Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect / delayed write failed


  • This topic is locked This topic is locked
28 replies to this topic

#1 ClareC

ClareC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 15 September 2012 - 10:51 AM

Hi,

I first noticed a problem with my computer yesterday. A windows type message displayed saying there was a 'delayed write' failure. This happened multiple times very quickly. No messages appeared that prompted me to download anything to fix this. When I opened firefox I found that when I google searched it displayed 'ssl search is off'. Sometimes when I clicked on search results I was redirected to random sites (this happened with both Chrome and Firefox). When I opened my virus scanner (Symantec) I found my scheduled scans had been removed. A full scan found no problems.
I also found my task manager had been disabled.

I tried to follow the advice in other threads on this forum.
I downloaded TDSSKiller but it would not run, even when renamed.
I followed advice at http://www.bleepingcomputer.com/forums/topic372491.html: in particular, in safemode I ran RKill and SUPERAntispyware. SUPERAntiSpyware found multiple problems (I will post log below).
On reboot (into safemode again) I found that I had access to the task manager again. I haven't seen any redirects, but I haven't tried searching much. I still get ssl search is off, and I still cannot run TDSSKiller (or fixTDSS).
I ran ESET online scanner and it found two problems and was unable to fix one of them. I couldn't find a log file, but the threats listed were:

C:\System Volume Information\_restore{EA627B52-0F52-40E0-9BE4-154495B1D3AE}\RP1067\A0102527.exe a variant of Win32/Kryptik.ALTW trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Olmarik.AYN trojan

I have tried to follow the preparation guide before posting this.
I will post DDS log.
When I tried to run GMER I got the following message:
Cannot create a stable subkey under a volatile parent key
When I click OK it does open GMER, but it doesn't give me the option to check/uncheck the things asked for in the Preparation guide (they are greyed out). I have not run this scan.

Any help would be greatly appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
Run by LCP at 8:03:52 on 2012-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.956.203 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\lcp\local settings\application

data\akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [LogitechCommunicationsManager] "c:\program files\common

files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [uQPiuYoYUryntvk.exe] c:\documents and settings\all users\application

data\uQPiuYoYUryntvk.exe
StartupFolder: c:\docume~1\lcp\startm~1\programs\startup\dropbox.lnk - c:\documents and

settings\lcp\application data\dropbox\bin\Dropbox.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13

-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06

-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13

-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13

-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{160074AD-2638-4018-B510-521C919DA77A} : DhcpNameServer = 192.168.1.254

75.153.176.9
TCP: Interfaces\{A09524D2-C6E3-4258-8F7B-D9C9DF8CE40E} : NameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1

\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lcp\application

data\mozilla\firefox\profiles\dwp5d2je.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\lcp\application

data\mozilla\firefox\profiles\dwp5d2je.default\extensions\devicedetection@logitech.com\plugins\np

LogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\lcp\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\lcp\application

data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\lcp\local settings\application

data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe

[2009-5-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe

[2009-5-14 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint

protection\Rtvscan.exe [2009-5-14 2440120]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-5 5888]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-8-4 14336]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19

134016]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-7-25 245760]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-5-14 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
S3 hwmobile;Huawei FP Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys

[2012-7-24 106624]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32

\drivers\IntcHdmi.sys [2008-8-5 110080]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance

service\maintenanceservice.exe [2012-5-5 114144]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120914.002\NAVENG.SYS [2012-9-14 92704]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120914.002\NAVEX15.SYS [2012-9-14

1601184]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-1 27064]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-8

-5 154624]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2009-10-6 162176]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== Created Last 30 ================
.
2012-09-15 04:22:05 -------- d-----w- c:\program files\ESET
2012-09-15 00:30:44 -------- d-----w- c:\documents and settings\lcp\application

data\SUPERAntiSpyware.com
2012-09-15 00:28:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-15 00:28:21 -------- d-----w- c:\documents and settings\all

users\application data\SUPERAntiSpyware.com
2012-09-15 00:27:48 -------- d-----w- c:\documents and settings\all

users\application data\SUPERSetup
2012-09-14 23:57:56 -------- d-sh--w- C:\found.000
2012-09-07 23:35:21 73696 ----a-w- c:\program files\mozilla

firefox\breakpadinjector.dll
2012-09-03 21:12:14 938272 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2012-09-03 21:12:14 348160 ----a-w- c:\windows\system\msvcr71.dll
2012-09-03 21:12:13 527136 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-09-03 21:12:13 264992 ----a-w- c:\windows\system32\lvcodec2.dll
2012-09-03 21:12:13 215840 ----a-w- c:\windows\system32\LVUI2.dll
2012-09-03 21:12:12 41504 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2012-09-03 21:12:12 14240 ----a-w- c:\windows\system32\drivers\lv302af.sys
2012-09-03 21:12:12 13398 ----a-w- c:\windows\system32\Repository.reg
2012-09-03 21:12:12 129824 ----a-w- c:\windows\system32\lvci1051.dll
2012-09-03 20:50:34 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-09-03 20:50:34 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-08-22 19:56:12 -------- d-----w- c:\program files\SpeedFan
2012-08-17 16:28:29 -------- d-----w- C:\ds9
2012-08-17 00:12:24 -------- d-----w- C:\mono
.
==================== Find3M ====================
.
2012-08-06 14:55:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-06 14:55:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 21:33:05 667136 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 21:33:05 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-06-28 21:33:04 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-28 12:46:29 369664 ----a-w- c:\windows\system32\html.iec
2011-01-22 23:09:47 2052096 -c--a-w- c:\program files\kdewin-installer-gui-latest.exe
2011-01-22 01:11:02 5933871 -c--a-w- c:\program files\LEdBeta(0.53)Build(6501)Std.exe
2010-03-21 10:23:24 7744980 -c--a-w- c:\program files\FreewarePrimoPDF.exe
2009-11-29 21:51:18 4938616 -c--a-w- c:\program files\Silverlight.exe
2009-10-10 08:02:52 144616 -c--a-w- c:\program files\RapportSetup.exe
2009-10-05 11:03:28 2020136 -c--a-w- c:\program files\SkypeSetup.exe
2009-10-02 15:39:52 570032 -c--a-w- c:\program files\GoogleVoiceAndVideoSetup.exe
2009-05-18 21:06:34 43083040 -c--a-w- c:\program files\AdbeRdr910_en_US_Std.exe
2009-05-17 09:54:51 12972544 -c--a-w- c:\program files\gs854w32.exe
2009-05-17 09:52:47 1502208 -c--a-w- c:\program files\gsv49w32.exe
2009-05-17 09:32:02 86335752 -c--a-w- c:\program files\basic-miktex-

2.7.3248.exe
2009-05-17 09:26:11 4652806 -c--a-w- c:\program files\TXCSetup_1StableRC1.exe
2009-05-17 08:29:52 21878064 -c--a-w- c:\program files\QuickTimeInstaller.exe
2009-05-17 07:38:31 16742799 -c--a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-17 07:35:02 16070968 -c--a-w- c:\program files\gimp-2.6.6-i686-

setup.exe
2009-05-17 07:30:24 10053112 -c--a-w- c:\program files\picasa3-setup.exe
2005-06-16 09:50:30 112876098 -c--a-w- c:\program files\Mathematica-

Student_5.1_Win.EXE
.
============= FINISH: 8:10:21.35 ===============


LOG FROM SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/14/2012 at 08:27 PM

Application Version : 5.5.1016

Core Rules Database Version : 9234
Trace Rules Database Version: 7046

Scan type : Complete Scan
Total Scan Time : 02:51:33

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 34527
Registry threats detected : 3
File items scanned : 324743
File threats detected : 7

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Disabled.TaskManager
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

Adware.Tracking Cookie
C:\Documents and Settings\LCP\Cookies\CAYRCTIJ.txt [ /imrworldwide.com ]
.kaspersky.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\LCP\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\LCP\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.prd1.netshelter.net [ C:\DOCUMENTS AND SETTINGS\LCP\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\LCP\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\LCP\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-RogueAntiSpy
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UQPIUYOYURYNTVK.EXE

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 20 September 2012 - 10:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/468641 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ClareC

ClareC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 20 September 2012 - 01:06 PM

Hi,

I am still having problems with google redirect. For example, when searching for bleeping computer and clicking on the search result I get redirected to activestocktrading.com (and then redirected back to bleepingcomputer.com in one case).
I had to disconnect from the internet to run dds. Log is below.(took a lot longer than the 3 minutes the program says to run)
When I tried to run GMER I had the same problem I listed in my original post. There was an error message I clicked OK to, and I was unable to select the options you request as they were greyed out. The options that were checked were: services, registry, files, C:/, ADS.
I ran GMER with these things selected (took about 2 hours). Log is attached as requested.
I had one error come up: C:\Documents and Settings\LCP\ntuser.dat: The process cannot access the file because it is being used by another process.
I also had delayed write failed messages come up from tray icons and also as a popup box. For example, it said it couldn't save C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1347930690jtun_nav2k8enn12m25.m25

I would really appreciate help with this!

Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
Run by LCP at 9:12:03 on 2012-09-20
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.956.183 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\LCP\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Documents and Settings\LCP\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\lcp\local settings\application data\akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [uQPiuYoYUryntvk.exe] c:\documents and settings\all users\application data\uQPiuYoYUryntvk.exe
StartupFolder: c:\docume~1\lcp\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\lcp\application data\dropbox\bin\Dropbox.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{A09524D2-C6E3-4258-8F7B-D9C9DF8CE40E} : NameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lcp\application data\mozilla\firefox\profiles\dwp5d2je.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\lcp\application

data\mozilla\firefox\profiles\dwp5d2je.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\lcp\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\lcp\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\lcp\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-8-4 14336]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-5-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-5-14 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-14 2440120]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-5 5888]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120914.002\NAVENG.SYS [2012-9-14 92704]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120914.002\NAVEX15.SYS [2012-9-14 1601184]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-7-25 245760]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-5-14 23888]
S3 hwmobile;Huawei FP Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [2012-7-24 106624]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-5 110080]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 114144]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-1 27064]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-8-5 154624]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2009-10-6 162176]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== Created Last 30 ================
.
2012-09-15 00:30:44 -------- d-----w- c:\documents and settings\lcp\application data\SUPERAntiSpyware.com
2012-09-15 00:28:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-15 00:28:21 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-14 23:57:56 -------- d-sh--w- C:\found.000
2012-09-07 23:35:21 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-03 21:12:14 938272 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2012-09-03 21:12:14 348160 ----a-w- c:\windows\system\msvcr71.dll
2012-09-03 21:12:13 527136 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-09-03 21:12:13 264992 ----a-w- c:\windows\system32\lvcodec2.dll
2012-09-03 21:12:13 215840 ----a-w- c:\windows\system32\LVUI2.dll
2012-09-03 21:12:12 41504 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2012-09-03 21:12:12 14240 ----a-w- c:\windows\system32\drivers\lv302af.sys
2012-09-03 21:12:12 13398 ----a-w- c:\windows\system32\Repository.reg
2012-09-03 21:12:12 129824 ----a-w- c:\windows\system32\lvci1051.dll
2012-09-03 20:50:34 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-09-03 20:50:34 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-08-22 19:56:12 -------- d-----w- c:\program files\SpeedFan
.
==================== Find3M ====================
.
2012-08-06 14:55:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-06 14:55:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 21:33:05 667136 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 21:33:05 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-06-28 21:33:04 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-28 12:46:29 369664 ----a-w- c:\windows\system32\html.iec
2011-01-22 23:09:47 2052096 -c--a-w- c:\program files\kdewin-installer-gui-latest.exe
2011-01-22 01:11:02 5933871 -c--a-w- c:\program files\LEdBeta(0.53)Build(6501)Std.exe
2010-03-21 10:23:24 7744980 -c--a-w- c:\program files\FreewarePrimoPDF.exe
2009-11-29 21:51:18 4938616 -c--a-w- c:\program files\Silverlight.exe
2009-10-10 08:02:52 144616 -c--a-w- c:\program files\RapportSetup.exe
2009-10-05 11:03:28 2020136 -c--a-w- c:\program files\SkypeSetup.exe
2009-10-02 15:39:52 570032 -c--a-w- c:\program files\GoogleVoiceAndVideoSetup.exe
2009-05-18 21:06:34 43083040 -c--a-w- c:\program files\AdbeRdr910_en_US_Std.exe
2009-05-17 09:54:51 12972544 -c--a-w- c:\program files\gs854w32.exe
2009-05-17 09:52:47 1502208 -c--a-w- c:\program files\gsv49w32.exe
2009-05-17 09:32:02 86335752 -c--a-w- c:\program files\basic-miktex-2.7.3248.exe
2009-05-17 09:26:11 4652806 -c--a-w- c:\program files\TXCSetup_1StableRC1.exe
2009-05-17 08:29:52 21878064 -c--a-w- c:\program files\QuickTimeInstaller.exe
2009-05-17 07:38:31 16742799 -c--a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-17 07:35:02 16070968 -c--a-w- c:\program files\gimp-2.6.6-i686-setup.exe
2009-05-17 07:30:24 10053112 -c--a-w- c:\program files\picasa3-setup.exe
2005-06-16 09:50:30 112876098 -c--a-w- c:\program files\Mathematica-Student_5.1_Win.EXE
.
============= FINISH: 9:19:35.88 ===============

Attached Files



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:17 AM

Posted 20 September 2012 - 08:29 PM

Hello ClareC, and welcome to BC!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

One question before we begin, have you set your own proxy as indicated by the following line?:

FF - prefs.js: network.proxy.type - 4


==========

:step1:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

:step2:

If you cannot run this in normal mode, try this in safe mode:


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note*** If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

==========

In your next reply, please post the following:

  • The aswMBR log
  • The TDSSKiller log
  • An answer to my quesitons
  • A final question, do you have access to a thumb/flashdrive?
bloopie

Edited by bloopie, 20 September 2012 - 08:45 PM.
Added question


#5 ClareC

ClareC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 20 September 2012 - 10:05 PM

Hi,

Thank you so much for your help. First, to answer your questions:
I don't think I set a proxy. When I look at my firefox settings it says auto-detect proxy. Or is this to do with something else?
I probably have my windows disks somewhere, but if it comes down to having to reinstall the operating system I may reformat my disc and install ubuntu instead!
I do have access to USB drives.

