dielind
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dielind
-
-
Thank you again for all of your help! I uninstalled Spybot SD and also uninstalled and reinstalled firefox. Everything seems to be running normally now. Should I run any additional diagnostics?
-
We primarily use the Mozilla Foxfire browser, version 13.0.1 I checked and the homepage was also changed in IE but I was able to successfully change it back to google and did not experience any link redirections during my short search engine experiement.
I ran RogueKiller again. The results are as follows:
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: D [Admin rights]
Mode: Scan -- Date: 06/23/2012 11:08:22
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A433AD8)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x89F0D800)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A4658C0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89EA0AA8)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x89F03B98)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A464EC0)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A46E608)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A16B5F8)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A433848)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A632D20)
SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x89F10A70)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A5DB198)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8A5536D8)
SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0x8A612198)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A46BDF0)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A47AEF8)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A513D90)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8A68DA50)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A5E0198)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A643AD0)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A479E40)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A6ECBF8)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A46E0D0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A464950)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST980813ASG +++++
--- User ---
[MBR] 0d20519f4697fe02675d1961fb932b3e
[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Unfortunately the computer is still redirecting webpage clicks and changing our homepage... Ran MBAM again. Here are the results:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.23.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
D :: DFT43YF1 [administrator]
6/23/2012 10:37:59 AM
mbam-log-2012-06-23 (10-37-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 220790
Time elapsed: 4 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Thank you for your help. I downloaded and ran combofix 2x. I have attached the results of the second scan.
ComboFix 12-06-23.05 - D 06/23/2012 9:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1392 [GMT -4:00]
Running from: c:\documents and settings\D\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 01:56 . 2012-06-23 01:56 -------- d-----w- c:\program files\ERUNT
2012-06-16 21:06 . 2012-06-16 21:06 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Sun
2012-06-15 02:55 . 2012-06-15 02:55 -------- d-----w- c:\program files\Oracle
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- c:\documents and settings\D\Application Data\Oracle
2012-06-15 02:54 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-15 02:47 . 2012-06-15 02:47 -------- d-----w- c:\program files\Adobe Download Assistant
2012-06-13 20:49 . 2012-06-13 20:49 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Cyberlink
2012-06-06 20:47 . 2012-06-01 15:39 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-06 20:47 . 2012-06-01 15:39 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-02 03:12 . 2012-06-02 03:12 87960 ----a-r- c:\documents and settings\D\Application Data\Microsoft\Installer\{ECC01078-AC91-4A40-9F15-9D586F065CC7}\ARPPRODUCTICON.exe
2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Scholastic
2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\program files\Common Files\K-NFB Reading
2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\program files\PlayReady
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 02:17 . 2012-03-28 14:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 02:17 . 2011-07-14 11:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 19:19 . 2007-07-30 23:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-11 23:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-11 23:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-11 23:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-07-30 23:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-11 23:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-11 23:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-11 23:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-30 23:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-11 23:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-11 23:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-03-31 21:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2008-03-31 21:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2007-07-30 23:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-11 23:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 10:40 . 2008-03-28 23:04 0 ----a-w- c:\documents and settings\D\Local Settings\Application Data\WavXMapDrive.bat
2012-05-04 23:29 . 2008-06-30 14:18 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 23:29 . 2012-01-02 01:32 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16 . 2004-08-11 23:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-11 23:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46 . 2004-08-11 23:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2012-04-04 19:56 . 2012-05-02 01:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 17:37 . 2012-01-05 01:40 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-30 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2007-10-08 125368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\D\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-01-25 08:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 10:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 19:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
2006-10-16 05:31 106496 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcxtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-05-18 17:45 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2006-01-06 19:07 348160 ----a-w- c:\windows\system32\hphmon04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-05-18 17:45 138008 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 19:05 282624 ----a-w- c:\windows\system32\KADxMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-12 00:15 101136 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 20:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-01-12 00:15 101136 ----a-w- c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-05-18 17:45 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostCopy]
2001-07-25 21:16 20480 ------w- c:\windows\system32\BELKIN\F5D5050\PostCopy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-05 23:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 13:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-30 22:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-05 13:47 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2007-10-08 00:48 125368 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\D\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dlbfcoms.exe"=
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 dlbf_device;dlbf_device;c:\windows\system32\dlbfcoms.exe -service --> c:\windows\system32\dlbfcoms.exe -service [?]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/2/2012 6:10 AM 106104]
S2 gupdate1c985a741df6b8;Google Update Service (gupdate1c985a741df6b8);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 10:27 PM 133104]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [3/28/2008 7:18 PM 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/28/2012 10:16 AM 257224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 10:27 PM 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/30/2012 7:08 AM 113120]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/11/2011 8:09 PM 30576]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 02:17]
.
2012-05-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-DFT43YF1-D.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-10-02 21:42]
.
2012-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-30 07:42]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 02:27]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 02:27]
.
2012-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-939076650-941321340-1201637723-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]
.
2012-05-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-939076650-941321340-1201637723-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.bankofamerica.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\documents and settings\D\Application Data\Mozilla\Firefox\Profiles\ty86au9v.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.bankofamerica.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://www.bankofamerica.com
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 09:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1248)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(2116)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-23 10:01:08
ComboFix-quarantined-files.txt 2012-06-23 14:01
ComboFix2.txt 2012-06-23 13:48
.
Pre-Run: 12,913,041,408 bytes free
Post-Run: 12,895,879,168 bytes free
.
- - End Of File - - 82D3BFDAC56472EBD30767F9CAFD903B
-
Thank you MrC. I ran RogueKiller again and deleted the processes, then restarted the program and ran the scan again to delete the registry entries. On the second scan, the registry entries did not show up so I went ahead with the system restore and erunt, then ran the TDSSKILLER program.
