Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I found a infection on my computer


  • Please log in to reply
11 replies to this topic

#1 mike88888

mike88888

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 16 July 2012 - 03:53 AM

I posted on this forum for my sister as her computer was infected. While helping her with the step by step instruction posted here by the helpful "narenxp", I started thinking I should try these application on my computer to make sure my Anti-Virus, Firewall or Anti-Malware didn't miss anything. Well my Anti-Virus, Firewall came back with nothing found I thought great.

With Malwarebytes Anti-Malware:
Here is the scan log: Note this was actually the second one because I was really new to this application and didn't save the log file for the first scan. I did however place three items in the ignore list as I have read that this was a false positive because I did purposely turn Microsoft Security off by choice.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: DRAGONGOD [administrator]

Protection: Enabled

7/12/2012 1:45:06 AM
mbam-log-2012-07-12 (01-45-06).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 321627
Time elapsed: 3 hour(s), 49 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I thought great but then I used TDSSkiller:
Here is the scan log:


07:55:44.0984 3252 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
07:55:46.0984 3252 ============================================================
07:55:46.0984 3252 Current date / time: 2012/07/15 07:55:46.0984
07:55:46.0984 3252 SystemInfo:
07:55:46.0984 3252
07:55:46.0984 3252 OS Version: 5.1.2600 ServicePack: 3.0
07:55:46.0984 3252 Product type: Workstation
07:55:46.0984 3252 ComputerName: DRAGONGOD
07:55:46.0984 3252 UserName: Administrator
07:55:46.0984 3252 Windows directory: C:\WINDOWS
07:55:46.0984 3252 System windows directory: C:\WINDOWS
07:55:46.0984 3252 Processor architecture: Intel x86
07:55:46.0984 3252 Number of processors: 1
07:55:46.0984 3252 Page size: 0x1000
07:55:46.0984 3252 Boot type: Normal boot
07:55:46.0984 3252 ============================================================
07:55:52.0484 3252 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:55:52.0500 3252 Drive \Device\Harddisk1\DR1 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:55:52.0500 3252 ============================================================
07:55:52.0500 3252 \Device\Harddisk0\DR0:
07:55:52.0500 3252 MBR partitions:
07:55:52.0500 3252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
07:55:52.0500 3252 \Device\Harddisk1\DR1:
07:55:52.0500 3252 MBR partitions:
07:55:52.0500 3252 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
07:55:52.0500 3252 ============================================================
07:55:52.0500 3252 D: <-> \Device\Harddisk1\DR1\Partition0
07:55:52.0515 3252 C: <-> \Device\Harddisk0\DR0\Partition0
07:55:52.0531 3252 ============================================================
07:55:52.0531 3252 Initialize success
07:55:52.0531 3252 ============================================================
07:56:25.0906 1444 ============================================================
07:56:25.0906 1444 Scan started
07:56:25.0906 1444 Mode: Manual; TDLFS;
07:56:25.0906 1444 ============================================================
07:56:27.0031 1444 Abiosdsk - ok
07:56:27.0031 1444 abp480n5 - ok
07:56:27.0078 1444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:56:27.0078 1444 ACPI - ok
07:56:27.0109 1444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:56:27.0125 1444 ACPIEC - ok
07:56:27.0140 1444 adpu160m - ok
07:56:27.0171 1444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:56:27.0187 1444 aec - ok
07:56:27.0234 1444 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
07:56:27.0250 1444 AFD - ok
07:56:27.0265 1444 Aha154x - ok
07:56:27.0265 1444 aic78u2 - ok
07:56:27.0281 1444 aic78xx - ok
07:56:27.0328 1444 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:56:27.0343 1444 Alerter - ok
07:56:27.0359 1444 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:56:27.0375 1444 ALG - ok
07:56:27.0375 1444 AliIde - ok
07:56:27.0390 1444 amsint - ok
07:56:27.0453 1444 AnyDVD (95cdd12426d96c73ebebe6f36fa350a2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
07:56:27.0468 1444 AnyDVD - ok
07:56:27.0734 1444 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
07:56:27.0765 1444 Apple Mobile Device - ok
07:56:27.0812 1444 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
07:56:27.0843 1444 AppMgmt - ok
07:56:27.0843 1444 asc - ok
07:56:27.0859 1444 asc3350p - ok
07:56:27.0875 1444 asc3550 - ok
07:56:28.0203 1444 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:56:28.0234 1444 aspnet_state - ok
07:56:28.0281 1444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:56:28.0281 1444 AsyncMac - ok
07:56:28.0312 1444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:56:28.0312 1444 atapi - ok
07:56:28.0328 1444 Atdisk - ok
07:56:28.0343 1444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:56:28.0359 1444 Atmarpc - ok
07:56:28.0375 1444 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:56:28.0390 1444 AudioSrv - ok
07:56:28.0421 1444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:56:28.0437 1444 audstub - ok
07:56:28.0468 1444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:56:28.0468 1444 Beep - ok
07:56:28.0531 1444 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:56:28.0546 1444 BITS - ok
07:56:28.0656 1444 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
07:56:28.0656 1444 Bonjour Service - ok
07:56:28.0687 1444 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:56:28.0703 1444 Browser - ok
07:56:28.0734 1444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:56:28.0750 1444 cbidf2k - ok
07:56:28.0859 1444 ccEvtMgr (73a35ad810cb750367cc01564a44b0e7) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
07:56:28.0859 1444 ccEvtMgr - ok
07:56:28.0906 1444 ccSetMgr (5e32d63b71495a8eda09f05bd153a537) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
07:56:28.0937 1444 ccSetMgr - ok
07:56:28.0953 1444 cd20xrnt - ok
07:56:28.0984 1444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:56:29.0000 1444 Cdaudio - ok
07:56:29.0046 1444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:56:29.0046 1444 Cdfs - ok
07:56:29.0093 1444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:56:29.0140 1444 Cdrom - ok
07:56:29.0156 1444 Changer - ok
07:56:29.0203 1444 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:56:29.0203 1444 CiSvc - ok
07:56:29.0218 1444 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:56:29.0234 1444 ClipSrv - ok
07:56:29.0593 1444 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:56:29.0921 1444 clr_optimization_v2.0.50727_32 - ok
07:56:29.0937 1444 CmdIde - ok
07:56:29.0953 1444 COMSysApp - ok
07:56:29.0968 1444 Cpqarray - ok
07:56:30.0015 1444 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:56:30.0031 1444 CryptSvc - ok
07:56:30.0078 1444 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
07:56:30.0078 1444 ctac32k - ok
07:56:30.0140 1444 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
07:56:30.0156 1444 ctaud2k - ok
07:56:30.0187 1444 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
07:56:30.0203 1444 ctljystk - ok
07:56:30.0234 1444 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
07:56:30.0250 1444 ctprxy2k - ok
07:56:30.0281 1444 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
07:56:30.0296 1444 ctsfm2k - ok
07:56:30.0312 1444 dac2w2k - ok
07:56:30.0312 1444 dac960nt - ok
07:56:30.0375 1444 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
07:56:30.0375 1444 DcomLaunch - ok
07:56:30.0515 1444 DefWatch (7f7efcc3ef73160147b27a8270b4cb9e) C:\Program Files\Symantec AntiVirus\DefWatch.exe
07:56:30.0531 1444 DefWatch - ok
07:56:30.0578 1444 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:56:30.0578 1444 Dhcp - ok
07:56:30.0625 1444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:56:30.0625 1444 Disk - ok
07:56:30.0656 1444 DLKRTS (0e0f7d71e274d375c45ddb0e230e0049) C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS
07:56:30.0671 1444 DLKRTS - ok
07:56:30.0687 1444 dmadmin - ok
07:56:30.0750 1444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:56:30.0765 1444 dmboot - ok
07:56:30.0781 1444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:56:30.0796 1444 dmio - ok
07:56:30.0828 1444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:56:30.0828 1444 dmload - ok
07:56:30.0875 1444 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:56:30.0937 1444 dmserver - ok
07:56:30.0968 1444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:56:30.0984 1444 DMusic - ok
07:56:31.0031 1444 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
07:56:31.0078 1444 Dnscache - ok
07:56:31.0125 1444 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:56:31.0140 1444 Dot3svc - ok
07:56:31.0156 1444 dpti2o - ok
07:56:31.0187 1444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:56:31.0187 1444 drmkaud - ok
07:56:31.0203 1444 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:56:31.0218 1444 EapHost - ok
07:56:31.0343 1444 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:56:31.0375 1444 eeCtrl - ok
07:56:31.0421 1444 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
07:56:31.0421 1444 ElbyCDIO - ok
07:56:31.0468 1444 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
07:56:31.0468 1444 emupia - ok
07:56:31.0515 1444 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:56:31.0531 1444 EraserUtilRebootDrv - ok
07:56:31.0546 1444 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:56:31.0562 1444 ERSvc - ok
07:56:31.0609 1444 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
07:56:31.0625 1444 Eventlog - ok
07:56:31.0656 1444 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
07:56:31.0687 1444 EventSystem - ok
07:56:31.0718 1444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:56:31.0734 1444 Fastfat - ok
07:56:31.0765 1444 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
07:56:31.0781 1444 FastUserSwitchingCompatibility - ok
07:56:31.0828 1444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:56:31.0828 1444 Fdc - ok
07:56:31.0859 1444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:56:31.0859 1444 Fips - ok
07:56:31.0875 1444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:56:31.0875 1444 Flpydisk - ok
07:56:31.0921 1444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:56:31.0921 1444 FltMgr - ok
07:56:31.0953 1444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:56:31.0968 1444 Fs_Rec - ok
07:56:31.0984 1444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:56:32.0000 1444 Ftdisk - ok
07:56:32.0031 1444 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
07:56:32.0031 1444 gameenum - ok
07:56:32.0078 1444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:56:32.0093 1444 GEARAspiWDM - ok
07:56:32.0171 1444 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
07:56:32.0171 1444 getPlusHelper - ok
07:56:32.0218 1444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:56:32.0218 1444 Gpc - ok