I tried to run the first program you suggested (aswMBR), but nothing happened when I double clicked on it.
I went on to TDSSKiller (I hope that is okay). Amazingly the version I downloaded from your link ran, unlike all the versions I had tried before. I didn't even need to reboot into safe mode. It located one malware item and many suspicious items. Log is below.
When it rebooted my own virus program (symantec) reported a number of security risks, but it looks to me like they are just the files in the TDSSKiller_Quarantine folder.
My google search no longer seems to be telling me "ssl search is off" and the couple of searches I tried were okay, but in the past the problem hasn't occurred with every search so I know this doesn't necessarily mean it is solved. I also haven't tried re-rebooting.

Thanks again. Let me know what I need to do next!

19:41:56.0406 4904 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:41:57.0078 4904 ============================================================
19:41:57.0078 4904 Current date / time: 2012/09/20 19:41:57.0078
19:41:57.0078 4904 SystemInfo:
19:41:57.0078 4904
19:41:57.0078 4904 OS Version: 5.1.2600 ServicePack: 3.0
19:41:57.0078 4904 Product type: Workstation
19:41:57.0078 4904 ComputerName: LYDIA
19:41:57.0078 4904 UserName: LCP
19:41:57.0078 4904 Windows directory: C:\WINDOWS
19:41:57.0078 4904 System windows directory: C:\WINDOWS
19:41:57.0078 4904 Processor architecture: Intel x86
19:41:57.0078 4904 Number of processors: 2
19:41:57.0078 4904 Page size: 0x1000
19:41:57.0078 4904 Boot type: Normal boot
19:41:57.0078 4904 ============================================================
19:41:57.0640 4904 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:41:57.0640 4904 ============================================================
19:41:57.0640 4904 \Device\Harddisk0\DR0:
19:41:57.0640 4904 MBR partitions:
19:41:57.0640 4904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
19:41:57.0640 4904 ============================================================
19:41:57.0671 4904 C: <-> \Device\Harddisk0\DR0\Partition1
19:41:57.0671 4904 ============================================================
19:41:57.0671 4904 Initialize success
19:41:57.0671 4904 ============================================================
19:43:36.0531 4596 ============================================================
19:43:36.0531 4596 Scan started
19:43:36.0531 4596 Mode: Manual; SigCheck; TDLFS;
19:43:36.0531 4596 ============================================================
19:43:37.0421 4596 ================ Scan system memory ========================
19:43:38.0875 4596 System memory - ok
19:43:38.0875 4596 ================ Scan services =============================
19:43:39.0031 4596 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:43:39.0484 4596 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
19:43:39.0484 4596 !SASCORE - detected UnsignedFile.Multi.Generic (1)
19:43:39.0640 4596 Abiosdsk - ok
19:43:39.0640 4596 abp480n5 - ok
19:43:39.0671 4596 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:43:40.0390 4596 ACPI - ok
19:43:40.0437 4596 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:43:40.0562 4596 ACPIEC - ok
19:43:40.0671 4596 [ 2BAD567DDBA52CC96518B06682E78940 ] ACS C:\WINDOWS\system32\acs.exe
19:43:40.0703 4596 ACS ( UnsignedFile.Multi.Generic ) - warning
19:43:40.0703 4596 ACS - detected UnsignedFile.Multi.Generic (1)
19:43:40.0703 4596 adpu160m - ok
19:43:40.0734 4596 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:43:40.0843 4596 aec - ok
19:43:40.0968 4596 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:43:41.0015 4596 AFD - ok
19:43:41.0015 4596 Aha154x - ok
19:43:41.0015 4596 aic78u2 - ok
19:43:41.0031 4596 aic78xx - ok
19:43:41.0328 4596 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
19:43:41.0328 4596 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:43:41.0343 4596 Akamai ( HiddenFile.Multi.Generic ) - warning
19:43:41.0343 4596 Akamai - detected HiddenFile.Multi.Generic (1)
19:43:41.0406 4596 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:43:41.0515 4596 Alerter - ok
19:43:41.0625 4596 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:43:41.0687 4596 ALG - ok
19:43:41.0703 4596 AliIde - ok
19:43:41.0703 4596 amsint - ok
19:43:41.0750 4596 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:43:41.0812 4596 AppMgmt - ok
19:43:41.0875 4596 [ C413E2E549488A5F1969DECB5B03187A ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
19:43:42.0031 4596 AR5416 - ok
19:43:42.0031 4596 asc - ok
19:43:42.0046 4596 asc3350p - ok
19:43:42.0046 4596 asc3550 - ok
19:43:42.0140 4596 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:43:42.0250 4596 aspnet_state - ok
19:43:42.0281 4596 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:43:42.0390 4596 AsyncMac - ok
19:43:42.0500 4596 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:43:42.0750 4596 atapi - ok
19:43:42.0765 4596 Atdisk - ok
19:43:42.0796 4596 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:43:42.0921 4596 Atmarpc - ok
19:43:43.0046 4596 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:43:43.0171 4596 AudioSrv - ok
19:43:43.0203 4596 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:43:43.0312 4596 audstub - ok
19:43:43.0328 4596 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:43:43.0453 4596 Beep - ok
19:43:43.0562 4596 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:43:43.0718 4596 BITS - ok
19:43:43.0828 4596 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:43:43.0875 4596 Browser - ok
19:43:43.0937 4596 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
19:43:43.0984 4596 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
19:43:43.0984 4596 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
19:43:44.0031 4596 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:43:44.0203 4596 cbidf2k - ok
19:43:44.0250 4596 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:43:44.0343 4596 CCDECODE - ok
19:43:44.0437 4596 [ 93A45B3F2403670A6D14A0B466D97698 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:43:44.0453 4596 ccEvtMgr - ok
19:43:44.0468 4596 [ 93A45B3F2403670A6D14A0B466D97698 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:43:44.0484 4596 ccSetMgr - ok
19:43:44.0500 4596 cd20xrnt - ok
19:43:44.0515 4596 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:43:44.0625 4596 Cdaudio - ok
19:43:44.0718 4596 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:43:44.0828 4596 Cdfs - ok
19:43:44.0953 4596 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
19:43:44.0968 4596 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
19:43:44.0968 4596 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
19:43:45.0015 4596 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:43:45.0281 4596 Cdrom - ok
19:43:45.0359 4596 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
19:43:45.0375 4596 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
19:43:45.0375 4596 CFSvcs - detected UnsignedFile.Multi.Generic (1)
19:43:45.0375 4596 Changer - ok
19:43:45.0421 4596 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:43:45.0546 4596 CiSvc - ok
19:43:45.0578 4596 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:43:45.0687 4596 ClipSrv - ok
19:43:45.0796 4596 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:43:45.0890 4596 clr_optimization_v2.0.50727_32 - ok
19:43:45.0906 4596 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:43:46.0015 4596 CmBatt - ok
19:43:46.0015 4596 CmdIde - ok
19:43:46.0125 4596 [ 86A22DFF16E8CA67601044EFE6825537 ] COH_Mon C:\WINDOWS\system32\Drivers\COH_Mon.sys
19:43:46.0140 4596 COH_Mon - ok
19:43:46.0171 4596 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:43:46.0328 4596 Compbatt - ok
19:43:46.0328 4596 COMSysApp - ok
19:43:46.0343 4596 Cpqarray - ok
19:43:46.0421 4596 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:43:46.0562 4596 CryptSvc - ok
19:43:46.0671 4596 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:43:46.0812 4596 CVirtA - ok
19:43:46.0906 4596 [ 30443EEF52F5FB043654859EAA8E5247 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
19:43:47.0015 4596 CVPND - ok
19:43:47.0062 4596 [ CB90B2762B1A1D0B40496400C55B6ADE ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
19:43:47.0093 4596 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
19:43:47.0093 4596 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
19:43:47.0093 4596 dac2w2k - ok
19:43:47.0109 4596 dac960nt - ok
19:43:47.0171 4596 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:43:47.0234 4596 DcomLaunch - ok
19:43:47.0281 4596 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:43:47.0406 4596 Dhcp - ok
19:43:47.0453 4596 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:43:47.0562 4596 Disk - ok
19:43:47.0562 4596 dmadmin - ok
19:43:47.0609 4596 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:43:47.0765 4596 dmboot - ok
19:43:47.0781 4596 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:43:47.0890 4596 dmio - ok
19:43:47.0906 4596 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:43:48.0015 4596 dmload - ok
19:43:48.0031 4596 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:43:48.0203 4596 dmserver - ok
19:43:48.0234 4596 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:43:48.0375 4596 DMusic - ok
19:43:48.0421 4596 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
19:43:48.0437 4596 DNE - ok
19:43:48.0484 4596 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:43:48.0562 4596 Dnscache - ok
19:43:48.0593 4596 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:43:48.0703 4596 Dot3svc - ok
19:43:48.0718 4596 dpti2o - ok
19:43:48.0734 4596 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:43:48.0843 4596 drmkaud - ok
19:43:48.0875 4596 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:43:48.0984 4596 EapHost - ok
19:43:49.0015 4596 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:43:49.0046 4596 eeCtrl - ok
19:43:49.0093 4596 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:43:49.0109 4596 EraserUtilRebootDrv - ok
19:43:49.0125 4596 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:43:49.0234 4596 ERSvc - ok
19:43:49.0296 4596 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:43:49.0328 4596 Eventlog - ok
19:43:49.0359 4596 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:43:49.0390 4596 EventSystem - ok
19:43:49.0421 4596 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:43:49.0593 4596 Fastfat - ok
19:43:49.0640 4596 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:43:49.0703 4596 FastUserSwitchingCompatibility - ok
19:43:49.0718 4596 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:43:49.0843 4596 Fdc - ok
19:43:49.0859 4596 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:43:49.0953 4596 Fips - ok
19:43:50.0000 4596 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:43:50.0109 4596 Flpydisk - ok
19:43:50.0125 4596 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:43:50.0265 4596 FltMgr - ok
19:43:50.0343 4596 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:43:50.0375 4596 FontCache3.0.0.0 - ok
19:43:50.0390 4596 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:43:50.0500 4596 Fs_Rec - ok
19:43:50.0546 4596 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:43:50.0671 4596 Ftdisk - ok
19:43:50.0687 4596 [ 4D52C52101492C450518124C592D8925 ] FwLnk C:\WINDOWS\system32\DRIVERS\FwLnk.sys
19:43:50.0750 4596 FwLnk - ok
19:43:50.0796 4596 [ 35A1F815962F3552066C6BE4C969D297 ] getPlus® Helper C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
19:43:50.0812 4596 getPlus® Helper - ok
19:43:50.0859 4596 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
19:43:50.0875 4596 giveio ( UnsignedFile.Multi.Generic ) - warning
19:43:50.0875 4596 giveio - detected UnsignedFile.Multi.Generic (1)
19:43:50.0906 4596 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:43:51.0062 4596 Gpc - ok
19:43:51.0109 4596 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:43:51.0140 4596 gusvc - ok
19:43:51.0187 4596 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:43:51.0296 4596 HDAudBus - ok
19:43:51.0359 4596 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:43:51.0484 4596 helpsvc - ok
19:43:51.0531 4596 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:43:51.0625 4596 HidServ - ok
19:43:51.0656 4596 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:43:51.0765 4596 HidUsb - ok
19:43:51.0812 4596 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:43:51.0921 4596 hkmsvc - ok
19:43:51.0937 4596 hpn - ok
19:43:52.0046 4596 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:43:52.0109 4596 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:43:52.0109 4596 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:43:52.0156 4596 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:43:52.0203 4596 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:43:52.0203 4596 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:43:52.0250 4596 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:43:52.0359 4596 HPZid412 - ok
19:43:52.0375 4596 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:43:52.0453 4596 HPZipr12 - ok
19:43:52.0468 4596 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:43:52.0687 4596 HPZius12 - ok
19:43:52.0734 4596 [ 0AAEF566E6782957252FA79F566FBC0B ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:43:52.0765 4596 HSFHWAZL - ok
19:43:52.0828 4596 [ E472E0CB4E716CC34C0E045F2C196221 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:43:52.0890 4596 HSF_DPV - ok
19:43:52.0953 4596 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:43:53.0000 4596 HTTP - ok
19:43:53.0046 4596 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:43:53.0203 4596 HTTPFilter - ok
19:43:53.0265 4596 [ F02C6D2EB89F60B01582E44762415CA8 ] hwmobile C:\WINDOWS\system32\DRIVERS\hwusbser.sys
19:43:53.0375 4596 hwmobile - ok
19:43:53.0375 4596 i2omgmt - ok
19:43:53.0390 4596 i2omp - ok
19:43:53.0437 4596 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:43:53.0625 4596 i8042prt - ok
19:43:53.0812 4596 [ F592A1B020723CFBD3D2722514066449 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:43:54.0187 4596 ialm - ok
19:43:54.0234 4596 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
19:43:54.0265 4596 iaStor - ok
19:43:54.0343 4596 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:43:54.0406 4596 idsvc - ok
19:43:54.0437 4596 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:43:54.0578 4596 Imapi - ok
19:43:54.0625 4596 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:43:54.0781 4596 ImapiService - ok
19:43:54.0781 4596 ini910u - ok
19:43:54.0953 4596 [ FEBB470BF0DE4DBEBBF72B79DF993C5F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:43:55.0218 4596 IntcAzAudAddService - ok
19:43:55.0250 4596 [ C9EF68BEE3B1A62F34125A9FBBAAC10C ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
19:43:55.0328 4596 IntcHdmiAddService - ok
19:43:55.0343 4596 IntelIde - ok
19:43:55.0359 4596 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:43:55.0484 4596 intelppm - ok
19:43:55.0500 4596 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:43:55.0625 4596 Ip6Fw - ok
19:43:55.0656 4596 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:43:55.0765 4596 IpFilterDriver - ok
19:43:55.0781 4596 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:43:55.0890 4596 IpInIp - ok
19:43:55.0906 4596 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:43:56.0046 4596 IpNat - ok
19:43:56.0078 4596 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:43:56.0234 4596 IPSec - ok
19:43:56.0281 4596 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:43:56.0328 4596 IRENUM - ok
19:43:56.0359 4596 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:43:56.0468 4596 isapnp - ok
19:43:56.0562 4596 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
19:43:56.0609 4596 JavaQuickStarterService - ok
19:43:56.0625 4596 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:43:56.0750 4596 Kbdclass - ok
19:43:56.0781 4596 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:43:56.0953 4596 kmixer - ok
19:43:57.0015 4596 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:43:57.0093 4596 KSecDD - ok
19:43:57.0140 4596 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:43:57.0203 4596 LanmanServer - ok
19:43:57.0234 4596 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:43:57.0281 4596 lanmanworkstation - ok
19:43:57.0296 4596 lbrtfdc - ok
19:43:57.0453 4596 [ E553C4B4B7B4B86CD71A2DFEE1B58131 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
19:43:57.0562 4596 LiveUpdate - ok
19:43:57.0593 4596 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:43:57.0718 4596 LmHosts - ok
19:43:57.0937 4596 [ 9A3D4FC6B86E7E36473079AB76AC703D ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
19:43:58.0265 4596 LVcKap - ok
19:43:58.0500 4596 [ 0ACBC11F19320AF6C19F2E20013D9095 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
19:43:58.0750 4596 LVMVDrv - ok
19:43:58.0796 4596 [ 12866641284EBB41E627BB53C04DA959 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:43:58.0812 4596 LVPr2Mon - ok
19:43:58.0906 4596 [ 995D0B52870C7A5CAF3EA165FD674A35 ] LVPrcSrv c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
19:43:59.0000 4596 LVPrcSrv - ok
19:43:59.0078 4596 [ A005CEE9BE199C5E375FAA559CA9A7A9 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
19:43:59.0125 4596 LVSrvLauncher - ok
19:43:59.0156 4596 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
19:43:59.0171 4596 LVUSBSta - ok
19:43:59.0218 4596 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:43:59.0250 4596 mdmxsdk - ok
19:43:59.0281 4596 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:43:59.0390 4596 Messenger - ok
19:43:59.0437 4596 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:43:59.0546 4596 mnmdd - ok
19:43:59.0593 4596 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:43:59.0703 4596 mnmsrvc - ok
19:43:59.0718 4596 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:43:59.0890 4596 Modem - ok
19:43:59.0921 4596 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:44:00.0046 4596 Mouclass - ok
19:44:00.0078 4596 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:44:00.0187 4596 mouhid - ok
19:44:00.0218 4596 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:44:00.0343 4596 MountMgr - ok
19:44:00.0390 4596 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:44:00.0421 4596 MozillaMaintenance - ok
19:44:00.0437 4596 mraid35x - ok
19:44:00.0437 4596 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:44:00.0562 4596 MRxDAV - ok
19:44:00.0625 4596 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:44:00.0781 4596 MRxSmb - ok
19:44:00.0843 4596 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:44:00.0953 4596 MSDTC - ok
19:44:00.0968 4596 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:44:01.0093 4596 Msfs - ok
19:44:01.0093 4596 MSIServer - ok
19:44:01.0140 4596 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:44:01.0265 4596 MSKSSRV - ok
19:44:01.0281 4596 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:44:01.0390 4596 MSPCLOCK - ok
19:44:01.0406 4596 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:44:01.0515 4596 MSPQM - ok
19:44:01.0531 4596 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:44:01.0656 4596 mssmbios - ok
19:44:01.0671 4596 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:44:01.0781 4596 MSTEE - ok
19:44:01.0812 4596 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:44:01.0859 4596 Mup - ok
19:44:01.0890 4596 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:44:02.0000 4596 NABTSFEC - ok
19:44:02.0031 4596 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:44:02.0156 4596 napagent - ok
19:44:02.0250 4596 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120920.002\NAVENG.SYS
19:44:02.0265 4596 NAVENG - ok
19:44:02.0359 4596 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120920.002\NAVEX15.SYS
19:44:02.0421 4596 NAVEX15 - ok
19:44:02.0468 4596 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:44:02.0656 4596 NDIS - ok
19:44:02.0687 4596 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:44:02.0812 4596 NdisIP - ok
19:44:02.0843 4596 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:44:02.0890 4596 NdisTapi - ok
19:44:02.0906 4596 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:44:03.0062 4596 Ndisuio - ok
19:44:03.0093 4596 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:44:03.0265 4596 NdisWan - ok
19:44:03.0328 4596 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:44:03.0359 4596 NDProxy - ok
19:44:03.0406 4596 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
19:44:03.0421 4596 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:44:03.0421 4596 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:44:03.0468 4596 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:44:03.0593 4596 NetBIOS - ok
19:44:03.0625 4596 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:44:03.0781 4596 NetBT - ok
19:44:03.0828 4596 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:44:04.0000 4596 NetDDE - ok
19:44:04.0000 4596 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:44:04.0109 4596 NetDDEdsdm - ok
19:44:04.0125 4596 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
19:44:04.0156 4596 Netdevio ( UnsignedFile.Multi.Generic ) - warning
