.0664 42956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:13.0821 42956 Ndisuio - ok
15:46:14.0383 42956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:14.0680 42956 NdisWan - ok
15:46:15.0227 42956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:15.0305 42956 NDProxy - ok
15:46:15.0899 42956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:16.0055 42956 NetBIOS - ok
15:46:16.0961 42956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:46:17.0289 42956 NetBT - ok
15:46:18.0070 42956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:46:18.0211 42956 Npfs - ok
15:46:18.0977 42956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:19.0883 42956 Ntfs - ok
15:46:20.0399 42956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:46:20.0555 42956 Null - ok
15:46:23.0633 42956 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:46:28.0711 42956 nv - ok
15:46:29.0258 42956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:29.0398 42956 NwlnkFlt - ok
15:46:29.0961 42956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:30.0133 42956 NwlnkFwd - ok
15:46:30.0758 42956 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:46:30.0820 42956 ossrv - ok
15:46:31.0914 42956 P17xfi (06902b5f2a17dddf1282ff402b5bd51b) C:\WINDOWS\system32\drivers\P17xfi.sys
15:46:32.0867 42956 P17xfi - ok
15:46:34.0102 42956 p17xfilt (a782e03a3b54c13fa7c29d33e1c9a044) C:\WINDOWS\system32\drivers\p17xfilt.sys
15:46:35.0711 42956 p17xfilt - ok
15:46:36.0320 42956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:46:36.0477 42956 Parport - ok
15:46:37.0070 42956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:37.0227 42956 PartMgr - ok
15:46:38.0008 42956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:38.0258 42956 ParVdm - ok
15:46:38.0836 42956 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
15:46:38.0852 42956 pavboot - ok
15:46:39.0398 42956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:39.0586 42956 PCI - ok
15:46:40.0086 42956 PCIDump - ok
15:46:40.0633 42956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:40.0773 42956 PCIIde - ok
15:46:41.0352 42956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:46:41.0539 42956 Pcmcia - ok
15:46:42.0039 42956 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\WINDOWS\system32\PCTINDIS5.SYS
15:46:42.0117 42956 PCTINDIS5 - ok
15:46:42.0633 42956 PDCOMP - ok
15:46:43.0477 42956 PDFRAME - ok
15:46:44.0023 42956 PDRELI - ok
15:46:44.0523 42956 PDRFRAME - ok
15:46:45.0117 42956 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:46:45.0273 42956 perc2 - ok
15:46:45.0851 42956 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:46:45.0992 42956 perc2hib - ok
15:46:46.0742 42956 PinnacleMarvinAVS (c463f4e36e7a90bed38483939adab014) C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys
15:46:47.0055 42956 PinnacleMarvinAVS ( UnsignedFile.Multi.Generic ) - warning
15:46:47.0055 42956 PinnacleMarvinAVS - detected UnsignedFile.Multi.Generic (1)
15:46:47.0633 42956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:47.0820 42956 PptpMiniport - ok
15:46:48.0383 42956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:48.0664 42956 PSched - ok
15:46:49.0242 42956 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
15:46:49.0258 42956 PSI - ok
15:46:49.0883 42956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:50.0039 42956 Ptilink - ok
15:46:50.0586 42956 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:46:50.0601 42956 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:46:50.0601 42956 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:46:51.0164 42956 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:46:51.0320 42956 ql1080 - ok
15:46:51.0898 42956 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:46:52.0055 42956 Ql10wnt - ok
15:46:52.0601 42956 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:46:52.0789 42956 ql12160 - ok
15:46:53.0336 42956 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:46:53.0508 42956 ql1240 - ok
15:46:54.0539 42956 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:46:54.0711 42956 ql1280 - ok
15:46:55.0258 42956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:55.0398 42956 RasAcd - ok
15:46:56.0008 42956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:56.0164 42956 Rasl2tp - ok
15:46:56.0726 42956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:56.0883 42956 RasPppoe - ok
15:46:57.0430 42956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:57.0789 42956 Raspti - ok
15:46:58.0367 42956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:58.0586 42956 Rdbss - ok
15:46:59.0148 42956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:59.0289 42956 RDPCDD - ok
15:46:59.0930 42956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:47:00.0148 42956 rdpdr - ok
15:47:00.0773 42956 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:47:00.0883 42956 RDPWD - ok
15:47:01.0445 42956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:47:01.0601 42956 redbook - ok
15:47:02.0180 42956 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:47:02.0211 42956 Revoflt - ok
15:47:02.0305 42956 SAVRT - ok
15:47:02.0320 42956 SAVRTPEL - ok
15:47:03.0180 42956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:47:03.0414 42956 Secdrv - ok
15:47:04.0320 42956 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
15:47:04.0851 42956 senfilt - ok
15:47:05.0398 42956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:47:05.0539 42956 serenum - ok
15:47:06.0117 42956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:47:06.0273 42956 Serial - ok
15:47:06.0883 42956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:47:07.0023 42956 Sfloppy - ok
15:47:07.0539 42956 Simbad - ok
15:47:08.0570 42956 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:47:08.0742 42956 sisagp - ok
15:47:09.0336 42956 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:47:09.0476 42956 SLIP - ok
15:47:10.0148 42956 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
15:47:10.0258 42956 smwdm - ok
15:47:10.0836 42956 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:47:10.0929 42956 Sparrow - ok
15:47:11.0039 42956 SPBBCDrv - ok
15:47:11.0586 42956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:47:11.0726 42956 splitter - ok
15:47:12.0570 42956 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
15:47:13.0258 42956 sptd - ok
15:47:14.0070 42956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:47:14.0226 42956 sr - ok
15:47:14.0914 42956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:47:15.0211 42956 Srv - ok
15:47:15.0804 42956 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:47:15.0867 42956 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
15:47:15.0867 42956 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
15:47:16.0461 42956 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
15:47:16.0476 42956 ssrtln ( UnsignedFile.Multi.Generic ) - warning
15:47:16.0476 42956 ssrtln - detected UnsignedFile.Multi.Generic (1)
15:47:17.0070 42956 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:47:17.0226 42956 streamip - ok
15:47:17.0789 42956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:47:17.0929 42956 swenum - ok
15:47:18.0523 42956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:47:18.0679 42956 swmidi - ok
15:47:19.0711 42956 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:47:19.0898 42956 symc810 - ok
15:47:20.0429 42956 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:47:20.0586 42956 symc8xx - ok
15:47:20.0773 42956 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
15:47:20.0883 42956 SymEvent - ok
15:47:21.0429 42956 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
15:47:21.0445 42956 SYMREDRV - ok
15:47:22.0398 42956 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
15:47:22.0695 42956 SYMTDI - ok
15:47:23.0258 42956 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:47:23.0414 42956 sym_hi - ok
15:47:24.0070 42956 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:47:24.0226 42956 sym_u3 - ok
15:47:24.0789 42956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:47:24.0961 42956 sysaudio - ok
15:47:25.0539 42956 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
15:47:25.0570 42956 szkg5 - ok
15:47:26.0320 42956 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
15:47:26.0351 42956 szkgfs - ok
15:47:27.0023 42956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:47:27.0382 42956 Tcpip - ok
15:47:28.0304 42956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:47:28.0507 42956 TDPIPE - ok
15:47:29.0195 42956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:47:29.0336 42956 TDTCP - ok
15:47:29.0898 42956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:47:30.0086 42956 TermDD - ok
15:47:30.0601 42956 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
15:47:30.0632 42956 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
15:47:30.0632 42956 tfsnboio - detected UnsignedFile.Multi.Generic (1)
15:47:31.0492 42956 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
15:47:31.0570 42956 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
15:47:31.0570 42956 tfsncofs - detected UnsignedFile.Multi.Generic (1)
15:47:32.0211 42956 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
15:47:32.0226 42956 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
15:47:32.0226 42956 tfsndrct - detected UnsignedFile.Multi.Generic (1)
15:47:32.0711 42956 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
15:47:32.0726 42956 tfsndres ( UnsignedFile.Multi.Generic ) - warning
15:47:32.0726 42956 tfsndres - detected UnsignedFile.Multi.Generic (1)
15:47:33.0273 42956 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
15:47:33.0320 42956 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
15:47:33.0320 42956 tfsnifs - detected UnsignedFile.Multi.Generic (1)
15:47:33.0836 42956 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
15:47:33.0851 42956 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
15:47:33.0851 42956 tfsnopio - detected UnsignedFile.Multi.Generic (1)
15:47:34.0445 42956 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
15:47:34.0461 42956 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
15:47:34.0461 42956 tfsnpool - detected UnsignedFile.Multi.Generic (1)
15:47:35.0023 42956 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
15:47:35.0086 42956 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
15:47:35.0086 42956 tfsnudf - detected UnsignedFile.Multi.Generic (1)
15:47:35.0617 42956 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
15:47:35.0664 42956 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
15:47:35.0664 42956 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
15:47:36.0242 42956 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:47:36.0398 42956 TosIde - ok
15:47:36.0961 42956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:47:37.0164 42956 Udfs - ok
15:47:37.0711 42956 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:47:37.0804 42956 ultra - ok
15:47:38.0523 42956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:47:38.0914 42956 Update - ok
15:47:39.0976 42956 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:47:40.0039 42956 USBAAPL - ok
15:47:40.0586 42956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:47:40.0711 42956 usbccgp - ok
15:47:41.0320 42956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:47:41.0476 42956 usbehci - ok
15:47:42.0132 42956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:47:42.0304 42956 usbhub - ok
15:47:42.0867 42956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:47:43.0039 42956 usbprint - ok
15:47:43.0570 42956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:47:43.0726 42956 usbscan - ok
15:47:44.0414 42956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:47:44.0554 42956 USBSTOR - ok
15:47:45.0117 42956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:47:45.0257 42956 usbuhci - ok
15:47:45.0820 42956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:47:45.0960 42956 VgaSave - ok
15:47:46.0554 42956 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:47:46.0710 42956 viaagp - ok