07:56:32.0359 1444 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
07:56:32.0390 1444 ha10kx2k - ok
07:56:32.0468 1444 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:56:32.0468 1444 helpsvc - ok
07:56:32.0515 1444 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
07:56:32.0531 1444 HidServ - ok
07:56:32.0578 1444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:56:32.0593 1444 HidUsb - ok
07:56:32.0656 1444 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:56:32.0671 1444 hkmsvc - ok
07:56:32.0687 1444 hpn - ok
07:56:32.0718 1444 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
07:56:32.0734 1444 HTTP - ok
07:56:32.0765 1444 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:56:32.0781 1444 HTTPFilter - ok
07:56:32.0796 1444 i2omgmt - ok
07:56:32.0812 1444 i2omp - ok
07:56:32.0843 1444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:56:32.0859 1444 i8042prt - ok
07:56:32.0906 1444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:56:32.0906 1444 Imapi - ok
07:56:32.0937 1444 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:56:32.0984 1444 ImapiService - ok
07:56:33.0000 1444 ini910u - ok
07:56:33.0015 1444 IntelIde - ok
07:56:33.0062 1444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:56:33.0078 1444 intelppm - ok
07:56:33.0093 1444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:56:33.0109 1444 Ip6Fw - ok
07:56:33.0140 1444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:56:33.0140 1444 IpFilterDriver - ok
07:56:33.0171 1444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:56:33.0187 1444 IpInIp - ok
07:56:33.0218 1444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:56:33.0218 1444 IpNat - ok
07:56:33.0390 1444 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
07:56:33.0484 1444 iPod Service - ok
07:56:33.0515 1444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:56:33.0546 1444 IPSec - ok
07:56:33.0578 1444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:56:33.0593 1444 IRENUM - ok
07:56:33.0625 1444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:56:33.0625 1444 isapnp - ok
07:56:33.0781 1444 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
07:56:33.0812 1444 JavaQuickStarterService - ok
07:56:33.0843 1444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:56:33.0859 1444 Kbdclass - ok
07:56:33.0906 1444 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:56:33.0921 1444 kbdhid - ok
07:56:33.0953 1444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:56:33.0953 1444 kmixer - ok
07:56:34.0000 1444 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
07:56:34.0000 1444 KSecDD - ok
07:56:34.0015 1444 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
07:56:34.0046 1444 LanmanServer - ok
07:56:34.0062 1444 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
07:56:34.0078 1444 lanmanworkstation - ok
07:56:34.0093 1444 lbrtfdc - ok
07:56:34.0328 1444 LiveUpdate (7c63055bfb959199eeef366bbbe56456) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
07:56:34.0437 1444 LiveUpdate - ok
07:56:35.0359 1444 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:56:35.0375 1444 LmHosts - ok
07:56:35.0515 1444 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
07:56:35.0515 1444 MBAMProtector - ok
07:56:35.0671 1444 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:56:35.0671 1444 MBAMService - ok
07:56:35.0796 1444 MDM (b9fe64f554af6b87d4186262e9a1c5ef) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
07:56:35.0812 1444 MDM - ok
07:56:35.0843 1444 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:56:35.0859 1444 Messenger - ok
07:56:35.0890 1444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:56:35.0890 1444 mnmdd - ok
07:56:35.0921 1444 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
07:56:35.0937 1444 mnmsrvc - ok
07:56:35.0984 1444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:56:36.0000 1444 Modem - ok
07:56:36.0031 1444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:56:36.0046 1444 Mouclass - ok
07:56:36.0093 1444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:56:36.0093 1444 mouhid - ok
07:56:36.0125 1444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:56:36.0125 1444 MountMgr - ok
07:56:36.0171 1444 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:56:36.0234 1444 MozillaMaintenance - ok
07:56:36.0234 1444 mraid35x - ok
07:56:36.0265 1444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:56:36.0265 1444 MRxDAV - ok
07:56:36.0312 1444 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:56:36.0312 1444 MRxSmb - ok
07:56:36.0343 1444 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
07:56:36.0359 1444 MSDTC - ok
07:56:36.0390 1444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:56:36.0406 1444 Msfs - ok
07:56:36.0421 1444 MSIServer - ok
07:56:36.0453 1444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:56:36.0453 1444 MSKSSRV - ok
07:56:36.0468 1444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:56:36.0484 1444 MSPCLOCK - ok
07:56:36.0500 1444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:56:36.0500 1444 MSPQM - ok
07:56:36.0531 1444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:56:36.0531 1444 mssmbios - ok
07:56:36.0562 1444 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
07:56:36.0562 1444 Mup - ok
07:56:36.0656 1444 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:56:36.0687 1444 napagent - ok
07:56:36.0812 1444 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120713.004\naveng.sys
07:56:36.0828 1444 NAVENG - ok
07:56:36.0937 1444 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120713.004\navex15.sys
07:56:36.0968 1444 NAVEX15 - ok
07:56:38.0015 1444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:56:38.0031 1444 NDIS - ok
07:56:38.0046 1444 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:56:38.0062 1444 NdisTapi - ok
07:56:38.0078 1444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:56:38.0093 1444 Ndisuio - ok
07:56:38.0109 1444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:56:38.0156 1444 NdisWan - ok
07:56:38.0187 1444 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
07:56:38.0203 1444 NDProxy - ok
07:56:38.0484 1444 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
07:56:38.0625 1444 Nero BackItUp Scheduler 3 - ok
07:56:38.0671 1444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:56:38.0671 1444 NetBIOS - ok
07:56:38.0703 1444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:56:38.0734 1444 NetBT - ok
07:56:38.0765 1444 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:56:38.0796 1444 NetDDE - ok
07:56:38.0796 1444 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:56:38.0812 1444 NetDDEdsdm - ok
07:56:38.0843 1444 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:56:38.0859 1444 Netlogon - ok
07:56:38.0890 1444 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:56:38.0890 1444 Netman - ok
07:56:38.0921 1444 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
07:56:38.0937 1444 Nla - ok
07:56:39.0218 1444 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
07:56:39.0281 1444 NMIndexingService - ok
07:56:39.0343 1444 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
07:56:39.0359 1444 nosGetPlusHelper - ok
07:56:39.0375 1444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:56:39.0375 1444 Npfs - ok
07:56:39.0453 1444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:56:39.0453 1444 Ntfs - ok
07:56:39.0484 1444 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:56:39.0484 1444 NtLmSsp - ok
07:56:39.0546 1444 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:56:39.0578 1444 NtmsSvc - ok
07:56:39.0625 1444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:56:39.0625 1444 Null - ok
07:56:40.0046 1444 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:56:40.0359 1444 nv - ok
07:56:41.0281 1444 NVSvc (be4a98439a5e26cbc70db20e996938dc) C:\WINDOWS\system32\nvsvc32.exe
07:56:41.0296 1444 NVSvc - ok
07:56:41.0437 1444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:56:41.0453 1444 NwlnkFlt - ok
07:56:41.0468 1444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:56:41.0468 1444 NwlnkFwd - ok
07:56:41.0531 1444 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
07:56:41.0546 1444 ossrv - ok
07:56:41.0578 1444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:56:41.0593 1444 Parport - ok
07:56:41.0609 1444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:56:41.0609 1444 PartMgr - ok
07:56:41.0640 1444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:56:41.0640 1444 ParVdm - ok
07:56:41.0687 1444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:56:41.0687 1444 PCI - ok
07:56:41.0703 1444 PCIDump - ok
07:56:41.0734 1444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:56:41.0734 1444 PCIIde - ok
07:56:41.0765 1444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:56:41.0781 1444 Pcmcia - ok
07:56:41.0828 1444 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
07:56:41.0828 1444 pcouffin - ok
07:56:41.0843 1444 PDCOMP - ok
07:56:41.0859 1444 PDFRAME - ok
07:56:41.0875 1444 PDRELI - ok
07:56:41.0875 1444 PDRFRAME - ok
07:56:41.0890 1444 perc2 - ok
07:56:41.0906 1444 perc2hib - ok
07:56:41.0968 1444 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
07:56:42.0046 1444 PLFlash DeviceIoControl Service - ok
07:56:42.0093 1444 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
07:56:42.0093 1444 PlugPlay - ok
07:56:42.0109 1444 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:56:42.0109 1444 PolicyAgent - ok
07:56:42.0125 1444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:56:42.0156 1444 PptpMiniport - ok
07:56:42.0171 1444 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:56:42.0171 1444 ProtectedStorage - ok
07:56:42.0187 1444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:56:42.0187 1444 PSched - ok
07:56:42.0218 1444 pssnap (f15d03c5f5ef2da9d5a1abdbbd7debf1) C:\WINDOWS\system32\DRIVERS\pssnap.sys
07:56:42.0218 1444 pssnap - ok
07:56:42.0265 1444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:56:42.0281 1444 Ptilink - ok
07:56:42.0343 1444 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:56:42.0343 1444 PxHelp20 - ok
07:56:42.0359 1444 ql1080 - ok
07:56:42.0359 1444 Ql10wnt - ok
07:56:42.0375 1444 ql12160 - ok
07:56:42.0390 1444 ql1240 - ok
07:56:42.0406 1444 ql1280 - ok
07:56:42.0421 1444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:56:42.0421 1444 RasAcd - ok
07:56:42.0453 1444 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:56:42.0468 1444 RasAuto - ok
07:56:42.0500 1444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:56:42.0515 1444 Rasl2tp - ok
07:56:42.0546 1444 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:56:42.0562 1444 RasMan - ok
07:56:42.0578 1444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:56:42.0593 1444 RasPppoe - ok
07:56:42.0640 1444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:56:42.0656 1444 Raspti - ok
07:56:42.0703 1444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:56:42.0703 1444 Rdbss - ok
07:56:42.0718 1444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:56:42.0718 1444 RDPCDD - ok
