BekkiT

I think that did it. I figured it was something simple and that I was just being paranoid. After I made the changes I put the wireless back on and waited and didn't see anything pop up.

The alert was as follows: Security alert (lock and key icon) You are about to view pages over a secure connection. Any information you exchange with this site cannot be viewed by anyone else on the web. In the future, do not show this warning. Okay More Info I wasn't actually using a browser at the time. I just turned my wireless on and it connected to my apartment's network. This is my older system, so the only thing I can think of is that it is a warning XP gives, but not 7. My newer system connects to the same network but has never given me that warning. I don't use the older system often and they just switched from unsecured to secured wireless a few months ago, so it's possible I just never happened across it before and am just being paranoid now. I took a screen grab if you want it.

Sorry for the delay. I had to interrupt that scan, but here is my most recent MBAM log. I successfully updated my anti-virus software and am letting that run a scan right now as well. I deleted the Smart Fortress icon. The only thing odd I've noticed is I got a message that said something about "You are about to view a page over a secure connection. Would you like to continue?" I closed it without clicking an option and it didn't seem to cause a problem. I turned off my wireless then, just in case, and a haven't seen another. I can turn it back on and see if it happens again if you want the exact text. At the time, all I had running was MBAM so I don't really know where it came from. Should I be concerned? Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.18.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Bekki :: PC139818592325 [limited] 5/22/2012 9:14:00 AM mbam-log-2012-05-22 (09-14-00).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 337865 Time elapsed: 1 hour(s), 54 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

I got online and was able to open a browser and get to my homepage without any redirect issues. I was able to update MBAM and have a full scan running right now, and it looks like I got my antivirus updated okay (it's not quite done yet). There is still an icon for Smart Fortress hanging out on the desktop though. I can post logs when it finishes if you would like.

Here's what I got. It took a really short time to run, which struck me as sort of odd. I feel like the last one took a lot longer. Farbar Service Scanner Version: 30-04-2012 01 Ran by Bekki (administrator) on 17-05-2012 at 00:20:07 Running from "C:\Documents and Settings\Bekki\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returned error: Yahoo IP is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3) 0x080000000400000001000000020000000300000008000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****

Okay, here's what I got. I'm not super sure it ran properly. ComboFix seems to get a bit confused when I first start it up and it always prompts me about the system restore program, even though it is definitely installed now. I see it as an option at start up and everything. So, if anything looks odd let me know. ComboFix 12-05-15.04 - Bekki 05/15/2012 22:40:28.5.2 - x86 Running from: c:\documents and settings\Bekki\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bekki\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631 . . --------------- FCopy --------------- . c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys . ((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 ))))))))))))))))))))))))))))))) . . 2012-04-17 10:30 . 2012-04-17 10:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2012-04-17 10:30 . 2012-04-17 10:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-17 09:37 . 2012-04-15 22:50 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-15 11:34 . 2012-04-15 11:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-04-14 02:09 . 2012-04-14 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 19:56 . 2009-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 07:53 . 2012-04-13 07:41 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90763566-D4B3-41BF-BA9D-F81B4F980BE7}\mpengine.dll 2012-02-29 14:10 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-10 15:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-23 14:18 . 2009-10-02 21:01 237072 ------w- c:\windows\system32\MpSigStub.exe 2007-07-26 20:01 . 2008-04-20 00:47 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-04-14 1242448] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "SansaDispatch"="c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-27 79872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\AIM7\\aim.exe"= . R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/13/2012 8:58 PM 106104] S0 anwe;anwe;c:\windows\system32\drivers\owjiyidt.sys --> c:\windows\system32\drivers\owjiyidt.sys [?] S0 vgqt;vgqt;c:\windows\system32\drivers\prhjp.sys --> c:\windows\system32\drivers\prhjp.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 6:50 PM 32072] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}] 2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder . 2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Bekki\Application Data\Mozilla\Firefox\Profiles\6s20yl0r.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Translate This!: {8D32E57F-8687-11E1-826D-B8AC6F996F26} - c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26} FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-15 23:06 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@ HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3352) c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\mqsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\mqtgsvc.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\eHome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe . ************************************************************************** . Completion time: 2012-05-15 23:19:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-16 03:18 ComboFix2.txt 2012-04-23 04:11 . Pre-Run: 64,496,160,768 bytes free Post-Run: 64,486,436,864 bytes free . - - End Of File - - 860DCC04529D7BE4526E9555F44DD330

Here is the new FSS log: Farbar Service Scanner Version: 30-04-2012 01 Ran by Bekki (administrator) on 13-05-2012 at 23:33:13 Microsoft Windows XP Service Pack 3 (X86) ************************************************ ======== Search: "ipsec.sys" ========= C:\WINDOWS\system32\drivers\ipsec.sys [2004-08-10 11:00] - [2008-04-13 15:19] - 0075264 ____A () D4572221F148C59F215B9A5B4A1AFFDB C:\WINDOWS\ServicePackFiles\i386\ipsec.sys [2008-08-16 18:52] - [2008-04-13 15:19] - 0075264 ____N (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys [2009-04-01 00:33] - [2004-08-10 11:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1 ====== End Of Search ======

Here's the FSS log. Just a head's up, I will be out of town for a few days so I likely won't be responding after about 3 PM today. Just wanted to let you know so the thread doesn't get locked for inactivity or something. Farbar Service Scanner Version: 30-04-2012 01 Ran by Bekki (administrator) on 04-05-2012 at 10:49:09 Running from "C:\Documents and Settings\Bekki\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. Connection Status: ============== Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: Other errors Attempt to access Yahoo IP returned error: Other errors Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys [2004-08-10 11:00] - [2008-04-13 15:19] - 0075264 ____A () D4572221F148C59F215B9A5B4A1AFFDB ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys IS INFECTED AND SHOULD BE REPLACED. C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3) 0x080000000400000001000000020000000300000008000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****

Hey, sorry for the slow reply, but I just cannot get either scan working. I just can't get any of the programs online, even though my wireless network is connected. I made sure ComboFix was unistalled, I did a "repair wireless networks", I tried to get internet explorer to connect and have it diagnose what was wrong. When I tried the repair networks it said something was wrong with the configuration of the wireless device and couldn't repair it, but on a restart it was telling me it was connected again. Internet Explorer's diagnose connection problems attempted to return to the default settings for how programs connect to the internet, but that did not work. Let me know what ideas you have. Sorry again for the delay.

Okay, I tried to update MBAM and unfortunately I'm still having the issue where it can't connect despite being online. So, I'm not sure how to proceed.