The results are as follows:
21:58:13.0812 2616 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:58:14.0046 2616 ============================================================
21:58:14.0046 2616 Current date / time: 2012/06/22 21:58:14.0046
21:58:14.0046 2616 SystemInfo:
21:58:14.0046 2616
21:58:14.0046 2616 OS Version: 5.1.2600 ServicePack: 3.0
21:58:14.0046 2616 Product type: Workstation
21:58:14.0046 2616 ComputerName: DFT43YF1
21:58:14.0046 2616 UserName: D
21:58:14.0046 2616 Windows directory: C:\WINDOWS
21:58:14.0046 2616 System windows directory: C:\WINDOWS
21:58:14.0046 2616 Processor architecture: Intel x86
21:58:14.0046 2616 Number of processors: 2
21:58:14.0046 2616 Page size: 0x1000
21:58:14.0046 2616 Boot type: Normal boot
21:58:14.0046 2616 ============================================================
21:58:15.0718 2616 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:58:15.0718 2616 ============================================================
21:58:15.0718 2616 \Device\Harddisk0\DR0:
21:58:15.0718 2616 MBR partitions:
21:58:15.0718 2616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94EAFF8
21:58:15.0718 2616 ============================================================
21:58:15.0750 2616 C: <-> \Device\Harddisk0\DR0\Partition0
21:58:15.0750 2616 ============================================================
21:58:15.0750 2616 Initialize success
21:58:15.0750 2616 ============================================================
21:58:56.0171 3184 ============================================================
21:58:56.0171 3184 Scan started
21:58:56.0171 3184 Mode: Manual; SigCheck; TDLFS;
21:58:56.0171 3184 ============================================================
21:58:56.0421 3184 Abiosdsk - ok
21:58:56.0468 3184 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:58:56.0734 3184 abp480n5 - ok
21:58:56.0765 3184 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:58:56.0921 3184 ACPI - ok
21:58:56.0984 3184 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:58:57.0093 3184 ACPIEC - ok
21:58:57.0125 3184 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
21:58:57.0187 3184 ADM8511 - ok
21:58:57.0250 3184 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:58:57.0328 3184 AdobeFlashPlayerUpdateSvc - ok
21:58:57.0359 3184 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:58:57.0453 3184 adpu160m - ok
21:58:57.0500 3184 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:58:57.0593 3184 aec - ok
21:58:57.0640 3184 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:58:57.0687 3184 AFD - ok
21:58:57.0718 3184 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:58:57.0812 3184 agp440 - ok
21:58:57.0843 3184 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:58:57.0937 3184 agpCPQ - ok
21:58:57.0968 3184 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:58:58.0046 3184 Aha154x - ok
21:58:58.0062 3184 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:58:58.0156 3184 aic78u2 - ok
21:58:58.0171 3184 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:58:58.0281 3184 aic78xx - ok
21:58:58.0312 3184 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:58:58.0421 3184 Alerter - ok
21:58:58.0453 3184 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:58:58.0562 3184 ALG - ok
21:58:58.0593 3184 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:58:58.0687 3184 AliIde - ok
21:58:58.0734 3184 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:58:58.0812 3184 alim1541 - ok
21:58:58.0812 3184 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:58:58.0921 3184 amdagp - ok
21:58:58.0968 3184 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:58:59.0015 3184 amsint - ok
21:58:59.0046 3184 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:58:59.0062 3184 ApfiltrService ( UnsignedFile.Multi.Generic ) - warning
21:58:59.0062 3184 ApfiltrService - detected UnsignedFile.Multi.Generic (1)
21:58:59.0109 3184 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:58:59.0109 3184 APPDRV ( UnsignedFile.Multi.Generic ) - warning
21:58:59.0109 3184 APPDRV - detected UnsignedFile.Multi.Generic (1)
21:58:59.0187 3184 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:58:59.0187 3184 Apple Mobile Device - ok
21:58:59.0218 3184 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:58:59.0343 3184 AppMgmt - ok
21:58:59.0375 3184 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:58:59.0484 3184 Arp1394 - ok
21:58:59.0500 3184 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:58:59.0593 3184 asc - ok
21:58:59.0609 3184 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:58:59.0671 3184 asc3350p - ok
21:58:59.0687 3184 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:58:59.0796 3184 asc3550 - ok
21:58:59.0843 3184 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
21:58:59.0859 3184 ASFIPmon - ok
21:58:59.0937 3184 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:59:00.0015 3184 aspnet_state - ok
21:59:00.0015 3184 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:59:00.0109 3184 AsyncMac - ok
21:59:00.0156 3184 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:59:00.0234 3184 atapi - ok
21:59:00.0234 3184 Atdisk - ok
21:59:00.0250 3184 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:59:00.0343 3184 Atmarpc - ok
21:59:00.0390 3184 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:59:00.0484 3184 AudioSrv - ok
21:59:00.0515 3184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:59:00.0625 3184 audstub - ok
21:59:00.0656 3184 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:59:00.0656 3184 b57w2k ( UnsignedFile.Multi.Generic ) - warning
21:59:00.0656 3184 b57w2k - detected UnsignedFile.Multi.Generic (1)
21:59:00.0671 3184 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
21:59:00.0703 3184 BASFND ( UnsignedFile.Multi.Generic ) - warning
21:59:00.0703 3184 BASFND - detected UnsignedFile.Multi.Generic (1)
21:59:00.0750 3184 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:59:00.0781 3184 BCM43XX ( UnsignedFile.Multi.Generic ) - warning
21:59:00.0781 3184 BCM43XX - detected UnsignedFile.Multi.Generic (1)
21:59:00.0812 3184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:59:00.0921 3184 Beep - ok
21:59:00.0953 3184 bgsvcgen (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe
21:59:00.0984 3184 bgsvcgen ( UnsignedFile.Multi.Generic ) - warning
21:59:00.0984 3184 bgsvcgen - detected UnsignedFile.Multi.Generic (1)
21:59:01.0031 3184 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:59:01.0156 3184 BITS - ok
21:59:01.0281 3184 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
21:59:01.0296 3184 Bonjour Service - ok
21:59:01.0343 3184 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:59:01.0437 3184 Browser - ok
21:59:01.0453 3184 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:59:01.0562 3184 cbidf - ok
21:59:01.0562 3184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:59:01.0656 3184 cbidf2k - ok
21:59:01.0750 3184 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
21:59:01.0765 3184 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
21:59:01.0765 3184 CCALib8 - detected UnsignedFile.Multi.Generic (1)
21:59:01.0796 3184 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:59:01.0890 3184 CCDECODE - ok
21:59:01.0968 3184 ccEvtMgr (73a35ad810cb750367cc01564a44b0e7) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
21:59:01.0968 3184 ccEvtMgr - ok
21:59:01.0984 3184 ccSetMgr (5e32d63b71495a8eda09f05bd153a537) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
21:59:02.0000 3184 ccSetMgr - ok
21:59:02.0015 3184 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:59:02.0062 3184 cd20xrnt - ok