15:47:47.0289 42956 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:47:47.0429 42956 ViaIde - ok
15:47:48.0492 42956 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\WINDOWS\system32\DRIVERS\viamraid.sys
15:47:48.0585 42956 viamraid - ok
15:47:49.0304 42956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:47:49.0539 42956 VolSnap - ok
15:47:50.0117 42956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:47:50.0273 42956 Wanarp - ok
15:47:50.0804 42956 wanatw - ok
15:47:51.0539 42956 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:47:51.0664 42956 Wdf01000 - ok
15:47:52.0195 42956 WDICA - ok
15:47:52.0757 42956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:47:52.0929 42956 wdmaud - ok
15:47:53.0554 42956 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:47:53.0710 42956 WSTCODEC - ok
15:47:54.0304 42956 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:47:54.0429 42956 WudfPf - ok
15:47:54.0992 42956 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:47:55.0085 42956 WudfRd - ok
15:47:55.0820 42956 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
15:47:56.0195 42956 ZD1211BU(ZyDAS) - ok
15:47:56.0242 42956 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
15:47:56.0382 42956 \Device\Harddisk0\DR0 - ok
15:47:56.0382 42956 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
15:47:56.0507 42956 \Device\Harddisk1\DR4 - ok
15:47:56.0507 42956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5
15:47:57.0554 42956 \Device\Harddisk2\DR5 - ok
15:47:57.0570 42956 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk3\DR6
15:47:57.0726 42956 \Device\Harddisk3\DR6 - ok
15:47:57.0757 42956 Boot (0x1200) (19f98e600164ec0f35943ff23c1fb765) \Device\Harddisk0\DR0\Partition0
15:47:57.0757 42956 \Device\Harddisk0\DR0\Partition0 - ok
15:47:57.0757 42956 Boot (0x1200) (971956ae5e495406fa5603eac2bf5f27) \Device\Harddisk1\DR4\Partition0
15:47:57.0757 42956 \Device\Harddisk1\DR4\Partition0 - ok
15:47:57.0757 42956 Boot (0x1200) (ba40b0c37a4034bff768bd6da038b580) \Device\Harddisk2\DR5\Partition0
15:47:57.0773 42956 \Device\Harddisk2\DR5\Partition0 - ok
15:47:57.0804 42956 Boot (0x1200) (7e105c0991e3e73ce9a0609602e73a4a) \Device\Harddisk3\DR6\Partition0
15:47:57.0804 42956 \Device\Harddisk3\DR6\Partition0 - ok
15:47:57.0804 42956 ============================================================
15:47:57.0804 42956 Scan finished
15:47:57.0804 42956 ============================================================
15:47:57.0914 40788 Detected object count: 21
15:47:57.0914 40788 Actual detected object count: 21
15:48:57.0210 40788 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 PinnacleMarvinAVS ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 PinnacleMarvinAVS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0210 40788 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0210 40788 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0226 40788 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0226 40788 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0226 40788 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0226 40788 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0241 40788 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0241 40788 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0241 40788 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0241 40788 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0241 40788 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0241 40788 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0241 40788 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0241 40788 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0257 40788 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0257 40788 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0257 40788 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0257 40788 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0273 40788 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0273 40788 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0273 40788 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0273 40788 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:57.0273 40788 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:57.0273 40788 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:29.0100 42324 ============================================================
15:49:29.0100 42324 Scan started
15:49:29.0100 42324 Mode: Manual; SigCheck; TDLFS;
15:49:29.0100 42324 ============================================================
15:49:30.0304 42324 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
15:49:30.0460 42324 61883 - ok
15:49:30.0960 42324 Abiosdsk - ok
15:49:31.0538 42324 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:49:31.0616 42324 abp480n5 - ok
15:49:32.0272 42324 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:49:32.0413 42324 ACPI - ok
15:49:32.0929 42324 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:49:33.0085 42324 ACPIEC - ok
15:49:33.0663 42324 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:49:33.0804 42324 adpu160m - ok
15:49:34.0600 42324 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:49:34.0741 42324 aec - ok
15:49:35.0382 42324 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:49:35.0429 42324 AFD - ok
15:49:35.0975 42324 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:49:36.0132 42324 agp440 - ok
15:49:36.0679 42324 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:49:36.0819 42324 agpCPQ - ok
15:49:37.0397 42324 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:49:37.0475 42324 Aha154x - ok
15:49:38.0022 42324 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:49:38.0194 42324 aic78u2 - ok
15:49:38.0741 42324 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:49:38.0882 42324 aic78xx - ok
15:49:39.0460 42324 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:49:39.0600 42324 AliIde - ok
15:49:40.0163 42324 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:49:40.0304 42324 alim1541 - ok
15:49:40.0944 42324 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:49:41.0100 42324 amdagp - ok
15:49:41.0647 42324 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:49:41.0725 42324 amsint - ok
15:49:42.0319 42324 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:49:42.0460 42324 asc - ok
15:49:43.0022 42324 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:49:43.0100 42324 asc3350p - ok
15:49:43.0632 42324 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:49:43.0788 42324 asc3550 - ok
15:49:44.0428 42324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:49:44.0569 42324 AsyncMac - ok
15:49:45.0147 42324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:49:45.0272 42324 atapi - ok
15:49:45.0882 42324 Atdisk - ok
15:49:46.0460 42324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:49:46.0600 42324 Atmarpc - ok
15:49:47.0194 42324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:49:47.0335 42324 audstub - ok
15:49:48.0257 42324 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
15:49:48.0413 42324 Avc - ok
15:49:48.0944 42324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:49:49.0085 42324 Beep - ok
15:49:49.0585 42324 bvrp_pci - ok
15:49:50.0132 42324 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:49:50.0288 42324 cbidf - ok
15:49:50.0850 42324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:49:50.0991 42324 cbidf2k - ok
15:49:51.0553 42324 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:49:51.0710 42324 CCDECODE - ok
15:49:52.0585 42324 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:49:52.0678 42324 cd20xrnt - ok
15:49:53.0475 42324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:49:53.0616 42324 Cdaudio - ok
15:49:54.0194 42324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:49:54.0335 42324 Cdfs - ok
15:49:54.0913 42324 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:49:55.0053 42324 Cdrom - ok
15:49:55.0835 42324 Changer - ok
15:49:56.0444 42324 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:49:56.0585 42324 CmdIde - ok
15:49:57.0147 42324 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:49:57.0272 42324 Cpqarray - ok
15:49:57.0850 42324 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:49:57.0882 42324 ctsfm2k - ok
15:49:58.0522 42324 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
15:49:58.0538 42324 CTUSFSYN - ok
15:49:59.0132 42324 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:49:59.0303 42324 dac2w2k - ok
15:49:59.0850 42324 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:49:59.0991 42324 dac960nt - ok
15:50:00.0600 42324 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
15:50:00.0600 42324 dfmirage - ok
15:50:01.0381 42324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:50:01.0585 42324 Disk - ok
15:50:02.0428 42324 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:50:02.0803 42324 dmboot - ok
15:50:03.0460 42324 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:50:03.0600 42324 dmio - ok
15:50:04.0147 42324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:50:04.0288 42324 dmload - ok
15:50:04.0850 42324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:50:04.0991 42324 DMusic - ok
15:50:05.0631 42324 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:50:05.0772 42324 dot4 - ok
15:50:06.0428 42324 Dot4 HPH09 (577dc4c5f7102ba9957f302942eb2da4) C:\WINDOWS\system32\DRIVERS\hphid409.sys
15:50:06.0460 42324 Dot4 HPH09 - ok
15:50:06.0991 42324 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:50:07.0131 42324 Dot4Print - ok
15:50:07.0694 42324 Dot4Print HPH09 (d559e03b3168bc00011dd2b6f443ac71) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
15:50:07.0725 42324 Dot4Print HPH09 - ok
15:50:08.0288 42324 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
15:50:08.0428 42324 Dot4Scan - ok
15:50:08.0975 42324 Dot4Storage HPH09 (7e90e0199786c4bda3cf675b93544939) C:\WINDOWS\system32\Drivers\hphs2k09.sys
15:50:09.0006 42324 Dot4Storage HPH09 - ok
15:50:09.0600 42324 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:50:09.0741 42324 dot4usb - ok
15:50:10.0288 42324 Dot4Usb HPH09 (afcaa5b28bd1a3f9645e7ebee217c365) C:\WINDOWS\system32\drivers\hphius09.sys
15:50:10.0319 42324 Dot4Usb HPH09 - ok
15:50:10.0850 42324 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:50:11.0006 42324 dpti2o - ok
15:50:11.0710 42324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:50:11.0835 42324 drmkaud - ok
15:50:12.0506 42324 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
15:50:12.0538 42324 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
15:50:12.0538 42324 drvmcdb - detected UnsignedFile.Multi.Generic (1)
15:50:13.0100 42324 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
15:50:13.0100 42324 drvnddm ( UnsignedFile.Multi.Generic ) - warning
15:50:13.0100 42324 drvnddm - detected UnsignedFile.Multi.Generic (1)
15:50:14.0038 42324 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:50:14.0085 42324 E100B - ok
15:50:14.0241 42324 eeCtrl - ok
15:50:15.0147 42324 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:50:15.0272 42324 Fastfat - ok
15:50:15.0835 42324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:50:15.0975 42324 Fdc - ok
15:50:16.0663 42324 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:50:16.0803 42324 Fips - ok
15:50:17.0366 42324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:50:17.0491 42324 Flpydisk - ok
15:50:18.0085 42324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:50:18.0225 42324 FltMgr - ok
15:50:18.0803 42324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:50:18.0928 42324 Fs_Rec - ok
15:50:20.0038 42324 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:50:20.0178 42324 Ftdisk - ok
15:50:20.0741 42324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:50:20.0756 42324 GEARAspiWDM - ok
15:50:21.0288 42324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:50:21.0444 42324 Gpc - ok
15:50:22.0100 42324 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:50:22.0241 42324 HidUsb - ok
15:50:22.0819 42324 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:50:22.0944 42324 hpn - ok
15:50:23.0538 42324 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:50:23.0553 42324 HPZid412 ( UnsignedFile.Multi.Generic ) - warning
