Hijack has taken over my desktop

drcho2112 · February 28, 2012

To Whom it May concern, My desktop has been infected by a version of Hijack. I've run Anti-Malwarebytes but part of my problem is that I wasn't updating signatures on a regular basis. Anyway I'm infected now and I can't of course get updates either. I've attached the.requested documents.dds.txt attach.txt Thanks for any help. David

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Mary Borchardt at 16:40:21 on 2012-02-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.455 [GMT -8:00]

.

FW: Platinum 2007 Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\ArcGIS\License10.0\bin\ARCGIS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\ehome\RMSvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\MARYBO~1\LOCALS~1\Temp\clclean.0001

C:\Program Files\AIM7\aim.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\ehome\RMSysTry.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.yahoo.com/

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

uSearch Bar =

mStart Page = hxxp://search.myheritage.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll

BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - c:\program files\premiumplay codec-c\Premiumplay Codec-C.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - c:\program files\incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: DataMngr: {b939cf93-f2cb-443d-956c-dc523d85c9db} - c:\progra~1\bearsh~1\mediabar\datamngr\BROWSE~1.DLL

BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\wincorebsdtx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll

TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\wincorebsdtx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - c:\program files\incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll

TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File

TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\antispyware\cdas8a.exe" /minimize

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Aim] "c:\program files\aim7\aim.exe" /d locale=en-US

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

mRun: [iPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-explorer: MaxRecentDocs = 19 (0x13)

uPolicies-explorer: NoRecycleFiles = 0 (0x0)

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

Trusted Zone: turbotax.com

Trusted Zone: yahoo.com\www

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143523865812

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab

DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL

AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mary borchardt\application data\mozilla\firefox\profiles\xomo98zl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=CYBTDF&PC=CYBD&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=710&systemid=2&sr=0&q=

FF - component: c:\documents and settings\mary borchardt\application data\mozilla\firefox\profiles\xomo98zl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\mary borchardt\application data\mozilla\firefox\profiles\xomo98zl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OysBmRNMM&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - dcdd24b7000000000000001372b38ca4

FF - user.js: extensions.incredibar_i.hardId - dcdd24b7000000000000001372b38ca4

FF - user.js: extensions.incredibar_i.instlDay - 15381

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:05:16

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OysBmRNMM

FF - user.js: extensions.incredibar_i.upn2n - 92260884094850476

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 48

.

============= SERVICES / DRIVERS ===============

.

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-11-24 33824]

R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\arcgis\license10.0\bin\lmgrd.exe [2008-11-5 1500424]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-25 652872]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-25 20464]

S0 wbyyiaih;wbyyiaih;c:\windows\system32\drivers\pncoinl.sys --> c:\windows\system32\drivers\pncoinl.sys [?]

S2 gupdate1c9fe004505b918;Google Update Service (gupdate1c9fe004505b918);c:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104]

S3 ELUSB;DUET Status Monitor Driver;c:\windows\system32\drivers\ELUSB.sys [2009-7-31 35200]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

.

=============== Created Last 30 ================

.

2012-02-26 19:29:49 -------- d-----w- c:\documents and settings\mary borchardt\application data\Incredibar.com

2012-02-11 23:08:12 -------- d-----w- c:\documents and settings\all users\application data\100

2012-02-11 23:08:04 -------- d-----w- c:\documents and settings\mary borchardt\local settings\application data\Premiumplay Codec-C

2012-02-11 23:07:58 -------- d-----w- c:\program files\Premiumplay Codec-C

2012-02-11 23:07:22 -------- d-----w- c:\documents and settings\mary borchardt\local settings\application data\WeatherBug

2012-02-11 23:07:16 -------- d-----w- C:\codec-info

2012-02-11 23:07:14 -------- d-----w- c:\documents and settings\mary borchardt\application data\WeatherBug

2012-02-11 23:07:11 18944 ----a-r- c:\documents and settings\mary borchardt\application data\microsoft\installer\{297dcada-86a1-4a42-8a13-66b7d7a09fd2}\IconBB6A16301.exe

2012-02-11 23:07:11 11264 ----a-r- c:\documents and settings\mary borchardt\application data\microsoft\installer\{297dcada-86a1-4a42-8a13-66b7d7a09fd2}\IconBB6A1630.exe

2012-02-11 23:07:08 -------- d-----w- c:\program files\AWS

2012-02-11 23:05:17 -------- d-----w- c:\program files\Incredibar.com

2012-02-11 23:04:20 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2012-02-06 04:57:41 -------- d-----w- c:\program files\iPod

2012-02-06 04:57:37 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2012-02-03 02:07:45 6686 -csha-w- c:\windows\system32\KGyGaAvL.sys

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 22:57:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 16:41:46.37 ===============

LDTate · February 29, 2012

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\system32\drivers\pncoinl.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky...anforvirus.html

drcho2112 · March 1, 2012

Hello Larry

The file doesn't exist on my computer. ??? I took a screenshot

Thanks for your help.