Okay, I did the Fix.Reg thing with no problem, and ran a fresh install of ComboFix. Here is my log: ComboFix 12-04-22.02 - Bekki 04/22/2012 23:45:14.4.2 - x86 Running from: c:\documents and settings\Bekki\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bekki\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\urttemp c:\windows\system32\urttemp\fusion.dll c:\windows\system32\urttemp\mscoree.dll c:\windows\system32\urttemp\mscoree.dll.local c:\windows\system32\urttemp\mscorsn.dll c:\windows\system32\urttemp\mscorwks.dll c:\windows\system32\urttemp\msvcr71.dll c:\windows\system32\urttemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))))) . . 2012-04-17 10:30 . 2012-04-17 10:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2012-04-17 10:30 . 2012-04-17 10:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2012-04-15 22:50 . 2012-04-17 09:37 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-15 11:34 . 2012-04-15 11:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-04-15 00:44 . 2012-04-15 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26} 2012-04-14 23:13 . 2012-04-14 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0E00014CA61F8F9249D151FC4E 2012-04-14 02:09 . 2012-04-14 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 07:41 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90763566-D4B3-41BF-BA9D-F81B4F980BE7}\mpengine.dll 2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 19:56 . 2009-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-29 14:10 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-10 15:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-23 14:18 . 2009-10-02 21:01 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-03 09:22 . 2004-08-10 15:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2007-07-26 20:01 . 2008-04-20 00:47 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-04-14 1242448] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "SansaDispatch"="c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-27 79872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\AIM7\\aim.exe"= . R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/13/2012 8:58 PM 106104] S0 anwe;anwe;c:\windows\system32\drivers\owjiyidt.sys --> c:\windows\system32\drivers\owjiyidt.sys [?] S0 vgqt;vgqt;c:\windows\system32\drivers\prhjp.sys --> c:\windows\system32\drivers\prhjp.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 6:50 PM 32072] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}] 2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder . 2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Bekki\Application Data\Mozilla\Firefox\Profiles\6s20yl0r.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Translate This!: {8D32E57F-8687-11E1-826D-B8AC6F996F26} - c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26} FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-23 00:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@ HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-04-23 00:11:58 ComboFix-quarantined-files.txt 2012-04-23 04:11 ComboFix2.txt 2012-04-20 14:41 . Pre-Run: 64,294,129,664 bytes free Post-Run: 64,286,289,920 bytes free . - - End Of File - - DDA63BC064C92470641385425AD8A6CB

Okay! I successfully installed the recovery console. So, here's round one (pre-console install): ComboFix 12-04-18.02 - Bekki 04/20/2012 9:15.2.2 - x86 Running from: c:\documents and settings\Bekki\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 ))))))))))))))))))))))))))))))) . . 2012-04-19 02:29 . 2012-04-19 02:31 -------- dc-h--w- c:\windows\ie8 2012-04-17 10:30 . 2012-04-17 10:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2012-04-17 10:30 . 2012-04-17 10:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2012-04-15 22:50 . 2012-04-17 09:37 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-15 11:34 . 2012-04-15 11:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-04-15 00:44 . 2012-04-15 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26} 2012-04-14 23:13 . 2012-04-14 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0E00014CA61F8F9249D151FC4E 2012-04-14 02:09 . 2012-04-14 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 07:41 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90763566-D4B3-41BF-BA9D-F81B4F980BE7}\mpengine.dll 2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 19:56 . 2009-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-29 14:10 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-10 15:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-23 14:18 . 2009-10-02 21:01 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-03 09:22 . 2004-08-10 15:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2007-07-26 20:01 . 2008-04-20 00:47 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-04-14 1242448] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "SansaDispatch"="c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-27 79872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\AIM7\\aim.exe"= . R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/13/2012 8:58 PM 106104] S0 anwe;anwe;c:\windows\system32\drivers\owjiyidt.sys --> c:\windows\system32\drivers\owjiyidt.sys [?] S0 vgqt;vgqt;c:\windows\system32\drivers\prhjp.sys --> c:\windows\system32\drivers\prhjp.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 6:50 PM 32072] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200] . NETSVCS REQUIRES REPAIRS - current entries shown 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman pgpsdkservice oracleorahome92pagingserver AR5416 netcfgsvr mcstrm aic116x iisadmin veteboot ggsemc cvintdrv se59mgmt R300 irmon viairda xnacc ghostsec license fsaua SiSRaid2 PciBus stylexpservice MA8032M zmxpzip s616mdfl as32svc rt2870 DfwWebAgent nvcap tosrfsnd BUFADPT rnadiagreceiver isamsmt rrrspy motoswitchservice PGPwded roxupnprenderer xusb21 wlancfg oracle%oracle_home_service%clientcache80 efs MREMPR5 cfosspeed pdlndtdl jukebox3 lckfldservice AmdLLD ozoneinstallerservice lmab_device KMW_USB iaimtv4 upsmonservice allegro ithsgt LoopBeMidi1 rootmodem iam bdfsdrv se44mdm USBModem avgascln roxwatch9 DSI_SiUSBXp_3_1 mysqlinventime rxfilter ypcservice DellAMBrokerService Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov MHN BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}] 2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder . 2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Bekki\Application Data\Mozilla\Firefox\Profiles\6s20yl0r.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Translate This!: {8D32E57F-8687-11E1-826D-B8AC6F996F26} - c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26} FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-20 09:37 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@ HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-04-20 09:41:29 ComboFix-quarantined-files.txt 2012-04-20 13:41 ComboFix2.txt 2012-04-19 03:40 . Pre-Run: 62,871,293,952 bytes free Post-Run: 62,866,214,912 bytes free . - - End Of File - - 4E947034EA55D451F8C56EDA8C47B30B And here's round 2 (post-install): ComboFix 12-04-18.02 - Bekki 04/20/2012 10:16:25.3.2 - x86 Running from: c:\documents and settings\Bekki\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bekki\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 ))))))))))))))))))))))))))))))) . . 2012-04-19 02:29 . 2012-04-19 02:31 -------- dc-h--w- c:\windows\ie8 2012-04-17 10:30 . 2012-04-17 10:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2012-04-17 10:30 . 2012-04-17 10:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2012-04-15 22:50 . 2012-04-17 09:37 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-15 11:34 . 2012-04-15 11:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-04-15 00:44 . 2012-04-15 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26} 2012-04-14 23:13 . 2012-04-14 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0E00014CA61F8F9249D151FC4E 2012-04-14 02:09 . 2012-04-14 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 07:41 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90763566-D4B3-41BF-BA9D-F81B4F980BE7}\mpengine.dll 2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 19:56 . 2009-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-29 14:10 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-10 15:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-23 14:18 . 2009-10-02 21:01 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-03 09:22 . 2004-08-10 15:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2007-07-26 20:01 . 2008-04-20 00:47 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-04-19_03.15.52 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-20 14:15 . 2012-04-20 14:15 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat + 2012-04-20 12:51 . 2012-04-20 12:51 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2012-04-14 07:10 . 2012-04-14 07:10 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2011-11-01 17:34 . 2011-11-01 17:34 1552384 c:\windows\Installer\504f0.msp + 2011-07-27 08:44 . 2011-07-27 08:44 1791824 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PPCNV.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-04-14 1242448] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "SansaDispatch"="c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-27 79872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\AIM7\\aim.exe"= . R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/13/2012 8:58 PM 106104] S0 anwe;anwe;c:\windows\system32\drivers\owjiyidt.sys --> c:\windows\system32\drivers\owjiyidt.sys [?] S0 vgqt;vgqt;c:\windows\system32\drivers\prhjp.sys --> c:\windows\system32\drivers\prhjp.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 6:50 PM 32072] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200] . NETSVCS REQUIRES REPAIRS - current entries shown 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman pgpsdkservice oracleorahome92pagingserver AR5416 netcfgsvr mcstrm aic116x iisadmin veteboot ggsemc cvintdrv se59mgmt R300 irmon viairda xnacc ghostsec license fsaua SiSRaid2 PciBus stylexpservice MA8032M zmxpzip s616mdfl as32svc rt2870 DfwWebAgent nvcap tosrfsnd BUFADPT rnadiagreceiver isamsmt rrrspy motoswitchservice PGPwded roxupnprenderer xusb21 wlancfg oracle%oracle_home_service%clientcache80 efs MREMPR5 cfosspeed pdlndtdl jukebox3 lckfldservice AmdLLD ozoneinstallerservice lmab_device KMW_USB iaimtv4 upsmonservice allegro ithsgt LoopBeMidi1 rootmodem iam bdfsdrv se44mdm USBModem avgascln roxwatch9 DSI_SiUSBXp_3_1 mysqlinventime rxfilter ypcservice DellAMBrokerService Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov MHN BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}] 2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder . 2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Bekki\Application Data\Mozilla\Firefox\Profiles\6s20yl0r.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Translate This!: {8D32E57F-8687-11E1-826D-B8AC6F996F26} - c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26} FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-20 10:37 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@ HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-04-20 10:41:44 ComboFix-quarantined-files.txt 2012-04-20 14:41 ComboFix2.txt 2012-04-20 13:41 ComboFix3.txt 2012-04-19 03:40 . Pre-Run: 62,851,375,104 bytes free Post-Run: 62,841,774,080 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 8F0513DDF71C37EE0CE22827E5AE987A