15:50:23.0553 42324 HPZid412 - detected UnsignedFile.Multi.Generic (1)
15:50:24.0069 42324 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:50:24.0069 42324 HPZipr12 ( UnsignedFile.Multi.Generic ) - warning
15:50:24.0069 42324 HPZipr12 - detected UnsignedFile.Multi.Generic (1)
15:50:24.0631 42324 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:50:24.0647 42324 HPZius12 ( UnsignedFile.Multi.Generic ) - warning
15:50:24.0647 42324 HPZius12 - detected UnsignedFile.Multi.Generic (1)
15:50:25.0288 42324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:50:25.0350 42324 HTTP - ok
15:50:25.0897 42324 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:50:26.0038 42324 i2omgmt - ok
15:50:26.0616 42324 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:50:26.0772 42324 i2omp - ok
15:50:27.0319 42324 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:50:27.0506 42324 i8042prt - ok
15:50:28.0991 42324 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:50:29.0475 42324 ialm - ok
15:50:30.0038 42324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:50:30.0178 42324 Imapi - ok
15:50:30.0772 42324 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:50:30.0913 42324 ini910u - ok
15:50:32.0006 42324 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
15:50:32.0491 42324 IntelC51 - ok
15:50:33.0241 42324 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
15:50:33.0522 42324 IntelC52 - ok
15:50:34.0084 42324 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
15:50:34.0116 42324 IntelC53 - ok
15:50:34.0803 42324 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:50:34.0944 42324 IntelIde - ok
15:50:35.0616 42324 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:50:35.0741 42324 intelppm - ok
15:50:36.0288 42324 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:50:36.0444 42324 Ip6Fw - ok
15:50:37.0022 42324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:50:37.0163 42324 IpFilterDriver - ok
15:50:38.0131 42324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:50:38.0334 42324 IpInIp - ok
15:50:38.0959 42324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:50:39.0116 42324 IpNat - ok
15:50:39.0725 42324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:50:39.0866 42324 IPSec - ok
15:50:40.0412 42324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:50:40.0569 42324 IRENUM - ok
15:50:41.0147 42324 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
15:50:41.0162 42324 is3srv - ok
15:50:41.0756 42324 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:50:41.0897 42324 isapnp - ok
15:50:42.0553 42324 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:50:42.0694 42324 Kbdclass - ok
15:50:43.0241 42324 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:50:43.0397 42324 kbdhid - ok
15:50:44.0037 42324 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:50:44.0178 42324 kmixer - ok
15:50:44.0772 42324 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:50:44.0787 42324 KSecDD - ok
15:50:45.0334 42324 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:50:45.0350 42324 L8042Kbd - ok
15:50:45.0944 42324 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:50:45.0944 42324 L8042mou - ok
15:50:46.0491 42324 lbrtfdc - ok
15:50:47.0053 42324 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:50:47.0053 42324 LHidFilt - ok
15:50:48.0069 42324 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:50:48.0194 42324 LMouFilt - ok
15:50:48.0772 42324 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:50:48.0787 42324 LMouKE - ok
15:50:49.0366 42324 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
15:50:49.0381 42324 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
15:50:49.0381 42324 MarvinBus - detected UnsignedFile.Multi.Generic (1)
15:50:49.0944 42324 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:50:49.0959 42324 MBAMProtector - ok
15:50:50.0444 42324 MBAMSwissArmy - ok
15:50:50.0975 42324 mcdbus - ok
15:50:51.0569 42324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:50:51.0709 42324 mnmdd - ok
15:50:52.0287 42324 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:50:52.0444 42324 Modem - ok
15:50:53.0069 42324 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:50:53.0209 42324 MODEMCSA - ok
15:50:53.0819 42324 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
15:50:53.0834 42324 mohfilt - ok
15:50:54.0366 42324 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:50:54.0506 42324 Mouclass - ok
15:50:55.0069 42324 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:50:55.0209 42324 mouhid - ok
15:50:56.0022 42324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:50:56.0162 42324 MountMgr - ok
15:50:56.0959 42324 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:50:57.0131 42324 mraid35x - ok
15:50:57.0381 42324 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:50:57.0397 42324 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:50:57.0397 42324 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:50:57.0584 42324 MREMPR5 - ok
15:50:57.0850 42324 MRENDIS5 - ok
15:50:58.0194 42324 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:50:58.0225 42324 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:50:58.0225 42324 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:50:58.0881 42324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:50:59.0022 42324 MRxDAV - ok
15:50:59.0756 42324 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:50:59.0912 42324 MRxSmb - ok
15:51:00.0475 42324 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
15:51:00.0631 42324 MSDV - ok
15:51:01.0162 42324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:51:01.0287 42324 Msfs - ok
15:51:01.0865 42324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:51:01.0990 42324 MSKSSRV - ok
15:51:02.0647 42324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:51:02.0772 42324 MSPCLOCK - ok
15:51:03.0319 42324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:51:03.0459 42324 MSPQM - ok
15:51:04.0053 42324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:51:04.0194 42324 mssmbios - ok
15:51:04.0787 42324 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:51:04.0912 42324 MSTEE - ok
15:51:05.0490 42324 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:51:05.0522 42324 Mup - ok
15:51:06.0115 42324 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:51:06.0256 42324 NABTSFEC - ok
15:51:06.0365 42324 NAVENG - ok
15:51:06.0412 42324 NAVEX15 - ok
15:51:07.0037 42324 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:51:07.0178 42324 NDIS - ok
15:51:08.0053 42324 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:51:08.0209 42324 NdisIP - ok
15:51:08.0756 42324 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:51:08.0787 42324 NdisTapi - ok
15:51:09.0334 42324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:51:09.0475 42324 Ndisuio - ok
15:51:10.0084 42324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:51:10.0225 42324 NdisWan - ok
15:51:10.0803 42324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:51:10.0850 42324 NDProxy - ok
15:51:11.0397 42324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:51:11.0537 42324 NetBIOS - ok
15:51:12.0240 42324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:51:12.0381 42324 NetBT - ok
15:51:13.0131 42324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:51:13.0272 42324 Npfs - ok
15:51:14.0084 42324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:51:14.0334 42324 Ntfs - ok
15:51:15.0178 42324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:51:15.0319 42324 Null - ok
15:51:18.0740 42324 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:51:21.0693 42324 nv - ok
15:51:22.0240 42324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:51:22.0365 42324 NwlnkFlt - ok
15:51:22.0975 42324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:51:23.0115 42324 NwlnkFwd - ok
15:51:23.0678 42324 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:51:23.0740 42324 ossrv - ok
15:51:24.0678 42324 P17xfi (06902b5f2a17dddf1282ff402b5bd51b) C:\WINDOWS\system32\drivers\P17xfi.sys
15:51:25.0147 42324 P17xfi - ok
15:51:26.0287 42324 p17xfilt (a782e03a3b54c13fa7c29d33e1c9a044) C:\WINDOWS\system32\drivers\p17xfilt.sys
15:51:26.0990 42324 p17xfilt - ok
15:51:27.0553 42324 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:51:27.0693 42324 Parport - ok
15:51:28.0381 42324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:51:28.0522 42324 PartMgr - ok
15:51:29.0584 42324 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:51:29.0725 42324 ParVdm - ok
15:51:30.0303 42324 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
15:51:30.0318 42324 pavboot - ok
15:51:30.0959 42324 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:51:31.0100 42324 PCI - ok
15:51:31.0600 42324 PCIDump - ok
15:51:32.0240 42324 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:51:32.0381 42324 PCIIde - ok
15:51:33.0037 42324 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:51:33.0178 42324 Pcmcia - ok
15:51:33.0662 42324 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\WINDOWS\system32\PCTINDIS5.SYS
15:51:33.0678 42324 PCTINDIS5 - ok
15:51:34.0365 42324 PDCOMP - ok
15:51:34.0897 42324 PDFRAME - ok
15:51:35.0381 42324 PDRELI - ok
15:51:35.0912 42324 PDRFRAME - ok
15:51:36.0459 42324 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:51:36.0600 42324 perc2 - ok
15:51:37.0178 42324 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:51:37.0303 42324 perc2hib - ok
15:51:38.0506 42324 PinnacleMarvinAVS (c463f4e36e7a90bed38483939adab014) C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys
15:51:38.0693 42324 PinnacleMarvinAVS ( UnsignedFile.Multi.Generic ) - warning
15:51:38.0693 42324 PinnacleMarvinAVS - detected UnsignedFile.Multi.Generic (1)
15:51:39.0584 42324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:51:39.0725 42324 PptpMiniport - ok
15:51:40.0318 42324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:51:40.0459 42324 PSched - ok
15:51:41.0037 42324 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
15:51:41.0037 42324 PSI - ok
15:51:41.0568 42324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:51:41.0709 42324 Ptilink - ok
15:51:42.0287 42324 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:51:42.0303 42324 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:51:42.0303 42324 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:51:42.0897 42324 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:51:43.0022 42324 ql1080 - ok
15:51:43.0678 42324 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:51:43.0834 42324 Ql10wnt - ok
15:51:44.0381 42324 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:51:44.0522 42324 ql12160 - ok
15:51:45.0131 42324 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:51:45.0256 42324 ql1240 - ok
15:51:45.0803 42324 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:51:45.0943 42324 ql1280 - ok
15:51:46.0475 42324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:51:46.0600 42324 RasAcd - ok
15:51:47.0209 42324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:51:47.0334 42324 Rasl2tp - ok
15:51:48.0162 42324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:51:48.0318 42324 RasPppoe - ok
15:51:48.0943 42324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:51:49.0068 42324 Raspti - ok
15:51:49.0678 42324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:51:49.0818 42324 Rdbss - ok
15:51:50.0350 42324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:51:50.0475 42324 RDPCDD - ok
15:51:51.0115 42324 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:51:51.0272 42324 rdpdr - ok
15:51:51.0881 42324 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:51:51.0928 42324 RDPWD - ok
15:51:52.0475 42324 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:51:52.0615 42324 redbook - ok
15:51:53.0209 42324 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:51:53.0225 42324 Revoflt - ok
15:51:53.0334 42324 SAVRT - ok
15:51:53.0350 42324 SAVRTPEL - ok
15:51:54.0022 42324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:51:54.0162 42324 Secdrv - ok
15:51:55.0053 42324 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