07:56:42.0765 1444 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:56:42.0781 1444 rdpdr - ok
07:56:42.0843 1444 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:56:42.0843 1444 RDPWD - ok
07:56:42.0875 1444 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:56:42.0906 1444 RDSessMgr - ok
07:56:42.0937 1444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:56:42.0953 1444 redbook - ok
07:56:43.0125 1444 ReflectService (9ebd7d8e752b065308139668d82eeb1d) C:\Program Files\Macrium\Reflect\ReflectService.exe
07:56:43.0218 1444 ReflectService - ok
07:56:43.0250 1444 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:56:43.0265 1444 RemoteAccess - ok
07:56:43.0296 1444 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
07:56:43.0312 1444 RemoteRegistry - ok
07:56:43.0359 1444 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
07:56:43.0375 1444 RpcLocator - ok
07:56:43.0421 1444 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
07:56:43.0421 1444 RpcSs - ok
07:56:43.0453 1444 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
07:56:43.0484 1444 RSVP - ok
07:56:43.0531 1444 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:56:43.0546 1444 rtl8139 - ok
07:56:43.0578 1444 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:56:43.0578 1444 SamSs - ok
07:56:43.0812 1444 SavRoam (92554f1d5037033146501f72c74b4d9f) C:\Program Files\Symantec AntiVirus\SavRoam.exe
07:56:43.0843 1444 SavRoam - ok
07:56:43.0906 1444 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
07:56:43.0937 1444 SAVRT - ok
07:56:44.0000 1444 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
07:56:44.0000 1444 SAVRTPEL - ok
07:56:44.0046 1444 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:56:44.0062 1444 SCardSvr - ok
07:56:44.0109 1444 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:56:44.0125 1444 Schedule - ok
07:56:44.0156 1444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:56:44.0156 1444 Secdrv - ok
07:56:44.0187 1444 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:56:44.0203 1444 seclogon - ok
07:56:44.0218 1444 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
07:56:44.0234 1444 SENS - ok
07:56:44.0250 1444 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:56:44.0265 1444 serenum - ok
07:56:44.0281 1444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:56:44.0296 1444 Serial - ok
07:56:44.0312 1444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:56:44.0312 1444 Sfloppy - ok
07:56:44.0359 1444 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:56:44.0390 1444 SharedAccess - ok
07:56:44.0437 1444 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
07:56:44.0437 1444 ShellHWDetection - ok
07:56:44.0453 1444 Simbad - ok
07:56:44.0484 1444 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:56:44.0484 1444 sisagp - ok
07:56:44.0656 1444 SNDSrvc (213c7eb70a762afdbb095e3535e8545c) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
07:56:44.0687 1444 SNDSrvc - ok
07:56:44.0718 1444 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
07:56:44.0734 1444 SONYPVU1 - ok
07:56:44.0750 1444 Sparrow - ok
07:56:44.0875 1444 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
07:56:44.0890 1444 SPBBCDrv - ok
07:56:45.0015 1444 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
07:56:45.0140 1444 SPBBCSvc - ok
07:56:46.0328 1444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:56:46.0343 1444 splitter - ok
07:56:46.0390 1444 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
07:56:46.0406 1444 Spooler - ok
07:56:46.0437 1444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:56:46.0453 1444 sr - ok
07:56:46.0468 1444 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:56:46.0484 1444 srservice - ok
07:56:46.0546 1444 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
07:56:46.0546 1444 Srv - ok
07:56:46.0593 1444 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:56:46.0609 1444 SSDPSRV - ok
07:56:46.0656 1444 SSI (9910b19fed16e3e073d48efc4422f29c) C:\WINDOWS\system32\Drivers\SSI.SYS
07:56:46.0656 1444 SSI - ok
07:56:46.0734 1444 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:56:46.0734 1444 stisvc - ok
07:56:46.0968 1444 svcWRSSSDK (c813a0a21424532d39131618336ad44c) C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
07:56:47.0078 1444 svcWRSSSDK - ok
07:56:48.0125 1444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:56:48.0125 1444 swenum - ok
07:56:48.0359 1444 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:56:48.0515 1444 SwitchBoard - ok
07:56:48.0546 1444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:56:48.0546 1444 swmidi - ok
07:56:48.0562 1444 SwPrv - ok
07:56:48.0906 1444 Symantec AntiVirus (7ac1fccc7976857aac3906d45a81d77b) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
07:56:48.0921 1444 Symantec AntiVirus - ok
07:56:49.0859 1444 symc810 - ok
07:56:49.0875 1444 symc8xx - ok
07:56:49.0921 1444 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
07:56:49.0937 1444 SymEvent - ok
07:56:49.0984 1444 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
07:56:49.0984 1444 SYMREDRV - ok
07:56:50.0031 1444 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
07:56:50.0062 1444 SYMTDI - ok
07:56:50.0078 1444 sym_hi - ok
07:56:50.0093 1444 sym_u3 - ok
07:56:50.0125 1444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:56:50.0140 1444 sysaudio - ok
07:56:50.0171 1444 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:56:50.0203 1444 SysmonLog - ok
07:56:50.0234 1444 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:56:50.0250 1444 TapiSrv - ok
07:56:50.0296 1444 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:56:50.0328 1444 Tcpip - ok
07:56:50.0359 1444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:56:50.0359 1444 TDPIPE - ok
07:56:50.0390 1444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:56:50.0390 1444 TDTCP - ok
07:56:50.0421 1444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:56:50.0437 1444 TermDD - ok
07:56:50.0484 1444 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:56:50.0500 1444 TermService - ok
07:56:50.0546 1444 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
07:56:50.0546 1444 Themes - ok
07:56:50.0593 1444 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
07:56:50.0625 1444 TlntSvr - ok
07:56:50.0625 1444 TosIde - ok
07:56:50.0671 1444 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:56:50.0687 1444 TrkWks - ok
07:56:50.0734 1444 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
07:56:50.0765 1444 truecrypt - ok
07:56:50.0796 1444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:56:50.0812 1444 Udfs - ok
07:56:50.0828 1444 ultra - ok
07:56:50.0953 1444 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
07:56:50.0968 1444 UnlockerDriver5 - ok
07:56:51.0015 1444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:56:51.0046 1444 Update - ok
07:56:51.0078 1444 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:56:51.0109 1444 upnphost - ok
07:56:51.0125 1444 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:56:51.0140 1444 UPS - ok
07:56:51.0171 1444 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:56:51.0171 1444 USBAAPL - ok
07:56:51.0218 1444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:56:51.0234 1444 usbccgp - ok
07:56:51.0265 1444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:56:51.0265 1444 usbehci - ok
07:56:51.0296 1444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:56:51.0296 1444 usbhub - ok
07:56:51.0312 1444 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:56:51.0328 1444 usbohci - ok
07:56:51.0375 1444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:56:51.0375 1444 usbscan - ok
07:56:51.0421 1444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:56:51.0437 1444 USBSTOR - ok
07:56:51.0453 1444 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
07:56:51.0453 1444 usb_rndisx - ok
07:56:51.0484 1444 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
07:56:51.0500 1444 USRpdA - ok
07:56:51.0546 1444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:56:51.0546 1444 VgaSave - ok
07:56:51.0562 1444 ViaIde - ok
07:56:51.0578 1444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:56:51.0578 1444 VolSnap - ok
07:56:51.0734 1444 vsdatant (19482b3bf4eab3cf52d778f9f38dd306) C:\WINDOWS\system32\vsdatant.sys
07:56:51.0765 1444 vsdatant - ok
07:56:51.0796 1444 vsmon - ok
07:56:51.0859 1444 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:56:51.0875 1444 VSS - ok
07:56:51.0937 1444 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:56:51.0953 1444 W32Time - ok
07:56:52.0000 1444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:56:52.0000 1444 Wanarp - ok
07:56:52.0015 1444 WDICA - ok
07:56:52.0046 1444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:56:52.0062 1444 wdmaud - ok
07:56:52.0109 1444 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:56:52.0125 1444 WebClient - ok
07:56:52.0250 1444 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:56:52.0281 1444 winmgmt - ok
07:56:52.0343 1444 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
07:56:52.0359 1444 WmdmPmSN - ok
07:56:52.0421 1444 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
07:56:52.0437 1444 Wmi - ok
07:56:52.0500 1444 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:56:52.0531 1444 WmiApSrv - ok
07:56:52.0718 1444 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
07:56:52.0765 1444 WMPNetworkSvc - ok
07:56:52.0906 1444 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:56:52.0921 1444 WpdUsb - ok
07:56:52.0968 1444 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
07:56:52.0984 1444 wscsvc - ok
07:56:53.0031 1444 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:56:53.0031 1444 wuauserv - ok
07:56:53.0078 1444 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:56:53.0078 1444 WudfPf - ok
07:56:53.0109 1444 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:56:53.0125 1444 WudfRd - ok
07:56:53.0140 1444 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
07:56:53.0156 1444 WudfSvc - ok
07:56:53.0218 1444 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:56:53.0234 1444 WZCSVC - ok
07:56:53.0250 1444 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:56:53.0250 1444 xmlprov - ok
07:56:53.0281 1444 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:56:53.0921 1444 \Device\Harddisk0\DR0 - ok
07:56:53.0937 1444 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
07:56:53.0984 1444 \Device\Harddisk1\DR1 - ok
07:56:54.0015 1444 Boot (0x1200) (1817622674453c2bd30de93c47f624d5) \Device\Harddisk0\DR0\Partition0
07:56:54.0015 1444 \Device\Harddisk0\DR0\Partition0 - ok
07:56:54.0031 1444 Boot (0x1200) (02e238d3ba66dc6c933bd7bb9f7a466a) \Device\Harddisk1\DR1\Partition0
07:56:54.0031 1444 \Device\Harddisk1\DR1\Partition0 - ok
07:56:54.0031 1444 ============================================================
07:56:54.0031 1444 Scan finished
07:56:54.0031 1444 ============================================================
07:56:54.0046 1684 Detected object count: 0
07:56:54.0046 1684 Actual detected object count: 0
07:57:41.0843 1728 Deinitialize success