David

LDTate · March 1, 2012

S0 wbyyiaih;wbyyiaih;c:\windows\system32\drivers\pncoinl.sys --> c:\windows\system32\drivers\pncoinl.sys [?]

It was showing there but it might be an infection that changes the file name.

Lets give this a try

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

drcho2112 · March 2, 2012

I was able to successfully update my MBAM PRO. It took awhile for it to down load. It started and stopped itself 2 times finally completing on the third try. Ran full scan and it found nothing. Computer is semi ok? it's letting me get to the web whereas before it wouldn't let me connect but it does seem sluggish. Log below

Ran full scan and it found nothing.

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.01.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Mary Borchardt :: ELMACHINO [administrator]

Protection: Enabled

3/1/2012 4:30:11 PM

mbam-log-2012-03-01 (16-30-11).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 380564

Time elapsed: 1 hour(s), 3 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank you

LDTate · March 2, 2012

Some good progress.

We'll run some tools and see if anything bad shows.

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

drcho2112 · March 4, 2012

When I ran program it acted according to instructions untilI gstep 5, it never gave me the 3 options it went back to the original screen. Logs below:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.01.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Mary Borchardt :: ELMACHINO [administrator]

Protection: Enabled

3/1/2012 4:30:11 PM

mbam-log-2012-03-01 (16-30-11).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 380564

Time elapsed: 1 hour(s), 3 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank you,

David

LDTate · March 4, 2012

I need to see the TDSSKiller results

"TDSSKiller.[Version]_[Date]_[Time]_log.txt".

drcho2112 · March 6, 2012

Here is the correct log

10:54:00.0223 2748 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07

10:54:00.0629 2748 ============================================================

10:54:00.0629 2748 Current date / time: 2012/03/04 10:54:00.0629

10:54:00.0629 2748 SystemInfo:

10:54:00.0629 2748

10:54:00.0629 2748 OS Version: 5.1.2600 ServicePack: 3.0

10:54:00.0629 2748 Product type: Workstation

10:54:00.0629 2748 ComputerName: ELMACHINO

10:54:00.0629 2748 UserName: Mary Borchardt

10:54:00.0629 2748 Windows directory: C:\WINDOWS

10:54:00.0629 2748 System windows directory: C:\WINDOWS

10:54:00.0629 2748 Processor architecture: Intel x86

10:54:00.0629 2748 Number of processors: 2

10:54:00.0629 2748 Page size: 0x1000

10:54:00.0629 2748 Boot type: Normal boot

10:54:00.0629 2748 ============================================================

10:54:01.0645 2748 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:54:01.0660 2748 Drive \Device\Harddisk1\DR4 - Size: 0x1E3000000 (7.55 Gb), SectorSize: 0x200, Cylinders: 0x3D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:54:01.0660 2748 \Device\Harddisk0\DR0:

10:54:01.0660 2748 MBR used

10:54:01.0660 2748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x120A4B98

10:54:01.0660 2748 \Device\Harddisk1\DR4:

10:54:01.0660 2748 MBR used

10:54:01.0660 2748 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF17FE0

10:54:01.0770 2748 Initialize success

10:54:01.0770 2748 ============================================================

10:54:39.0488 4348 ============================================================

10:54:39.0488 4348 Scan started

10:54:39.0488 4348 Mode: Manual; SigCheck; TDLFS;

10:54:39.0488 4348 ============================================================

10:54:39.0707 4348 Abiosdsk - ok

10:54:39.0754 4348 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

10:54:42.0035 4348 abp480n5 - ok

10:54:42.0176 4348 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:54:42.0457 4348 ACPI - ok

10:54:42.0520 4348 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:54:42.0660 4348 ACPIEC - ok

10:54:42.0738 4348 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:54:42.0879 4348 adpu160m - ok

10:54:42.0957 4348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:54:43.0098 4348 aec - ok

10:54:43.0145 4348 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

10:54:43.0207 4348 AFD - ok

10:54:43.0238 4348 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

10:54:43.0363 4348 agp440 - ok

10:54:43.0379 4348 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

10:54:43.0520 4348 agpCPQ - ok

10:54:43.0535 4348 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

10:54:43.0598 4348 Aha154x - ok

10:54:43.0613 4348 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:54:43.0770 4348 aic78u2 - ok

10:54:43.0785 4348 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:54:43.0910 4348 aic78xx - ok

10:54:43.0926 4348 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

10:54:44.0066 4348 AliIde - ok

10:54:44.0113 4348 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

10:54:44.0270 4348 alim1541 - ok

10:54:44.0285 4348 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

10:54:44.0410 4348 amdagp - ok

10:54:44.0441 4348 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

10:54:44.0520 4348 amsint - ok

10:54:44.0535 4348 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

10:54:44.0660 4348 asc - ok

10:54:44.0691 4348 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

10:54:44.0754 4348 asc3350p - ok

10:54:44.0754 4348 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

10:54:44.0910 4348 asc3550 - ok

10:54:44.0957 4348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:54:45.0082 4348 AsyncMac - ok