15:51:55.0287 42324 senfilt - ok
15:51:55.0818 42324 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:51:55.0975 42324 serenum - ok
15:51:56.0522 42324 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:51:56.0678 42324 Serial - ok
15:51:57.0475 42324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:51:57.0615 42324 Sfloppy - ok
15:51:58.0553 42324 Simbad - ok
15:51:59.0256 42324 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:51:59.0397 42324 sisagp - ok
15:51:59.0943 42324 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:52:00.0100 42324 SLIP - ok
15:52:00.0725 42324 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
15:52:00.0756 42324 smwdm - ok
15:52:01.0693 42324 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:52:01.0772 42324 Sparrow - ok
15:52:01.0943 42324 SPBBCDrv - ok
15:52:02.0522 42324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:52:02.0662 42324 splitter - ok
15:52:03.0475 42324 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
15:52:03.0709 42324 sptd - ok
15:52:04.0397 42324 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:52:04.0522 42324 sr - ok
15:52:05.0225 42324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:52:05.0381 42324 Srv - ok
15:52:05.0928 42324 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:52:05.0943 42324 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
15:52:05.0943 42324 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
15:52:06.0490 42324 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
15:52:06.0522 42324 ssrtln ( UnsignedFile.Multi.Generic ) - warning
15:52:06.0522 42324 ssrtln - detected UnsignedFile.Multi.Generic (1)
15:52:07.0084 42324 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:52:07.0240 42324 streamip - ok
15:52:07.0772 42324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:52:07.0912 42324 swenum - ok
15:52:08.0459 42324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:52:08.0600 42324 swmidi - ok
15:52:09.0256 42324 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:52:09.0381 42324 symc810 - ok
15:52:09.0912 42324 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:52:10.0084 42324 symc8xx - ok
15:52:10.0272 42324 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
15:52:10.0287 42324 SymEvent - ok
15:52:10.0850 42324 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
15:52:10.0850 42324 SYMREDRV - ok
15:52:11.0506 42324 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
15:52:11.0522 42324 SYMTDI - ok
15:52:12.0303 42324 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:52:12.0506 42324 sym_hi - ok
15:52:13.0115 42324 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:52:13.0256 42324 sym_u3 - ok
15:52:13.0834 42324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:52:14.0006 42324 sysaudio - ok
15:52:14.0615 42324 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
15:52:14.0631 42324 szkg5 - ok
15:52:15.0256 42324 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
15:52:15.0256 42324 szkgfs - ok
15:52:15.0943 42324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:52:16.0131 42324 Tcpip - ok
15:52:16.0662 42324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:52:16.0803 42324 TDPIPE - ok
15:52:17.0428 42324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:52:17.0553 42324 TDTCP - ok
15:52:18.0209 42324 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:52:18.0350 42324 TermDD - ok
15:52:18.0865 42324 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
15:52:18.0881 42324 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
15:52:18.0881 42324 tfsnboio - detected UnsignedFile.Multi.Generic (1)
15:52:20.0006 42324 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
15:52:20.0022 42324 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
15:52:20.0022 42324 tfsncofs - detected UnsignedFile.Multi.Generic (1)
15:52:20.0600 42324 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
15:52:20.0615 42324 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
15:52:20.0615 42324 tfsndrct - detected UnsignedFile.Multi.Generic (1)
15:52:21.0115 42324 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
15:52:21.0131 42324 tfsndres ( UnsignedFile.Multi.Generic ) - warning
15:52:21.0131 42324 tfsndres - detected UnsignedFile.Multi.Generic (1)
15:52:21.0647 42324 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
15:52:21.0662 42324 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
15:52:21.0662 42324 tfsnifs - detected UnsignedFile.Multi.Generic (1)
15:52:22.0209 42324 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
15:52:22.0225 42324 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
15:52:22.0225 42324 tfsnopio - detected UnsignedFile.Multi.Generic (1)
15:52:22.0709 42324 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
15:52:22.0725 42324 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
15:52:22.0725 42324 tfsnpool - detected UnsignedFile.Multi.Generic (1)
15:52:23.0600 42324 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
15:52:23.0631 42324 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
15:52:23.0631 42324 tfsnudf - detected UnsignedFile.Multi.Generic (1)
15:52:24.0318 42324 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
15:52:24.0334 42324 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
15:52:24.0334 42324 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
15:52:24.0881 42324 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:52:25.0022 42324 TosIde - ok
15:52:25.0600 42324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:52:25.0740 42324 Udfs - ok
15:52:26.0334 42324 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:52:26.0428 42324 ultra - ok
15:52:27.0115 42324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:52:27.0381 42324 Update - ok
15:52:27.0943 42324 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:52:27.0959 42324 USBAAPL - ok
15:52:28.0553 42324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:52:28.0693 42324 usbccgp - ok
15:52:29.0365 42324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:52:29.0506 42324 usbehci - ok
15:52:30.0084 42324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:52:30.0240 42324 usbhub - ok
15:52:30.0803 42324 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:52:30.0943 42324 usbprint - ok
15:52:31.0490 42324 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:52:31.0631 42324 usbscan - ok
15:52:32.0240 42324 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:52:32.0381 42324 USBSTOR - ok
15:52:32.0928 42324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:52:33.0068 42324 usbuhci - ok
15:52:33.0615 42324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:52:33.0756 42324 VgaSave - ok
15:52:34.0412 42324 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:52:34.0553 42324 viaagp - ok
15:52:35.0115 42324 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:52:35.0256 42324 ViaIde - ok
15:52:35.0818 42324 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\WINDOWS\system32\DRIVERS\viamraid.sys
15:52:35.0850 42324 viamraid - ok
15:52:36.0428 42324 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:52:36.0568 42324 VolSnap - ok
15:52:37.0209 42324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:52:37.0350 42324 Wanarp - ok
15:52:37.0850 42324 wanatw - ok
15:52:38.0600 42324 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:52:38.0740 42324 Wdf01000 - ok
15:52:39.0318 42324 WDICA - ok
15:52:39.0897 42324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:52:40.0037 42324 wdmaud - ok
15:52:40.0803 42324 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:52:40.0943 42324 WSTCODEC - ok
15:52:41.0537 42324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:52:41.0553 42324 WudfPf - ok
15:52:42.0100 42324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:52:42.0162 42324 WudfRd - ok
15:52:42.0881 42324 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
15:52:43.0022 42324 ZD1211BU(ZyDAS) - ok
15:52:43.0084 42324 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
15:52:43.0381 42324 \Device\Harddisk0\DR0 - ok
15:52:43.0381 42324 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
15:52:43.0506 42324 \Device\Harddisk1\DR4 - ok
15:52:43.0522 42324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5
15:52:44.0568 42324 \Device\Harddisk2\DR5 - ok
15:52:44.0568 42324 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk3\DR6
15:52:44.0709 42324 \Device\Harddisk3\DR6 - ok
15:52:44.0725 42324 Boot (0x1200) (19f98e600164ec0f35943ff23c1fb765) \Device\Harddisk0\DR0\Partition0
15:52:44.0725 42324 \Device\Harddisk0\DR0\Partition0 - ok
15:52:44.0740 42324 Boot (0x1200) (971956ae5e495406fa5603eac2bf5f27) \Device\Harddisk1\DR4\Partition0
15:52:44.0740 42324 \Device\Harddisk1\DR4\Partition0 - ok
15:52:44.0740 42324 Boot (0x1200) (ba40b0c37a4034bff768bd6da038b580) \Device\Harddisk2\DR5\Partition0
15:52:44.0740 42324 \Device\Harddisk2\DR5\Partition0 - ok
15:52:44.0756 42324 Boot (0x1200) (7e105c0991e3e73ce9a0609602e73a4a) \Device\Harddisk3\DR6\Partition0
15:52:44.0756 42324 \Device\Harddisk3\DR6\Partition0 - ok
15:52:44.0772 42324 ============================================================
15:52:44.0772 42324 Scan finished
15:52:44.0772 42324 ============================================================
15:52:44.0803 42308 Detected object count: 21
15:52:44.0803 42308 Actual detected object count: 21
15:53:09.0568 42308 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0568 42308 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0568 42308 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0568 42308 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0568 42308 HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0568 42308 HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0568 42308 HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0568 42308 HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0584 42308 HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0584 42308 HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0584 42308 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0584 42308 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0584 42308 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0584 42308 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0584 42308 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0584 42308 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0584 42308 PinnacleMarvinAVS ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0584 42308 PinnacleMarvinAVS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0584 42308 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0584 42308 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0600 42308 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0600 42308 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0600 42308 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0600 42308 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0600 42308 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0600 42308 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0600 42308 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0600 42308 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0615 42308 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0615 42308 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0615 42308 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0615 42308 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0631 42308 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0631 42308 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0631 42308 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0631 42308 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0631 42308 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0631 42308 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0631 42308 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0631 42308 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:09.0647 42308 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:09.0647 42308 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:40.0225 41412 Deinitialize success