21:59:02.0093 3184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:59:02.0390 3184 Cdaudio - ok
21:59:02.0421 3184 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:59:02.0578 3184 Cdfs - ok
21:59:02.0640 3184 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:59:02.0781 3184 Cdrom - ok
21:59:02.0781 3184 Changer - ok
21:59:02.0843 3184 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:59:02.0921 3184 CiSvc - ok
21:59:02.0968 3184 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:59:03.0078 3184 ClipSrv - ok
21:59:03.0156 3184 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:03.0218 3184 clr_optimization_v2.0.50727_32 - ok
21:59:03.0250 3184 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:59:03.0343 3184 CmBatt - ok
21:59:03.0375 3184 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:59:03.0484 3184 CmdIde - ok
21:59:03.0500 3184 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:59:03.0609 3184 Compbatt - ok
21:59:03.0609 3184 COMSysApp - ok
21:59:03.0625 3184 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:59:03.0734 3184 Cpqarray - ok
21:59:03.0781 3184 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:59:03.0859 3184 CryptSvc - ok
21:59:03.0890 3184 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:59:03.0984 3184 dac2w2k - ok
21:59:04.0015 3184 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:59:04.0125 3184 dac960nt - ok
21:59:04.0171 3184 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:59:04.0234 3184 DcomLaunch - ok
21:59:04.0312 3184 DefWatch (7f7efcc3ef73160147b27a8270b4cb9e) C:\Program Files\Symantec AntiVirus\DefWatch.exe
21:59:04.0312 3184 DefWatch - ok
21:59:04.0343 3184 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:59:04.0453 3184 Dhcp - ok
21:59:04.0468 3184 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:59:04.0562 3184 Disk - ok
21:59:04.0578 3184 dlbf_device - ok
21:59:04.0578 3184 dlcx_device - ok
21:59:04.0578 3184 dmadmin - ok
21:59:04.0656 3184 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:59:04.0765 3184 dmboot - ok
21:59:04.0765 3184 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:59:04.0859 3184 dmio - ok
21:59:04.0890 3184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:59:04.0984 3184 dmload - ok
21:59:05.0015 3184 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:59:05.0187 3184 dmserver - ok
21:59:05.0203 3184 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:59:05.0281 3184 DMusic - ok
21:59:05.0312 3184 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:59:05.0406 3184 Dnscache - ok
21:59:05.0437 3184 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:59:05.0593 3184 Dot3svc - ok
21:59:05.0671 3184 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:59:05.0828 3184 dot4 - ok
21:59:05.0875 3184 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys
21:59:05.0953 3184 Dot4 HPH11 - ok
21:59:05.0984 3184 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:59:06.0140 3184 Dot4Print - ok
21:59:06.0203 3184 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
21:59:06.0234 3184 Dot4Print HPH11 - ok
21:59:06.0265 3184 Dot4Storage HPH11 (df0a7516e9f803c1c64796b81605495c) C:\WINDOWS\system32\Drivers\hphs2k11.sys
21:59:06.0296 3184 Dot4Storage HPH11 - ok
21:59:06.0328 3184 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:59:06.0468 3184 dot4usb - ok
21:59:06.0515 3184 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys
21:59:06.0546 3184 Dot4Usb HPH11 - ok
21:59:06.0578 3184 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:59:06.0671 3184 dpti2o - ok
21:59:06.0687 3184 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:59:06.0765 3184 drmkaud - ok
21:59:06.0812 3184 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
21:59:06.0812 3184 DXEC01 ( UnsignedFile.Multi.Generic ) - warning
21:59:06.0812 3184 DXEC01 - detected UnsignedFile.Multi.Generic (1)
21:59:06.0843 3184 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:59:06.0953 3184 E100B - ok
21:59:06.0984 3184 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:59:07.0187 3184 EapHost - ok
21:59:07.0328 3184 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:59:07.0375 3184 eeCtrl - ok
21:59:07.0406 3184 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:59:07.0421 3184 EraserUtilRebootDrv - ok
21:59:07.0437 3184 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:59:07.0640 3184 ERSvc - ok
21:59:07.0718 3184 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:59:07.0765 3184 Eventlog - ok
21:59:07.0812 3184 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:59:07.0906 3184 EventSystem - ok
21:59:07.0937 3184 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:59:08.0156 3184 Fastfat - ok
21:59:08.0218 3184 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:59:08.0281 3184 FastUserSwitchingCompatibility - ok
21:59:08.0281 3184 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:59:08.0390 3184 Fdc - ok
21:59:08.0406 3184 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:59:08.0500 3184 Fips - ok
21:59:08.0515 3184 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:59:08.0625 3184 Flpydisk - ok
21:59:08.0656 3184 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:59:08.0750 3184 FltMgr - ok
21:59:08.0843 3184 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:59:08.0875 3184 FontCache3.0.0.0 - ok
21:59:08.0890 3184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:59:09.0015 3184 Fs_Rec - ok
21:59:09.0078 3184 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:59:09.0218 3184 Ftdisk - ok
21:59:09.0281 3184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:59:09.0281 3184 GEARAspiWDM - ok
21:59:09.0296 3184 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:59:09.0453 3184 Gpc - ok
21:59:09.0515 3184 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
21:59:09.0531 3184 guardian2 ( UnsignedFile.Multi.Generic ) - warning
21:59:09.0531 3184 guardian2 - detected UnsignedFile.Multi.Generic (1)
21:59:09.0609 3184 gupdate1c985a741df6b8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
21:59:09.0625 3184 gupdate1c985a741df6b8 - ok
21:59:09.0625 3184 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
21:59:09.0640 3184 gupdatem - ok
21:59:09.0703 3184 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:59:09.0734 3184 gusvc - ok
21:59:09.0781 3184 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:59:09.0984 3184 HDAudBus - ok
21:59:10.0062 3184 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:59:10.0171 3184 helpsvc - ok
21:59:10.0203 3184 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:59:10.0296 3184 HidServ - ok
21:59:10.0328 3184 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:59:10.0421 3184 HidUsb - ok
21:59:10.0453 3184 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:59:10.0593 3184 hkmsvc - ok
21:59:10.0625 3184 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:59:10.0765 3184 hpn - ok
21:59:10.0812 3184 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:59:10.0843 3184 HSFHWAZL ( UnsignedFile.Multi.Generic ) - warning
21:59:10.0843 3184 HSFHWAZL - detected UnsignedFile.Multi.Generic (1)
21:59:10.0906 3184 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:59:10.0953 3184 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning
21:59:10.0953 3184 HSF_DPV - detected UnsignedFile.Multi.Generic (1)
21:59:11.0000 3184 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:59:11.0062 3184 HTTP - ok
21:59:11.0093 3184 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:59:11.0187 3184 HTTPFilter - ok
21:59:11.0234 3184 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:59:11.0421 3184 i2omgmt - ok