19:44:04.0156 4596 Netdevio - detected UnsignedFile.Multi.Generic (1)
19:44:04.0203 4596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:44:04.0328 4596 Netlogon - ok
19:44:04.0375 4596 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:44:04.0484 4596 Netman - ok
19:44:04.0515 4596 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:44:04.0593 4596 NetTcpPortSharing - ok
19:44:04.0640 4596 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:44:04.0671 4596 Nla - ok
19:44:04.0703 4596 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:44:04.0828 4596 Npfs - ok
19:44:04.0875 4596 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:44:04.0984 4596 Ntfs - ok
19:44:05.0015 4596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:44:05.0125 4596 NtLmSsp - ok
19:44:05.0187 4596 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:44:05.0296 4596 NtmsSvc - ok
19:44:05.0328 4596 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:44:05.0437 4596 Null - ok
19:44:05.0468 4596 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:44:05.0562 4596 NwlnkFlt - ok
19:44:05.0578 4596 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:44:05.0687 4596 NwlnkFwd - ok
19:44:05.0750 4596 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:44:05.0859 4596 Parport - ok
19:44:05.0890 4596 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:44:06.0000 4596 PartMgr - ok
19:44:06.0031 4596 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:44:06.0125 4596 ParVdm - ok
19:44:06.0140 4596 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:44:06.0234 4596 PCI - ok
19:44:06.0250 4596 PCIDump - ok
19:44:06.0265 4596 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:44:06.0359 4596 PCIIde - ok
19:44:06.0375 4596 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:44:06.0515 4596 Pcmcia - ok
19:44:06.0515 4596 PDCOMP - ok
19:44:06.0531 4596 PDFRAME - ok
19:44:06.0531 4596 PDRELI - ok
19:44:06.0546 4596 PDRFRAME - ok
19:44:06.0578 4596 [ EA99A71316519D755F50A2AE2F828D9F ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
19:44:06.0593 4596 pepifilter - ok
19:44:06.0609 4596 perc2 - ok
19:44:06.0609 4596 perc2hib - ok
19:44:06.0703 4596 [ 84B9084692FE00DF09F20E516D831C57 ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
19:44:06.0750 4596 PID_PEPI - ok
19:44:06.0781 4596 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:44:06.0828 4596 PlugPlay - ok
19:44:06.0843 4596 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
19:44:06.0875 4596 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:44:06.0875 4596 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:44:06.0890 4596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:44:07.0000 4596 PolicyAgent - ok
19:44:07.0046 4596 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:44:07.0187 4596 PptpMiniport - ok
19:44:07.0203 4596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:44:07.0312 4596 ProtectedStorage - ok
19:44:07.0328 4596 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:44:07.0453 4596 PSched - ok
19:44:07.0468 4596 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:44:07.0578 4596 Ptilink - ok
19:44:07.0625 4596 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:44:07.0671 4596 PxHelp20 - ok
19:44:07.0687 4596 ql1080 - ok
19:44:07.0687 4596 Ql10wnt - ok
19:44:07.0703 4596 ql12160 - ok
19:44:07.0703 4596 ql1240 - ok
19:44:07.0718 4596 ql1280 - ok
19:44:07.0734 4596 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:44:07.0859 4596 RasAcd - ok
19:44:07.0890 4596 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:44:08.0000 4596 RasAuto - ok
19:44:08.0015 4596 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:44:08.0125 4596 Rasl2tp - ok
19:44:08.0140 4596 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:44:08.0265 4596 RasMan - ok
19:44:08.0281 4596 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:44:08.0437 4596 RasPppoe - ok
19:44:08.0468 4596 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:44:08.0593 4596 Raspti - ok
19:44:08.0609 4596 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:44:08.0718 4596 Rdbss - ok
19:44:08.0765 4596 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:44:08.0875 4596 RDPCDD - ok
19:44:08.0906 4596 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:44:09.0015 4596 rdpdr - ok
19:44:09.0062 4596 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:44:09.0109 4596 RDPWD - ok
19:44:09.0156 4596 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:44:09.0328 4596 RDSessMgr - ok
19:44:09.0375 4596 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:44:09.0546 4596 redbook - ok
19:44:09.0609 4596 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:44:09.0718 4596 RemoteAccess - ok
19:44:09.0765 4596 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:44:09.0875 4596 RemoteRegistry - ok
19:44:09.0921 4596 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
19:44:09.0937 4596 Revoflt - ok
19:44:09.0984 4596 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:44:10.0078 4596 RpcLocator - ok
19:44:10.0109 4596 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:44:10.0171 4596 RpcSs - ok
19:44:10.0203 4596 [ 9145D2B7D0E45329A30AF97E6764E184 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RTS5121.sys
19:44:10.0281 4596 RSUSBSTOR - ok
19:44:10.0312 4596 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:44:10.0500 4596 RSVP - ok
19:44:10.0546 4596 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:44:10.0609 4596 RTLE8023xp - ok
19:44:10.0640 4596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:44:10.0734 4596 SamSs - ok
19:44:10.0765 4596 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:44:10.0781 4596 SASDIFSV - ok
19:44:10.0796 4596 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:44:10.0812 4596 SASKUTIL - ok
19:44:10.0859 4596 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:44:11.0031 4596 SCardSvr - ok
19:44:11.0062 4596 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:44:11.0171 4596 Schedule - ok
19:44:11.0218 4596 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:44:11.0265 4596 Secdrv - ok
19:44:11.0296 4596 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:44:11.0390 4596 seclogon - ok
19:44:11.0421 4596 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:44:11.0593 4596 SENS - ok
19:44:11.0625 4596 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:44:11.0734 4596 Serial - ok
19:44:11.0781 4596 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:44:11.0890 4596 Sfloppy - ok
19:44:11.0953 4596 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:44:12.0062 4596 SharedAccess - ok
19:44:12.0093 4596 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:44:12.0109 4596 ShellHWDetection - ok
19:44:12.0109 4596 Simbad - ok
19:44:12.0203 4596 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:44:12.0406 4596 SkypeUpdate - ok
19:44:12.0421 4596 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:44:12.0546 4596 SLIP - ok
19:44:12.0656 4596 [ D0375CA98569065A51504187D22C1949 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
19:44:12.0765 4596 SmcService - ok
19:44:12.0812 4596 [ 612D1ECBF4F7351A29B9EB0FA6E5F56A ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
19:44:12.0859 4596 SNAC - ok
19:44:12.0859 4596 Sparrow - ok
19:44:12.0953 4596 [ 77780509A16A1DF7F2D8531D21DDB9B9 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
19:44:12.0984 4596 SPBBCDrv - ok
19:44:13.0031 4596 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
19:44:13.0046 4596 speedfan - ok
19:44:13.0062 4596 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:44:13.0187 4596 splitter - ok
19:44:13.0234 4596 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:44:13.0281 4596 Spooler - ok
19:44:13.0328 4596 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:44:13.0390 4596 sr - ok
19:44:13.0421 4596 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:44:13.0468 4596 srservice - ok
19:44:13.0515 4596 [ E217480CC878061D7603A8CDCA06C188 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
19:44:13.0546 4596 SRTSP - ok
19:44:13.0578 4596 [ CAE71704BADDE6B0D5818ACCE20673CA ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
19:44:13.0593 4596 SRTSPL - ok
19:44:13.0609 4596 [ BE6F1DDDE2DDAB75225D83E6B03A2348 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
19:44:13.0640 4596 SRTSPX - ok
19:44:13.0671 4596 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:44:13.0765 4596 Srv - ok
19:44:13.0812 4596 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:44:13.0859 4596 SSDPSRV - ok
19:44:13.0906 4596 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
19:44:14.0000 4596 StillCam - ok
19:44:14.0031 4596 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:44:14.0156 4596 stisvc - ok
19:44:14.0187 4596 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:44:14.0312 4596 streamip - ok
19:44:14.0343 4596 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:44:14.0453 4596 swenum - ok
19:44:14.0468 4596 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:44:14.0578 4596 swmidi - ok
19:44:14.0593 4596 SwPrv - ok
19:44:14.0703 4596 [ AB135C5739D0AB8CBAAF1D4B23E3C259 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
19:44:14.0812 4596 Symantec AntiVirus - ok
19:44:14.0828 4596 symc810 - ok
19:44:14.0828 4596 symc8xx - ok
19:44:14.0859 4596 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:44:14.0875 4596 SymEvent - ok
19:44:14.0921 4596 [ BE3C117150C055E50A4CAF23E548C856 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
19:44:14.0937 4596 SYMREDRV - ok
19:44:14.0968 4596 [ 7B0AF4E22B32F8C5BFBA5A5D53522160 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
19:44:14.0984 4596 SYMTDI - ok
19:44:14.0984 4596 sym_hi - ok
19:44:15.0000 4596 sym_u3 - ok
19:44:15.0015 4596 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:44:15.0062 4596 SynTP - ok
19:44:15.0062 4596 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:44:15.0187 4596 sysaudio - ok
19:44:15.0234 4596 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:44:15.0375 4596 SysmonLog - ok
19:44:15.0406 4596 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:44:15.0515 4596 TapiSrv - ok
19:44:15.0578 4596 [ F01D70C9DCCA4C1B6ED794B0DDD1AE8F ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
19:44:15.0609 4596 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
19:44:15.0609 4596 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
19:44:15.0656 4596 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:44:15.0687 4596 Tcpip - ok
19:44:15.0718 4596 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
19:44:15.0734 4596 tdcmdpst ( UnsignedFile.Multi.Generic ) - warning
19:44:15.0734 4596 tdcmdpst - detected UnsignedFile.Multi.Generic (1)
19:44:15.0765 4596 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:44:15.0890 4596 TDPIPE - ok
19:44:15.0921 4596 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:44:16.0031 4596 TDTCP - ok
19:44:16.0046 4596 [ F56A9327C58FF985616C5E197472932C ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
19:44:16.0078 4596 tdudf - ok
19:44:16.0093 4596 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:44:16.0250 4596 TermDD - ok
19:44:16.0296 4596 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:44:16.0468 4596 TermService - ok
19:44:16.0484 4596 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:44:16.0515 4596 Themes - ok
19:44:16.0531 4596 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:44:16.0656 4596 TlntSvr - ok
19:44:16.0687 4596 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
19:44:16.0734 4596 TODDSrv - ok
19:44:16.0734 4596 TosIde - ok
19:44:16.0765 4596 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:44:16.0890 4596 TrkWks - ok
19:44:16.0906 4596 [ 3F9BA8878AA26D0831116733F9BC53FF ] trudf C:\WINDOWS\system32\DRIVERS\trudf.sys
19:44:16.0984 4596 trudf - ok
19:44:17.0000 4596 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:44:17.0125 4596 Udfs - ok
19:44:17.0125 4596 ultra - ok
19:44:17.0171 4596 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:44:17.0218 4596 UMWdf - ok
19:44:17.0265 4596 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:44:17.0375 4596 Update - ok
19:44:17.0406 4596 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:44:17.0484 4596 upnphost - ok
19:44:17.0484 4596 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:44:17.0593 4596 UPS - ok
19:44:17.0656 4596 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:44:17.0765 4596 usbaudio - ok
19:44:17.0812 4596 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:44:17.0921 4596 usbccgp - ok
19:44:17.0937 4596 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:44:18.0031 4596 usbehci - ok
19:44:18.0046 4596 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:44:18.0218 4596 usbhub - ok
19:44:18.0265 4596 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:44:18.0375 4596 usbprint - ok
19:44:18.0421 4596 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:44:18.0515 4596 usbscan - ok
19:44:18.0546 4596 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:44:18.0671 4596 usbstor - ok
19:44:18.0687 4596 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:44:18.0796 4596 usbuhci - ok
19:44:18.0812 4596 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:44:18.0906 4596 usbvideo - ok
19:44:18.0953 4596 [ 4F6D02349CAC986A017AD1A0F2E2B099 ] V0260VID C:\WINDOWS\system32\DRIVERS\V0260Vid.sys
19:44:19.0015 4596 V0260VID - ok
19:44:19.0031 4596 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:44:19.0171 4596 VgaSave - ok
19:44:19.0171 4596 ViaIde - ok
19:44:19.0187 4596 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:44:19.0296 4596 VolSnap - ok
19:44:19.0343 4596 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
19:44:19.0375 4596 vsdatant - ok
19:44:19.0406 4596 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:44:19.0468 4596 VSS - ok
19:44:19.0500 4596 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:44:19.0593 4596 W32Time - ok
19:44:19.0609 4596 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:44:19.0718 4596 Wanarp - ok
19:44:19.0734 4596 WDICA - ok
19:44:19.0781 4596 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:44:19.0875 4596 wdmaud - ok
19:44:19.0921 4596 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:44:20.0031 4596 WebClient - ok
19:44:20.0093 4596 [ 0E666AC2766F2FD860CC03F405A2ACE1 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:44:20.0156 4596 winachsf - ok
19:44:20.0234 4596 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:44:20.0390 4596 winmgmt - ok
19:44:20.0437 4596 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:44:20.0484 4596 WmdmPmSN - ok
19:44:20.0515 4596 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:44:20.0546 4596 Wmi - ok
19:44:20.0593 4596 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:44:20.0703 4596 WmiApSrv - ok
19:44:20.0750 4596 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:44:20.0859 4596 wscsvc - ok
19:44:20.0906 4596 [ 21AC4F228F3D36876A42277C76A766C0 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
19:44:20.0921 4596 WSIMD ( UnsignedFile.Multi.Generic ) - warning
19:44:20.0921 4596 WSIMD - detected UnsignedFile.Multi.Generic (1)
19:44:20.0953 4596 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:44:21.0046 4596 WSTCODEC - ok
19:44:21.0062 4596 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:44:21.0171 4596 wuauserv - ok
19:44:21.0203 4596 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:44:21.0328 4596 WZCSVC - ok
19:44:21.0359 4596 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:44:21.0484 4596 xmlprov - ok
19:44:21.0484 4596 ================ Scan global ===============================
19:44:21.0531 4596 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:44:21.0578 4596 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:44:21.0578 4596 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:44:21.0609 4596 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:44:21.0609 4596 [Global] - ok
19:44:21.0609 4596 ================ Scan MBR ==================================
19:44:21.0640 4596 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:44:21.0640 4596 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:44:21.0671 4596 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
19:44:21.0671 4596 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
19:44:21.0703 4596 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:44:21.0703 4596 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:44:21.0703 4596 ================ Scan VBR ==================================
19:44:21.0703 4596 [ 99235B92F577D3EB7CEE7407260B8F12 ] \Device\Harddisk0\DR0\Partition1
19:44:21.0703 4596 \Device\Harddisk0\DR0\Partition1 - ok
19:44:21.0703 4596 ============================================================
19:44:21.0703 4596 Scan finished
19:44:21.0703 4596 ============================================================
19:44:21.0843 5048 Detected object count: 18
19:44:21.0843 5048 Actual detected object count: 18
19:45:16.0875 5048 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0875 5048 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0890 5048 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0890 5048 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0890 5048 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:45:16.0890 5048 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:45:16.0890 5048 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0890 5048 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0890 5048 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0890 5048 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0890 5048 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0890 5048 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0890 5048 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0890 5048 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0906 5048 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0906 5048 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0906 5048 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0906 5048 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0906 5048 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0906 5048 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0906 5048 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0906 5048 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0906 5048 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0906 5048 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0906 5048 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0906 5048 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0906 5048 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0906 5048 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0921 5048 tdcmdpst ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0921 5048 tdcmdpst ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:16.0921 5048 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:16.0921 5048 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:17.0406 5048 \Device\Harddisk0\DR0\# - copied to quarantine
19:45:17.0421 5048 \Device\Harddisk0\DR0 - copied to quarantine
19:45:17.0546 5048 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
19:45:17.0578 5048 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
19:45:17.0578 5048 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
19:45:17.0578 5048 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
19:45:17.0593 5048 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
19:45:17.0593 5048 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
19:45:18.0062 5048 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
19:45:18.0546 5048 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
19:45:18.0687 5048 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
19:45:18.0953 5048 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:45:19.0031 5048 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:45:19.0437 5048 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:45:19.0515 5048 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:45:19.0718 5048 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
19:45:19.0765 5048 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
19:45:19.0984 5048 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
19:45:20.0203 5048 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
19:45:20.0218 5048 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
19:45:20.0281 5048 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
19:45:20.0468 5048 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
19:45:20.0531 5048 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
19:45:20.0843 5048 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
19:45:20.0937 5048 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
19:45:21.0171 5048 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
19:45:23.0062 5048 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
19:45:23.0187 5048 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
19:45:23.0187 5048 \Device\Harddisk0\DR0 - ok
19:45:23.0671 5048 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
19:45:23.0671 5048 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:45:23.0671 5048 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:45:37.0312 4572 Deinitialize success