#4 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:15 AM

Posted 23 November 2011 - 12:37 PM

Hi

I no longer have Symantec installed on this machine. I will not click on 'OK' until I receive further instruction...

Don't worry about it. We'll deal with that later.

Please click on "OK" and post the resulting ComboFix log in your next reply. :thumbsup:

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#5 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 23 November 2011 - 02:45 PM

ComboFix 11-11-23.01 - bthompson 11/23/2011 12:22:04.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1637 [GMT -6:00]
Running from: c:\documents and settings\bthompson\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\bthompson\Application Data\PriceGong
c:\documents and settings\bthompson\Application Data\PriceGong\Data\1.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\a.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\b.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\c.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\d.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\e.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\f.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\g.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\h.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\i.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\J.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\k.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\l.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\m.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\n.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\o.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\p.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\q.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\r.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\s.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\t.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\u.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\v.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\w.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\x.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\y.xml
c:\documents and settings\bthompson\Application Data\PriceGong\Data\z.xml
c:\documents and settings\bthompson\g2mdlhlpx.exe
c:\documents and settings\bthompson\My Documents\~WRL0001.tmp
c:\program files\LP
c:\program files\LP\6389\1.tmp
c:\program files\LP\6389\2.tmp
c:\program files\LP\6389\27.tmp
c:\program files\LP\6389\29.tmp
c:\program files\LP\6389\2C.tmp
c:\program files\LP\6389\2D.tmp
c:\program files\LP\6389\2E.tmp
c:\program files\LP\6389\3.tmp
c:\program files\LP\6389\4.tmp
c:\program files\LP\6389\E.tmp
c:\windows\$NtUninstallKB15814$
c:\windows\$NtUninstallKB15814$\1928211824
c:\windows\$NtUninstallKB15814$\4041526562\@
c:\windows\$NtUninstallKB15814$\4041526562\bckfg.tmp
c:\windows\$NtUninstallKB15814$\4041526562\cfg.ini
c:\windows\$NtUninstallKB15814$\4041526562\Desktop.ini
c:\windows\$NtUninstallKB15814$\4041526562\kwrd.dll
c:\windows\$NtUninstallKB15814$\4041526562\L\iahonoel
c:\windows\$NtUninstallKB15814$\4041526562\lsflt7.ver
c:\windows\$NtUninstallKB15814$\4041526562\U\00000001.@
c:\windows\$NtUninstallKB15814$\4041526562\U\00000002.@
c:\windows\$NtUninstallKB15814$\4041526562\U\00000004.@
c:\windows\$NtUninstallKB15814$\4041526562\U\80000000.@
c:\windows\$NtUninstallKB15814$\4041526562\U\80000004.@
c:\windows\$NtUninstallKB15814$\4041526562\U\80000032.@
c:\windows\CSC\d6
c:\windows\system32\ntusbw32.dll
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-19 00:57 . 2011-11-19 00:57 -------- d-----w- c:\documents and settings\bthompson\Application Data\VS Revo Group
2011-11-19 00:32 . 2011-11-03 16:21 552464 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-11-19 00:32 . 2011-11-03 16:22 140760 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-11-19 00:32 . 2011-11-03 16:22 25560 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-11-19 00:00 . 2011-11-19 00:00 -------- d-----w- c:\documents and settings\bthompson\Local Settings\Application Data\Secunia PSI
2011-11-19 00:00 . 2011-11-19 00:00 -------- d-----w- c:\program files\Secunia
2011-11-18 21:00 . 2011-11-18 21:00 -------- d-----w- c:\documents and settings\bthompson\Application Data\xhYCwkUVrOtPuSi
2011-11-18 21:00 . 2011-11-18 21:00 -------- d-----w- c:\documents and settings\bthompson\Application Data\JD3pnG5aQ6W8R9T
2011-11-18 20:31 . 2011-11-18 20:31 -------- d-----w- c:\documents and settings\bthompson\Application Data\bmH5WJ7fE8TqCk
2011-11-18 20:31 . 2011-11-18 20:31 -------- d-----w- c:\documents and settings\bthompson\Application Data\arzONtxA0v2b3
2011-11-18 19:52 . 2011-11-18 19:52 -------- d-----w- c:\documents and settings\bthompson\Application Data\mon4amH5sJfLgZj
2011-11-18 19:52 . 2011-11-18 19:52 -------- d-----w- c:\documents and settings\bthompson\Application Data\b6sWJ7fELgZjCk
2011-11-18 15:32 . 2011-11-18 15:33 -------- d-----w- c:\program files\Cobian Backup 8
2011-11-18 15:21 . 2011-11-18 15:21 -------- d-----w- c:\documents and settings\bthompson\Application Data\yL9hTXqjUeIrNc1
2011-11-18 15:21 . 2011-11-18 15:21 -------- d-----w- c:\documents and settings\bthompson\Application Data\vG4aQH6dW7
2011-11-18 06:25 . 2011-11-18 06:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-11-17 18:39 . 2011-11-18 23:33 -------- d-----w- c:\program files\D48E5
2011-11-17 18:39 . 2011-11-17 18:39 -------- d-----w- c:\documents and settings\bthompson\Application Data\gRUIP1245JEgZhC
2011-11-17 18:39 . 2011-11-17 18:39 -------- d-----w- c:\documents and settings\bthompson\Application Data\OFpGsJd89wetyio
2011-11-17 18:39 . 2011-11-17 18:48 -------- d-----w- c:\documents and settings\bthompson\Application Data\989D4
2011-11-17 18:38 . 2011-11-17 18:38 -------- d-----w- c:\documents and settings\bthompson\Application Data\sIrOyAuSoFpGsJ
2011-11-17 18:38 . 2011-11-17 18:38 -------- d-----w- c:\documents and settings\bthompson\Application Data\xfRZ9hYXVtPyiDo
2011-11-15 15:59 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3FC84145-4D9F-4882-8931-A9134175D4CB}\mpengine.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 00:29 . 2011-05-19 14:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 20:54 . 2004-08-04 05:14 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-10 14:22 . 2004-08-11 23:12 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2011-06-05 17:06 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-11 23:00 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 23:00 . 2010-07-14 16:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2003-01-31 311296]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-31 196608]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2746514159-1896650942-1760562684-1262\Scripts\Logon\0\0]
"Script"=mapmonthly.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"ISSVC"=3 (0x3)
"ccProxy"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AOL ACS"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SavRoam"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Documents and Settings\\bthompson\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/14/2010 12:18 PM 28552]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 4:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 5:01 PM 59280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2010 10:12 AM 366152]
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [2/2/2011 6:51 PM 315392]
R2 MSSQL$PROVIDUSSTD;SQL Server (PROVIDUSSTD);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [3/21/2011 10:17 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [3/21/2011 10:17 AM 68928]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 12:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 12:01 AM 399416]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 4:43 PM 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2010 10:12 AM 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 4:59 PM 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:13 AM 135664]
S2 intelusb3;Intel USB3 Device Service;c:\windows\System32\svchost.exe -k intelusbs3 [8/11/2004 5:00 PM 14336]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [1/30/2003 6:55 PM 18864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:13 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [7/21/2009 12:08 AM 434176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/15/2010 10:02 AM 27064]
S4 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/23/2009 6:53 PM 717296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
intelusbs3 REG_MULTI_SZ intelusb3
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8c2abfc0adc6.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:13]
.
2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:13]
.
2011-11-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2010-02-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ABA83E5B-3552-43CC-AC4A-5138283E6E80}: NameServer = 208.67.222.222,208.67.220.220
DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxp://logistics.suddath.com/Fulfillment/WareHouse/Reports/vsprint7.cab
DPF: {B66A992D-C262-496E-8328-2F14FD80443A} - hxxps://qbo.intuit.com/c32/v37.119/qboimax7.cab
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://174.120.225.198:4643/vz/ssh/wodTelnetDLX.cab
FF - ProfilePath - c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE} - c:\documents and settings\bthompson\Local Settings\Application Data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: KeywordSpy™ SEO/PPC: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b} - %profile%\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-IntelMeM - c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
Notify-intelsusb - ntusbw32.dll
Notify-ntusbw32 - ntusbw32.dll
Notify-TPSvc - TPSvc.dll
SafeBoot-87807893.sys
SafeBoot-WinDefend
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Malware Protection - c:\documents and settings\All Users\Application Data\defender.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 13:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\WININET.dll
c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2011-11-23 13:42:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-23 19:42
.
Pre-Run: 29,548,027,904 bytes free
Post-Run: 30,085,275,648 bytes free
.
- - End Of File - - 3AF1A5787A2E94357C0B9155CC8776B7

#6 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:15 AM

Posted 23 November 2011 - 04:58 PM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

SecCenter::
{FB06448E-52B8-493A-90F3-E43226D3305C}

Folder::
c:\documents and settings\bthompson\Application Data\xhYCwkUVrOtPuSi
c:\documents and settings\bthompson\Application Data\JD3pnG5aQ6W8R9T
c:\documents and settings\bthompson\Application Data\bmH5WJ7fE8TqCk
c:\documents and settings\bthompson\Application Data\arzONtxA0v2b3
c:\documents and settings\bthompson\Application Data\mon4amH5sJfLgZj
c:\documents and settings\bthompson\Application Data\b6sWJ7fELgZjCk
c:\documents and settings\bthompson\Application Data\yL9hTXqjUeIrNc1
c:\documents and settings\bthompson\Application Data\vG4aQH6dW7
c:\program files\D48E5
c:\documents and settings\bthompson\Application Data\gRUIP1245JEgZhC
c:\documents and settings\bthompson\Application Data\OFpGsJd89wetyio
c:\documents and settings\bthompson\Application Data\989D4
c:\documents and settings\bthompson\Application Data\sIrOyAuSoFpGsJ
c:\documents and settings\bthompson\Application Data\xfRZ9hYXVtPyiDo
c:\documents and settings\bthompson\Local Settings\Application Data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\program files\Symantec AntiVirus
c:\program files\Common Files\Symantec Shared
C:\Program Files\Symantec

FireFox::
FF - ProfilePath - c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\
FF - Ext: XULRunner: {043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE} - c:\documents and settings\bthompson\Local Settings\Application Data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Driver::
SavRoam

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#7 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 23 November 2011 - 06:27 PM