Again I thought great so far, so I used aswMBR:
Here is the scan log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 08:02:21
-----------------------------
08:02:21.437 OS Version: Windows 5.1.2600 Service Pack 3
08:02:21.437 Number of processors: 1 586 0x207
08:02:21.437 ComputerName: DRAGONGOD UserName:
08:02:24.312 Initialize success
08:05:16.156 AVAST engine defs: 12071500
08:05:41.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
08:05:41.093 Disk 0 Vendor: IC35L060AVV207-0 V22OA66A Size: 38166MB BusType: 3
08:05:41.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
08:05:41.093 Disk 1 Vendor: IC35L060AVV207-0 V22OA66A Size: 38146MB BusType: 3
08:05:41.093 Disk 0 MBR read successfully
08:05:41.109 Disk 0 MBR scan
08:05:41.140 Disk 0 Windows XP default MBR code
08:05:41.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
08:05:41.156 Disk 0 scanning sectors +78140160
08:05:41.234 Disk 0 scanning C:\WINDOWS\system32\drivers
08:05:53.890 Service scanning
08:06:25.265 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
08:06:29.078 Modules scanning
08:06:42.562 Disk 0 trace - called modules:
08:06:42.578 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:06:42.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6d69a0]
08:06:42.578 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a6be9e8]
08:06:42.578 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a6bed98]
08:06:42.875 AVAST engine scan C:\WINDOWS
08:06:54.312 AVAST engine scan C:\WINDOWS\system32
08:09:44.921 AVAST engine scan C:\WINDOWS\system32\drivers
08:09:57.156 AVAST engine scan C:\Documents and Settings\Administrator
08:22:18.218 AVAST engine scan C:\Documents and Settings\All Users
08:23:46.609 Scan finished successfully
08:25:50.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\New Folder\MBR.dat"
08:25:50.109 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\New Folder\aswMBR.txt"