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:17 AM

Posted 20 September 2012 - 10:39 PM

Hi again,

Thanks for that information! :thumbup2:

But I must issue a warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

==========

That's interesting, there is a lot of things going on in that log so I'd like to see another TDSSKiller log, but don't be afraid to reboot if you need to:

Please run both scans in Post #4 just as you did before, but run TDSSKiller first this time.

Please post both logs if they run!

bloopie

Edited by bloopie, 21 September 2012 - 11:32 AM.
Fixed instruction


#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:17 AM

Posted 21 September 2012 - 11:32 AM

Hi,

I have edited my last post, so please don't miss it! Let me know if you have any problems.

bloopie

#8 ClareC

ClareC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 September 2012 - 01:56 PM

Hi,

Thanks for letting me know - though that is not news I wanted to hear! Any idea how this could have found its way on to my computer? Is there a way to tell when it appeared? I'd obviously like to avoid it happening again, and if I am reformatting I will no doubt end up downloading the same programs again from the internet - I don't want viruses with them!
I have tried to avoid logging into any banking sites etc since noticing problems with my computer, but of course I don't know how long that trojan has been there. I have now changed my important passwords from another computer.
I tried running the scans again as you requested. The TDSSKiller found suspicious files. When I tried aswMBR it did open this time, but it completely froze my computer after a couple of minutes. I had to hard reboot. I set the scan running again before I went to work and will check on it this evening and post both logs then.