ComboFix 11-11-23.02 - bthompson 11/23/2011 16:34:58.3.1 - x86
Running from: c:\documents and settings\bthompson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bthompson\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\bthompson\Application Data\989D4
c:\documents and settings\bthompson\Application Data\989D4\48E5.89D
c:\documents and settings\bthompson\Application Data\arzONtxA0v2b3
c:\documents and settings\bthompson\Application Data\arzONtxA0v2b3\AV Protection 2011.ico
c:\documents and settings\bthompson\Application Data\b6sWJ7fELgZjCk
c:\documents and settings\bthompson\Application Data\bmH5WJ7fE8TqCk
c:\documents and settings\bthompson\Application Data\gRUIP1245JEgZhC
c:\documents and settings\bthompson\Application Data\gRUIP1245JEgZhC\AV Protection 2011.ico
c:\documents and settings\bthompson\Application Data\JD3pnG5aQ6W8R9T
c:\documents and settings\bthompson\Application Data\JD3pnG5aQ6W8R9T\AV Protection 2011.ico
c:\documents and settings\bthompson\Application Data\mon4amH5sJfLgZj
c:\documents and settings\bthompson\Application Data\mon4amH5sJfLgZj\AV Protection 2011.ico
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\chrome.manifest
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\install.rdf
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\lib\xpcom.js
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\setup.ini
c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\extensions\engine@conduit.com\version.txt
c:\documents and settings\bthompson\Application Data\OFpGsJd89wetyio
c:\documents and settings\bthompson\Application Data\sIrOyAuSoFpGsJ
c:\documents and settings\bthompson\Application Data\vG4aQH6dW7
c:\documents and settings\bthompson\Application Data\xfRZ9hYXVtPyiDo
c:\documents and settings\bthompson\Application Data\xhYCwkUVrOtPuSi
c:\documents and settings\bthompson\Application Data\yL9hTXqjUeIrNc1
c:\documents and settings\bthompson\Application Data\yL9hTXqjUeIrNc1\AV Protection 2011.ico
c:\documents and settings\bthompson\Local Settings\Application Data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}
c:\documents and settings\bthompson\Local Settings\Application Data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}\chrome.manifest
c:\documents and settings\bthompson\Local Settings\Application Data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}\chrome\content\_cfg.js
c:\documents and settings\bthompson\Local Settings\Application Data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}\chrome\content\overlay.xul
c:\documents and settings\bthompson\Local Settings\Application Data\{043F9B24-8C2C-4867-9FFB-CE1CB27D0CAE}\install.rdf
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\sevinst.exe
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
c:\program files\D48E5
c:\program files\Symantec
c:\program files\Symantec\ACT\Database\Actdemo4.adb
c:\program files\Symantec\ACT\Database\Actdemo4.adx
c:\program files\Symantec\ACT\Database\Actdemo4.blb
c:\program files\Symantec\ACT\Database\Actdemo4.dbf
c:\program files\Symantec\ACT\Database\Actdemo4.ddf
c:\program files\Symantec\ACT\Database\Actdemo4.edb
c:\program files\Symantec\ACT\Database\Actdemo4.edx
c:\program files\Symantec\ACT\Database\Actdemo4.gdb
c:\program files\Symantec\ACT\Database\Actdemo4.gdx
c:\program files\Symantec\ACT\Database\Actdemo4.hdb
c:\program files\Symantec\ACT\Database\Actdemo4.hdx
c:\program files\Symantec\ACT\Database\Actdemo4.lck
c:\program files\Symantec\ACT\Database\Actdemo4.mdx
c:\program files\Symantec\ACT\Database\Actdemo4.rel
c:\program files\Symantec\ACT\Database\Actdemo4.rex
c:\program files\Symantec\ACT\Database\Actdemo4.tdb
c:\program files\Symantec\ACT\Database\Actdemo4.tdx
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.adb
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.adx
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.blb
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.dbf
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.ddf
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.edb
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.edx
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.gdb
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.gdx
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.hdb
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.hdx
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.lck
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.mdx
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.rel
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.rex
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.tdb
c:\program files\Symantec\ACT\Database\Super Suppers Contacts.tdx
c:\program files\Symantec\ACT\Database\SUPERS~123.zip
c:\program files\Symantec\ACT\Layout\ALTERNAT.CLY
c:\program files\Symantec\ACT\Layout\CONTACT1.CLY
c:\program files\Symantec\ACT\Layout\CONTACT2.CLY
c:\program files\Symantec\ACT\Layout\default.cly
c:\program files\Symantec\ACT\Layout\default.gly
c:\program files\Symantec\ACT\Layout\DEFAULT4.CLY
c:\program files\Symantec\ACT\Layout\DEFAULT4.GLY
c:\program files\Symantec\ACT\Layout\DEFLT16.CLY
c:\program files\Symantec\ACT\Layout\LRGFONT.CLY
c:\program files\Symantec\ACT\Layout\LRGFONT.GLY
c:\program files\Symantec\ACT\Layout\MODERN.CLY
c:\program files\Symantec\ACT\MODERNBK.BMP
c:\program files\Symantec\ACT\NetLinks\0010sact.web
c:\program files\Symantec\ACT\NetLinks\0020ssbr.web
c:\program files\Symantec\ACT\NetLinks\0030symr.web
c:\program files\Symantec\ACT\NetLinks\0040syts.web
c:\program files\Symantec\ACT\NetLinks\0050stry.web
c:\program files\Symantec\ACT\NetLinks\0090sym.web
c:\program files\Symantec\ACT\NetLinks\0100more.web
c:\program files\Symantec\ACT\NetLinks\1000ssep.web
c:\program files\Symantec\ACT\NetLinks\2000bigf.web
c:\program files\Symantec\ACT\NetLinks\3000inqs.web
c:\program files\Symantec\ACT\NetLinks\50001dic.web
c:\program files\Symantec\ACT\NetLinks\8000usat.web
c:\program files\Symantec\ACT\NetLinks\9000ysep.web
c:\program files\Symantec\ACT\NetLinks\9050yco.web
c:\program files\Symantec\ACT\NetLinks\9100ydd.web
c:\program files\Symantec\ACT\NetLinks\9150ylcl.web
c:\program files\Symantec\ACT\NetLinks\9200ymap.web
c:\program files\Symantec\ACT\NetLinks\9250ypsr.web
c:\program files\Symantec\ACT\NetLinks\9300ysr.web
c:\program files\Symantec\ACT\NetLinks\9350ysq.web
c:\program files\Symantec\ACT\NetLinks\9400ytkr.web
c:\program files\Symantec\ACT\NetLinks\9450yyp.web
c:\program files\Symantec\ACT\NetLinks\9500ywr.web
c:\program files\Symantec\ACT\Report\10.ENV
c:\program files\Symantec\ACT\Report\11.ENV
c:\program files\Symantec\ACT\Report\12.ENV
c:\program files\Symantec\ACT\Report\2160.LBL
c:\program files\Symantec\ACT\Report\2162.LBL
c:\program files\Symantec\ACT\Report\2163.LBL
c:\program files\Symantec\ACT\Report\4014.LBL
c:\program files\Symantec\ACT\Report\4143.LBL
c:\program files\Symantec\ACT\Report\4144.LBL
c:\program files\Symantec\ACT\Report\4145.LBL
c:\program files\Symantec\ACT\Report\4146.LBL
c:\program files\Symantec\ACT\Report\4161.LBL
c:\program files\Symantec\ACT\Report\5160.LBL
c:\program files\Symantec\ACT\Report\5161.LBL
c:\program files\Symantec\ACT\Report\5162.LBL
c:\program files\Symantec\ACT\Report\5163.LBL
c:\program files\Symantec\ACT\Report\5164.LBL
c:\program files\Symantec\ACT\Report\5385.LBL
c:\program files\Symantec\ACT\Report\6.ENV
c:\program files\Symantec\ACT\Report\9.ENV
c:\program files\Symantec\ACT\Report\ACTIVITY.REP
c:\program files\Symantec\ACT\Report\CONTACT.REP
c:\program files\Symantec\ACT\Report\CUSTOM.LBL
c:\program files\Symantec\ACT\Report\DIRECTRY.REP
c:\program files\Symantec\ACT\Report\GROUP.REP
c:\program files\Symantec\ACT\Report\GRPLST.REP
c:\program files\Symantec\ACT\Report\GRPMEMBR.REP
c:\program files\Symantec\ACT\Report\HISTCLAS.REP