10:54:45.0098 4348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:54:45.0238 4348 atapi - ok

10:54:45.0254 4348 Atdisk - ok

10:54:45.0316 4348 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

10:54:45.0395 4348 ati2mtag - ok

10:54:45.0488 4348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:54:45.0629 4348 Atmarpc - ok

10:54:45.0660 4348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:54:45.0770 4348 audstub - ok

10:54:45.0785 4348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:54:45.0941 4348 Beep - ok

10:54:45.0957 4348 BVRPMPR5 - ok

10:54:45.0957 4348 bvrp_pci - ok

10:54:45.0973 4348 catchme - ok

10:54:45.0973 4348 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

10:54:46.0113 4348 cbidf - ok

10:54:46.0129 4348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:54:46.0254 4348 cbidf2k - ok

10:54:46.0270 4348 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:54:46.0379 4348 CCDECODE - ok

10:54:46.0410 4348 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

10:54:46.0488 4348 cd20xrnt - ok

10:54:46.0520 4348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:54:46.0676 4348 Cdaudio - ok

10:54:46.0707 4348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:54:46.0816 4348 Cdfs - ok

10:54:46.0832 4348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:54:46.0973 4348 Cdrom - ok

10:54:46.0988 4348 Changer - ok

10:54:47.0020 4348 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

10:54:47.0160 4348 CmdIde - ok

10:54:47.0176 4348 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

10:54:47.0301 4348 Cpqarray - ok

10:54:47.0348 4348 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

10:54:47.0395 4348 ctsfm2k - ok

10:54:47.0426 4348 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

10:54:47.0473 4348 CTUSFSYN - ok

10:54:47.0504 4348 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

10:54:47.0645 4348 dac2w2k - ok

10:54:47.0660 4348 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

10:54:47.0801 4348 dac960nt - ok

10:54:47.0848 4348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:54:47.0988 4348 Disk - ok

10:54:48.0020 4348 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

10:54:48.0051 4348 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0051 4348 DLABOIOM - detected UnsignedFile.Multi.Generic (1)

10:54:48.0051 4348 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

10:54:48.0066 4348 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0066 4348 DLACDBHM - detected UnsignedFile.Multi.Generic (1)

10:54:48.0082 4348 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

10:54:48.0113 4348 DLADResN ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0113 4348 DLADResN - detected UnsignedFile.Multi.Generic (1)

10:54:48.0145 4348 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

10:54:48.0160 4348 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0160 4348 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

10:54:48.0176 4348 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

10:54:48.0191 4348 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0191 4348 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

10:54:48.0207 4348 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

10:54:48.0207 4348 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0207 4348 DLAPoolM - detected UnsignedFile.Multi.Generic (1)

10:54:48.0238 4348 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

10:54:48.0238 4348 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0238 4348 DLARTL_N - detected UnsignedFile.Multi.Generic (1)

10:54:48.0270 4348 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

10:54:48.0270 4348 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0270 4348 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

10:54:48.0285 4348 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

10:54:48.0285 4348 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

10:54:48.0285 4348 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

10:54:48.0348 4348 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:54:48.0504 4348 dmboot - ok

10:54:48.0535 4348 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:54:48.0676 4348 dmio - ok

10:54:48.0676 4348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:54:48.0816 4348 dmload - ok

10:54:48.0832 4348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:54:48.0957 4348 DMusic - ok

10:54:49.0004 4348 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:54:49.0129 4348 dpti2o - ok

10:54:49.0176 4348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:54:49.0285 4348 drmkaud - ok

10:54:49.0332 4348 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

10:54:49.0348 4348 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

10:54:49.0348 4348 DRVMCDB - detected UnsignedFile.Multi.Generic (1)

10:54:49.0348 4348 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

10:54:49.0379 4348 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

10:54:49.0379 4348 DRVNDDM - detected UnsignedFile.Multi.Generic (1)

10:54:49.0410 4348 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

10:54:49.0441 4348 E100B - ok

10:54:49.0457 4348 EagleNT - ok

10:54:49.0520 4348 ELUSB (a77fbb6c8f74242c484b96ec88925c4b) C:\WINDOWS\system32\Drivers\ELUSB.sys

10:54:49.0566 4348 ELUSB ( UnsignedFile.Multi.Generic ) - warning

10:54:49.0566 4348 ELUSB - detected UnsignedFile.Multi.Generic (1)

10:54:49.0613 4348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:54:49.0754 4348 Fastfat - ok

10:54:49.0785 4348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:54:49.0926 4348 Fdc - ok

10:54:49.0957 4348 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:54:50.0113 4348 Fips - ok

10:54:50.0145 4348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:54:50.0285 4348 Flpydisk - ok

10:54:50.0332 4348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:54:50.0473 4348 FltMgr - ok

10:54:50.0488 4348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:54:50.0645 4348 Fs_Rec - ok

10:54:50.0660 4348 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:54:50.0801 4348 Ftdisk - ok

10:54:50.0848 4348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

10:54:50.0863 4348 GEARAspiWDM - ok

10:54:50.0926 4348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:54:51.0051 4348 Gpc - ok