Again feeling good so I used ESET online scanner:
Here is the scan log:


C:\Documents and Settings\Administrator\Local Settings\Temp\NERO14768\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
D:\Utility's\Driver Genius Pro\Driver Genius Professional 9.0.0.180 Multi By edony\Driver_Genius_Pro_v9.0.0.180.multilanguage.with.autoreg-whoknows.exe probably a variant of Win32/Agent.BJSCQS trojan cleaned by deleting - quarantined
D:\Utility's\Eraser\Eraser 6.0.8.2273 01.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

So now I'm nervous! I checked both the Uninstall application on close and the Delete quarantined files, after that I clicked the Finished button and click the X on the upper right hand corner. As you can see why I would be nervous, any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 AM

Posted 20 July 2012 - 06:57 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 2

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 4

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 20 July 2012 - 09:56 PM

Hello dev00790,

I like to thank you for taking your time in helping me with my computer problems. I will reply back as soon as I can.

Here is the scan log for TDSSKiller:

19:08:24.0546 4324 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:08:26.0546 4324 ============================================================
19:08:26.0546 4324 Current date / time: 2012/07/20 19:08:26.0546
19:08:26.0546 4324 SystemInfo:
19:08:26.0546 4324
19:08:26.0546 4324 OS Version: 5.1.2600 ServicePack: 3.0
19:08:26.0546 4324 Product type: Workstation
19:08:26.0546 4324 ComputerName: DRAGONGOD
19:08:26.0546 4324 UserName: Administrator
19:08:26.0546 4324 Windows directory: C:\WINDOWS
19:08:26.0546 4324 System windows directory: C:\WINDOWS
19:08:26.0546 4324 Processor architecture: Intel x86
19:08:26.0546 4324 Number of processors: 1
19:08:26.0546 4324 Page size: 0x1000
19:08:26.0546 4324 Boot type: Normal boot
19:08:26.0546 4324 ============================================================
19:08:31.0328 4324 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:08:31.0328 4324 Drive \Device\Harddisk1\DR1 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:08:31.0343 4324 ============================================================
19:08:31.0343 4324 \Device\Harddisk0\DR0:
19:08:31.0343 4324 MBR partitions:
19:08:31.0343 4324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:08:31.0343 4324 \Device\Harddisk1\DR1:
19:08:31.0343 4324 MBR partitions:
19:08:31.0343 4324 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
19:08:31.0343 4324 ============================================================
19:08:31.0359 4324 D: <-> \Device\Harddisk1\DR1\Partition0
19:08:31.0375 4324 C: <-> \Device\Harddisk0\DR0\Partition0
19:08:31.0375 4324 ============================================================
19:08:31.0375 4324 Initialize success
19:08:31.0375 4324 ============================================================
19:10:06.0328 5976 ============================================================
19:10:06.0328 5976 Scan started
19:10:06.0328 5976 Mode: Manual; SigCheck; TDLFS;
19:10:06.0328 5976 ============================================================
19:10:07.0515 5976 Abiosdsk - ok
19:10:07.0515 5976 abp480n5 - ok
19:10:07.0562 5976 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:10:07.0968 5976 ACPI - ok
19:10:08.0000 5976 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:10:08.0187 5976 ACPIEC - ok
19:10:08.0203 5976 adpu160m - ok
19:10:08.0234 5976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:10:08.0421 5976 aec - ok
19:10:08.0468 5976 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
19:10:08.0671 5976 AFD - ok
19:10:08.0671 5976 Aha154x - ok
19:10:08.0687 5976 aic78u2 - ok
19:10:08.0703 5976 aic78xx - ok
19:10:08.0750 5976 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:10:08.0937 5976 Alerter - ok
19:10:08.0953 5976 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:10:09.0046 5976 ALG - ok
19:10:09.0062 5976 AliIde - ok
19:10:09.0078 5976 amsint - ok
19:10:09.0109 5976 AnyDVD (95cdd12426d96c73ebebe6f36fa350a2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
19:10:09.0265 5976 AnyDVD - ok
19:10:09.0531 5976 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
19:10:09.0578 5976 Apple Mobile Device - ok
19:10:09.0609 5976 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:10:09.0718 5976 AppMgmt - ok
19:10:09.0718 5976 asc - ok
19:10:09.0734 5976 asc3350p - ok
19:10:09.0750 5976 asc3550 - ok
19:10:10.0125 5976 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:10:10.0203 5976 aspnet_state - ok
19:10:10.0218 5976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:10:10.0453 5976 AsyncMac - ok
19:10:10.0484 5976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10.0703 5976 atapi - ok
19:10:10.0703 5976 Atdisk - ok
19:10:10.0734 5976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:10:10.0953 5976 Atmarpc - ok
19:10:10.0984 5976 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:10:11.0203 5976 AudioSrv - ok
19:10:11.0234 5976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:10:11.0437 5976 audstub - ok
19:10:11.0468 5976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:10:11.0687 5976 Beep - ok
19:10:11.0734 5976 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:10:11.0968 5976 BITS - ok
19:10:12.0062 5976 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
19:10:12.0078 5976 Bonjour Service - ok
19:10:12.0093 5976 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:10:12.0312 5976 Browser - ok
19:10:12.0343 5976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:10:12.0562 5976 cbidf2k - ok
19:10:12.0671 5976 ccEvtMgr (73a35ad810cb750367cc01564a44b0e7) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
19:10:12.0687 5976 ccEvtMgr - ok
19:10:12.0750 5976 ccSetMgr (5e32d63b71495a8eda09f05bd153a537) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
19:10:12.0765 5976 ccSetMgr - ok
19:10:12.0765 5976 cd20xrnt - ok
19:10:12.0812 5976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:10:13.0015 5976 Cdaudio - ok
19:10:13.0062 5976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:10:13.0250 5976 Cdfs - ok
19:10:13.0265 5976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:10:13.0500 5976 Cdrom - ok
19:10:13.0500 5976 Changer - ok
19:10:13.0546 5976 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:10:13.0765 5976 CiSvc - ok
19:10:13.0796 5976 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:10:14.0015 5976 ClipSrv - ok
19:10:14.0390 5976 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:10:14.0703 5976 clr_optimization_v2.0.50727_32 - ok
19:10:14.0703 5976 CmdIde - ok
19:10:14.0718 5976 COMSysApp - ok
19:10:14.0734 5976 Cpqarray - ok
19:10:14.0781 5976 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:10:15.0000 5976 CryptSvc - ok
19:10:15.0046 5976 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
19:10:15.0109 5976 ctac32k - ok
19:10:15.0187 5976 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:10:15.0234 5976 ctaud2k - ok
19:10:15.0281 5976 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
19:10:15.0500 5976 ctljystk - ok
19:10:15.0531 5976 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:10:15.0546 5976 ctprxy2k - ok
19:10:15.0578 5976 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:10:15.0625 5976 ctsfm2k - ok
19:10:15.0640 5976 dac2w2k - ok
19:10:15.0640 5976 dac960nt - ok
19:10:15.0703 5976 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
19:10:15.0921 5976 DcomLaunch - ok
19:10:16.0062 5976 DefWatch (7f7efcc3ef73160147b27a8270b4cb9e) C:\Program Files\Symantec AntiVirus\DefWatch.exe
19:10:16.0093 5976 DefWatch - ok
19:10:16.0125 5976 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:10:16.0328 5976 Dhcp - ok
19:10:16.0343 5976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:16.0546 5976 Disk - ok
19:10:16.0593 5976 DLKRTS (0e0f7d71e274d375c45ddb0e230e0049) C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS
19:10:16.0625 5976 DLKRTS - ok
19:10:16.0640 5976 dmadmin - ok
19:10:16.0703 5976 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:10:16.0953 5976 dmboot - ok
19:10:16.0984 5976 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:10:17.0203 5976 dmio - ok
19:10:17.0234 5976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:10:17.0437 5976 dmload - ok
19:10:17.0468 5976 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:10:17.0703 5976 dmserver - ok
19:10:17.0734 5976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:10:17.0937 5976 DMusic - ok
19:10:17.0968 5976 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
19:10:18.0171 5976 Dnscache - ok
19:10:18.0203 5976 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:10:18.0406 5976 Dot3svc - ok
19:10:18.0421 5976 dpti2o - ok
19:10:18.0453 5976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:10:18.0656 5976 drmkaud - ok
19:10:18.0671 5976 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:10:18.0890 5976 EapHost - ok
19:10:19.0015 5976 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:10:19.0062 5976 eeCtrl - ok
19:10:19.0093 5976 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
19:10:19.0125 5976 ElbyCDIO - ok
19:10:19.0171 5976 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
19:10:19.0187 5976 emupia - ok
19:10:19.0234 5976 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:10:19.0250 5976 EraserUtilRebootDrv - ok
19:10:19.0281 5976 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:10:19.0500 5976 ERSvc - ok
19:10:19.0531 5976 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
19:10:19.0734 5976 Eventlog - ok
19:10:19.0750 5976 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
19:10:19.0968 5976 EventSystem - ok
19:10:19.0984 5976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:10:20.0203 5976 Fastfat - ok
19:10:20.0250 5976 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:10:20.0437 5976 FastUserSwitchingCompatibility - ok
19:10:20.0468 5976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:10:20.0656 5976 Fdc - ok
19:10:20.0687 5976 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:10:20.0890 5976 Fips - ok
19:10:20.0937 5976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:10:21.0140 5976 Flpydisk - ok
19:10:21.0171 5976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:10:21.0343 5976 FltMgr - ok
19:10:21.0375 5976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:10:21.0578 5976 Fs_Rec - ok
19:10:21.0593 5976 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:10:21.0781 5976 Ftdisk - ok
19:10:21.0828 5976 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:10:22.0031 5976 gameenum - ok
19:10:22.0062 5976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:10:22.0078 5976 GEARAspiWDM - ok
19:10:22.0156 5976 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
19:10:22.0171 5976 getPlusHelper - ok
19:10:22.0218 5976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:10:22.0421 5976 Gpc - ok
19:10:22.0515 5976 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
19:10:22.0609 5976 ha10kx2k - ok
19:10:22.0671 5976 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:10:22.0859 5976 helpsvc - ok
19:10:22.0906 5976 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:10:23.0093 5976 HidServ - ok
19:10:23.0125 5976 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:10:23.0312 5976 HidUsb - ok
19:10:23.0343 5976 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:10:23.0546 5976 hkmsvc - ok
19:10:23.0546 5976 hpn - ok
19:10:23.0578 5976 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
19:10:23.0781 5976 HTTP - ok
19:10:23.0812 5976 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:10:24.0000 5976 HTTPFilter - ok
19:10:24.0015 5976 i2omgmt - ok
19:10:24.0031 5976 i2omp - ok
19:10:24.0062 5976 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:10:24.0265 5976 i8042prt - ok
19:10:24.0296 5976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:10:24.0500 5976 Imapi - ok
19:10:24.0531 5976 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:10:24.0750 5976 ImapiService - ok
19:10:24.0765 5976 ini910u - ok
19:10:24.0781 5976 IntelIde - ok
19:10:24.0812 5976 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:10:25.0000 5976 intelppm - ok
19:10:25.0031 5976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:10:25.0218 5976 Ip6Fw - ok
19:10:25.0265 5976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:10:25.0468 5976 IpFilterDriver - ok
19:10:25.0500 5976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:10:25.0687 5976 IpInIp - ok
19:10:25.0703 5976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:10:25.0921 5976 IpNat - ok
19:10:26.0078 5976 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
19:10:26.0187 5976 iPod Service - ok
19:10:26.0234 5976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:10:26.0437 5976 IPSec - ok
19:10:26.0468 5976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:10:26.0562 5976 IRENUM - ok
19:10:26.0578 5976 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:10:26.0765 5976 isapnp - ok
19:10:26.0890 5976 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
19:10:26.0968 5976 JavaQuickStarterService - ok
19:10:27.0000 5976 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:10:27.0187 5976 Kbdclass - ok
19:10:27.0234 5976 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:10:27.0421 5976 kbdhid - ok
19:10:27.0453 5976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:10:27.0640 5976 kmixer - ok
19:10:27.0671 5976 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
19:10:27.0843 5976 KSecDD - ok
19:10:27.0890 5976 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
19:10:28.0093 5976 LanmanServer - ok
19:10:28.0109 5976 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
19:10:28.0312 5976 lanmanworkstation - ok
19:10:28.0328 5976 lbrtfdc - ok
19:10:28.0562 5976 LiveUpdate (7c63055bfb959199eeef366bbbe56456) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
19:10:28.0671 5976 LiveUpdate - ok
19:10:29.0828 5976 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:10:30.0015 5976 LmHosts - ok
19:10:30.0140 5976 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
19:10:30.0156 5976 MBAMProtector - ok
19:10:30.0453 5976 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:10:30.0484 5976 MBAMService - ok
19:10:30.0578 5976 MDM (b9fe64f554af6b87d4186262e9a1c5ef) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
19:10:30.0625 5976 MDM ( UnsignedFile.Multi.Generic ) - warning
19:10:30.0625 5976 MDM - detected UnsignedFile.Multi.Generic (1)
19:10:30.0671 5976 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:10:30.0843 5976 Messenger - ok
19:10:30.0875 5976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:10:31.0062 5976 mnmdd - ok
19:10:31.0093 5976 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:10:31.0343 5976 mnmsrvc - ok
19:10:31.0375 5976 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:10:31.0562 5976 Modem - ok
19:10:31.0625 5976 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:10:31.0812 5976 Mouclass - ok
19:10:31.0843 5976 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:10:32.0031 5976 mouhid - ok
19:10:32.0062 5976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:10:32.0234 5976 MountMgr - ok
19:10:32.0343 5976 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:10:32.0421 5976 MozillaMaintenance - ok
19:10:32.0421 5976 mraid35x - ok
19:10:32.0468 5976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:10:32.0625 5976 MRxDAV - ok
19:10:32.0687 5976 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:10:32.0890 5976 MRxSmb - ok
19:10:32.0921 5976 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:10:33.0093 5976 MSDTC - ok
19:10:33.0125 5976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:10:33.0281 5976 Msfs - ok
19:10:33.0296 5976 MSIServer - ok
19:10:33.0343 5976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:10:33.0531 5976 MSKSSRV - ok
19:10:33.0562 5976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:10:33.0734 5976 MSPCLOCK - ok
19:10:33.0750 5976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:10:33.0921 5976 MSPQM - ok
19:10:33.0968 5976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:10:34.0140 5976 mssmbios - ok
19:10:34.0171 5976 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:10:34.0453 5976 Mup - ok
19:10:34.0500 5976 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:10:34.0687 5976 napagent - ok
19:10:34.0875 5976 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120720.002\naveng.sys
19:10:34.0875 5976 NAVENG - ok
19:10:35.0000 5976 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120720.002\navex15.sys
19:10:35.0062 5976 NAVEX15 - ok
19:10:36.0093 5976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:10:36.0250 5976 NDIS - ok
19:10:36.0281 5976 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:10:36.0468 5976 NdisTapi - ok
19:10:36.0500 5976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:10:36.0671 5976 Ndisuio - ok