21:59:11.0468 3184 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:59:11.0562 3184 i2omp - ok
21:59:11.0578 3184 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:59:11.0671 3184 i8042prt - ok
21:59:11.0953 3184 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:59:12.0359 3184 ialm ( UnsignedFile.Multi.Generic ) - warning
21:59:12.0359 3184 ialm - detected UnsignedFile.Multi.Generic (1)
21:59:12.0453 3184 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:59:12.0500 3184 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:59:12.0500 3184 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:59:12.0656 3184 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:59:12.0875 3184 idsvc - ok
21:59:12.0953 3184 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:59:13.0062 3184 Imapi - ok
21:59:13.0093 3184 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:59:13.0203 3184 ImapiService - ok
21:59:13.0234 3184 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:59:13.0343 3184 ini910u - ok
21:59:13.0375 3184 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:59:13.0468 3184 IntelIde - ok
21:59:13.0500 3184 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:59:13.0578 3184 intelppm - ok
21:59:13.0609 3184 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:59:13.0687 3184 Ip6Fw - ok
21:59:13.0734 3184 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:59:13.0828 3184 IpFilterDriver - ok
21:59:13.0875 3184 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:59:13.0953 3184 IpInIp - ok
21:59:13.0968 3184 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:59:14.0062 3184 IpNat - ok
21:59:14.0156 3184 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
21:59:14.0234 3184 iPod Service - ok
21:59:14.0281 3184 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:59:14.0375 3184 IPSec - ok
21:59:14.0390 3184 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:59:14.0484 3184 IRENUM - ok
21:59:14.0500 3184 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:59:14.0609 3184 isapnp - ok
21:59:14.0671 3184 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:59:14.0687 3184 JavaQuickStarterService - ok
21:59:14.0687 3184 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:59:14.0796 3184 Kbdclass - ok
21:59:14.0812 3184 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:59:14.0906 3184 kbdhid - ok
21:59:14.0937 3184 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:59:15.0015 3184 kmixer - ok
21:59:15.0062 3184 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:59:15.0125 3184 KSecDD - ok
21:59:15.0156 3184 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:59:15.0218 3184 lanmanserver - ok
21:59:15.0250 3184 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:59:15.0281 3184 lanmanworkstation - ok
21:59:15.0281 3184 lbrtfdc - ok
21:59:15.0312 3184 LHidFilt (597d79382c154cedb638a65012925a23) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:59:15.0312 3184 LHidFilt - ok
21:59:15.0500 3184 LiveUpdate (7c63055bfb959199eeef366bbbe56456) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:59:15.0812 3184 LiveUpdate - ok
21:59:15.0906 3184 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:59:16.0109 3184 LmHosts - ok
21:59:16.0171 3184 LMouFilt (9ead053d28182bd6acb19d5f58202194) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:59:16.0187 3184 LMouFilt - ok
21:59:16.0265 3184 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:59:16.0312 3184 MDM - ok
21:59:16.0343 3184 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:59:16.0375 3184 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
21:59:16.0375 3184 mdmxsdk - detected UnsignedFile.Multi.Generic (1)
21:59:16.0406 3184 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:59:16.0625 3184 Messenger - ok
21:59:16.0656 3184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:59:16.0750 3184 mnmdd - ok
21:59:16.0781 3184 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:59:16.0890 3184 mnmsrvc - ok
21:59:16.0921 3184 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:59:17.0000 3184 Modem - ok
21:59:17.0046 3184 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:59:17.0140 3184 Mouclass - ok
21:59:17.0156 3184 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:59:17.0281 3184 mouhid - ok
21:59:17.0328 3184 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:59:17.0421 3184 MountMgr - ok
21:59:17.0468 3184 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:59:17.0546 3184 MozillaMaintenance - ok
21:59:17.0562 3184 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:59:17.0687 3184 mraid35x - ok
21:59:17.0718 3184 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:59:17.0843 3184 MRxDAV - ok
21:59:17.0906 3184 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:59:18.0000 3184 MRxSmb - ok
21:59:18.0062 3184 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
21:59:18.0078 3184 MSCamSvc - ok
21:59:18.0109 3184 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:59:18.0250 3184 Msfs - ok
21:59:18.0296 3184 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
21:59:18.0312 3184 MSHUSBVideo - ok
21:59:18.0312 3184 MSIServer - ok
21:59:18.0343 3184 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:59:18.0453 3184 MSKSSRV - ok
21:59:18.0468 3184 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:59:18.0562 3184 MSPCLOCK - ok
21:59:18.0593 3184 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:59:18.0687 3184 MSPQM - ok
21:59:18.0718 3184 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:59:18.0812 3184 mssmbios - ok
21:59:18.0843 3184 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:59:18.0953 3184 MSTEE - ok
21:59:19.0000 3184 Multi-user Cleanup Service (6822fb514a3b9d2348727a64f19b0100) C:\lotus\notes\ntmulti.exe
21:59:19.0031 3184 Multi-user Cleanup Service - ok
21:59:19.0078 3184 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:59:19.0125 3184 Mup - ok
21:59:19.0156 3184 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:59:19.0250 3184 NABTSFEC - ok
21:59:19.0296 3184 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:59:19.0437 3184 napagent - ok
21:59:19.0546 3184 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110902.002\naveng.sys
21:59:19.0562 3184 NAVENG - ok
21:59:19.0656 3184 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110902.002\navex15.sys
21:59:19.0781 3184 NAVEX15 - ok
21:59:19.0906 3184 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:59:20.0000 3184 NDIS - ok
21:59:20.0046 3184 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:59:20.0140 3184 NdisIP - ok
21:59:20.0171 3184 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:59:20.0218 3184 NdisTapi - ok
21:59:20.0250 3184 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:59:20.0359 3184 Ndisuio - ok
21:59:20.0375 3184 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:59:20.0484 3184 NdisWan - ok
21:59:20.0515 3184 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:59:20.0562 3184 NDProxy - ok
21:59:20.0578 3184 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:59:20.0671 3184 NetBIOS - ok
21:59:20.0718 3184 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:59:20.0812 3184 NetBT - ok
21:59:20.0843 3184 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:59:21.0031 3184 NetDDE - ok
21:59:21.0031 3184 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:59:21.0109 3184 NetDDEdsdm - ok
21:59:21.0171 3184 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:59:21.0281 3184 Netlogon - ok
21:59:21.0312 3184 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:59:21.0406 3184 Netman - ok