10:54:51.0113 4348 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:54:51.0254 4348 HDAudBus - ok

10:54:51.0285 4348 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:54:51.0426 4348 HidUsb - ok

10:54:51.0488 4348 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

10:54:51.0629 4348 hpn - ok

10:54:51.0645 4348 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

10:54:51.0707 4348 HSFHWBS2 - ok

10:54:51.0770 4348 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

10:54:51.0832 4348 HSF_DP - ok

10:54:51.0879 4348 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

10:54:52.0020 4348 HTTP - ok

10:54:52.0066 4348 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:54:52.0191 4348 i2omgmt - ok

10:54:52.0207 4348 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

10:54:52.0348 4348 i2omp - ok

10:54:52.0363 4348 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:54:52.0488 4348 i8042prt - ok

10:54:52.0535 4348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:54:52.0660 4348 Imapi - ok

10:54:52.0707 4348 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

10:54:52.0848 4348 ini910u - ok

10:54:52.0863 4348 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:54:52.0988 4348 IntelIde - ok

10:54:53.0035 4348 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:54:53.0160 4348 intelppm - ok

10:54:53.0160 4348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:54:53.0301 4348 Ip6Fw - ok

10:54:53.0348 4348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:54:53.0473 4348 IpFilterDriver - ok

10:54:53.0504 4348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:54:53.0613 4348 IpInIp - ok

10:54:53.0645 4348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:54:53.0785 4348 IpNat - ok

10:54:53.0832 4348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:54:53.0973 4348 IPSec - ok

10:54:53.0973 4348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:54:54.0098 4348 IRENUM - ok

10:54:54.0129 4348 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:54:54.0270 4348 isapnp - ok

10:54:54.0316 4348 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:54:54.0441 4348 Kbdclass - ok

10:54:54.0473 4348 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:54:54.0598 4348 kbdhid - ok

10:54:54.0613 4348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:54:54.0754 4348 kmixer - ok

10:54:54.0801 4348 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

10:54:54.0910 4348 KSecDD - ok

10:54:54.0926 4348 lbrtfdc - ok

10:54:54.0988 4348 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

10:55:15.0363 4348 MBAMProtector - ok

10:55:15.0520 4348 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

10:55:15.0535 4348 MCSTRM ( UnsignedFile.Multi.Generic ) - warning

10:55:15.0535 4348 MCSTRM - detected UnsignedFile.Multi.Generic (1)

10:55:15.0598 4348 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

10:55:15.0613 4348 mdmxsdk - ok

10:55:15.0645 4348 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

10:55:15.0676 4348 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

10:55:15.0676 4348 MHNDRV - detected UnsignedFile.Multi.Generic (1)

10:55:15.0691 4348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:55:15.0816 4348 mnmdd - ok

10:55:15.0879 4348 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:55:16.0020 4348 Modem - ok

10:55:16.0051 4348 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

10:55:16.0176 4348 MODEMCSA - ok

10:55:16.0207 4348 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:55:16.0332 4348 Mouclass - ok

10:55:16.0379 4348 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:55:16.0520 4348 mouhid - ok

10:55:16.0535 4348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:55:16.0676 4348 MountMgr - ok

10:55:16.0707 4348 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

10:55:16.0848 4348 mraid35x - ok

10:55:16.0863 4348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:55:16.0973 4348 MRxDAV - ok

10:55:17.0035 4348 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:55:17.0098 4348 MRxSmb - ok

10:55:17.0160 4348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:55:17.0301 4348 Msfs - ok

10:55:17.0332 4348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:55:17.0473 4348 MSKSSRV - ok

10:55:17.0473 4348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:55:17.0598 4348 MSPCLOCK - ok

10:55:17.0613 4348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:55:17.0723 4348 MSPQM - ok

10:55:17.0770 4348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:55:17.0879 4348 mssmbios - ok

10:55:17.0926 4348 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:55:18.0066 4348 MSTEE - ok

10:55:18.0098 4348 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

10:55:18.0207 4348 Mup - ok

10:55:18.0238 4348 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:55:18.0379 4348 NABTSFEC - ok

10:55:18.0410 4348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:55:18.0566 4348 NDIS - ok

10:55:18.0598 4348 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:55:18.0738 4348 NdisIP - ok

10:55:18.0754 4348 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:55:18.0895 4348 NdisTapi - ok

10:55:18.0926 4348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:55:19.0051 4348 Ndisuio - ok

10:55:19.0066 4348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:55:19.0191 4348 NdisWan - ok

10:55:19.0207 4348 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

10:55:19.0332 4348 NDProxy - ok

10:55:19.0363 4348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:55:19.0504 4348 NetBIOS - ok

10:55:19.0535 4348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:55:19.0676 4348 NetBT - ok

10:55:19.0707 4348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:55:19.0832 4348 Npfs - ok

10:55:19.0863 4348 npkcusb - ok

10:55:19.0910 4348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:55:20.0066 4348 Ntfs - ok