I figured as much when it gave me that message during the last run. Well, I'm on a different system. The Bleeping Computer page has instructions for a manual install of recovery console. I'm gonna download the thing on this terminal (I'm on my other computer which is clean), load it onto a flash drive and get it onto the laptop that way.

Okay here's my new TDSSKiller log. ComboFix is doing its thing at the moment, but I still couldn't get it to install recovery console. I'm going to try to follow the instructions to manually install it. I'll post the current ComboFix run's log once it finishes, and then new one once I get the console loaded properly. Since ComboFix mentioned that the infection was in the TCP/IP stack, I'm wondering if this is why both it and Chameleon couldn't get connected. 08:50:44.0812 2932 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31 08:50:44.0812 2932 ============================================================ 08:50:44.0812 2932 Current date / time: 2012/04/20 08:50:44.0812 08:50:44.0812 2932 SystemInfo: 08:50:44.0812 2932 08:50:44.0812 2932 OS Version: 5.1.2600 ServicePack: 3.0 08:50:44.0812 2932 Product type: Workstation 08:50:44.0812 2932 ComputerName: PC139818592325 08:50:44.0828 2932 UserName: Bekki 08:50:44.0828 2932 Windows directory: C:\WINDOWS 08:50:44.0828 2932 System windows directory: C:\WINDOWS 08:50:44.0828 2932 Processor architecture: Intel x86 08:50:44.0828 2932 Number of processors: 2 08:50:44.0828 2932 Page size: 0x1000 08:50:44.0828 2932 Boot type: Normal boot 08:50:44.0828 2932 ============================================================ 08:50:47.0406 2932 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 08:50:47.0453 2932 \Device\Harddisk0\DR0: 08:50:47.0453 2932 MBR partitions: 08:50:47.0453 2932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC1D6A2D 08:50:47.0453 2932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xC1D6AAB, BlocksNum 0x1BBB053 08:50:47.0562 2932 C: <-> \Device\Harddisk0\DR0\Partition0 08:50:47.0656 2932 D: <-> \Device\Harddisk0\DR0\Partition1 08:50:47.0656 2932 Initialize success 08:50:47.0656 2932 ============================================================ 08:51:18.0296 1272 ============================================================ 08:51:18.0296 1272 Scan started 08:51:18.0296 1272 Mode: Manual; SigCheck; TDLFS; 08:51:18.0296 1272 ============================================================ 08:51:21.0062 1272 Abiosdsk - ok 08:51:21.0203 1272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 08:51:27.0296 1272 abp480n5 - ok 08:51:27.0718 1272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 08:51:27.0984 1272 ACPI - ok 08:51:28.0593 1272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 08:51:28.0906 1272 ACPIEC - ok 08:51:29.0484 1272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 08:51:29.0921 1272 adpu160m - ok 08:51:30.0250 1272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 08:51:30.0421 1272 aec - ok 08:51:30.0796 1272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 08:51:30.0937 1272 AFD - ok 08:51:31.0328 1272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 08:51:31.0640 1272 agp440 - ok 08:51:32.0062 1272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 08:51:32.0250 1272 agpCPQ - ok 08:51:32.0718 1272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 08:51:32.0843 1272 Aha154x - ok 08:51:33.0265 1272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 08:51:33.0437 1272 aic78u2 - ok 08:51:33.0734 1272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 08:51:33.0921 1272 aic78xx - ok 08:51:34.0468 1272 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 08:51:34.0734 1272 Alerter - ok 08:51:35.0218 1272 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 08:51:37.0390 1272 ALG - ok 08:51:38.0312 1272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 08:51:38.0609 1272 AliIde - ok 08:51:39.0312 1272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 08:51:39.0609 1272 alim1541 - ok 08:51:40.0140 1272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 08:51:40.0390 1272 amdagp - ok 08:51:40.0687 1272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 08:51:40.0812 1272 amsint - ok 08:51:40.0859 1272 anwe - ok 08:51:41.0171 1272 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 08:51:41.0296 1272 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning 08:51:41.0296 1272 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1) 08:51:41.0656 1272 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 08:51:41.0937 1272 AppMgmt - ok 08:51:42.0453 1272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 08:51:42.0718 1272 Arp1394 - ok 08:51:43.0203 1272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 08:51:43.0484 1272 asc - ok 08:51:43.0875 1272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 08:51:43.0968 1272 asc3350p - ok 08:51:44.0359 1272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 08:51:44.0656 1272 asc3550 - ok 08:51:44.0953 1272 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 08:51:45.0250 1272 aspnet_state - ok 08:51:45.0984 1272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 08:51:46.0296 1272 AsyncMac - ok 08:51:46.0750 1272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 08:51:47.0500 1272 atapi - ok 08:51:47.0859 1272 Atdisk - ok 08:51:47.0968 1272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 08:51:48.0156 1272 Atmarpc - ok 08:51:48.0781 1272 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 08:51:48.0968 1272 AudioSrv - ok 08:51:49.0390 1272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 08:51:49.0671 1272 audstub - ok 08:51:50.0093 1272 Automatic LiveUpdate Scheduler (7768ce75c5cbf0d8f441ce2bbd806b7f) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 08:51:50.0109 1272 Automatic LiveUpdate Scheduler - ok 08:51:50.0437 1272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 08:51:50.0687 1272 Beep - ok 08:51:51.0390 1272 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 08:51:52.0781 1272 BITS - ok 08:51:52.0984 1272 Bonjour Service (cfd4c3352e29a8b729536648466e8df5) C:\Program Files\Bonjour\mDNSResponder.exe 08:51:53.0218 1272 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning 08:51:53.0218 1272 Bonjour Service - detected UnsignedFile.Multi.Generic (1) 08:51:53.0625 1272 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 08:51:53.0890 1272 Browser - ok 08:51:54.0250 1272 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys 08:51:54.0296 1272 BTWUSB ( UnsignedFile.Multi.Generic ) - warning 08:51:54.0296 1272 BTWUSB - detected UnsignedFile.Multi.Generic (1) 08:51:54.0296 1272 catchme - ok 08:51:54.0406 1272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 08:51:54.0671 1272 cbidf - ok 08:51:54.0984 1272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 08:51:55.0125 1272 cbidf2k - ok 08:51:55.0468 1272 ccEvtMgr (c8e9f9c289eef55b97ee2c1d245b1af3) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 08:51:55.0562 1272 ccEvtMgr - ok 08:51:55.0765 1272 ccPwdSvc (5c09a042cab7de5a50a7b65f0980d279) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe 08:51:55.0953 1272 ccPwdSvc - ok 08:51:56.0203 1272 ccSetMgr (c70b0215de5cfc5681d536506edb42dd) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 08:51:56.0250 1272 ccSetMgr - ok 08:51:56.0671 1272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 08:51:56.0843 1272 cd20xrnt - ok 08:51:57.0187 