21:59:21.0500 3184 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:59:21.0531 3184 NetTcpPortSharing - ok
21:59:21.0546 3184 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:59:21.0656 3184 NIC1394 - ok
21:59:21.0750 3184 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
21:59:21.0781 3184 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
21:59:21.0781 3184 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
21:59:21.0828 3184 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:59:21.0859 3184 Nla - ok
21:59:21.0875 3184 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:59:21.0984 3184 Npfs - ok
21:59:22.0031 3184 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:59:22.0140 3184 Ntfs - ok
21:59:22.0171 3184 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:59:22.0343 3184 NtLmSsp - ok
21:59:22.0421 3184 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:59:22.0562 3184 NtmsSvc - ok
21:59:22.0593 3184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:59:22.0703 3184 Null - ok
21:59:22.0812 3184 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:59:23.0015 3184 nv - ok
21:59:23.0125 3184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:59:23.0234 3184 NwlnkFlt - ok
21:59:23.0250 3184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:59:23.0343 3184 NwlnkFwd - ok
21:59:23.0375 3184 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:59:23.0484 3184 ohci1394 - ok
21:59:23.0546 3184 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:59:23.0562 3184 ose - ok
21:59:23.0578 3184 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:59:23.0671 3184 Parport - ok
21:59:23.0687 3184 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:59:23.0781 3184 PartMgr - ok
21:59:23.0812 3184 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:59:23.0921 3184 ParVdm - ok
21:59:23.0953 3184 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
21:59:23.0953 3184 PBADRV - ok
21:59:23.0968 3184 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:59:24.0062 3184 PCI - ok
21:59:24.0062 3184 PCIDump - ok
21:59:24.0093 3184 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:59:24.0203 3184 PCIIde - ok
21:59:24.0234 3184 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:59:24.0343 3184 Pcmcia - ok
21:59:24.0343 3184 PDCOMP - ok
21:59:24.0343 3184 PDFRAME - ok
21:59:24.0359 3184 PDRELI - ok
21:59:24.0359 3184 PDRFRAME - ok
21:59:24.0390 3184 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:59:24.0468 3184 perc2 - ok
21:59:24.0515 3184 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:59:24.0593 3184 perc2hib - ok
21:59:24.0640 3184 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:59:24.0656 3184 PlugPlay - ok
21:59:24.0703 3184 Pml Driver HPH11 (0d337e0cf7041c5f538b27c2f86e48bf) C:\WINDOWS\system32\HPHipm11.exe
21:59:24.0750 3184 Pml Driver HPH11 - ok
21:59:24.0781 3184 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:59:24.0859 3184 PolicyAgent - ok
21:59:24.0875 3184 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:59:24.0984 3184 PptpMiniport - ok
21:59:24.0984 3184 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:59:25.0062 3184 ProtectedStorage - ok
21:59:25.0078 3184 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:59:25.0171 3184 PSched - ok
21:59:25.0203 3184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:59:25.0312 3184 Ptilink - ok
21:59:25.0343 3184 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:59:25.0343 3184 PxHelp20 - ok
21:59:25.0375 3184 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:59:25.0468 3184 ql1080 - ok
21:59:25.0468 3184 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:59:25.0546 3184 Ql10wnt - ok
21:59:25.0578 3184 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:59:25.0656 3184 ql12160 - ok
21:59:25.0687 3184 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:59:25.0765 3184 ql1240 - ok
21:59:25.0796 3184 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:59:25.0890 3184 ql1280 - ok
21:59:25.0921 3184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:59:26.0000 3184 RasAcd - ok
21:59:26.0015 3184 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:59:26.0140 3184 RasAuto - ok
21:59:26.0156 3184 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:59:26.0234 3184 Rasl2tp - ok
21:59:26.0281 3184 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:59:26.0375 3184 RasMan - ok
21:59:26.0375 3184 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:59:26.0468 3184 RasPppoe - ok
21:59:26.0500 3184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:59:26.0593 3184 Raspti - ok
21:59:26.0625 3184 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:59:26.0718 3184 Rdbss - ok
21:59:26.0765 3184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:59:26.0859 3184 RDPCDD - ok
21:59:26.0890 3184 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:59:26.0984 3184 rdpdr - ok
21:59:27.0046 3184 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:59:27.0093 3184 RDPWD - ok
21:59:27.0125 3184 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:59:27.0281 3184 RDSessMgr - ok
21:59:27.0328 3184 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:59:27.0421 3184 redbook - ok
21:59:27.0453 3184 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:59:27.0562 3184 RemoteAccess - ok
21:59:27.0593 3184 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:59:27.0687 3184 RemoteRegistry - ok
21:59:27.0718 3184 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:59:27.0812 3184 RpcLocator - ok
21:59:27.0859 3184 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:59:27.0906 3184 RpcSs - ok
21:59:27.0953 3184 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:59:28.0062 3184 RSVP - ok
21:59:28.0093 3184 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:59:28.0171 3184 SamSs - ok
21:59:28.0234 3184 SavRoam (92554f1d5037033146501f72c74b4d9f) C:\Program Files\Symantec AntiVirus\SavRoam.exe
21:59:28.0265 3184 SavRoam - ok
21:59:28.0296 3184 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
21:59:28.0328 3184 SAVRT - ok
21:59:28.0343 3184 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
21:59:28.0359 3184 SAVRTPEL - ok
21:59:28.0390 3184 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:59:28.0500 3184 SCardSvr - ok
21:59:28.0531 3184 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:59:28.0640 3184 Schedule - ok
21:59:28.0687 3184 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:59:28.0781 3184 Secdrv - ok
21:59:28.0828 3184 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:59:28.0921 3184 seclogon - ok
21:59:29.0000 3184 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
21:59:29.0078 3184 SecureStorageService ( UnsignedFile.Multi.Generic ) - warning
21:59:29.0078 3184 SecureStorageService - detected UnsignedFile.Multi.Generic (1)
21:59:29.0109 3184 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:59:29.0203 3184 SENS - ok
21:59:29.0234 3184 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:59:29.0312 3184 serenum - ok
21:59:29.0328 3184 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:59:29.0437 3184 Serial - ok
21:59:29.0468 3184 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:59:29.0578 3184 Sfloppy - ok
21:59:29.0625 3184 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:59:29.0718 3184 SharedAccess - ok
21:59:29.0765 3184 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:59:29.0796 3184 ShellHWDetection - ok
21:59:29.0796 3184 Simbad - ok
21:59:29.0828 3184 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:59:29.0937 3184 sisagp - ok