I have a few questions I hope you can answer:
Given that you cannot ensure the machine is clean, is it worthwhile trying?
Could any malware have made it's way on to an external harddrive I have connected? I am backing my files up on to an external drive and obviously don't want problems transferred if I copy the files back after reformatting.
Is reformatting a guaranteed fix to the problem?
Given that I am running windows XP, I have been considering either upgrading windows or changing to Ubuntu. Do you have any advice to offer on this choice specifically related to getting rid of the malware problems?

Thanks so much for your help,

Lydia

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:17 AM

Posted 21 September 2012 - 03:58 PM

Hi again,

Thanks so much for your help

It's my pleasure! :)

I'll try to answer all of your questions as best I can without writing a book! :lol:

Any idea how this could have found its way on to my computer?

That's a tough question to answer, but I'll show you a snippet of my "all clean" speech outlining some things:

  • The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.
  • The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. you can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.
  • If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

==========

Is there a way to tell when it appeared?

Maybe with some more logs, I could guess at a time...but usually you should look into it when things start to suddenly slow down or you start getting redirected.

if I am reformatting I will no doubt end up downloading the same programs again from the internet - I don't want viruses with them!

Lol, nobody does! Usually if your downloading from a secure website, you should be okay. But with an AV program installed you could at least scan things you download before installing it.

Given that you cannot ensure the machine is clean, is it worthwhile trying?

From earlier, I said:

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

Big difference. Your machine will be clean, but the rootkit you are/were infected with could have caused unknown damage to the operating system. It may still be secure after we clean it, but there's no 100% sure way to tell.

Could any malware have made it's way on to an external harddrive I have connected? I am backing my files up on to an external drive and obviously don't want problems transferred if I copy the files back after reformatting.
Is reformatting a guaranteed fix to the problem?

I'll try to answer all that in one step:
Yes your flashdrive can propagate infections, but I would still like to go ahead with the cleaning to ensure you don't backup any infected files. I will take the proper steps to make sure your flashdrive does not get infected in the process. :wink:

Then when clean, you can reformat if you still wish to, and then you'll be sure there is no leftovers still present.
Does that make sense? :)

Given that I am running windows XP, I have been considering either upgrading windows or changing to Ubuntu. Do you have any advice to offer on this choice specifically related to getting rid of the malware problems?

I haven't used Ubuntu enough to give much on that point. It's pretty safe from malware at the moment, but as more and more people begin to use it, the malware writers will most certainly target that OS as well.

In fact, there is already malware that can infect Mac OS and Ubuntu as well. I'll see if I can dig up more for you later on about that point. :)

==============================

Now, if you can't get aswMBR to work, then also provide me with a log from ListParts:


  • Double click ListParts.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

bloopie

#10 ClareC

ClareC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 September 2012 - 05:00 PM

Thank you for the comprehensive answers! I'm still not at the infected computer, so I will post the logs later today.
It is my habit to scan all exe files I download before running them, but clearly my installed antivirus software didn't catch this problem.
It certainly seems like the best option is to go ahead and clean the computer, and then consider the option of reformatting after that.
Regarding the external drive, I am concerned that malicious files may already have infected it as I have copied files over to it in the last few days. Note that I don't use a backup program so I only copy the data files I need. It would have had to have copied itself to the drive to get there.
This brings up another question: since you have advised to disconnect my computer from the internet, am I best to copy logs to a pen drive and upload them from another computer? Does this risk infecting the other computer?

Thanks again.

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:17 AM

Posted 21 September 2012 - 05:39 PM

Hello again,

Good questions! :)

If we need to use a flashdrive (in the near future) then it's best we disinfect it first:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

==========

If you need to offload data from the flashdrive, you can do so as we may need to format it at some point. Most text documents should be safe anyway. Pictures are probably okay as long as you took them yourself or know exactly where they came from. It's the .exe's we should really worry about, as they're actual executable files that can run other files. Do you have any programs on your flashdrive (files that end in .exe)?

Having said all of that, this current rootkit you're experiencing won't infect removable drives so you should be fine as it is...but it's better to be safe then sorry. :)

==========

On your infected machine, only connect to the internet when you need to until we're sure there are no other infections running rampant. I'd need some more logs to be sure there (we'll get to that). But as long as you've changed your passwords from a clean computer and don't do any banking on the infected machine, you should be okay when only connecting to download tools and such we will use.

Another question: Are you able to burn CD's with a clean computer? If so, that could be a big help if we need to.

bloopie

Edited by bloopie, 21 September 2012 - 05:41 PM.
Fixed typo


#12 ClareC

ClareC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 September 2012 - 08:03 PM

Hi,

I finally have the logs you requested. Yes, I should be able to write CDs from a clean computer if needed. I have access to a USB pen drive that I can reformat/clear if necessary. My external hard drive probably has some exe files on it. After cleaning my computer I can presumably also run things like SuperAntiSpyware on my external drive?

Thanks again for you help.