1272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 08:51:57.0359 1272 Cdaudio - ok 08:51:57.0765 1272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 08:51:57.0921 1272 Cdfs - ok 08:51:58.0437 1272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 08:51:58.0984 1272 Cdrom - ok 08:51:59.0359 1272 Changer - ok 08:51:59.0796 1272 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 08:52:00.0000 1272 CiSvc - ok 08:52:00.0500 1272 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 08:52:00.0828 1272 ClipSrv - ok 08:52:01.0265 1272 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:52:01.0500 1272 clr_optimization_v2.0.50727_32 - ok 08:52:02.0265 1272 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 08:52:02.0578 1272 CmBatt - ok 08:52:03.0000 1272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 08:52:03.0250 1272 CmdIde - ok 08:52:03.0765 1272 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 08:52:04.0046 1272 Compbatt - ok 08:52:04.0531 1272 COMSysApp - ok 08:52:04.0843 1272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 08:52:05.0156 1272 Cpqarray - ok 08:52:05.0546 1272 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 08:52:05.0718 1272 CryptSvc - ok 08:52:06.0125 1272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 08:52:06.0375 1272 dac2w2k - ok 08:52:06.0609 1272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 08:52:06.0781 1272 dac960nt - ok 08:52:06.0953 1272 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 08:52:07.0171 1272 DcomLaunch - ok 08:52:07.0406 1272 DefWatch (1bcfdaff0e5ca8efa32295c94bc864e9) C:\Program Files\Symantec AntiVirus\DefWatch.exe 08:52:07.0421 1272 DefWatch - ok 08:52:07.0812 1272 DellAMBrokerService - ok 08:52:08.0015 1272 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 08:52:08.0265 1272 Dhcp - ok 08:52:08.0875 1272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 08:52:09.0125 1272 Disk - ok 08:52:09.0390 1272 dmadmin - ok 08:52:09.0625 1272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 08:52:10.0234 1272 dmboot - ok 08:52:10.0828 1272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 08:52:11.0140 1272 dmio - ok 08:52:12.0109 1272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 08:52:12.0453 1272 dmload - ok 08:52:13.0343 1272 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 08:52:13.0640 1272 dmserver - ok 08:52:13.0875 1272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 08:52:14.0046 1272 DMusic - ok 08:52:14.0140 1272 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 08:52:14.0250 1272 Dnscache - ok 08:52:14.0531 1272 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 08:52:14.0734 1272 Dot3svc - ok 08:52:14.0828 1272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 08:52:15.0015 1272 dpti2o - ok 08:52:15.0062 1272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 08:52:15.0218 1272 drmkaud - ok 08:52:15.0453 1272 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys 08:52:15.0484 1272 drvmcdb ( UnsignedFile.Multi.Generic ) - warning 08:52:15.0484 1272 drvmcdb - detected UnsignedFile.Multi.Generic (1) 08:52:15.0578 1272 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys 08:52:15.0593 1272 drvnddm ( UnsignedFile.Multi.Generic ) - warning 08:52:15.0593 1272 drvnddm - detected UnsignedFile.Multi.Generic (1) 08:52:15.0656 1272 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys 08:52:15.0781 1272 E100B - ok 08:52:16.0046 1272 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 08:52:16.0109 1272 eabfiltr - ok 08:52:16.0187 1272 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys 08:52:16.0234 1272 eabusb - ok 08:52:16.0453 1272 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 08:52:16.0625 1272 EapHost - ok 08:52:16.0921 1272 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 08:52:17.0062 1272 eeCtrl - ok 08:52:17.0421 1272 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe 08:52:17.0656 1272 ehRecvr - ok 08:52:17.0890 1272 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe 08:52:17.0953 1272 ehSched - ok 08:52:18.0234 1272 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 08:52:18.0265 1272 EraserUtilRebootDrv - ok 08:52:18.0546 1272 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 08:52:18.0796 1272 ERSvc - ok 08:52:19.0062 1272 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 08:52:19.0109 1272 Eventlog - ok 08:52:19.0281 1272 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 08:52:19.0359 1272 EventSystem - ok 08:52:19.0734 1272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 08:52:20.0015 1272 Fastfat - ok 08:52:20.0546 1272 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 08:52:20.0906 1272 FastUserSwitchingCompatibility - ok 08:52:21.0437 1272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 08:52:21.0609 1272 Fdc - ok 08:52:21.0921 1272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 08:52:22.0093 1272 Fips - ok 08:52:22.0406 1272 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 08:52:22.0609 1272 FLEXnet Licensing Service - ok 08:52:23.0093 1272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 08:52:23.0343 1272 Flpydisk - ok 08:52:23.0828 1272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 08:52:24.0171 1272 FltMgr - ok 08:52:24.0562 1272 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 08:52:24.0625 1272 FontCache3.0.0.0 - ok 08:52:25.0000 1272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 08:52:25.0312 1272 Fs_Rec - ok 08:52:25.0609 1272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 08:52:25.0828 1272 Ftdisk - ok 08:52:25.0890 1272 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 08:52:25.0953 1272 GEARAspiWDM - ok 08:52:26.0421 1272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 08:52:26.0734 1272 Gpc - ok 08:52:27.0015 1272 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 08:52:27.0109 1272 HBtnKey - ok 08:52:27.0718 1272 HdAudAddService (34af2366ae5ba06626b023c81369039e) C:\WINDOWS\system32\drivers\CHDAud.sys 08:52:27.0968 1272 HdAudAddService - ok 08:52:28.0343 1272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 08:52:28.0578 1272 HDAudBus - ok 08:52:28.0765 1272 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 08:52:28.0921 1272 helpsvc - ok 08:52:28.0984 1272 HidServ - ok 08:52:29.0093 1272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 08:52:29.0343 1272 HidUsb - ok 08:52:29.0640 1272 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 08:52:29.0859 1272 hkmsvc - ok 08:52:30.0031 1272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 08:52:30.0312 1272 hpn - ok 08:52:30.0515 1272 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 08:52:30.0531 1272 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning 08:52:30.0531 1272 hpqwmiex - detected UnsignedFile.Multi.Generic (1) 08:52:31.0046 1272 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 08:52:31.0328 1272 HSFHWAZL - ok 08:52:31.0843 1272 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 08:52:32.0343 1272 HSF_DPV - ok 08:52:32.0859 1272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 08:52:33.0078 1272 HTTP - ok 08:52:33.0546 1272 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 08:52:33.0828 1272 HTTPFilter - ok 08:52:34.0312 1272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 08:52:34.0562 1272 i2omgmt - ok 08:52:35.0046 1272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 08:52:35.0328 1272 i2omp - ok 08:52:35.0796 