21:59:29.0968 3184 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:59:30.0062 3184 SLIP - ok
21:59:30.0140 3184 SNDSrvc (213c7eb70a762afdbb095e3535e8545c) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
21:59:30.0187 3184 SNDSrvc - ok
21:59:30.0218 3184 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:59:30.0281 3184 Sparrow - ok
21:59:30.0328 3184 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:59:30.0359 3184 SPBBCDrv - ok
21:59:30.0437 3184 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
21:59:30.0484 3184 SPBBCSvc - ok
21:59:30.0593 3184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:59:30.0687 3184 splitter - ok
21:59:30.0734 3184 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:59:30.0781 3184 Spooler - ok
21:59:30.0812 3184 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:59:30.0906 3184 sr - ok
21:59:30.0953 3184 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:59:31.0062 3184 srservice - ok
21:59:31.0109 3184 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:59:31.0171 3184 Srv - ok
21:59:31.0203 3184 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:59:31.0296 3184 SSDPSRV - ok
21:59:31.0343 3184 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe
21:59:31.0359 3184 STacSV ( UnsignedFile.Multi.Generic ) - warning
21:59:31.0359 3184 STacSV - detected UnsignedFile.Multi.Generic (1)
21:59:31.0453 3184 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
21:59:31.0500 3184 STHDA ( UnsignedFile.Multi.Generic ) - warning
21:59:31.0500 3184 STHDA - detected UnsignedFile.Multi.Generic (1)
21:59:31.0546 3184 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:59:31.0671 3184 stisvc - ok
21:59:31.0718 3184 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:59:31.0812 3184 streamip - ok
21:59:31.0843 3184 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:59:31.0937 3184 swenum - ok
21:59:32.0109 3184 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:59:32.0250 3184 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:59:32.0250 3184 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:59:32.0281 3184 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:59:32.0375 3184 swmidi - ok
21:59:32.0375 3184 SwPrv - ok
21:59:32.0515 3184 Symantec AntiVirus (7ac1fccc7976857aac3906d45a81d77b) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
21:59:32.0671 3184 Symantec AntiVirus - ok
21:59:32.0781 3184 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:59:32.0875 3184 symc810 - ok
21:59:32.0890 3184 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:59:33.0000 3184 symc8xx - ok
21:59:33.0046 3184 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:59:33.0062 3184 SymEvent - ok
21:59:33.0078 3184 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:59:33.0078 3184 SYMREDRV - ok
21:59:33.0093 3184 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:59:33.0109 3184 SYMTDI - ok
21:59:33.0140 3184 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:59:33.0234 3184 sym_hi - ok
21:59:33.0250 3184 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:59:33.0359 3184 sym_u3 - ok
21:59:33.0390 3184 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:59:33.0500 3184 sysaudio - ok
21:59:33.0531 3184 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:59:33.0625 3184 SysmonLog - ok
21:59:33.0656 3184 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:59:33.0765 3184 TapiSrv - ok
21:59:33.0812 3184 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:59:33.0828 3184 Tcpip - ok
21:59:33.0968 3184 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
21:59:34.0015 3184 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning
21:59:34.0015 3184 tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1)
21:59:34.0093 3184 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
21:59:34.0125 3184 TdmService ( UnsignedFile.Multi.Generic ) - warning
21:59:34.0125 3184 TdmService - detected UnsignedFile.Multi.Generic (1)
21:59:34.0250 3184 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:59:34.0343 3184 TDPIPE - ok
21:59:34.0375 3184 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:59:34.0468 3184 TDTCP - ok
21:59:34.0484 3184 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:59:34.0578 3184 TermDD - ok
21:59:34.0625 3184 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:59:34.0734 3184 TermService - ok
21:59:34.0765 3184 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:59:34.0781 3184 Themes - ok
21:59:34.0812 3184 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:59:34.0968 3184 TlntSvr - ok
21:59:35.0000 3184 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
21:59:35.0015 3184 toshidpt ( UnsignedFile.Multi.Generic ) - warning
21:59:35.0015 3184 toshidpt - detected UnsignedFile.Multi.Generic (1)
21:59:35.0046 3184 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:59:35.0125 3184 TosIde - ok
21:59:35.0156 3184 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
21:59:35.0171 3184 tosporte ( UnsignedFile.Multi.Generic ) - warning
21:59:35.0171 3184 tosporte - detected UnsignedFile.Multi.Generic (1)
21:59:35.0203 3184 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
21:59:35.0218 3184 tosrfbd ( UnsignedFile.Multi.Generic ) - warning
21:59:35.0218 3184 tosrfbd - detected UnsignedFile.Multi.Generic (1)
21:59:35.0250 3184 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
21:59:35.0250 3184 tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
21:59:35.0250 3184 tosrfbnp - detected UnsignedFile.Multi.Generic (1)
21:59:35.0281 3184 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
21:59:35.0296 3184 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
21:59:35.0296 3184 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
21:59:35.0328 3184 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
21:59:35.0359 3184 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
21:59:35.0359 3184 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
21:59:35.0375 3184 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
21:59:35.0406 3184 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
21:59:35.0406 3184 tosrfnds - detected UnsignedFile.Multi.Generic (1)
21:59:35.0421 3184 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
21:59:35.0437 3184 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
21:59:35.0437 3184 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
21:59:35.0468 3184 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:59:35.0578 3184 TrkWks - ok
21:59:35.0593 3184 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:59:35.0687 3184 Udfs - ok
21:59:35.0734 3184 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:59:35.0796 3184 ultra - ok
21:59:35.0843 3184 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:59:35.0921 3184 Update - ok
21:59:35.0968 3184 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:59:36.0093 3184 upnphost - ok
21:59:36.0109 3184 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:59:36.0218 3184 UPS - ok
21:59:36.0250 3184 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:59:36.0328 3184 USBAAPL - ok
21:59:36.0359 3184 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:59:36.0453 3184 usbaudio - ok
21:59:36.0484 3184 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:59:36.0593 3184 usbccgp - ok
21:59:36.0625 3184 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:59:36.0703 3184 usbehci - ok
21:59:36.0718 3184 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:59:36.0812 3184 usbhub - ok
21:59:36.0843 3184 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:59:36.0937 3184 usbprint - ok
21:59:36.0968 3184 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:59:37.0046 3184 usbscan - ok