19:50:17.0296 2224 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:50:18.0234 2224 ============================================================
19:50:18.0234 2224 Current date / time: 2012/09/20 19:50:18.0234
19:50:18.0234 2224 SystemInfo:
19:50:18.0234 2224
19:50:18.0234 2224 OS Version: 5.1.2600 ServicePack: 3.0
19:50:18.0234 2224 Product type: Workstation
19:50:18.0234 2224 ComputerName: LYDIA
19:50:18.0234 2224 UserName: LCP
19:50:18.0234 2224 Windows directory: C:\WINDOWS
19:50:18.0234 2224 System windows directory: C:\WINDOWS
19:50:18.0234 2224 Processor architecture: Intel x86
19:50:18.0234 2224 Number of processors: 2
19:50:18.0234 2224 Page size: 0x1000
19:50:18.0234 2224 Boot type: Normal boot
19:50:18.0234 2224 ============================================================
19:50:31.0156 2224 BG loaded
19:50:32.0156 2224 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:50:32.0156 2224 ============================================================
19:50:32.0156 2224 \Device\Harddisk0\DR0:
19:50:32.0156 2224 MBR partitions:
19:50:32.0156 2224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
19:50:32.0156 2224 ============================================================
19:50:32.0515 2224 C: <-> \Device\Harddisk0\DR0\Partition1
19:50:32.0515 2224 ============================================================
19:50:32.0515 2224 Initialize success
19:50:32.0515 2224 ============================================================
07:15:14.0562 1072 ============================================================
07:15:14.0593 1072 Scan started
07:15:14.0593 1072 Mode: Manual;
07:15:14.0593 1072 ============================================================
07:15:24.0390 1072 ================ Scan system memory ========================
07:15:24.0390 1072 Scan interrupted by user!
07:15:24.0390 1072 ================ Scan services =============================
07:15:24.0890 1072 Scan interrupted by user!
07:15:24.0890 1072 ================ Scan global ===============================
07:15:24.0890 1072 Scan interrupted by user!
07:15:24.0890 1072 ================ Scan MBR ==================================
07:15:24.0890 1072 Scan interrupted by user!
07:15:24.0890 1072 ================ Scan VBR ==================================
07:15:24.0890 1072 Scan interrupted by user!
07:15:24.0890 1072 ============================================================
07:15:24.0890 1072 Scan finished
07:15:24.0890 1072 ============================================================
07:15:25.0203 2316 Detected object count: 0
07:15:25.0203 2316 Actual detected object count: 0
07:15:39.0234 2372 ============================================================
07:15:39.0234 2372 Scan started
07:15:39.0234 2372 Mode: Manual; SigCheck; TDLFS;
07:15:39.0234 2372 ============================================================
07:15:42.0203 2372 ================ Scan system memory ========================
07:15:46.0921 2372 System memory - ok
07:15:46.0921 2372 ================ Scan services =============================
07:15:47.0468 2372 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:15:53.0218 2372 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
07:15:53.0218 2372 !SASCORE - detected UnsignedFile.Multi.Generic (1)
07:15:53.0562 2372 Abiosdsk - ok
07:15:53.0562 2372 abp480n5 - ok
07:15:53.0656 2372 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:15:59.0968 2372 ACPI - ok
07:16:00.0062 2372 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:16:00.0281 2372 ACPIEC - ok
07:16:00.0406 2372 [ 2BAD567DDBA52CC96518B06682E78940 ] ACS C:\WINDOWS\system32\acs.exe
07:16:00.0625 2372 ACS ( UnsignedFile.Multi.Generic ) - warning
07:16:00.0625 2372 ACS - detected UnsignedFile.Multi.Generic (1)
07:16:00.0625 2372 adpu160m - ok
07:16:00.0671 2372 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:16:01.0093 2372 aec - ok
07:16:01.0187 2372 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:16:01.0437 2372 AFD - ok
07:16:01.0453 2372 Aha154x - ok
07:16:01.0453 2372 aic78u2 - ok
07:16:01.0468 2372 aic78xx - ok
07:16:02.0265 2372 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
07:16:02.0265 2372 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
07:16:02.0265 2372 Akamai ( HiddenFile.Multi.Generic ) - warning
07:16:02.0265 2372 Akamai - detected HiddenFile.Multi.Generic (1)
07:16:02.0359 2372 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:16:02.0703 2372 Alerter - ok
07:16:02.0734 2372 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:16:03.0000 2372 ALG - ok
07:16:03.0000 2372 AliIde - ok
07:16:03.0015 2372 amsint - ok
07:16:03.0140 2372 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:16:03.0250 2372 AppMgmt - ok
07:16:03.0671 2372 [ C413E2E549488A5F1969DECB5B03187A ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
07:16:04.0421 2372 AR5416 - ok
07:16:04.0421 2372 asc - ok
07:16:04.0437 2372 asc3350p - ok
07:16:04.0437 2372 asc3550 - ok
07:16:04.0796 2372 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:16:05.0078 2372 aspnet_state - ok
07:16:05.0203 2372 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:16:05.0437 2372 AsyncMac - ok
07:16:05.0546 2372 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:16:08.0671 2372 atapi - ok
07:16:08.0671 2372 Atdisk - ok
07:16:08.0718 2372 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:16:08.0968 2372 Atmarpc - ok
07:16:09.0046 2372 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:16:09.0234 2372 AudioSrv - ok
07:16:09.0296 2372 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:16:09.0453 2372 audstub - ok
07:16:09.0500 2372 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:16:09.0625 2372 Beep - ok
07:16:09.0703 2372 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
07:16:09.0921 2372 BITS - ok
07:16:09.0953 2372 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:16:10.0171 2372 Browser - ok
07:16:10.0343 2372 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
07:16:11.0406 2372 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
07:16:11.0406 2372 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
07:16:11.0468 2372 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:16:11.0593 2372 cbidf2k - ok
07:16:11.0656 2372 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:16:11.0796 2372 CCDECODE - ok
07:16:12.0031 2372 [ 93A45B3F2403670A6D14A0B466D97698 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
07:16:12.0156 2372 ccEvtMgr - ok
07:16:12.0171 2372 [ 93A45B3F2403670A6D14A0B466D97698 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
07:16:12.0187 2372 ccSetMgr - ok
07:16:12.0203 2372 cd20xrnt - ok
07:16:12.0234 2372 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:16:12.0359 2372 Cdaudio - ok
07:16:12.0375 2372 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:16:12.0531 2372 Cdfs - ok
07:16:12.0578 2372 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
07:16:12.0656 2372 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
07:16:12.0656 2372 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
07:16:12.0734 2372 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:16:15.0671 2372 Cdrom - ok
07:16:15.0812 2372 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
07:16:16.0015 2372 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
07:16:16.0015 2372 CFSvcs - detected UnsignedFile.Multi.Generic (1)
07:16:16.0015 2372 Changer - ok
07:16:16.0078 2372 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:16:16.0234 2372 CiSvc - ok
07:16:16.0250 2372 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:16:16.0406 2372 ClipSrv - ok
07:16:16.0484 2372 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:16:17.0750 2372 clr_optimization_v2.0.50727_32 - ok
07:16:17.0781 2372 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:16:18.0250 2372 CmBatt - ok
07:16:18.0250 2372 CmdIde - ok
07:16:18.0312 2372 [ 86A22DFF16E8CA67601044EFE6825537 ] COH_Mon C:\WINDOWS\system32\Drivers\COH_Mon.sys
07:16:18.0328 2372 COH_Mon - ok
07:16:18.0437 2372 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:16:18.0656 2372 Compbatt - ok
07:16:18.0703 2372 COMSysApp - ok
07:16:18.0718 2372 Cpqarray - ok
07:16:18.0781 2372 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:16:19.0093 2372 CryptSvc - ok
07:16:19.0156 2372 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
07:16:19.0296 2372 CVirtA - ok
07:16:19.0515 2372 [ 30443EEF52F5FB043654859EAA8E5247 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
07:16:20.0484 2372 CVPND - ok
07:16:20.0578 2372 [ CB90B2762B1A1D0B40496400C55B6ADE ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
07:16:20.0687 2372 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
07:16:20.0687 2372 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
07:16:20.0687 2372 dac2w2k - ok
07:16:20.0703 2372 dac960nt - ok
07:16:20.0796 2372 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:16:21.0312 2372 DcomLaunch - ok
07:16:21.0359 2372 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:16:21.0515 2372 Dhcp - ok
07:16:21.0546 2372 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:16:21.0671 2372 Disk - ok
07:16:21.0671 2372 dmadmin - ok
07:16:21.0765 2372 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:16:22.0015 2372 dmboot - ok
07:16:22.0031 2372 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:16:22.0218 2372 dmio - ok
07:16:22.0359 2372 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:16:22.0546 2372 dmload - ok
07:16:22.0625 2372 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:16:23.0328 2372 dmserver - ok
07:16:23.0375 2372 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:16:23.0546 2372 DMusic - ok
07:16:23.0687 2372 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
07:16:23.0796 2372 DNE - ok
07:16:24.0281 2372 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:16:24.0562 2372 Dnscache - ok
07:16:24.0656 2372 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:16:24.0828 2372 Dot3svc - ok
07:16:24.0828 2372 dpti2o - ok
07:16:24.0890 2372 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:16:25.0000 2372 drmkaud - ok
07:16:25.0093 2372 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:16:25.0203 2372 EapHost - ok
07:16:25.0343 2372 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:16:25.0375 2372 eeCtrl - ok
07:16:25.0562 2372 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:16:25.0578 2372 EraserUtilRebootDrv - ok
07:16:25.0640 2372 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:16:26.0609 2372 ERSvc - ok
07:16:26.0687 2372 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:16:26.0781 2372 Eventlog - ok
07:16:27.0421 2372 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:16:27.0515 2372 EventSystem - ok
07:16:27.0578 2372 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:16:28.0453 2372 Fastfat - ok
07:16:28.0546 2372 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:16:28.0765 2372 FastUserSwitchingCompatibility - ok
07:16:28.0812 2372 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
07:16:28.0984 2372 Fdc - ok
07:16:29.0031 2372 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:16:29.0187 2372 Fips - ok
07:16:29.0250 2372 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
07:16:29.0437 2372 Flpydisk - ok
07:16:29.0468 2372 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:16:30.0609 2372 FltMgr - ok
07:16:31.0390 2372 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:16:31.0468 2372 FontCache3.0.0.0 - ok
07:16:31.0500 2372 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:16:31.0734 2372 Fs_Rec - ok
07:16:31.0828 2372 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:16:32.0156 2372 Ftdisk - ok
07:16:32.0250 2372 [ 4D52C52101492C450518124C592D8925 ] FwLnk C:\WINDOWS\system32\DRIVERS\FwLnk.sys
07:16:32.0546 2372 FwLnk - ok
07:16:32.0671 2372 [ 35A1F815962F3552066C6BE4C969D297 ] getPlus® Helper C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
07:16:33.0140 2372 getPlus® Helper - ok
07:16:33.0515 2372 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
07:16:33.0640 2372 giveio ( UnsignedFile.Multi.Generic ) - warning
07:16:33.0640 2372 giveio - detected UnsignedFile.Multi.Generic (1)
07:16:33.0734 2372 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:16:35.0343 2372 Gpc - ok
07:16:35.0421 2372 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:16:35.0484 2372 gusvc - ok
07:16:35.0593 2372 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:16:35.0921 2372 HDAudBus - ok
07:16:36.0109 2372 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:16:36.0390 2372 helpsvc - ok
07:16:36.0750 2372 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:16:37.0265 2372 HidServ - ok
07:16:37.0421 2372 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:16:37.0625 2372 HidUsb - ok
07:16:38.0203 2372 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:16:38.0390 2372 hkmsvc - ok
07:16:38.0406 2372 hpn - ok
07:16:38.0843 2372 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:16:39.0718 2372 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
07:16:39.0718 2372 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
07:16:39.0859 2372 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:16:39.0953 2372 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
07:16:39.0953 2372 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
07:16:40.0046 2372 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:16:40.0625 2372 HPZid412 - ok
07:16:41.0296 2372 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:16:41.0500 2372 HPZipr12 - ok
07:16:41.0609 2372 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:16:42.0062 2372 HPZius12 - ok
07:16:42.0281 2372 [ 0AAEF566E6782957252FA79F566FBC0B ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
07:16:42.0500 2372 HSFHWAZL - ok
07:16:42.0687 2372 [ E472E0CB4E716CC34C0E045F2C196221 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:16:43.0015 2372 HSF_DPV - ok
07:16:43.0062 2372 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:16:43.0375 2372 HTTP - ok
07:16:43.0453 2372 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:16:43.0750 2372 HTTPFilter - ok
07:16:44.0406 2372 [ F02C6D2EB89F60B01582E44762415CA8 ] hwmobile C:\WINDOWS\system32\DRIVERS\hwusbser.sys
07:16:44.0562 2372 hwmobile - ok
07:16:44.0578 2372 i2omgmt - ok
07:16:44.0578 2372 i2omp - ok
07:16:44.0656 2372 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:16:45.0140 2372 i8042prt - ok
07:16:46.0250 2372 [ F592A1B020723CFBD3D2722514066449 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:16:47.0312 2372 ialm - ok
07:16:47.0390 2372 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
07:16:47.0421 2372 iaStor - ok
07:16:48.0078 2372 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:16:48.0421 2372 idsvc - ok
07:16:48.0531 2372 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:16:49.0250 2372 Imapi - ok
07:16:49.0296 2372 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:16:49.0765 2372 ImapiService - ok
07:16:49.0781 2372 ini910u - ok
07:16:50.0000 2372 [ FEBB470BF0DE4DBEBBF72B79DF993C5F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:16:50.0968 2372 IntcAzAudAddService - ok
07:16:51.0125 2372 [ C9EF68BEE3B1A62F34125A9FBBAAC10C ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
07:16:51.0390 2372 IntcHdmiAddService - ok
07:16:51.0390 2372 IntelIde - ok
07:16:51.0453 2372 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:16:51.0562 2372 intelppm - ok
07:16:51.0578 2372 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:16:51.0703 2372 Ip6Fw - ok
07:16:51.0718 2372 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:16:51.0890 2372 IpFilterDriver - ok
07:16:52.0250 2372 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:16:52.0359 2372 IpInIp - ok
07:16:52.0375 2372 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:16:52.0781 2372 IpNat - ok
07:16:52.0796 2372 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:16:53.0734 2372 IPSec - ok
07:16:53.0796 2372 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:16:54.0156 2372 IRENUM - ok
07:16:54.0234 2372 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:16:55.0656 2372 isapnp - ok
07:16:55.0937 2372 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
07:16:56.0359 2372 JavaQuickStarterService - ok
07:16:56.0546 2372 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:16:56.0718 2372 Kbdclass - ok
07:16:56.0750 2372 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:16:59.0546 2372 kmixer - ok
07:16:59.0953 2372 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:17:00.0203 2372 KSecDD - ok
07:17:00.0234 2372 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:17:00.0796 2372 LanmanServer - ok
07:17:01.0140 2372 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:17:01.0265 2372 lanmanworkstation - ok
07:17:01.0265 2372 lbrtfdc - ok
07:17:02.0343 2372 [ E553C4B4B7B4B86CD71A2DFEE1B58131 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
07:17:03.0437 2372 LiveUpdate - ok
07:17:03.0656 2372 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:17:03.0890 2372 LmHosts - ok
07:17:04.0531 2372 [ 9A3D4FC6B86E7E36473079AB76AC703D ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
07:17:05.0343 2372 LVcKap - ok
07:17:06.0062 2372 [ 0ACBC11F19320AF6C19F2E20013D9095 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
07:17:06.0781 2372 LVMVDrv - ok
07:17:07.0156 2372 [ 12866641284EBB41E627BB53C04DA959 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
07:17:07.0187 2372 LVPr2Mon - ok
07:17:07.0484 2372 [ 995D0B52870C7A5CAF3EA165FD674A35 ] LVPrcSrv c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
07:17:08.0296 2372 LVPrcSrv - ok
07:17:08.0703 2372 [ A005CEE9BE199C5E375FAA559CA9A7A9 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
07:17:08.0781 2372 LVSrvLauncher - ok
07:17:09.0125 2372 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
07:17:09.0156 2372 LVUSBSta - ok
07:17:09.0328 2372 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:17:09.0453 2372 mdmxsdk - ok
07:17:09.0515 2372 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:17:09.0765 2372 Messenger - ok
07:17:09.0953 2372 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:17:10.0562 2372 mnmdd - ok
07:17:10.0609 2372 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:17:10.0734 2372 mnmsrvc - ok
07:17:11.0015 2372 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:17:12.0218 2372 Modem - ok
07:17:12.0250 2372 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:17:12.0375 2372 Mouclass - ok
07:17:12.0406 2372 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:17:12.0765 2372 mouhid - ok
07:17:12.0843 2372 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:17:12.0984 2372 MountMgr - ok
07:17:13.0093 2372 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:17:13.0218 2372 MozillaMaintenance - ok
07:17:13.0218 2372 mraid35x - ok
07:17:13.0359 2372 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:17:13.0656 2372 MRxDAV - ok
07:17:13.0703 2372 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:17:15.0156 2372 MRxSmb - ok
07:17:15.0234 2372 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:17:15.0406 2372 MSDTC - ok
07:17:15.0500 2372 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:17:15.0671 2372 Msfs - ok
07:17:15.0671 2372 MSIServer - ok
07:17:15.0765 2372 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:17:15.0890 2372 MSKSSRV - ok
07:17:15.0921 2372 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:17:16.0265 2372 MSPCLOCK - ok
07:17:16.0421 2372 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:17:16.0562 2372 MSPQM - ok
07:17:16.0656 2372 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:17:17.0359 2372 mssmbios - ok
07:17:17.0484 2372 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:17:17.0640 2372 MSTEE - ok
07:17:17.0703 2372 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:17:17.0781 2372 Mup - ok
07:17:17.0859 2372 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:17:18.0250 2372 NABTSFEC - ok
07:17:18.0359 2372 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:17:18.0625 2372 napagent - ok
07:17:18.0875 2372 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120920.002\NAVENG.SYS
07:17:19.0031 2372 NAVENG - ok
07:17:19.0421 2372 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120920.002\NAVEX15.SYS
07:17:19.0687 2372 NAVEX15 - ok
07:17:19.0718 2372 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:17:20.0812 2372 NDIS - ok
07:17:21.0000 2372 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:17:21.0218 2372 NdisIP - ok
07:17:21.0453 2372 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:17:21.0515 2372 NdisTapi - ok
07:17:21.0531 2372 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:17:22.0343 2372 Ndisuio - ok
07:17:22.0359 2372 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:17:23.0562 2372 NdisWan - ok
07:17:23.0609 2372 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:17:23.0687 2372 NDProxy - ok
07:17:23.0796 2372 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