1272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 08:52:36.0078 1272 i8042prt - ok 08:52:36.0765 1272 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 08:52:37.0531 1272 ialm - ok 08:52:38.0078 1272 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 08:52:38.0421 1272 iaStor - ok 08:52:38.0562 1272 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 08:52:38.0765 1272 IDriverT ( UnsignedFile.Multi.Generic ) - warning 08:52:38.0765 1272 IDriverT - detected UnsignedFile.Multi.Generic (1) 08:52:39.0375 1272 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 08:52:39.0781 1272 idsvc - ok 08:52:40.0296 1272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 08:52:40.0546 1272 Imapi - ok 08:52:40.0875 1272 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 08:52:41.0062 1272 ImapiService - ok 08:52:41.0359 1272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 08:52:41.0640 1272 ini910u - ok 08:52:42.0046 1272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 08:52:42.0234 1272 IntelIde - ok 08:52:42.0578 1272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 08:52:42.0750 1272 intelppm - ok 08:52:43.0109 1272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 08:52:43.0296 1272 Ip6Fw - ok 08:52:43.0750 1272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 08:52:43.0953 1272 IpFilterDriver - ok 08:52:44.0500 1272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 08:52:44.0781 1272 IpInIp - ok 08:52:45.0250 1272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 08:52:45.0515 1272 IpNat - ok 08:52:45.0875 1272 IPSec (d4572221f148c59f215b9a5b4a1affdb) C:\WINDOWS\system32\DRIVERS\ipsec.sys 08:52:45.0921 1272 IPSec ( UnsignedFile.Multi.Generic ) - warning 08:52:45.0921 1272 IPSec - detected UnsignedFile.Multi.Generic (1) 08:52:45.0984 1272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 08:52:46.0250 1272 IRENUM - ok 08:52:46.0609 1272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 08:52:46.0812 1272 isapnp - ok 08:52:46.0984 1272 JavaQuickStarterService (77ac10db097dfd0cd3071465b644d0ab) C:\Program Files\Java\jre6\bin\jqs.exe 08:52:47.0031 1272 JavaQuickStarterService - ok 08:52:47.0343 1272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 08:52:47.0500 1272 Kbdclass - ok 08:52:47.0671 1272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 08:52:47.0812 1272 kbdhid - ok 08:52:47.0984 1272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 08:52:48.0187 1272 kmixer - ok 08:52:48.0515 1272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 08:52:48.0671 1272 KSecDD - ok 08:52:48.0968 1272 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 08:52:49.0062 1272 lanmanserver - ok 08:52:49.0156 1272 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 08:52:49.0281 1272 lanmanworkstation - ok 08:52:49.0484 1272 lbrtfdc - ok 08:52:49.0640 1272 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 08:52:49.0671 1272 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 08:52:49.0671 1272 LightScribeService - detected UnsignedFile.Multi.Generic (1) 08:52:49.0890 1272 LiveUpdate (fb466faa799eace5075fc1de269f0066) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 08:52:50.0250 1272 LiveUpdate - ok 08:52:50.0734 1272 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 08:52:51.0000 1272 LmHosts - ok 08:52:51.0359 1272 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys 08:52:51.0421 1272 mbamchameleon - ok 08:52:51.0515 1272 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe 08:52:51.0640 1272 McrdSvc - ok 08:52:51.0937 1272 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 08:52:51.0984 1272 mdmxsdk - ok 08:52:52.0031 1272 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 08:52:52.0296 1272 Messenger - ok 08:52:52.0546 1272 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll 08:52:52.0593 1272 MHN ( UnsignedFile.Multi.Generic ) - warning 08:52:52.0593 1272 MHN - detected UnsignedFile.Multi.Generic (1) 08:52:52.0703 1272 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 08:52:52.0734 1272 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 08:52:52.0734 1272 MHNDRV - detected UnsignedFile.Multi.Generic (1) 08:52:52.0812 1272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 08:52:52.0953 1272 mnmdd - ok 08:52:53.0218 1272 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 08:52:53.0390 1272 mnmsrvc - ok 08:52:53.0500 1272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 08:52:53.0718 1272 Modem - ok 08:52:53.0875 1272 motoswitchservice - ok 08:52:53.0921 1272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 08:52:54.0078 1272 Mouclass - ok 08:52:54.0203 1272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 08:52:54.0468 1272 mouhid - ok 08:52:54.0703 1272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 08:52:54.0875 1272 MountMgr - ok 08:52:55.0062 1272 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys 08:52:55.0281 1272 MQAC - ok 08:52:55.0484 1272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 08:52:55.0718 1272 mraid35x - ok 08:52:56.0234 1272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 08:52:56.0468 1272 MRxDAV - ok 08:52:56.0812 1272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 08:52:57.0000 1272 MRxSmb - ok 08:52:57.0343 1272 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 08:52:57.0593 1272 MSDTC - ok 08:52:58.0015 1272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 08:52:58.0187 1272 Msfs - ok 08:52:58.0531 1272 MSIServer - ok 08:52:58.0656 1272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 08:52:58.0859 1272 MSKSSRV - ok 08:52:59.0140 1272 MSMQ (afb909b537aae1beae7bbdb6a36d40b0) C:\WINDOWS\system32\mqsvc.exe 08:52:59.0312 1272 MSMQ - ok 08:52:59.0390 1272 MSMQTriggers (7f955ff3b1bb93376ebe75d5accdc6db) C:\WINDOWS\system32\mqtgsvc.exe 08:52:59.0578 1272 MSMQTriggers - ok 08:52:59.0812 1272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 08:52:59.0984 1272 MSPCLOCK - ok 08:53:00.0046 1272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 08:53:00.0203 1272 MSPQM - ok 08:53:00.0234 1272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 08:53:00.0406 1272 mssmbios - ok 08:53:00.0843 1272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 08:53:00.0953 1272 Mup - ok 08:53:01.0359 1272 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 08:53:01.0640 1272 napagent - ok 08:53:02.0093 1272 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120413.002\naveng.sys 08:53:02.0140 1272 NAVENG - ok 08:53:02.0656 1272 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120413.002\navex15.sys 08:53:03.0421 1272 NAVEX15 - ok 08:53:03.0781 1272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 08:53:04.0093 1272 NDIS - ok 08:53:04.0203 1272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 08:53:04.0296 1272 NdisTapi - ok 08:53:04.0625 1272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 08:53:04.0781 1272 Ndisuio - ok 08:53:05.0234 1272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 08:53:05.0437 1272 NdisWan - ok 08:53:05.0593 1272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 08:53:05.0640 1272 NDProxy - ok 08:53:05.0734 1272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 08:53:05.0890 1272 NetBIOS - ok 08:53:05.0984 1272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 08:53:06.0156 1272 NetBT - ok 08:53:06.0218 1272 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 08:53:06.0500 1272 NetDDE - ok 08:53:06.0500 1272 