21:59:37.0062 3184 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:59:37.0140 3184 USBSTOR - ok
21:59:37.0156 3184 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:59:37.0234 3184 usbuhci - ok
21:59:37.0265 3184 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:59:37.0359 3184 usbvideo - ok
21:59:37.0375 3184 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:59:37.0468 3184 VgaSave - ok
21:59:37.0515 3184 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:59:37.0593 3184 viaagp - ok
21:59:37.0625 3184 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:59:37.0718 3184 ViaIde - ok
21:59:37.0734 3184 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:59:37.0812 3184 VolSnap - ok
21:59:37.0859 3184 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:59:37.0968 3184 VSS - ok
21:59:37.0984 3184 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:59:38.0109 3184 w32time - ok
21:59:38.0140 3184 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:59:38.0218 3184 Wanarp - ok
21:59:38.0218 3184 Wave UCSPlus - ok
21:59:38.0343 3184 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
21:59:38.0390 3184 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - warning
21:59:38.0390 3184 WaveEnrollmentService - detected UnsignedFile.Multi.Generic (1)
21:59:38.0437 3184 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
21:59:38.0453 3184 WaveFDE ( UnsignedFile.Multi.Generic ) - warning
21:59:38.0453 3184 WaveFDE - detected UnsignedFile.Multi.Generic (1)
21:59:38.0484 3184 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
21:59:38.0500 3184 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning
21:59:38.0500 3184 WavxDMgr - detected UnsignedFile.Multi.Generic (1)
21:59:38.0531 3184 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:59:38.0546 3184 Wdf01000 - ok
21:59:38.0562 3184 WDICA - ok
21:59:38.0578 3184 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:59:38.0687 3184 wdmaud - ok
21:59:38.0718 3184 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:59:38.0812 3184 WebClient - ok
21:59:38.0906 3184 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:59:38.0953 3184 winachsf ( UnsignedFile.Multi.Generic ) - warning
21:59:38.0953 3184 winachsf - detected UnsignedFile.Multi.Generic (1)
21:59:39.0000 3184 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:59:39.0109 3184 winmgmt - ok
21:59:39.0109 3184 wltrysvc - ok
21:59:39.0140 3184 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:59:39.0203 3184 WmdmPmSN - ok
21:59:39.0250 3184 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:59:39.0312 3184 Wmi - ok
21:59:39.0375 3184 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:59:39.0468 3184 WmiAcpi - ok
21:59:39.0500 3184 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:59:39.0625 3184 WmiApSrv - ok
21:59:39.0734 3184 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:59:39.0843 3184 WMPNetworkSvc - ok
21:59:39.0890 3184 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:59:39.0984 3184 wscsvc - ok
21:59:40.0031 3184 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:59:40.0125 3184 WSTCODEC - ok
21:59:40.0156 3184 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:59:40.0250 3184 wuauserv - ok
21:59:40.0265 3184 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:59:40.0328 3184 WudfPf - ok
21:59:40.0343 3184 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:59:40.0375 3184 WudfRd - ok
21:59:40.0390 3184 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:59:40.0437 3184 WudfSvc - ok
21:59:40.0484 3184 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:59:40.0625 3184 WZCSVC - ok
21:59:40.0640 3184 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:59:40.0781 3184 xmlprov - ok
21:59:40.0796 3184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:59:41.0218 3184 \Device\Harddisk0\DR0 - ok
21:59:41.0250 3184 Boot (0x1200) (bc30ec154761c164ee51f69bb07f7e3a) \Device\Harddisk0\DR0\Partition0
21:59:41.0250 3184 \Device\Harddisk0\DR0\Partition0 - ok
21:59:41.0250 3184 ============================================================
21:59:41.0250 3184 Scan finished
21:59:41.0250 3184 ============================================================
21:59:41.0359 0844 Detected object count: 33
21:59:41.0359 0844 Actual detected object count: 33
22:02:12.0609 0844 ApfiltrService ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0609 0844 ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0609 0844 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0609 0844 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0609 0844 b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0609 0844 b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0609 0844 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0609 0844 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0609 0844 BCM43XX ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0609 0844 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0625 0844 bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0625 0844 bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0625 0844 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0625 0844 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0625 0844 DXEC01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0625 0844 DXEC01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0625 0844 guardian2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0625 0844 guardian2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0625 0844 HSFHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0625 0844 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0625 0844 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0625 0844 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0625 0844 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0625 0844 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0640 0844 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0640 0844 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0640 0844 mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0640 0844 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0640 0844 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0640 0844 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0640 0844 SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0640 0844 SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0640 0844 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0640 0844 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0640 0844 STHDA ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0640 0844 STHDA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 TdmService ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 TdmService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0656 0844 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0656 0844 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0671 0844 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0671 0844 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0671 0844 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0671 0844 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0671 0844 WaveFDE ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0671 0844 WaveFDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0671 0844 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0671 0844 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:12.0671 0844 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:12.0671 0844 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
Thank you for your time!