10:55:20.0098 4348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:55:20.0238 4348 Null - ok

10:55:20.0301 4348 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:55:20.0473 4348 nv - ok

10:55:20.0473 4348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:55:20.0598 4348 NwlnkFlt - ok

10:55:20.0613 4348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:55:20.0738 4348 NwlnkFwd - ok

10:55:20.0785 4348 oreans32 (21dc5b289dce2d32a32baab7bcf29a6a) C:\WINDOWS\system32\drivers\oreans32.sys

10:55:20.0801 4348 oreans32 ( UnsignedFile.Multi.Generic ) - warning

10:55:20.0801 4348 oreans32 - detected UnsignedFile.Multi.Generic (1)

10:55:20.0863 4348 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

10:55:20.0895 4348 ossrv - ok

10:55:20.0895 4348 ovt519 - ok

10:55:20.0910 4348 PalmUSBD - ok

10:55:20.0957 4348 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:55:21.0082 4348 Parport - ok

10:55:21.0113 4348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:55:21.0238 4348 PartMgr - ok

10:55:21.0254 4348 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:55:21.0363 4348 ParVdm - ok

10:55:21.0379 4348 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:55:21.0504 4348 PCI - ok

10:55:21.0520 4348 PCIDump - ok

10:55:21.0535 4348 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:55:21.0660 4348 PCIIde - ok

10:55:21.0676 4348 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:55:21.0801 4348 Pcmcia - ok

10:55:21.0801 4348 PDCOMP - ok

10:55:21.0816 4348 PDFRAME - ok

10:55:21.0832 4348 PDRELI - ok

10:55:21.0832 4348 PDRFRAME - ok

10:55:21.0879 4348 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

10:55:22.0004 4348 perc2 - ok

10:55:22.0020 4348 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

10:55:22.0145 4348 perc2hib - ok

10:55:22.0191 4348 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys

10:55:22.0223 4348 PfModNT ( UnsignedFile.Multi.Generic ) - warning

10:55:22.0223 4348 PfModNT - detected UnsignedFile.Multi.Generic (1)

10:55:22.0301 4348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:55:22.0410 4348 PptpMiniport - ok

10:55:22.0426 4348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:55:22.0566 4348 PSched - ok

10:55:22.0582 4348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:55:22.0691 4348 Ptilink - ok

10:55:22.0738 4348 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:55:22.0770 4348 PxHelp20 - ok

10:55:22.0785 4348 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

10:55:22.0910 4348 ql1080 - ok

10:55:22.0926 4348 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

10:55:23.0051 4348 Ql10wnt - ok

10:55:23.0066 4348 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

10:55:23.0176 4348 ql12160 - ok

10:55:23.0207 4348 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

10:55:23.0348 4348 ql1240 - ok

10:55:23.0348 4348 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

10:55:23.0473 4348 ql1280 - ok

10:55:23.0504 4348 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

10:55:23.0504 4348 QWAVEDRV ( UnsignedFile.Multi.Generic ) - warning

10:55:23.0504 4348 QWAVEDRV - detected UnsignedFile.Multi.Generic (1)

10:55:23.0535 4348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:55:23.0660 4348 RasAcd - ok

10:55:23.0707 4348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:55:23.0848 4348 Rasl2tp - ok

10:55:23.0895 4348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:55:24.0004 4348 RasPppoe - ok

10:55:24.0020 4348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:55:24.0145 4348 Raspti - ok

10:55:24.0176 4348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:55:24.0316 4348 Rdbss - ok

10:55:24.0348 4348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:55:24.0473 4348 RDPCDD - ok

10:55:24.0504 4348 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:55:24.0629 4348 rdpdr - ok

10:55:24.0660 4348 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

10:55:24.0785 4348 RDPWD - ok

10:55:24.0816 4348 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:55:24.0957 4348 redbook - ok

10:55:25.0051 4348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:55:25.0191 4348 Secdrv - ok

10:55:25.0223 4348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:55:25.0363 4348 serenum - ok

10:55:25.0395 4348 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:55:25.0520 4348 Serial - ok

10:55:25.0551 4348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:55:25.0691 4348 Sfloppy - ok

10:55:25.0770 4348 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys

10:55:25.0863 4348 sigfilt - ok

10:55:25.0863 4348 Simbad - ok

10:55:25.0910 4348 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

10:55:26.0051 4348 sisagp - ok

10:55:26.0066 4348 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:55:26.0207 4348 SLIP - ok

10:55:26.0238 4348 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

10:55:26.0363 4348 SONYPVU1 - ok

10:55:26.0395 4348 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

10:55:26.0473 4348 Sparrow - ok

10:55:26.0504 4348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:55:26.0629 4348 splitter - ok

10:55:26.0645 4348 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:55:26.0785 4348 sr - ok

10:55:26.0848 4348 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

10:55:26.0910 4348 Srv - ok

10:55:26.0957 4348 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys

10:55:26.0988 4348 STHDA - ok

10:55:27.0035 4348 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:55:27.0176 4348 streamip - ok