19:10:36.0687 5976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:10:36.0859 5976 NdisWan - ok
19:10:36.0906 5976 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:10:37.0078 5976 NDProxy - ok
19:10:37.0375 5976 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:10:37.0609 5976 Nero BackItUp Scheduler 3 - ok
19:10:37.0640 5976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:10:37.0812 5976 NetBIOS - ok
19:10:37.0843 5976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:10:38.0031 5976 NetBT - ok
19:10:38.0078 5976 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:10:38.0250 5976 NetDDE - ok
19:10:38.0265 5976 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:10:38.0437 5976 NetDDEdsdm - ok
19:10:38.0468 5976 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:10:38.0640 5976 Netlogon - ok
19:10:38.0671 5976 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:10:38.0875 5976 Netman - ok
19:10:38.0921 5976 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
19:10:39.0093 5976 Nla - ok
19:10:39.0406 5976 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:10:39.0500 5976 NMIndexingService - ok
19:10:39.0578 5976 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
19:10:39.0593 5976 nosGetPlusHelper - ok
19:10:39.0625 5976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:10:39.0796 5976 Npfs - ok
19:10:39.0859 5976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:10:40.0031 5976 Ntfs - ok
19:10:40.0078 5976 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:10:40.0234 5976 NtLmSsp - ok
19:10:40.0312 5976 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:10:40.0500 5976 NtmsSvc - ok
19:10:40.0546 5976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:10:40.0703 5976 Null - ok
19:10:41.0093 5976 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:10:41.0578 5976 nv - ok
19:10:42.0531 5976 NVSvc (be4a98439a5e26cbc70db20e996938dc) C:\WINDOWS\system32\nvsvc32.exe
19:10:42.0593 5976 NVSvc - ok
19:10:42.0718 5976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:10:42.0890 5976 NwlnkFlt - ok
19:10:42.0906 5976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:10:43.0078 5976 NwlnkFwd - ok
19:10:43.0125 5976 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:10:43.0171 5976 ossrv - ok
19:10:43.0203 5976 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:10:43.0390 5976 Parport - ok
19:10:43.0406 5976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:10:43.0578 5976 PartMgr - ok
19:10:43.0609 5976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:10:43.0765 5976 ParVdm - ok
19:10:43.0796 5976 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:10:43.0953 5976 PCI - ok
19:10:43.0968 5976 PCIDump - ok
19:10:44.0000 5976 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:10:44.0140 5976 PCIIde - ok
19:10:44.0171 5976 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:10:44.0343 5976 Pcmcia - ok
19:10:44.0359 5976 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
19:10:44.0375 5976 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:10:44.0375 5976 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:10:44.0390 5976 PDCOMP - ok
19:10:44.0390 5976 PDFRAME - ok
19:10:44.0406 5976 PDRELI - ok
19:10:44.0421 5976 PDRFRAME - ok
19:10:44.0437 5976 perc2 - ok
19:10:44.0437 5976 perc2hib - ok
19:10:44.0500 5976 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
19:10:44.0609 5976 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
19:10:44.0609 5976 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
19:10:44.0640 5976 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
19:10:44.0796 5976 PlugPlay - ok
19:10:44.0812 5976 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:10:44.0968 5976 PolicyAgent - ok
19:10:44.0984 5976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:10:45.0171 5976 PptpMiniport - ok
19:10:45.0171 5976 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:10:45.0328 5976 ProtectedStorage - ok
19:10:45.0343 5976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:10:45.0515 5976 PSched - ok
19:10:45.0546 5976 pssnap (f15d03c5f5ef2da9d5a1abdbbd7debf1) C:\WINDOWS\system32\DRIVERS\pssnap.sys
19:10:45.0562 5976 pssnap - ok
19:10:45.0609 5976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:10:45.0781 5976 Ptilink - ok
19:10:45.0812 5976 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:10:45.0828 5976 PxHelp20 - ok
19:10:45.0828 5976 ql1080 - ok
19:10:45.0843 5976 Ql10wnt - ok
19:10:45.0859 5976 ql12160 - ok
19:10:45.0859 5976 ql1240 - ok
19:10:45.0875 5976 ql1280 - ok
19:10:45.0906 5976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:10:46.0062 5976 RasAcd - ok
19:10:46.0093 5976 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:10:46.0265 5976 RasAuto - ok
19:10:46.0296 5976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:10:46.0468 5976 Rasl2tp - ok
19:10:46.0515 5976 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:10:46.0687 5976 RasMan - ok
19:10:46.0687 5976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:10:46.0859 5976 RasPppoe - ok
19:10:46.0906 5976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:10:47.0078 5976 Raspti - ok
19:10:47.0109 5976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:10:47.0265 5976 Rdbss - ok
19:10:47.0296 5976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:10:47.0437 5976 RDPCDD - ok
19:10:47.0484 5976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:10:47.0640 5976 rdpdr - ok
19:10:47.0718 5976 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:10:47.0890 5976 RDPWD - ok
19:10:47.0937 5976 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:10:48.0109 5976 RDSessMgr - ok
19:10:48.0156 5976 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:10:48.0328 5976 redbook - ok
19:10:48.0484 5976 ReflectService (9ebd7d8e752b065308139668d82eeb1d) C:\Program Files\Macrium\Reflect\ReflectService.exe
19:10:48.0578 5976 ReflectService - ok
19:10:48.0609 5976 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:10:48.0765 5976 RemoteAccess - ok
19:10:48.0812 5976 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:10:48.0968 5976 RemoteRegistry - ok
19:10:49.0015 5976 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:10:49.0171 5976 RpcLocator - ok
19:10:49.0218 5976 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
19:10:49.0375 5976 RpcSs - ok
19:10:49.0406 5976 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:10:49.0593 5976 RSVP - ok
19:10:49.0625 5976 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:10:49.0781 5976 rtl8139 - ok
19:10:49.0812 5976 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:10:49.0953 5976 SamSs - ok
19:10:50.0078 5976 SavRoam (92554f1d5037033146501f72c74b4d9f) C:\Program Files\Symantec AntiVirus\SavRoam.exe
19:10:50.0125 5976 SavRoam - ok
19:10:50.0187 5976 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
19:10:50.0234 5976 SAVRT - ok
19:10:50.0312 5976 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
19:10:50.0343 5976 SAVRTPEL - ok
19:10:50.0375 5976 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:10:50.0546 5976 SCardSvr - ok
19:10:50.0593 5976 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:10:50.0750 5976 Schedule - ok
19:10:50.0796 5976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:10:50.0875 5976 Secdrv - ok
19:10:50.0906 5976 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:10:51.0078 5976 seclogon - ok
19:10:51.0093 5976 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:10:51.0281 5976 SENS - ok
19:10:51.0312 5976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:10:51.0484 5976 serenum - ok
19:10:51.0500 5976 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:10:51.0671 5976 Serial - ok
19:10:51.0687 5976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:10:51.0843 5976 Sfloppy - ok
19:10:51.0890 5976 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:10:52.0062 5976 SharedAccess - ok
19:10:52.0109 5976 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:10:52.0250 5976 ShellHWDetection - ok
19:10:52.0265 5976 Simbad - ok
19:10:52.0296 5976 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:10:52.0453 5976 sisagp - ok
19:10:52.0562 5976 SNDSrvc (213c7eb70a762afdbb095e3535e8545c) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
19:10:52.0609 5976 SNDSrvc - ok
19:10:52.0640 5976 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:10:52.0796 5976 SONYPVU1 - ok
19:10:52.0812 5976 Sparrow - ok
19:10:52.0906 5976 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
19:10:52.0953 5976 SPBBCDrv - ok
19:10:53.0062 5976 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
19:10:53.0265 5976 SPBBCSvc - ok
19:10:54.0281 5976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:10:54.0437 5976 splitter - ok
19:10:54.0484 5976 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
19:10:54.0656 5976 Spooler - ok
19:10:54.0687 5976 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:10:54.0796 5976 sr - ok
19:10:54.0812 5976 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:10:54.0906 5976 srservice - ok
19:10:54.0953 5976 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
19:10:55.0140 5976 Srv - ok
19:10:55.0156 5976 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:10:55.0265 5976 SSDPSRV - ok
19:10:55.0312 5976 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:10:55.0500 5976 stisvc - ok
19:10:55.0531 5976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:10:55.0703 5976 swenum - ok
19:10:55.0937 5976 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:10:56.0125 5976 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:10:56.0125 5976 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:10:56.0156 5976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:10:56.0328 5976 swmidi - ok
19:10:56.0328 5976 SwPrv - ok
19:10:56.0562 5976 Symantec AntiVirus (7ac1fccc7976857aac3906d45a81d77b) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
19:10:56.0625 5976 Symantec AntiVirus - ok
19:10:57.0671 5976 symc810 - ok
19:10:57.0671 5976 symc8xx - ok
19:10:57.0718 5976 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:10:57.0750 5976 SymEvent - ok
19:10:57.0765 5976 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
19:10:57.0796 5976 SYMREDRV - ok
19:10:57.0843 5976 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
19:10:57.0875 5976 SYMTDI - ok
19:10:57.0890 5976 sym_hi - ok
19:10:57.0890 5976 sym_u3 - ok
19:10:57.0937 5976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:10:58.0093 5976 sysaudio - ok
19:10:58.0140 5976 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:10:58.0312 5976 SysmonLog - ok
19:10:58.0343 5976 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:10:58.0515 5976 TapiSrv - ok
19:10:58.0562 5976 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:10:58.0750 5976 Tcpip - ok
19:10:58.0796 5976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:10:58.0953 5976 TDPIPE - ok
19:10:58.0984 5976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:10:59.0125 5976 TDTCP - ok
19:10:59.0156 5976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:10:59.0312 5976 TermDD - ok
19:10:59.0406 5976 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:10:59.0593 5976 TermService - ok
19:10:59.0640 5976 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:10:59.0781 5976 Themes - ok
19:10:59.0812 5976 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:10:59.0906 5976 TlntSvr - ok
19:10:59.0921 5976 TosIde - ok
19:10:59.0953 5976 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:11:00.0109 5976 TrkWks - ok
19:11:00.0156 5976 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
19:11:00.0203 5976 truecrypt - ok
19:11:00.0234 5976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:11:00.0406 5976 Udfs - ok
19:11:00.0421 5976 ultra - ok
19:11:00.0531 5976 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
19:11:00.0562 5976 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
19:11:00.0562 5976 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
19:11:00.0609 5976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:11:00.0796 5976 Update - ok
19:11:00.0828 5976 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:11:00.0921 5976 upnphost - ok
19:11:00.0953 5976 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:11:01.0125 5976 UPS - ok
19:11:01.0156 5976 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:11:01.0203 5976 USBAAPL - ok
19:11:01.0250 5976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:11:01.0406 5976 usbccgp - ok
19:11:01.0453 5976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:11:01.0609 5976 usbehci - ok
19:11:01.0640 5976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:11:01.0812 5976 usbhub - ok
19:11:01.0828 5976 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:11:01.0968 5976 usbohci - ok
19:11:02.0015 5976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:11:02.0171 5976 usbscan - ok
19:11:02.0203 5976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:11:02.0375 5976 USBSTOR - ok
19:11:02.0406 5976 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:11:02.0546 5976 usb_rndisx - ok
19:11:02.0578 5976 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
19:11:02.0750 5976 USRpdA - ok
19:11:02.0765 5976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:11:02.0921 5976 VgaSave - ok
19:11:02.0937 5976 ViaIde - ok
19:11:02.0953 5976 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:11:03.0093 5976 VolSnap - ok
19:11:03.0203 5976 vsdatant (19482b3bf4eab3cf52d778f9f38dd306) C:\WINDOWS\system32\vsdatant.sys
19:11:03.0250 5976 vsdatant - ok
19:11:03.0328 5976 vsmon - ok
19:11:03.0375 5976 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:11:03.0484 5976 VSS - ok
19:11:03.0531 5976 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:11:03.0703 5976 W32Time - ok
19:11:03.0734 5976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:11:03.0890 5976 Wanarp - ok
19:11:03.0906 5976 WDICA - ok
19:11:03.0937 5976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:11:04.0093 5976 wdmaud - ok
19:11:04.0125 5976 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:11:04.0296 5976 WebClient - ok
19:11:04.0437 5976 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:11:04.0593 5976 winmgmt - ok
19:11:04.0640 5976 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:11:04.0703 5976 WmdmPmSN - ok
19:11:04.0765 5976 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
19:11:04.0953 5976 Wmi - ok
19:11:05.0015 5976 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:11:05.0187 5976 WmiApSrv - ok
19:11:05.0437 5976 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:11:05.0531 5976 WMPNetworkSvc - ok
19:11:05.0656 5976 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:11:05.0687 5976 WpdUsb - ok
19:11:05.0734 5976 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:11:05.0890 5976 wscsvc - ok
19:11:05.0921 5976 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:11:06.0093 5976 wuauserv - ok
19:11:06.0125 5976 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:11:06.0171 5976 WudfPf - ok
19:11:06.0203 5976 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:11:06.0281 5976 WudfRd - ok
19:11:06.0296 5976 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:11:06.0328 5976 WudfSvc - ok
19:11:06.0375 5976 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:11:06.0578 5976 WZCSVC - ok
19:11:06.0625 5976 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:11:06.0781 5976 xmlprov - ok
19:11:06.0828 5976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:11:07.0531 5976 \Device\Harddisk0\DR0 - ok
19:11:07.0531 5976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:11:07.0578 5976 \Device\Harddisk1\DR1 - ok
19:11:07.0609 5976 Boot (0x1200) (1817622674453c2bd30de93c47f624d5) \Device\Harddisk0\DR0\Partition0
19:11:07.0609 5976 \Device\Harddisk0\DR0\Partition0 - ok
19:11:07.0609 5976 Boot (0x1200) (02e238d3ba66dc6c933bd7bb9f7a466a) \Device\Harddisk1\DR1\Partition0
19:11:07.0609 5976 \Device\Harddisk1\DR1\Partition0 - ok
19:11:07.0625 5976 ============================================================
19:11:07.0625 5976 Scan finished
19:11:07.0625 5976 ============================================================
19:11:07.0734 2008 Detected object count: 5
19:11:07.0734 2008 Actual detected object count: 5
19:13:37.0953 2008 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:13:37.0953 2008 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:13:37.0953 2008 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:13:37.0953 2008 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:13:37.0953 2008 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:13:37.0953 2008 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:13:37.0953 2008 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:13:37.0953 2008 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:13:37.0968 2008 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:13:37.0968 2008 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:08.0562 0756 Deinitialize success