07:17:24.0234 2372 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:17:24.0234 2372 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:17:24.0390 2372 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:17:24.0546 2372 NetBIOS - ok
07:17:24.0703 2372 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:17:25.0062 2372 NetBT - ok
07:17:25.0125 2372 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:17:26.0265 2372 NetDDE - ok
07:17:26.0312 2372 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:17:26.0437 2372 NetDDEdsdm - ok
07:17:26.0437 2372 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
07:17:26.0484 2372 Netdevio ( UnsignedFile.Multi.Generic ) - warning
07:17:26.0484 2372 Netdevio - detected UnsignedFile.Multi.Generic (1)
07:17:26.0609 2372 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:17:26.0734 2372 Netlogon - ok
07:17:26.0937 2372 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:17:27.0078 2372 Netman - ok
07:17:27.0203 2372 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:17:27.0375 2372 NetTcpPortSharing - ok
07:17:27.0437 2372 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:17:27.0609 2372 Nla - ok
07:17:27.0750 2372 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:17:28.0125 2372 Npfs - ok
07:17:28.0234 2372 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:17:28.0437 2372 Ntfs - ok
07:17:28.0453 2372 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:17:28.0562 2372 NtLmSsp - ok
07:17:28.0609 2372 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:17:28.0734 2372 NtmsSvc - ok
07:17:28.0796 2372 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:17:28.0937 2372 Null - ok
07:17:29.0046 2372 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:17:29.0171 2372 NwlnkFlt - ok
07:17:29.0250 2372 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:17:29.0421 2372 NwlnkFwd - ok
07:17:29.0500 2372 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
07:17:29.0656 2372 Parport - ok
07:17:29.0703 2372 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:17:29.0875 2372 PartMgr - ok
07:17:30.0156 2372 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:17:30.0265 2372 ParVdm - ok
07:17:30.0296 2372 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:17:30.0468 2372 PCI - ok
07:17:30.0484 2372 PCIDump - ok
07:17:30.0578 2372 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:17:30.0734 2372 PCIIde - ok
07:17:30.0781 2372 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:17:30.0953 2372 Pcmcia - ok
07:17:30.0953 2372 PDCOMP - ok
07:17:30.0968 2372 PDFRAME - ok
07:17:30.0968 2372 PDRELI - ok
07:17:30.0984 2372 PDRFRAME - ok
07:17:31.0078 2372 [ EA99A71316519D755F50A2AE2F828D9F ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
07:17:31.0296 2372 pepifilter - ok
07:17:31.0296 2372 perc2 - ok
07:17:31.0312 2372 perc2hib - ok
07:17:31.0625 2372 [ 84B9084692FE00DF09F20E516D831C57 ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
07:17:31.0687 2372 PID_PEPI - ok
07:17:31.0718 2372 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:17:31.0765 2372 PlugPlay - ok
07:17:32.0187 2372 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
07:17:32.0265 2372 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:17:32.0265 2372 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:17:32.0296 2372 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:17:32.0390 2372 PolicyAgent - ok
07:17:32.0562 2372 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:17:32.0796 2372 PptpMiniport - ok
07:17:32.0843 2372 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:17:32.0937 2372 ProtectedStorage - ok
07:17:33.0140 2372 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:17:33.0281 2372 PSched - ok
07:17:33.0343 2372 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:17:33.0531 2372 Ptilink - ok
07:17:33.0765 2372 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:17:34.0140 2372 PxHelp20 - ok
07:17:34.0156 2372 ql1080 - ok
07:17:34.0156 2372 Ql10wnt - ok
07:17:34.0171 2372 ql12160 - ok
07:17:34.0171 2372 ql1240 - ok
07:17:34.0187 2372 ql1280 - ok
07:17:34.0234 2372 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:17:34.0390 2372 RasAcd - ok
07:17:34.0437 2372 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:17:34.0546 2372 RasAuto - ok
07:17:34.0750 2372 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:17:35.0156 2372 Rasl2tp - ok
07:17:35.0265 2372 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:17:35.0468 2372 RasMan - ok
07:17:35.0515 2372 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:17:36.0078 2372 RasPppoe - ok
07:17:36.0140 2372 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:17:36.0343 2372 Raspti - ok
07:17:36.0406 2372 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:17:36.0546 2372 Rdbss - ok
07:17:36.0734 2372 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:17:36.0953 2372 RDPCDD - ok
07:17:36.0968 2372 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:17:37.0125 2372 rdpdr - ok
07:17:37.0265 2372 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:17:37.0359 2372 RDPWD - ok
07:17:37.0406 2372 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:17:38.0328 2372 RDSessMgr - ok
07:17:38.0343 2372 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:17:38.0671 2372 redbook - ok
07:17:39.0812 2372 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:17:40.0437 2372 RemoteAccess - ok
07:17:40.0703 2372 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:17:40.0921 2372 RemoteRegistry - ok
07:17:41.0093 2372 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
07:17:41.0109 2372 Revoflt - ok
07:17:41.0156 2372 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:17:41.0281 2372 RpcLocator - ok
07:17:41.0343 2372 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:17:41.0625 2372 RpcSs - ok
07:17:41.0843 2372 [ 9145D2B7D0E45329A30AF97E6764E184 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RTS5121.sys
07:17:41.0921 2372 RSUSBSTOR - ok
07:17:41.0984 2372 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:17:43.0375 2372 RSVP - ok
07:17:43.0437 2372 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
07:17:43.0562 2372 RTLE8023xp - ok
07:17:43.0656 2372 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:17:43.0765 2372 SamSs - ok
07:17:43.0812 2372 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:17:43.0859 2372 SASDIFSV - ok
07:17:43.0875 2372 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:17:43.0890 2372 SASKUTIL - ok
07:17:43.0968 2372 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:17:44.0531 2372 SCardSvr - ok
07:17:44.0687 2372 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:17:44.0843 2372 Schedule - ok
07:17:45.0218 2372 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:17:45.0359 2372 Secdrv - ok
07:17:45.0578 2372 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:17:45.0703 2372 seclogon - ok
07:17:45.0750 2372 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:17:46.0406 2372 SENS - ok
07:17:46.0515 2372 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
07:17:46.0640 2372 Serial - ok
07:17:46.0781 2372 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:17:46.0921 2372 Sfloppy - ok
07:17:47.0203 2372 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:17:47.0343 2372 SharedAccess - ok
07:17:47.0453 2372 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:17:47.0515 2372 ShellHWDetection - ok
07:17:47.0531 2372 Simbad - ok
07:17:47.0609 2372 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:17:48.0484 2372 SkypeUpdate - ok
07:17:48.0781 2372 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:17:49.0000 2372 SLIP - ok
07:17:49.0265 2372 [ D0375CA98569065A51504187D22C1949 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
07:17:49.0671 2372 SmcService - ok
07:17:49.0765 2372 [ 612D1ECBF4F7351A29B9EB0FA6E5F56A ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
07:17:49.0843 2372 SNAC - ok
07:17:50.0218 2372 Sparrow - ok
07:17:50.0406 2372 [ 77780509A16A1DF7F2D8531D21DDB9B9 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
07:17:50.0437 2372 SPBBCDrv - ok
07:17:50.0625 2372 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
07:17:50.0640 2372 speedfan - ok
07:17:50.0734 2372 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:17:50.0921 2372 splitter - ok
07:17:50.0984 2372 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:17:51.0062 2372 Spooler - ok
07:17:51.0109 2372 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:17:51.0296 2372 sr - ok
07:17:51.0437 2372 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:17:51.0734 2372 srservice - ok
07:17:52.0093 2372 [ E217480CC878061D7603A8CDCA06C188 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
07:17:52.0125 2372 SRTSP - ok
07:17:52.0171 2372 [ CAE71704BADDE6B0D5818ACCE20673CA ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
07:17:52.0234 2372 SRTSPL - ok
07:17:52.0281 2372 [ BE6F1DDDE2DDAB75225D83E6B03A2348 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
07:17:52.0296 2372 SRTSPX - ok
07:17:52.0343 2372 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:17:52.0515 2372 Srv - ok
07:17:52.0562 2372 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:17:52.0687 2372 SSDPSRV - ok
07:17:52.0734 2372 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
07:17:52.0859 2372 StillCam - ok
07:17:52.0906 2372 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:17:53.0062 2372 stisvc - ok
07:17:53.0078 2372 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:17:53.0218 2372 streamip - ok
07:17:53.0250 2372 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:17:53.0406 2372 swenum - ok
07:17:53.0437 2372 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:17:53.0578 2372 swmidi - ok
07:17:53.0578 2372 SwPrv - ok
07:17:54.0156 2372 [ AB135C5739D0AB8CBAAF1D4B23E3C259 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
07:17:54.0328 2372 Symantec AntiVirus - ok
07:17:54.0343 2372 symc810 - ok
07:17:54.0343 2372 symc8xx - ok
07:17:54.0593 2372 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
07:17:54.0656 2372 SymEvent - ok
07:17:54.0718 2372 [ BE3C117150C055E50A4CAF23E548C856 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
07:17:54.0765 2372 SYMREDRV - ok
07:17:54.0937 2372 [ 7B0AF4E22B32F8C5BFBA5A5D53522160 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
07:17:55.0046 2372 SYMTDI - ok
07:17:55.0062 2372 sym_hi - ok
07:17:55.0062 2372 sym_u3 - ok
07:17:55.0218 2372 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:17:55.0296 2372 SynTP - ok
07:17:55.0390 2372 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:17:55.0531 2372 sysaudio - ok
07:17:55.0671 2372 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:17:55.0890 2372 SysmonLog - ok
07:17:56.0093 2372 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:17:56.0234 2372 TapiSrv - ok
07:17:56.0312 2372 [ F01D70C9DCCA4C1B6ED794B0DDD1AE8F ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
07:17:56.0421 2372 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
07:17:56.0421 2372 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
07:17:56.0546 2372 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:17:56.0593 2372 Tcpip - ok
07:17:56.0640 2372 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
07:17:56.0671 2372 tdcmdpst ( UnsignedFile.Multi.Generic ) - warning
07:17:56.0671 2372 tdcmdpst - detected UnsignedFile.Multi.Generic (1)
07:17:56.0734 2372 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:17:56.0906 2372 TDPIPE - ok
07:17:56.0921 2372 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:17:57.0062 2372 TDTCP - ok
07:17:57.0140 2372 [ F56A9327C58FF985616C5E197472932C ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
07:17:57.0203 2372 tdudf - ok
07:17:57.0265 2372 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:17:57.0765 2372 TermDD - ok
07:17:57.0921 2372 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:17:58.0546 2372 TermService - ok
07:17:58.0578 2372 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:17:58.0609 2372 Themes - ok
07:17:58.0718 2372 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:17:59.0218 2372 TlntSvr - ok
07:17:59.0250 2372 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
07:17:59.0312 2372 TODDSrv - ok
07:17:59.0312 2372 TosIde - ok
07:17:59.0437 2372 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:17:59.0562 2372 TrkWks - ok
07:17:59.0625 2372 [ 3F9BA8878AA26D0831116733F9BC53FF ] trudf C:\WINDOWS\system32\DRIVERS\trudf.sys
07:17:59.0765 2372 trudf - ok
07:17:59.0828 2372 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:17:59.0937 2372 Udfs - ok
07:17:59.0968 2372 ultra - ok
07:18:00.0062 2372 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
07:18:00.0218 2372 UMWdf - ok
07:18:00.0234 2372 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:18:00.0375 2372 Update - ok
07:18:00.0437 2372 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:18:00.0500 2372 upnphost - ok
07:18:00.0562 2372 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:18:00.0703 2372 UPS - ok
07:18:00.0828 2372 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:18:00.0984 2372 usbaudio - ok
07:18:01.0078 2372 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:18:01.0187 2372 usbccgp - ok
07:18:01.0265 2372 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:18:01.0406 2372 usbehci - ok
07:18:01.0421 2372 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:18:01.0796 2372 usbhub - ok
07:18:01.0906 2372 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:18:02.0046 2372 usbprint - ok
07:18:02.0093 2372 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:18:02.0171 2372 usbscan - ok
07:18:02.0296 2372 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:18:02.0437 2372 usbstor - ok
07:18:02.0515 2372 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:18:02.0656 2372 usbuhci - ok
07:18:02.0703 2372 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
07:18:02.0828 2372 usbvideo - ok
07:18:03.0156 2372 [ 4F6D02349CAC986A017AD1A0F2E2B099 ] V0260VID C:\WINDOWS\system32\DRIVERS\V0260Vid.sys
07:18:03.0515 2372 V0260VID - ok
07:18:03.0593 2372 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:18:04.0140 2372 VgaSave - ok
07:18:04.0156 2372 ViaIde - ok
07:18:04.0250 2372 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:18:04.0406 2372 VolSnap - ok
07:18:04.0484 2372 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
07:18:04.0640 2372 vsdatant - ok
07:18:04.0859 2372 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:18:05.0000 2372 VSS - ok
07:18:05.0031 2372 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:18:05.0281 2372 W32Time - ok
07:18:05.0312 2372 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:18:05.0546 2372 Wanarp - ok
07:18:05.0562 2372 WDICA - ok
07:18:05.0593 2372 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:18:05.0718 2372 wdmaud - ok
07:18:05.0812 2372 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:18:06.0015 2372 WebClient - ok
07:18:06.0234 2372 [ 0E666AC2766F2FD860CC03F405A2ACE1 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:18:06.0406 2372 winachsf - ok
07:18:06.0671 2372 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:18:07.0171 2372 winmgmt - ok
07:18:07.0375 2372 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:18:07.0484 2372 WmdmPmSN - ok
07:18:07.0640 2372 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
07:18:08.0140 2372 Wmi - ok
07:18:08.0218 2372 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:18:08.0359 2372 WmiApSrv - ok
07:18:08.0437 2372 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:18:08.0546 2372 wscsvc - ok
07:18:08.0609 2372 [ 21AC4F228F3D36876A42277C76A766C0 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
07:18:08.0640 2372 WSIMD ( UnsignedFile.Multi.Generic ) - warning
07:18:08.0640 2372 WSIMD - detected UnsignedFile.Multi.Generic (1)
07:18:08.0671 2372 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:18:08.0812 2372 WSTCODEC - ok
07:18:08.0953 2372 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:18:09.0093 2372 wuauserv - ok
07:18:09.0156 2372 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:18:09.0296 2372 WZCSVC - ok
07:18:09.0328 2372 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:18:09.0515 2372 xmlprov - ok
07:18:09.0531 2372 ================ Scan global ===============================
07:18:09.0640 2372 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:18:09.0765 2372 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:18:09.0781 2372 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:18:09.0828 2372 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:18:09.0828 2372 [Global] - ok
07:18:09.0828 2372 ================ Scan MBR ==================================
07:18:09.0875 2372 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:18:10.0921 2372 \Device\Harddisk0\DR0 - ok
07:18:10.0921 2372 ================ Scan VBR ==================================
07:18:10.0921 2372 [ 99235B92F577D3EB7CEE7407260B8F12 ] \Device\Harddisk0\DR0\Partition1
07:18:10.0921 2372 \Device\Harddisk0\DR0\Partition1 - ok
07:18:10.0921 2372 ============================================================
07:18:10.0937 2372 Scan finished
07:18:10.0937 2372 ============================================================
07:18:11.0078 0848 Detected object count: 16
07:18:11.0078 0848 Actual detected object count: 16
07:21:22.0968 0848 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:22.0968 0848 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:22.0984 0848 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:22.0984 0848 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:22.0984 0848 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
07:21:22.0984 0848 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
07:21:22.0984 0848 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:22.0984 0848 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:22.0984 0848 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:22.0984 0848 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:22.0984 0848 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:22.0984 0848 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:22.0984 0848 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:22.0984 0848 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:22.0984 0848 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:22.0984 0848 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:23.0000 0848 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:23.0000 0848 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:23.0000 0848 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:23.0000 0848 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:23.0000 0848 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:23.0000 0848 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:23.0000 0848 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:23.0000 0848 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:23.0000 0848 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:23.0000 0848 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:23.0000 0848 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:23.0000 0848 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:23.0015 0848 tdcmdpst ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:23.0015 0848 tdcmdpst ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:23.0015 0848 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:23.0015 0848 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:34.0343 2476 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-21 07:48:47
-----------------------------
07:48:47.500 OS Version: Windows 5.1.2600 Service Pack 3
07:48:47.500 Number of processors: 2 586 0xF0D
07:48:47.500 ComputerName: LYDIA UserName: LCP
07:48:50.250 Initialize success
07:49:43.781 AVAST engine defs: 12092100
07:51:35.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:51:35.109 Disk 0 Vendor: TOSHIBA_ LV01 Size: 114473MB BusType: 3
07:51:35.140 Disk 0 MBR read successfully
07:51:35.140 Disk 0 MBR scan
07:51:35.453 Disk 0 Windows XP default MBR code
07:51:35.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
07:51:35.500 Disk 0 scanning sectors +234436545
07:51:35.640 Disk 0 scanning C:\WINDOWS\system32\drivers
07:51:58.843 Service scanning
07:52:57.609 Modules scanning
07:53:27.843 Disk 0 trace - called modules:
07:53:27.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
07:53:27.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bd28c8]
07:53:27.890 3 CLASSPNP.SYS[f754dfd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8615d030]
07:53:30.609 AVAST engine scan C:\WINDOWS
07:54:55.765 AVAST engine scan C:\WINDOWS\system32
08:20:12.140 AVAST engine scan C:\WINDOWS\system32\drivers
08:23:14.984 AVAST engine scan C:\Documents and Settings\LCP
08:57:24.968 AVAST engine scan C:\Documents and Settings\All Users
09:01:15.328 Scan finished successfully
17:46:47.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LCP\Desktop\MBR.dat"
17:46:47.578 The log file has been saved successfully to "C:\Documents and Settings\LCP\Desktop\aswMBR.txt"