c:\program files\Symantec\ACT\Report\HISTORY.REP
c:\program files\Symantec\ACT\Report\HSALLEX.REP
c:\program files\Symantec\ACT\Report\MONARCH.ENV
c:\program files\Symantec\ACT\Report\NOTEHIST.REP
c:\program files\Symantec\ACT\Report\PHONELST.REP
c:\program files\Symantec\ACT\Report\REFERRAL.REP
c:\program files\Symantec\ACT\Report\STATUS.REP
c:\program files\Symantec\ACT\Report\TASKLIST.REP
c:\program files\Symantec\ACT\Template\FAXCOVER.ADT
c:\program files\Symantec\ACT\Template\FAXCOVER.AWT
c:\program files\Symantec\ACT\Template\FAXCOVER.TPL
c:\program files\Symantec\ACT\Template\Letter.adt
c:\program files\Symantec\ACT\Template\Letter.awt
c:\program files\Symantec\ACT\Template\Letter.tpl
c:\program files\Symantec\ACT\Template\LTTRELA.ADT
c:\program files\Symantec\ACT\Template\LTTRELA.AWT
c:\program files\Symantec\ACT\Template\LTTRELA.TPL
c:\program files\Symantec\ACT\Template\LTTRUKA.ADT
c:\program files\Symantec\ACT\Template\LTTRUKA.AWT
c:\program files\Symantec\ACT\Template\LTTRUKA.TPL
c:\program files\Symantec\ACT\Template\LTTRUSC.ADT
c:\program files\Symantec\ACT\Template\LTTRUSC.AWT
c:\program files\Symantec\ACT\Template\LTTRUSC.TPL
c:\program files\Symantec\ACT\Template\MEMO.ADT
c:\program files\Symantec\ACT\Template\MEMO.AWT
c:\program files\Symantec\ACT\Template\MEMO.TPL
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LiveUpdt.hst
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LuComServer_2_6.EXE
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\luinventoryinst.jar
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\LUSESAIntegration.dll
c:\program files\Symantec\LiveUpdate\NDETECT.EXE
c:\program files\Symantec\LiveUpdate\NetDetectController_2_6.DLL
c:\program files\Symantec\LiveUpdate\pegclient.DLL
c:\program files\Symantec\LiveUpdate\pegcommon.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL
c:\program files\Symantec\LiveUpdate\ProductRegComPS_2_6.DLL
c:\program files\Symantec\LiveUpdate\providerInst.jar
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
c:\program files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\UNRAR.DLL
c:\program files\Symantec\LiveUpdate\winluproviderinst.jar
c:\program files\Symantec\S32EVNT1.DLL
c:\program files\Symantec\SYMEVENT.CAT
c:\program files\Symantec\SYMEVENT.INF
c:\program files\Symantec\SYMEVENT.SYS
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SAVROAM
-------\Service_SavRoam
-------\Legacy_DefWatch
-------\Legacy_eeCtrl
-------\Legacy_SNDSrvc
-------\Legacy_SPBBCDrv
-------\Service_DefWatch
-------\Service_eeCtrl
-------\Service_SNDSrvc
-------\Service_SPBBCDrv
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-19 00:57 . 2011-11-19 00:57 -------- d-----w- c:\documents and settings\bthompson\Application Data\VS Revo Group
2011-11-19 00:32 . 2011-11-03 16:21 552464 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-11-19 00:32 . 2011-11-03 16:22 140760 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-11-19 00:32 . 2011-11-03 16:22 25560 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-11-19 00:00 . 2011-11-19 00:00 -------- d-----w- c:\documents and settings\bthompson\Local Settings\Application Data\Secunia PSI
2011-11-19 00:00 . 2011-11-19 00:00 -------- d-----w- c:\program files\Secunia
2011-11-18 15:32 . 2011-11-18 15:33 -------- d-----w- c:\program files\Cobian Backup 8
2011-11-18 06:25 . 2011-11-18 06:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-11-15 15:59 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3FC84145-4D9F-4882-8931-A9134175D4CB}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 00:29 . 2011-05-19 14:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 20:54 . 2004-08-04 05:14 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22 . 2004-08-11 23:12 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2011-06-05 17:06 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-11 23:00 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 23:00 . 2010-07-14 16:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-23_19.24.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-23 23:06 . 2011-11-23 23:06 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
+ 2011-11-23 23:05 . 2011-11-23 23:05 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat
+ 2010-05-28 17:02 . 2011-11-23 23:07 224392 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2003-01-31 311296]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-31 196608]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2746514159-1896650942-1760562684-1262\Scripts\Logon\0\0]
"Script"=mapmonthly.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"ISSVC"=3 (0x3)
"ccProxy"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AOL ACS"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SavRoam"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Documents and Settings\\bthompson\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/14/2010 12:18 PM 28552]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 4:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 5:01 PM 59280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2010 10:12 AM 366152]
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [2/2/2011 6:51 PM 315392]
R2 MSSQL$PROVIDUSSTD;SQL Server (PROVIDUSSTD);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [3/21/2011 10:17 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [3/21/2011 10:17 AM 68928]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 12:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 12:01 AM 399416]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 4:43 PM 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2010 10:12 AM 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 4:59 PM 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:13 AM 135664]
S2 intelusb3;Intel USB3 Device Service;c:\windows\System32\svchost.exe -k intelusbs3 [8/11/2004 5:00 PM 14336]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [1/30/2003 6:55 PM 18864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:13 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [7/21/2009 12:08 AM 434176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/15/2010 10:02 AM 27064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/23/2009 6:53 PM 717296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
intelusbs3 REG_MULTI_SZ intelusb3
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8c2abfc0adc6.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:13]
.
2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:13]
.
2011-11-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2010-02-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ABA83E5B-3552-43CC-AC4A-5138283E6E80}: NameServer = 208.67.222.222,208.67.220.220
DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxp://logistics.suddath.com/Fulfillment/WareHouse/Reports/vsprint7.cab
DPF: {B66A992D-C262-496E-8328-2F14FD80443A} - hxxps://qbo.intuit.com/c32/v37.119/qboimax7.cab
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://174.120.225.198:4643/vz/ssh/wodTelnetDLX.cab
FF - ProfilePath - c:\documents and settings\bthompson\Application Data\Mozilla\Firefox\Profiles\nwmyn1el.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: KeywordSpy™ SEO/PPC: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b} - %profile%\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 17:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1272)
c:\windows\system32\WININET.dll
c:\documents and settings\bthompson\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-23 17:23:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-23 23:23
ComboFix2.txt 2011-11-23 19:42
.
Pre-Run: 30,015,320,064 bytes free
Post-Run: 29,994,504,192 bytes free
.
- - End Of File - - FF867414CAFCF5005D0E18C9141772AF