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 08:53:06.0656 1272 NetDDEdsdm - ok 08:53:06.0859 1272 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 08:53:07.0031 1272 Netlogon - ok 08:53:07.0093 1272 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 08:53:07.0281 1272 Netman - ok 08:53:07.0421 1272 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 08:53:07.0468 1272 NetTcpPortSharing - ok 08:53:07.0843 1272 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 08:53:08.0093 1272 NETw3x32 - ok 08:53:08.0453 1272 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 08:53:08.0843 1272 NETw4x32 - ok 08:53:09.0156 1272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 08:53:09.0312 1272 NIC1394 - ok 08:53:09.0375 1272 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 08:53:09.0421 1272 Nla - ok 08:53:09.0453 1272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 08:53:09.0609 1272 Npfs - ok 08:53:09.0906 1272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 08:53:10.0109 1272 Ntfs - ok 08:53:10.0187 1272 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 08:53:10.0343 1272 NtLmSsp - ok 08:53:10.0671 1272 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 08:53:10.0968 1272 NtmsSvc - ok 08:53:11.0296 1272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 08:53:11.0546 1272 Null - ok 08:53:11.0843 1272 nvcap - ok 08:53:12.0031 1272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 08:53:12.0328 1272 NwlnkFlt - ok 08:53:12.0671 1272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 08:53:12.0843 1272 NwlnkFwd - ok 08:53:13.0250 1272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 08:53:13.0531 1272 ohci1394 - ok 08:53:13.0953 1272 oracle%oracle_home_service%clientcache80 - ok 08:53:14.0140 1272 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:53:14.0203 1272 ose - ok 08:53:14.0671 1272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 08:53:14.0937 1272 Parport - ok 08:53:15.0312 1272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 08:53:15.0515 1272 PartMgr - ok 08:53:15.0953 1272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 08:53:16.0156 1272 ParVdm - ok 08:53:16.0531 1272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 08:53:16.0703 1272 PCI - ok 08:53:17.0015 1272 PCIDump - ok 08:53:17.0187 1272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 08:53:17.0359 1272 PCIIde - ok 08:53:17.0734 1272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 08:53:17.0921 1272 Pcmcia - ok 08:53:18.0312 1272 PDCOMP - ok 08:53:18.0390 1272 PDFRAME - ok 08:53:18.0468 1272 PDRELI - ok 08:53:18.0703 1272 PDRFRAME - ok 08:53:18.0828 1272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 08:53:19.0031 1272 perc2 - ok 08:53:19.0375 1272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 08:53:19.0546 1272 perc2hib - ok 08:53:19.0781 1272 pgpsdkservice - ok 08:53:19.0906 1272 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 08:53:19.0937 1272 PlugPlay - ok 08:53:20.0015 1272 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 08:53:20.0156 1272 PolicyAgent - ok 08:53:20.0515 1272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 08:53:20.0781 1272 PptpMiniport - ok 08:53:21.0093 1272 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 08:53:21.0234 1272 ProtectedStorage - ok 08:53:21.0406 1272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 08:53:21.0703 1272 PSched - ok 08:53:22.0109 1272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 08:53:22.0296 1272 Ptilink - ok 08:53:22.0718 1272 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 08:53:22.0750 1272 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 08:53:22.0750 1272 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 08:53:22.0968 1272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 08:53:23.0250 1272 ql1080 - ok 08:53:23.0656 1272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 08:53:23.0859 1272 Ql10wnt - ok 08:53:24.0421 1272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 08:53:24.0703 1272 ql12160 - ok 08:53:25.0281 1272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 08:53:25.0562 1272 ql1240 - ok 08:53:26.0250 1272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 08:53:26.0468 1272 ql1280 - ok 08:53:27.0265 1272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 08:53:27.0531 1272 RasAcd - ok 08:53:27.0984 1272 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 08:53:28.0281 1272 RasAuto - ok 08:53:29.0000 1272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 08:53:29.0296 1272 Rasl2tp - ok 08:53:29.0859 1272 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 08:53:30.0187 1272 RasMan - ok 08:53:30.0843 1272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 08:53:31.0156 1272 RasPppoe - ok 08:53:31.0843 1272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 08:53:32.0250 1272 Raspti - ok 08:53:33.0015 1272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 08:53:33.0359 1272 Rdbss - ok 08:53:33.0984 1272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 08:53:36.0156 1272 RDPCDD - ok 08:53:37.0234 1272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 08:53:37.0656 1272 rdpdr - ok 08:53:38.0562 1272 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 08:53:38.0750 1272 RDPWD - ok 08:53:39.0343 1272 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 08:53:40.0500 1272 RDSessMgr - ok 08:53:41.0109 1272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 08:53:41.0562 1272 redbook - ok 08:53:42.0234 1272 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 08:53:42.0468 1272 RemoteAccess - ok 08:53:43.0296 1272 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 08:53:43.0578 1272 RemoteRegistry - ok 08:53:44.0656 1272 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 08:53:44.0781 1272 RMCAST - ok 08:53:45.0265 1272 rnadiagreceiver - ok 08:53:45.0843 1272 roxupnprenderer - ok 08:53:46.0484 1272 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 08:53:46.0890 1272 RpcLocator - ok 08:53:47.0859 1272 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 08:53:48.0093 1272 RpcSs - ok 08:53:48.0656 1272 rrrspy - ok 08:53:49.0296 1272 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 08:53:50.0078 1272 RSVP - ok 08:53:50.0687 1272 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 08:53:50.0937 1272 rtl8139 - ok 08:53:51.0468 1272 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 08:53:51.0671 1272 SamSs - ok 08:53:52.0000 1272 SavRoam (fe8792122cdb2caf105f60ea228a3b46) C:\Program Files\Symantec AntiVirus\SavRoam.exe 08:53:52.0437 1272 SavRoam - ok 08:53:52.0937 1272 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program Files\Symantec AntiVirus\savrt.sys 08:53:53.0218 1272 SAVRT - ok 08:53:53.0421 1272 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 08:53:53.0500 1272 SAVRTPEL - ok 08:53:54.0218 1272 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 08:53:54.0859 1272 SCardSvr - ok 08:53:55.0437 1272 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 08:53:55.0687 1272 Schedule - ok 08:53:56.0187 1272 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 08:53:56.0484 1272 sdbus - ok 08:53:56.0953 1272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 08:53:57.0234 1272 Secdrv - ok 08:53:57.0703 1272 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 08:53:57.0953 1272 seclogon - ok 08:53:58.0437 1272 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 