The first time I tried to run the program windows explorer crashed part way through... this is results of the second scan:
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: D [Admin rights]
Mode: Scan -- Date: 06/22/2012 21:32:43
¤¤¤ Bad processes: 3 ¤¤¤
[sUSP PATH] qwxktqbm.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll -> UNLOADED
[sUSP PATH] qwxktqbm.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll -> KILLED [TermProc]
[sUSP PATH] ivnabfndt.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll -> KILLED [TermProc]
¤¤¤ Registry Entries: 12 ¤¤¤
[bLACKLIST DLL] HKCU\[...]\Run : Cyberlink (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll",AllocatePfxEngineClient) -> FOUND
[bLACKLIST DLL] HKCU\[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-19_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-20_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005[...]\Run : Cyberlink (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll",AllocatePfxEngineClient) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A660648)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A5EB008)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A6677E0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A6537D8)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x8A670EB0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A66A9F8)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A582E50)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A675550)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A65E340)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A0F72C0)
SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x8A66C6B8)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A5ED9A8)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8A6E7008)
SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0x8A0E8038)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A5ED120)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A7638E0)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A7FE7E0)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8A5E8008)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A0ED350)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A7A7008)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A5ED838)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A7626F0)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A569770)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A663DA0)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST980813ASG +++++
--- User ---
[MBR] 0d20519f4697fe02675d1961fb932b3e
[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
My computer is infected with some virus or malware. We started noticing that our homepage kept changing a few months ago. We couldn't seem to get the computer to save our preferred page (google). Now our searches occasionally get rerouted to random other pages when we click on links. I have included the dds and attach logs. Any help would be greatly appreciated!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1
Run by D at 19:40:20 on 2012-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.804 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dlbfcoms.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.bankofamerica.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [AdobeBridge]
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Cyberlink] rundll32.exe "c:\documents and settings\d\local settings\application data\cyberlink\qwxktqbm.dll",AllocatePfxEngineClient
uRun: [Ares] rundll32.exe "c:\documents and settings\d\local settings\application data\google\ares\ivnabfndt.dll",CreateInstance
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Ares] rundll32.exe "c:\documents and settings\d\local settings\application data\google\ares\ivnabfndt.dll",CreateInstance
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206748501763
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\d\application data\mozilla\firefox\profiles\ty86au9v.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.bankofamerica.com
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://www.bankofamerica.com
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 dlbf_device;dlbf_device;c:\windows\system32\dlbfcoms.exe -service --> c:\windows\system32\dlbfcoms.exe -service [?]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-2 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110902.002\naveng.sys [2011-9-2 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110902.002\navex15.sys [2011-9-2 1576312]
S2 gupdate1c985a741df6b8;Google Update Service (gupdate1c985a741df6b8);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2008-3-28 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 257224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 113120]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-2-11 30576]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
.
=============== Created Last 30 ================
.
2012-06-16 21:06:10 -------- d-----w- c:\documents and settings\d\local settings\application data\Sun
2012-06-15 02:55:29 -------- d-----w- c:\program files\Oracle
2012-06-15 02:54:33 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-15 02:47:54 -------- d-----w- c:\program files\Adobe Download Assistant
2012-06-13 20:49:43 -------- d-----w- c:\documents and settings\d\local settings\application data\Cyberlink
2012-06-06 20:47:05 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-06 20:47:05 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-02 03:12:48 87960 ----a-r- c:\documents and settings\d\application data\microsoft\installer\{ecc01078-ac91-4a40-9f15-9d586f065cc7}\ARPPRODUCTICON.exe
2012-06-02 03:12:31 -------- d-----w- c:\documents and settings\d\local settings\application data\Scholastic
2012-06-02 03:12:09 -------- d-----w- c:\program files\common files\K-NFB Reading
2012-06-02 03:12:02 -------- d-----w- c:\program files\PlayReady
.
==================== Find3M ====================
.
2012-06-15 02:17:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 02:17:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 23:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46:47 17408 ------w- c:\windows\system32\corpol.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:42:12.89 ===============
Please help us get rid of this virus...
in Resolved Malware Removal Logs
Posted
We seem to be blissfully virus free. Thank you for all of your advice and help - we greatly appreciate it and have taken the recommended steps to avoid being affected in the future.