10:55:27.0191 4348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:55:27.0316 4348 swenum - ok

10:55:27.0363 4348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:55:27.0488 4348 swmidi - ok

10:55:27.0535 4348 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:55:27.0660 4348 symc810 - ok

10:55:27.0676 4348 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:55:27.0785 4348 symc8xx - ok

10:55:27.0801 4348 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:55:27.0910 4348 sym_hi - ok

10:55:27.0941 4348 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:55:28.0066 4348 sym_u3 - ok

10:55:28.0113 4348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:55:28.0254 4348 sysaudio - ok

10:55:28.0301 4348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:55:28.0363 4348 Tcpip - ok

10:55:28.0395 4348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:55:28.0520 4348 TDPIPE - ok

10:55:28.0551 4348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:55:28.0676 4348 TDTCP - ok

10:55:28.0707 4348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:55:28.0832 4348 TermDD - ok

10:55:28.0879 4348 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

10:55:29.0004 4348 TosIde - ok

10:55:29.0035 4348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:55:29.0176 4348 Udfs - ok

10:55:29.0176 4348 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

10:55:29.0238 4348 ultra - ok

10:55:29.0285 4348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:55:29.0410 4348 Update - ok

10:55:29.0457 4348 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

10:55:29.0520 4348 USBAAPL - ok

10:55:29.0551 4348 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

10:55:29.0691 4348 usbaudio - ok

10:55:29.0723 4348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:55:29.0863 4348 usbccgp - ok

10:55:29.0895 4348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:55:30.0035 4348 usbehci - ok

10:55:30.0066 4348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:55:30.0207 4348 usbhub - ok

10:55:30.0238 4348 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:55:30.0379 4348 usbprint - ok

10:55:30.0410 4348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:55:30.0535 4348 usbscan - ok

10:55:30.0566 4348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:55:30.0691 4348 USBSTOR - ok

10:55:30.0707 4348 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:55:30.0816 4348 usbuhci - ok

10:55:30.0848 4348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:55:30.0973 4348 VgaSave - ok

10:55:31.0020 4348 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

10:55:31.0145 4348 viaagp - ok

10:55:31.0145 4348 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:55:31.0285 4348 ViaIde - ok

10:55:31.0316 4348 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:55:31.0457 4348 VolSnap - ok

10:55:31.0488 4348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:55:31.0613 4348 Wanarp - ok

10:55:31.0629 4348 wanatw - ok

10:55:31.0629 4348 wbyyiaih - ok

10:55:31.0691 4348 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

10:55:31.0738 4348 Wdf01000 - ok

10:55:31.0738 4348 WDICA - ok

10:55:31.0770 4348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:55:31.0910 4348 wdmaud - ok

10:55:31.0957 4348 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

10:55:31.0988 4348 winachsf - ok

10:55:32.0051 4348 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

10:55:32.0066 4348 WinUSB - ok

10:55:32.0129 4348 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:55:32.0254 4348 WS2IFSL - ok

10:55:32.0285 4348 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:55:32.0426 4348 WSTCODEC - ok

10:55:32.0488 4348 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:55:32.0551 4348 WudfPf - ok

10:55:32.0566 4348 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:55:32.0582 4348 WudfRd - ok

10:55:32.0629 4348 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

10:55:32.0723 4348 \Device\Harddisk0\DR0 - ok

10:55:32.0723 4348 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4

10:55:36.0270 4348 \Device\Harddisk1\DR4 - ok

10:55:36.0285 4348 Boot (0x1200) (0a66a4e618afc8288a4dbecab99de22f) \Device\Harddisk0\DR0\Partition0

10:55:36.0285 4348 \Device\Harddisk0\DR0\Partition0 - ok

10:55:36.0301 4348 Boot (0x1200) (8f6150e1df65a8bc73dd9a4f5ad4da44) \Device\Harddisk1\DR4\Partition0

10:55:36.0301 4348 \Device\Harddisk1\DR4\Partition0 - ok

10:55:36.0301 4348 ============================================================

10:55:36.0301 4348 Scan finished

10:55:36.0301 4348 ============================================================

10:55:36.0410 3292 Detected object count: 17

10:55:36.0410 3292 Actual detected object count: 17

10:56:20.0129 3292 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0129 3292 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0129 3292 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0129 3292 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0129 3292 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0129 3292 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0129 3292 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0129 3292 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0129 3292 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0129 3292 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0129 3292 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0129 3292 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0129 3292 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0129 3292 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0145 3292 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0145 3292 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0145 3292 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0145 3292 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0145 3292 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0145 3292 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0145 3292 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0145 3292 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0145 3292 ELUSB ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0145 3292 ELUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0145 3292 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0145 3292 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0145 3292 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0145 3292 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0160 3292 oreans32 ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0160 3292 oreans32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0160 3292 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0160 3292 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:56:20.0160 3292 QWAVEDRV ( UnsignedFile.Multi.Generic ) - skipped by user

10:56:20.0160 3292 QWAVEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:02:43.0301 5592 ============================================================