08:53:58.0687 1272 SENS - ok 08:53:59.0281 1272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 08:53:59.0609 1272 Serial - ok 08:54:00.0218 1272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 08:54:00.0515 1272 Sfloppy - ok 08:54:01.0281 1272 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 08:54:01.0921 1272 SharedAccess - ok 08:54:02.0578 1272 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 08:54:02.0843 1272 ShellHWDetection - ok 08:54:03.0515 1272 Simbad - ok 08:54:04.0281 1272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 08:54:05.0375 1272 sisagp - ok 08:54:05.0687 1272 SNDSrvc (262c62aa7e74e7cdc0bd8926741b6a60) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 08:54:06.0343 1272 SNDSrvc - ok 08:54:06.0968 1272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 08:54:07.0328 1272 Sparrow - ok 08:54:07.0812 1272 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 08:54:08.0593 1272 SPBBCDrv - ok 08:54:09.0093 1272 SPBBCSvc (ea07435c72a8534c3a8e02d87246e546) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 08:54:10.0750 1272 SPBBCSvc - ok 08:54:11.0546 1272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 08:54:11.0875 1272 splitter - ok 08:54:12.0500 1272 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 08:54:12.0671 1272 Spooler - ok 08:54:13.0531 1272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 08:54:13.0890 1272 sr - ok 08:54:14.0609 1272 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 08:54:15.0015 1272 srservice - ok 08:54:16.0000 1272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 08:54:16.0765 1272 Srv - ok 08:54:17.0437 1272 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys 08:54:17.0515 1272 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning 08:54:17.0515 1272 sscdbhk5 - detected UnsignedFile.Multi.Generic (1) 08:54:18.0343 1272 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 08:54:18.0562 1272 SSDPSRV - ok 08:54:19.0265 1272 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys 08:54:19.0312 1272 ssrtln ( UnsignedFile.Multi.Generic ) - warning 08:54:19.0312 1272 ssrtln - detected UnsignedFile.Multi.Generic (1) 08:54:19.0906 1272 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 08:54:20.0312 1272 stisvc - ok 08:54:21.0218 1272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 08:54:21.0515 1272 swenum - ok 08:54:22.0031 1272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 08:54:22.0312 1272 swmidi - ok 08:54:22.0781 1272 SwPrv - ok 08:54:23.0578 1272 Symantec AntiVirus (85ecc034b4dec0b3640c2d72509c03be) C:\Program Files\Symantec AntiVirus\Rtvscan.exe 08:54:25.0421 1272 Symantec AntiVirus - ok 08:54:26.0250 1272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 08:54:26.0578 1272 symc810 - ok 08:54:27.0312 1272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 08:54:27.0734 1272 symc8xx - ok 08:54:27.0953 1272 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS 08:54:28.0250 1272 SymEvent - ok 08:54:29.0234 1272 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 08:54:29.0296 1272 SYMREDRV - ok 08:54:29.0984 1272 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 08:54:30.0109 1272 SYMTDI - ok 08:54:30.0890 1272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 08:54:31.0234 1272 sym_hi - ok 08:54:31.0890 1272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 08:54:32.0234 1272 sym_u3 - ok 08:54:32.0921 1272 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys 08:54:33.0468 1272 SynTP - ok 08:54:34.0312 1272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 08:54:34.0625 1272 sysaudio - ok 08:54:35.0421 1272 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 08:54:35.0953 1272 SysmonLog - ok 08:54:36.0656 1272 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 08:54:36.0953 1272 TapiSrv - ok 08:54:37.0656 1272 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\WINDOWS\system32\drivers\tbhsd.sys 08:54:37.0765 1272 tbhsd - ok 08:54:38.0656 1272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 08:54:39.0046 1272 Tcpip - ok 08:54:39.0828 1272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 08:54:40.0093 1272 TDPIPE - ok 08:54:40.0750 1272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 08:54:41.0062 1272 TDTCP - ok 08:54:41.0984 1272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 08:54:42.0312 1272 TermDD - ok 08:54:42.0906 1272 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 08:54:43.0359 1272 TermService - ok 08:54:44.0046 1272 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys 08:54:44.0203 1272 tfsnboio ( UnsignedFile.Multi.Generic ) - warning 08:54:44.0203 1272 tfsnboio - detected UnsignedFile.Multi.Generic (1) 08:54:44.0843 1272 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys 08:54:44.0921 1272 tfsncofs ( UnsignedFile.Multi.Generic ) - warning 08:54:44.0921 1272 tfsncofs - detected UnsignedFile.Multi.Generic (1) 08:54:45.0625 1272 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys 08:54:45.0734 1272 tfsndrct ( UnsignedFile.Multi.Generic ) - warning 08:54:45.0734 1272 tfsndrct - detected UnsignedFile.Multi.Generic (1) 08:54:46.0453 1272 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys 08:54:46.0500 1272 tfsndres ( UnsignedFile.Multi.Generic ) - warning 08:54:46.0500 1272 tfsndres - detected UnsignedFile.Multi.Generic (1) 08:54:47.0234 1272 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys 08:54:47.0296 1272 tfsnifs ( UnsignedFile.Multi.Generic ) - warning 08:54:47.0296 1272 tfsnifs - detected UnsignedFile.Multi.Generic (1) 08:54:47.0953 1272 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys 08:54:48.0000 1272 tfsnopio ( UnsignedFile.Multi.Generic ) - warning 08:54:48.0000 1272 tfsnopio - detected UnsignedFile.Multi.Generic (1) 08:54:48.0687 1272 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys 08:54:48.0812 1272 tfsnpool ( UnsignedFile.Multi.Generic ) - warning 08:54:48.0812 1272 tfsnpool - detected UnsignedFile.Multi.Generic (1) 08:54:49.0531 1272 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys 08:54:49.0640 1272 tfsnudf ( UnsignedFile.Multi.Generic ) - warning 08:54:49.0640 1272 tfsnudf - detected UnsignedFile.Multi.Generic (1) 08:54:50.0203 1272 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys 08:54:50.0265 1272 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning 08:54:50.0265 1272 tfsnudfa - detected UnsignedFile.Multi.Generic (1) 08:54:51.0000 1272 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 08:54:51.0078 1272 Themes - ok 08:54:51.0828 1272 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys 08:54:52.0281 1272 tifm21 - ok 08:54:52.0953 1272 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 08:54:53.0328 1272 TlntSvr - ok 08:54:54.0421 1272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 08:54:55.0015 1272 TosIde - ok 08:54:55.0718 1272 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 08:54:56.0015 1272 TrkWks - ok 08:54:56.0781 1272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 08:54:57.0078 1272 Udfs - ok 08:54:57.0734 1272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 08:54:58.0015 1272 ultra - ok 08:54:58.0718 1272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 08:54:59.0281 1272 Update - ok 08:55:00.0140 1272 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 08:55:00.0640 1272 upnphost - ok 08:55:01.0359 1272 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 08:55:01.0640 1272 UPS - ok 08:55:02.0250 