Here is the scan log for SecurityCheck:

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Symantec AntiVirus Corporate Edition
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.3.300.265
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Zone Labs ZoneAlarm zlclient.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 39% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

Here is the scan log for FSS:

Farbar Service Scanner Version: 19-07-2012
Ran by Administrator (administrator) on 20-07-2012 at 19:24:17
Running from "C:\Documents and Settings\Administrator\Desktop\New Folder\dev00790"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2008-04-14 02:41] - [2008-04-14 02:41] - 0246272 ____A (Microsoft Corporation) 19A799805B24990867B00C120D300C3A

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Here is the scan log for MiniToolBox:

MiniToolBox by Farbar Version: 15-07-2012
Ran by Administrator (administrator) on 20-07-2012 at 19:27:39
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 activate.adobe.com

========================= IP Configuration: ================================

D-Link DFE-530TX+ PCI Adapter = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dragongod

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : D-Link DFE-530TX+ PCI Adapter

Physical Address. . . . . . . . . : 00-50-BA-BA-40-34

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, July 20, 2012 3:31:06 PM

Lease Expires . . . . . . . . . . : Saturday, July 21, 2012 3:31:06 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.239.6, 74.125.239.7, 74.125.239.8, 74.125.239.4
74.125.239.2, 74.125.239.5, 74.125.239.9, 74.125.239.0, 74.125.239.14
74.125.239.1, 74.125.239.3



Pinging google.com [74.125.239.14] with 32 bytes of data:



Reply from 74.125.239.14: bytes=32 time=14ms TTL=52

Reply from 74.125.239.14: bytes=32 time=13ms TTL=52



Ping statistics for 74.125.239.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 13ms, Maximum = 14ms, Average = 13ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=24ms TTL=51

Reply from 72.30.38.140: bytes=32 time=18ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 24ms, Average = 21ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 ba ba 40 34 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/04/2009 04:28:32 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan Horse in File: C:\Z\Download's\New Folder\apscs4_backup.part01.rar>>apcs\shop\Cracking Kit\keygen.exe by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Risk Found!Risk: in File: C:\Z\Download's\New Folder\apscs4_backup.part01.rar by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.


System errors:
=============
Error: (12/08/2009 07:07:24 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 0050BABA4034 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/08/2009 04:32:31 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0050BABA4034. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (12/08/2009 04:32:25 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 0050BABA4034 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/03/2009 04:03:33 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/03/2009 04:02:37 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%1053

Error: (12/03/2009 04:02:36 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

Error: (12/03/2009 04:02:36 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (12/03/2009 04:02:14 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%1053

Error: (12/03/2009 04:02:13 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

Error: (12/03/2009 04:02:06 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}


Microsoft Office Sessions:
=========================
Error: (09/04/2009 04:28:32 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan Horse in File: C:\Z\Download's\New Folder\apscs4_backup.part01.rar>>apcs\shop\Cracking Kit\keygen.exe by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Risk Found!Risk: in File: C:\Z\Download's\New Folder\apscs4_backup.part01.rar by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.


=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Download Manager (Version: 1.6.2.91)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
AnyDVD
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.3.127)
Awesome Duplicate Photo Finder v. 1.0
Bonjour (Version: 1.0.106)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
CursorXP
DVD Region+CSS Free 5.9.8.5
DVD Shrink 3.2
Eraser (Version: 5.6)
Foxit Reader
GIMP 2.4.6
Google Chrome (Version: 20.0.1132.57)
hp deskjet 840c series
IconPackager
iTunes (Version: 9.0.3.15)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
K-Lite Mega Codec Pack 5.1.0 (Version: 5.1.0)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.67)
Macrium Reflect - Free Edition (Version: 4.2.2525)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
mIRC (Version: 6.31)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Nero 8 (Version: 8.3.31)
neroxml (Version: 1.0.0)
NVIDIA Drivers
PDF Settings CS5 (Version: 10.0)
Power Slides v1.0
QuickTime (Version: 7.71.80.42)
SereneScreen Marine Aquarium 2.6 (Version: 2.6)
SlowView (Version: 1.0 RC2)
Sound Blaster Live! Web 2K/XP
Symantec AntiVirus (Version: 10.1.7000.7)
TrueCrypt (Version: 7.0a)
Tweak UI
Unlocker 1.8.7 (Version: 1.8.7)
VC 9.0 Runtime (Version: 1.0.0)
ViewSonic Monitor Drivers
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.56 )
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip (Version: 11.0 (7313))
ZoneAlarm Pro (Version: 9.0.083.000)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 2047.49 MB
Available physical RAM: 1043.8 MB
Total Pagefile: 3945.53 MB
Available Pagefile: 3426.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.62 MB

========================= Partitions: =====================================

2 Drive c: (Master) (Fixed) (Total:37.26 GB) (Free:9.31 GB) NTFS
3 Drive d: (Back-Up) (Fixed) (Total:37.24 GB) (Free:0.91 GB) NTFS