11:02:43.0301 5592 Scan started

11:02:43.0301 5592 Mode: Manual; SigCheck; TDLFS;

11:02:43.0301 5592 ============================================================

11:02:43.0520 5592 Abiosdsk - ok

11:02:43.0566 5592 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

11:02:43.0723 5592 abp480n5 - ok

11:02:43.0785 5592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:02:43.0941 5592 ACPI - ok

11:02:43.0988 5592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:02:44.0129 5592 ACPIEC - ok

11:02:44.0191 5592 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

11:02:44.0316 5592 adpu160m - ok

11:02:44.0363 5592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:02:44.0520 5592 aec - ok

11:02:44.0566 5592 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

11:02:44.0598 5592 AFD - ok

11:02:44.0629 5592 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

11:02:44.0738 5592 agp440 - ok

11:02:44.0754 5592 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

11:02:44.0879 5592 agpCPQ - ok

11:02:44.0910 5592 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

11:02:44.0973 5592 Aha154x - ok

11:02:44.0988 5592 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

11:02:45.0113 5592 aic78u2 - ok

11:02:45.0160 5592 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

11:02:45.0270 5592 aic78xx - ok

11:02:45.0285 5592 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

11:02:45.0410 5592 AliIde - ok

11:02:45.0457 5592 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

11:02:45.0598 5592 alim1541 - ok

11:02:45.0613 5592 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

11:02:45.0754 5592 amdagp - ok

11:02:45.0785 5592 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

11:02:45.0863 5592 amsint - ok

11:02:45.0895 5592 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

11:02:46.0035 5592 asc - ok

11:02:46.0051 5592 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

11:02:46.0113 5592 asc3350p - ok

11:02:46.0129 5592 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

11:02:46.0270 5592 asc3550 - ok

11:02:46.0316 5592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:02:46.0441 5592 AsyncMac - ok

11:02:46.0473 5592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:02:46.0613 5592 atapi - ok

11:02:46.0613 5592 Atdisk - ok

11:02:46.0691 5592 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

11:02:46.0723 5592 ati2mtag - ok

11:02:46.0770 5592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:02:46.0926 5592 Atmarpc - ok

11:02:46.0957 5592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:02:47.0066 5592 audstub - ok

11:02:47.0082 5592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:02:47.0207 5592 Beep - ok

11:02:47.0223 5592 BVRPMPR5 - ok

11:02:47.0238 5592 bvrp_pci - ok

11:02:47.0238 5592 catchme - ok

11:02:47.0254 5592 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

11:02:47.0379 5592 cbidf - ok

11:02:47.0379 5592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:02:47.0504 5592 cbidf2k - ok

11:02:47.0520 5592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:02:47.0645 5592 CCDECODE - ok

11:02:47.0645 5592 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

11:02:47.0723 5592 cd20xrnt - ok

11:02:47.0754 5592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:02:47.0879 5592 Cdaudio - ok

11:02:47.0910 5592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:02:48.0051 5592 Cdfs - ok

11:02:48.0082 5592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:02:48.0207 5592 Cdrom - ok

11:02:48.0223 5592 Changer - ok

11:02:48.0254 5592 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

11:02:48.0379 5592 CmdIde - ok

11:02:48.0410 5592 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

11:02:48.0551 5592 Cpqarray - ok

11:02:48.0598 5592 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

11:02:48.0613 5592 ctsfm2k - ok

11:02:48.0645 5592 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

11:02:48.0660 5592 CTUSFSYN - ok

11:02:48.0691 5592 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

11:02:48.0832 5592 dac2w2k - ok

11:02:48.0832 5592 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

11:02:48.0957 5592 dac960nt - ok

11:02:49.0004 5592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:02:49.0129 5592 Disk - ok

11:02:49.0176 5592 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

11:02:49.0207 5592 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0207 5592 DLABOIOM - detected UnsignedFile.Multi.Generic (1)

11:02:49.0207 5592 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

11:02:49.0223 5592 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0223 5592 DLACDBHM - detected UnsignedFile.Multi.Generic (1)

11:02:49.0254 5592 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

11:02:49.0270 5592 DLADResN ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0270 5592 DLADResN - detected UnsignedFile.Multi.Generic (1)

11:02:49.0301 5592 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

11:02:49.0332 5592 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0332 5592 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

11:02:49.0348 5592 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

11:02:49.0348 5592 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0348 5592 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

11:02:49.0363 5592 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

11:02:49.0363 5592 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0363 5592 DLAPoolM - detected UnsignedFile.Multi.Generic (1)

11:02:49.0395 5592 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

11:02:49.0395 5592 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0395 5592 DLARTL_N - detected UnsignedFile.Multi.Generic (1)

11:02:49.0426 5592 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

11:02:49.0426 5592 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0426 5592 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

11:02:49.0441 5592 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

11:02:49.0441 5592 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

11:02:49.0441 5592 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

11:02:49.0504 5592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:02:49.0645 5592 dmboot - ok

11:02:49.0691 5592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:02:49.0879 5592 dmio - ok