#8 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:15 AM

Posted 24 November 2011 - 10:52 AM

Hi,

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#9 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 25 November 2011 - 10:55 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8236

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/25/2011 12:26:16 AM
mbam-log-2011-11-25 (00-26-16).txt

Scan type: Quick scan
Objects scanned: 382946
Time elapsed: 26 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Here is the log from ESET - No threats found:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b5a39e8d9847d4c802ae98857d543ef
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-25 02:00:33
# local_time=2011-11-25 08:00:33 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5889 16768382 80 100 13985296 162023554 0 14052808
# compatibility_mode=8192 67108863 100 0 42065482 42065482 0 0
# scanned=303700
# found=0
# cleaned=0
# scan_time=26829

#10 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:15 AM

Posted 25 November 2011 - 11:58 AM

Hi,

This should remove Symantec completely:
Download this file and save it to your Desktop.
Unpack the file.
Open the CleanWipe folder and double-click the CleanWipe.exe file.
Click at the Install button.
When you are asked if you want to run CleanWipe now, click Yes.
As you run CleanWipe, you are prompted several times. It is recommended that you click Yes in response to all prompts.





I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast! (my recommendation), Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.





Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

Edited by Gammo, 25 November 2011 - 12:00 PM.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#11 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 25 November 2011 - 03:14 PM

I've completed all your recommendations, installed Avast and everything is running great...I REALLY appreciate all your help!!

#12 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:15 AM

Posted 21 December 2011 - 05:56 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users