1272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 08:55:02.0578 1272 usbccgp - ok 08:55:03.0312 1272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 08:55:03.0625 1272 usbehci - ok 08:55:04.0656 1272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 08:55:04.0953 1272 usbhub - ok 08:55:05.0906 1272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 08:55:06.0250 1272 usbprint - ok 08:55:07.0109 1272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 08:55:07.0421 1272 usbscan - ok 08:55:08.0265 1272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:55:08.0546 1272 USBSTOR - ok 08:55:09.0187 1272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 08:55:09.0750 1272 usbuhci - ok 08:55:10.0531 1272 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys 08:55:10.0906 1272 USB_RNDIS_XP - ok 08:55:11.0765 1272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 08:55:12.0046 1272 VgaSave - ok 08:55:12.0765 1272 vgqt - ok 08:55:13.0468 1272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 08:55:13.0765 1272 viaagp - ok 08:55:14.0578 1272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 08:55:14.0968 1272 ViaIde - ok 08:55:16.0140 1272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 08:55:16.0453 1272 VolSnap - ok 08:55:17.0437 1272 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 08:55:17.0953 1272 VSS - ok 08:55:18.0656 1272 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 08:55:19.0000 1272 W32Time - ok 08:55:19.0859 1272 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys 08:55:21.0812 1272 w39n51 - ok 08:55:22.0625 1272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 08:55:22.0937 1272 Wanarp - ok 08:55:23.0421 1272 WDICA - ok 08:55:23.0765 1272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 08:55:24.0046 1272 wdmaud - ok 08:55:24.0796 1272 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 08:55:25.0062 1272 WebClient - ok 08:55:25.0968 1272 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 08:55:27.0546 1272 winachsf - ok 08:55:28.0343 1272 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 08:55:28.0703 1272 winmgmt - ok 08:55:29.0156 1272 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 08:55:29.0406 1272 WmdmPmSN - ok 08:55:29.0890 1272 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 08:55:30.0031 1272 Wmi - ok 08:55:30.0421 1272 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 08:55:30.0718 1272 WmiAcpi - ok 08:55:31.0156 1272 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 08:55:31.0453 1272 WmiApSrv - ok 08:55:31.0687 1272 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 08:55:31.0875 1272 WMPNetworkSvc - ok 08:55:32.0359 1272 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 08:55:32.0421 1272 WpdUsb - ok 08:55:32.0875 1272 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 08:55:33.0171 1272 WS2IFSL - ok 08:55:33.0656 1272 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 08:55:33.0937 1272 wscsvc - ok 08:55:34.0484 1272 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 08:55:34.0828 1272 wuauserv - ok 08:55:35.0218 1272 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 08:55:35.0343 1272 WudfPf - ok 08:55:35.0937 1272 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 08:55:36.0046 1272 WudfRd - ok 08:55:36.0437 1272 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 08:55:36.0500 1272 WudfSvc - ok 08:55:36.0625 1272 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 08:55:36.0906 1272 WZCSVC - ok 08:55:37.0265 1272 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 08:55:37.0468 1272 xmlprov - ok 08:55:37.0515 1272 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0 08:55:38.0000 1272 \Device\Harddisk0\DR0 - ok 08:55:38.0031 1272 Boot (0x1200) (98a636ae3e4f342f3ff8dd1bc992beb5) \Device\Harddisk0\DR0\Partition0 08:55:38.0031 1272 \Device\Harddisk0\DR0\Partition0 - ok 08:55:38.0062 1272 Boot (0x1200) (3dd5b83fb3c88cd7da6ee73261fe42b1) \Device\Harddisk0\DR0\Partition1 08:55:38.0062 1272 \Device\Harddisk0\DR0\Partition1 - ok 08:55:38.0062 1272 ============================================================ 08:55:38.0062 1272 Scan finished 08:55:38.0062 1272 ============================================================ 08:55:38.0203 1096 Detected object count: 23 08:55:38.0203 1096 Actual detected object count: 23 08:55:48.0156 1096 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0171 1096 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0171 1096 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0171 1096 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0171 1096 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0171 1096 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0171 1096 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0171 1096 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0171 1096 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0171 1096 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0187 1096 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0187 1096 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0187 1096 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0187 1096 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0187 1096 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0187 1096 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0187 1096 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0187 1096 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0187 1096 MHN ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0187 1096 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0203 1096 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0203 1096 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0203 1096 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0203 1096 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0203 1096 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0203 1096 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0203 1096 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0203 1096 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0218 1096 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0218 1096 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0218 1096 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0218 1096 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0218 1096 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0218 1096 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0218 1096 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0218 1096 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0234 1096 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0234 1096 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0234 1096 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0234 1096 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0234 1096 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0234 1096 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0234 1096 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0234 1096 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:55:48.0250 1096 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user 08:55:48.0250 1096 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

Will do. Do I need an unistall tool for TDSS Killer? I've heard that that is sometimes necessary for Kaspersky products, and I want to make sure I do it correctly the first time.