========================= Users: ========================================

User accounts for \\DRAGONGOD

Administrator Guest HelpAssistant
SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini011709-01.dmp
C:\WINDOWS\Minidump\Mini011712-01.dmp
C:\WINDOWS\Minidump\Mini011712-02.dmp
C:\WINDOWS\Minidump\Mini013012-01.dmp
C:\WINDOWS\Minidump\Mini030509-01.dmp
C:\WINDOWS\Minidump\Mini032512-01.dmp
C:\WINDOWS\Minidump\Mini032612-01.dmp
C:\WINDOWS\Minidump\Mini040109-01.dmp
C:\WINDOWS\Minidump\Mini041212-01.dmp
C:\WINDOWS\Minidump\Mini041509-01.dmp
C:\WINDOWS\Minidump\Mini041509-02.dmp
C:\WINDOWS\Minidump\Mini041609-01.dmp
C:\WINDOWS\Minidump\Mini042509-01.dmp
C:\WINDOWS\Minidump\Mini043009-01.dmp
C:\WINDOWS\Minidump\Mini050809-01.dmp
C:\WINDOWS\Minidump\Mini050909-01.dmp
C:\WINDOWS\Minidump\Mini052312-01.dmp
C:\WINDOWS\Minidump\Mini060109-01.dmp
C:\WINDOWS\Minidump\Mini060308-01.dmp
C:\WINDOWS\Minidump\Mini060308-02.dmp
C:\WINDOWS\Minidump\Mini060308-03.dmp
C:\WINDOWS\Minidump\Mini060408-01.dmp
C:\WINDOWS\Minidump\Mini060508-01.dmp
C:\WINDOWS\Minidump\Mini060508-02.dmp
C:\WINDOWS\Minidump\Mini060808-01.dmp
C:\WINDOWS\Minidump\Mini060910-01.dmp
C:\WINDOWS\Minidump\Mini061511-01.dmp
C:\WINDOWS\Minidump\Mini062009-01.dmp
C:\WINDOWS\Minidump\Mini062009-02.dmp
C:\WINDOWS\Minidump\Mini063012-01.dmp
C:\WINDOWS\Minidump\Mini071009-01.dmp
C:\WINDOWS\Minidump\Mini071208-01.dmp
C:\WINDOWS\Minidump\Mini071208-02.dmp
C:\WINDOWS\Minidump\Mini071508-01.dmp
C:\WINDOWS\Minidump\Mini071508-02.dmp
C:\WINDOWS\Minidump\Mini072308-01.dmp
C:\WINDOWS\Minidump\Mini072308-02.dmp
C:\WINDOWS\Minidump\Mini072308-03.dmp
C:\WINDOWS\Minidump\Mini072908-01.dmp
C:\WINDOWS\Minidump\Mini072908-02.dmp
C:\WINDOWS\Minidump\Mini080209-01.dmp
C:\WINDOWS\Minidump\Mini081109-01.dmp
C:\WINDOWS\Minidump\Mini081409-01.dmp
C:\WINDOWS\Minidump\Mini081808-01.dmp
C:\WINDOWS\Minidump\Mini082908-01.dmp
C:\WINDOWS\Minidump\Mini082908-02.dmp
C:\WINDOWS\Minidump\Mini090409-01.dmp
C:\WINDOWS\Minidump\Mini090409-02.dmp
C:\WINDOWS\Minidump\Mini090409-03.dmp
C:\WINDOWS\Minidump\Mini090508-01.dmp
C:\WINDOWS\Minidump\Mini090708-01.dmp
C:\WINDOWS\Minidump\Mini091109-01.dmp
C:\WINDOWS\Minidump\Mini091308-01.dmp
C:\WINDOWS\Minidump\Mini091308-02.dmp
C:\WINDOWS\Minidump\Mini091708-01.dmp
C:\WINDOWS\Minidump\Mini092108-01.dmp
C:\WINDOWS\Minidump\Mini092108-02.dmp
C:\WINDOWS\Minidump\Mini092308-01.dmp
C:\WINDOWS\Minidump\Mini092308-02.dmp
C:\WINDOWS\Minidump\Mini092908-01.dmp
C:\WINDOWS\Minidump\Mini092908-02.dmp
C:\WINDOWS\Minidump\Mini093008-01.dmp
C:\WINDOWS\Minidump\Mini100308-01.dmp
C:\WINDOWS\Minidump\Mini100608-01.dmp
C:\WINDOWS\Minidump\Mini100708-01.dmp
C:\WINDOWS\Minidump\Mini101408-01.dmp
C:\WINDOWS\Minidump\Mini101508-01.dmp
C:\WINDOWS\Minidump\Mini101708-01.dmp
C:\WINDOWS\Minidump\Mini101908-01.dmp
C:\WINDOWS\Minidump\Mini101908-02.dmp
C:\WINDOWS\Minidump\Mini102008-01.dmp
C:\WINDOWS\Minidump\Mini102208-01.dmp
C:\WINDOWS\Minidump\Mini102308-01.dmp
C:\WINDOWS\Minidump\Mini102508-01.dmp
C:\WINDOWS\Minidump\Mini102608-01.dmp
C:\WINDOWS\Minidump\Mini102608-02.dmp
C:\WINDOWS\Minidump\Mini102611-01.dmp
C:\WINDOWS\Minidump\Mini103008-01.dmp
C:\WINDOWS\Minidump\Mini103108-01.dmp
C:\WINDOWS\Minidump\Mini110208-01.dmp
C:\WINDOWS\Minidump\Mini110308-01.dmp
C:\WINDOWS\Minidump\Mini110308-02.dmp
C:\WINDOWS\Minidump\Mini110408-01.dmp
C:\WINDOWS\Minidump\Mini110408-02.dmp
C:\WINDOWS\Minidump\Mini110808-01.dmp
C:\WINDOWS\Minidump\Mini110808-02.dmp
C:\WINDOWS\Minidump\Mini110808-03.dmp
C:\WINDOWS\Minidump\Mini111008-01.dmp
C:\WINDOWS\Minidump\Mini111508-01.dmp
C:\WINDOWS\Minidump\Mini112008-01.dmp
C:\WINDOWS\Minidump\Mini112108-01.dmp
C:\WINDOWS\Minidump\Mini112408-01.dmp
C:\WINDOWS\Minidump\Mini112408-02.dmp
C:\WINDOWS\Minidump\Mini112908-01.dmp
C:\WINDOWS\Minidump\Mini120308-01.dmp
C:\WINDOWS\Minidump\Mini120308-02.dmp
C:\WINDOWS\Minidump\Mini120608-01.dmp
C:\WINDOWS\Minidump\Mini122711-01.dmp
========================= Restore Points ==================================


**** End of log ****

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 AM

Posted 21 July 2012 - 07:32 AM

Hi

:step1:


I did however place three items in the ignore list as I have read that this was a false positive because I did purposely turn Microsoft Security off by choice.

Please tell me which 3 items you put in the ignore list.


:step2:
Please post the contents of the 1st log from MBAM

The log can be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

Edited by dev00790, 21 July 2012 - 07:32 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 21 July 2012 - 11:23 AM

Here is the three ignore items that I placed in the ignore list:

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify

Here is the log from MBAM, actually it's the second scan log as it was my first time using MBAM and I went to a different tab without saving the first log. I hope that is not too much of a problem.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: DRAGONGOD [administrator]

Protection: Enabled

7/12/2012 1:45:06 AM
mbam-log-2012-07-12 (01-45-06).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 321627
Time elapsed: 3 hour(s), 49 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by mike88888, 21 July 2012 - 11:24 AM.


#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 AM

Posted 21 July 2012 - 02:41 PM

Hi

:step1:
Please remove the following from the ignore list firstly:

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify

The other two entries are fine to be on the ignore list since you are using ZoneAlarm Pro for your Firewall, and Norton Antivirus as your Antivirus software.


:step2:
Do you have any other logs in this folder: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\ ?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 21 July 2012 - 06:36 PM

Hello dev00790,

Thank you again for taking your time to help me with my computer.

Wouldn't taking out "HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify" just make it show up each time I use MBAM for a full system scan? I have taken it out anyway as per your instruction.

In the MBAM logs there are other entries but they are all after the second full system scan with nothing detected in the logs. Plus there are the daily logs of activities like updates to the definition, blocked out going ip's and starting and stoping MBAM automatic protection. Would those help you? I can post those daily logs if needed.

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 AM

Posted 21 July 2012 - 07:22 PM

HI

Wouldn't taking out "HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify" just make it show up each time I use MBAM for a full system scan?

It depends on whether a part of Windows detects the applicable security product as not being up to date. Best to leave this as is for the moment until we give you the all clear.

No need to post the other MBAM files.

probably a variant of Win32/Agent.BJSCQS trojan cleaned by deleting - quarantined

Since ESET detected a file as likely being a Trojan:

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
Reimaging the system
Restoring the entire system using a full system backup from before the backdoor infection
Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That's right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.

Knowing the above, do you wish to proceed with cleaning the malware from the computer?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 21 July 2012 - 08:08 PM

Yes I am ready with cleaning the malware from my computer. If after everything possible is done and my computer is still not trustworthy then I will reformat my system, but at this point I have too many stuff on my computer I need.

One point I wanted to check on as well is that the items that were detected was found in my D: drive, which I know for a fact I never ran those programs. Do I still need to worry about those items which is saved in my D: drive because I only use that drive for storage and not run anything from that drive. I went to those folders where the items are located and erased them from the D: drive. Is that enough to be certain that I was not infected because one I never ran those programs and two I erased the whole folder of those two programs that were detected with ESET.

Edited by mike88888, 21 July 2012 - 08:51 PM.


#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 AM

Posted 22 July 2012 - 10:23 AM

We cannot guarantee that your computer will be trustworthy even after malware has been removed since a Trojan was found.
Thus your best course of action would be to do a reformat if you needed to be sure & thus there's no point us trying to get your PC cleaned and then reformatting.

One point I wanted to check on as well is that the items that were detected was found in my D: drive, which I know for a fact I never ran those programs. Do I still need to worry about those items which is saved in my D: drive because I only use that drive for storage and not run anything from that drive. I went to those folders where the items are located and erased them from the D: drive. Is that enough to be certain that I was not infected because one I never ran those programs and two I erased the whole folder of those two programs that were detected with ESET.

No need to worry about this, since ESET Online Scanner quarantined the threats it found. Of course there may be more malware on the Drive that it hasn't found.

If you decide to go for a reformat, then since this will wipe the drive, please backup any files that you need before this.

When backing up files, since the computer may be infected, be careful to not backup any files of type: .exe, .com, .scr, and .pif

-----------------------

Please let me know what you want to do - ie backup & reformat, or us trying to clean the PC

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 July 2012 - 06:26 PM

Thank you for everything, I will go for the reformat route as I need to do everything with this computer.

Thank you again for your time and effort.

#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 AM

Posted 22 July 2012 - 07:43 PM

You're welcome :)

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users