My Symantec autoprotect also complained about a number of things:
Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ131.tmp
Location: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine
Action taken: Pending Side Effects Analysis : Access denied
Date found: 21 September 2012 09:00:34

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Documents and Settings\LCP\Local Settings\Temp\av4E5B.tmp
Location: C:\Documents and Settings\LCP\Local Settings\Temp
Action taken: Pending Side Effects Analysis : Access denied
Date found: 21 September 2012 09:00:36

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ132.tmp
Location: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine
Action taken: Pending Side Effects Analysis : Access denied
Date found: 21 September 2012 09:00:37

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Documents and Settings\LCP\Local Settings\Temp\av4E5C.tmp
Location: C:\Documents and Settings\LCP\Local Settings\Temp
Action taken: Pending Side Effects Analysis : Access denied
Date found: 21 September 2012 09:00:37

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ131.tmp
Location: Quarantine
Action taken: Quarantine succeeded : Access denied
Date found: 21 September 2012 09:03:32

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Documents and Settings\LCP\Local Settings\Temp\av4E5B.tmp
Location: Quarantine
Action taken: Quarantine succeeded : Access denied
Date found: 21 September 2012 09:04:37

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ132.tmp
Location: Quarantine
Action taken: Quarantine succeeded : Access denied
Date found: 21 September 2012 09:05:01

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Documents and Settings\LCP\Local Settings\Temp\av4E5C.tmp
Location: Quarantine
Action taken: Quarantine succeeded : Access denied
Date found: 21 September 2012 09:05:22

#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:17 AM

Posted 21 September 2012 - 10:43 PM

Hi again,

My external hard drive probably has some exe files on it. After cleaning my computer I can presumably also run things like SuperAntiSpyware on my external drive?

Yes, that's not a problem!

Allow me some time to go over your logs to determine the best next steps to take. It's nearly midnight here and I need some sleep.

I will post back again tomorrow. :)

Thank you for your patience!

bloopie

#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:17 AM

Posted 22 September 2012 - 10:28 AM

Hi again,

That's looking better, please post me a ListParts log as mentioned in Post #9

Then let's run Combofix next and make sure your computer is connected to the internet during the whole scan of Combofix:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Please post both logs in your next reply, and let me know how the computer is running now!

bloopie

#15 ClareC

ClareC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 22 September 2012 - 12:38 PM

Here are the two logs you requested. Combofix didn't reboot the computer. I don't seem to be getting any redirects any more.


ListParts by Farbar Version: 17-09-2012
Ran by LCP (administrator) on 22-09-2012 at 09:55:03
Windows XP (X86)
Running From: C:\Documents and Settings\LCP\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 64%
Total physical RAM: 955.92 MB
Available physical RAM: 338.53 MB
Total Pagefile: 2299.3 MB
Available Pagefile: 1388.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 2008.09 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.79 GB) (Free:15.93 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 112 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 112 GB Healthy System (partition with boot components)
======================================================================================================

****** End Of Log ******

Combofix:

ComboFix 12-09-22.02 - LCP 22/09/2012 10:16:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.956.497 [GMT -7:00]
Running from: c:\documents and settings\LCP\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LCP\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\LCP\Application Data\Adobe\plugs
c:\documents and settings\LCP\Application Data\Adobe\plugs\KB114311109.exe
c:\documents and settings\LCP\Recent\Thumbs.db
c:\documents and settings\LCP\WINDOWS
c:\program files\basic-miktex-2.7.3248.exe
c:\program files\LEdBeta(0.53)Build(6501)Std.exe
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\SET230.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 16:59 . 2012-09-22 16:59 -------- d-----w- c:\windows\LastGood
2012-09-21 02:45 . 2012-09-21 02:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-15 00:30 . 2012-09-15 00:30 -------- d-----w- c:\documents and settings\LCP\Application Data\SUPERAntiSpyware.com
2012-09-15 00:28 . 2012-09-15 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-15 00:28 . 2012-09-15 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-09-14 23:57 . 2012-09-14 23:57 -------- d-----w- C:\found.000
2012-09-07 23:35 . 2012-09-07 23:35 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-03 21:12 . 2007-02-03 17:27 938272 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2012-09-03 21:12 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system\msvcr71.dll
2012-09-03 21:12 . 2007-02-03 17:32 527136 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-09-03 21:12 . 2007-02-03 17:32 215840 ----a-w- c:\windows\system32\LVUI2.dll
2012-09-03 21:12 . 2007-02-03 17:29 264992 ----a-w- c:\windows\system32\lvcodec2.dll
2012-09-03 21:12 . 2007-02-03 17:32 41504 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2012-09-03 21:12 . 2007-02-03 17:29 129824 ----a-w- c:\windows\system32\lvci1051.dll
2012-09-03 21:12 . 2007-02-03 17:27 14240 ----a-w- c:\windows\system32\drivers\lv302af.sys
2012-09-03 21:12 . 2007-02-03 16:01 13398 ----a-w- c:\windows\system32\Repository.reg
2012-09-03 21:07 . 2012-09-03 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2012-09-03 21:07 . 2012-09-03 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2012-09-03 21:07 . 2012-09-03 21:26 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-09-03 21:04 . 2012-09-03 21:07 -------- d-----w- c:\program files\Logitech
2012-09-03 20:50 . 2008-04-14 07:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-09-03 20:50 . 2008-04-14 07:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-09-03 15:50 . 2012-09-03 15:50 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 14:55 . 2012-05-20 14:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-06 14:55 . 2011-05-21 01:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-08-05 04:38 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-08-05 11:44 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-08-05 04:38 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 21:33 . 2008-08-05 04:38 667136 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 21:33 . 2008-08-05 04:38 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-06-28 21:33 . 2008-08-05 04:38 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-28 12:46 . 2008-08-05 04:38 369664 ----a-w- c:\windows\system32\html.iec
2011-01-22 23:09 . 2011-01-22 23:09 2052096 -c--a-w- c:\program files\kdewin-installer-gui-latest.exe
2010-03-21 10:23 . 2010-03-21 10:23 7744980 -c--a-w- c:\program files\FreewarePrimoPDF.exe
2009-11-29 21:51 . 2009-11-29 21:51 4938616 -c--a-w- c:\program files\Silverlight.exe
2009-10-10 08:02 . 2009-10-10 08:02 144616 -c--a-w- c:\program files\RapportSetup.exe
2009-10-05 11:03 . 2009-10-05 11:03 2020136 -c--a-w- c:\program files\SkypeSetup.exe
2009-10-02 15:39 . 2009-10-02 15:39 570032 -c--a-w- c:\program files\GoogleVoiceAndVideoSetup.exe
2009-05-18 21:06 . 2009-05-18 21:06 43083040 -c--a-w- c:\program files\AdbeRdr910_en_US_Std.exe
2009-05-17 09:54 . 2009-05-17 09:54 12972544 -c--a-w- c:\program files\gs854w32.exe
2009-05-17 09:52 . 2009-05-17 09:52 1502208 -c--a-w- c:\program files\gsv49w32.exe
2009-05-17 09:26 . 2009-05-17 09:26 4652806 -c--a-w- c:\program files\TXCSetup_1StableRC1.exe
2009-05-17 08:29 . 2009-05-17 08:29 21878064 -c--a-w- c:\program files\QuickTimeInstaller.exe
2009-05-17 07:38 . 2009-05-17 07:38 16742799 -c--a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-17 07:35 . 2009-05-17 07:34 16070968 -c--a-w- c:\program files\gimp-2.6.6-i686-setup.exe
2009-05-17 07:30 . 2009-05-17 07:30 10053112 -c--a-w- c:\program files\picasa3-setup.exe
2005-06-16 09:50 . 2009-05-17 09:08 112876098 -c--a-w- c:\program files\Mathematica-Student_5.1_Win.EXE
2012-09-07 23:35 . 2011-10-01 20:18 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\LCP\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\LCP\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\LCP\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\LCP\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Akamai NetSession Interface"="c:\documents and settings\LCP\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-11 4440896]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"TPSMain"="TPSMain.exe" [2008-07-30 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-14 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
.
c:\documents and settings\LCP\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\LCP\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^LCP^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\LCP\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
2006-01-09 02:43 53340 ------w- c:\program files\Creative\Shared Files\CTSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-02 15:40 133104 ----atw- c:\documents and settings\LCP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe"=
"c:\\cygwin\\bin\\XWin.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\cygwin\\bin\\rsync.exe"=
"c:\\Documents and Settings\\LCP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LCP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LCP\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Documents and Settings\\LCP\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\ds9\\ds9.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 9:27 a.m. 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 2:55 p.m. 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 11:54 a.m. 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/08/2008 9:38 p.m. 14336]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 4:22 a.m. 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 4:15 a.m. 134016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/08/2012 7:43 p.m. 106656]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [5/08/2008 5:23 a.m. 5888]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [25/07/2012 5:19 p.m. 245760]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [14/05/2009 5:35 a.m. 23888]
S3 hwmobile;Huawei FP Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [24/07/2012 1:38 p.m. 106624]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/08/2008 5:15 a.m. 110080]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/05/2012 6:57 p.m. 114144]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/10/2011 12:26 p.m. 27064]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/08/2008 5:21 a.m. 154624]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [6/10/2009 12:43 p.m. 162176]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 1:28 p.m. 160944]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3144819199-4251091915-2173837366-1005Core.job
- c:\documents and settings\LCP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 15:40]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3144819199-4251091915-2173837366-1005UA.job
- c:\documents and settings\LCP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 15:40]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{A09524D2-C6E3-4258-8F7B-D9C9DF8CE40E}: NameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\LCP\Application Data\Mozilla\Firefox\Profiles\dwp5d2je.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-uQPiuYoYUryntvk.exe - c:\documents and settings\All Users\Application Data\uQPiuYoYUryntvk.exe
SafeBoot-57340552.sys
SafeBoot-Symantec Antvirus
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-HP LaserJet ToolBox - hppropty.exe
MSConfigStartUp-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
AddRemove-latex2rtf - c:\program files\latex2rtf\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-22 10:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
Completion time: 2012-09-22 10:30:14
ComboFix-quarantined-files.txt 2012-09-22 17:30
.
Pre-Run: 17,398,067,200 bytes free
Post-Run: 18,155,618,304 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7F03EA8CC9DE3BD928539D65EAAEEC95




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users