11:02:49.0879 5592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:02:50.0004 5592 dmload - ok

11:02:50.0035 5592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:02:50.0160 5592 DMusic - ok

11:02:50.0176 5592 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

11:02:50.0316 5592 dpti2o - ok

11:02:50.0316 5592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:02:50.0441 5592 drmkaud - ok

11:02:50.0488 5592 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

11:02:50.0488 5592 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

11:02:50.0488 5592 DRVMCDB - detected UnsignedFile.Multi.Generic (1)

11:02:50.0504 5592 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

11:02:50.0520 5592 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

11:02:50.0520 5592 DRVNDDM - detected UnsignedFile.Multi.Generic (1)

11:02:50.0551 5592 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

11:02:50.0582 5592 E100B - ok

11:02:50.0598 5592 EagleNT - ok

11:02:50.0645 5592 ELUSB (a77fbb6c8f74242c484b96ec88925c4b) C:\WINDOWS\system32\Drivers\ELUSB.sys

11:02:50.0676 5592 ELUSB ( UnsignedFile.Multi.Generic ) - warning

11:02:50.0676 5592 ELUSB - detected UnsignedFile.Multi.Generic (1)

11:02:50.0738 5592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:02:50.0863 5592 Fastfat - ok

11:02:50.0879 5592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:02:51.0004 5592 Fdc - ok

11:02:51.0035 5592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:02:51.0176 5592 Fips - ok

11:02:51.0207 5592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:02:51.0332 5592 Flpydisk - ok

11:02:51.0379 5592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:02:51.0504 5592 FltMgr - ok

11:02:51.0535 5592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:02:51.0676 5592 Fs_Rec - ok

11:02:51.0691 5592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:02:51.0863 5592 Ftdisk - ok

11:02:51.0895 5592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:02:51.0910 5592 GEARAspiWDM - ok

11:02:51.0957 5592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:02:52.0082 5592 Gpc - ok

11:02:52.0129 5592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:02:52.0270 5592 HDAudBus - ok

11:02:52.0301 5592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:02:52.0441 5592 HidUsb - ok

11:02:52.0473 5592 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

11:02:52.0613 5592 hpn - ok

11:02:52.0645 5592 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

11:02:52.0660 5592 HSFHWBS2 - ok

11:02:52.0723 5592 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

11:02:52.0770 5592 HSF_DP - ok

11:02:52.0816 5592 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

11:02:52.0957 5592 HTTP - ok

11:02:52.0988 5592 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

11:02:53.0113 5592 i2omgmt - ok

11:02:53.0129 5592 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

11:02:53.0254 5592 i2omp - ok

11:02:53.0254 5592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:02:53.0395 5592 i8042prt - ok

11:02:53.0441 5592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:02:53.0582 5592 Imapi - ok

11:02:53.0629 5592 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

11:02:53.0754 5592 ini910u - ok

11:02:53.0785 5592 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

11:02:53.0957 5592 IntelIde - ok

11:02:53.0988 5592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:02:54.0113 5592 intelppm - ok

11:02:54.0129 5592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:02:54.0285 5592 Ip6Fw - ok

11:02:54.0301 5592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:02:54.0441 5592 IpFilterDriver - ok

11:02:54.0473 5592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:02:54.0582 5592 IpInIp - ok

11:02:54.0613 5592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:02:54.0754 5592 IpNat - ok

11:02:54.0785 5592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:02:54.0926 5592 IPSec - ok

11:02:54.0941 5592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:02:55.0066 5592 IRENUM - ok

11:02:55.0098 5592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:02:55.0238 5592 isapnp - ok

11:02:55.0270 5592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:02:55.0395 5592 Kbdclass - ok

11:02:55.0426 5592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:02:55.0551 5592 kbdhid - ok

11:02:55.0566 5592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:02:55.0707 5592 kmixer - ok

11:02:55.0738 5592 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

11:02:55.0910 5592 KSecDD - ok

11:02:56.0020 5592 lbrtfdc - ok

11:02:56.0098 5592 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

11:02:56.0113 5592 MBAMProtector - ok

11:02:56.0176 5592 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

11:02:56.0191 5592 MCSTRM ( UnsignedFile.Multi.Generic ) - warning

11:02:56.0191 5592 MCSTRM - detected UnsignedFile.Multi.Generic (1)

11:02:56.0207 5592 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

11:02:56.0223 5592 mdmxsdk - ok

11:02:56.0254 5592 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

11:02:56.0254 5592 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

11:02:56.0254 5592 MHNDRV - detected UnsignedFile.Multi.Generic (1)

11:02:56.0270 5592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:02:56.0426 5592 mnmdd - ok

11:02:56.0457 5592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:02:56.0598 5592 Modem - ok

11:02:56.0629 5592 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

11:02:56.0770 5592 MODEMCSA - ok

11:02:56.0801 5592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:02:56.0910 5592 Mouclass - ok

11:02:56.0941 5592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:02:57.0082 5592 mouhid - ok

11:02:57.0113 5592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:02:57.0254 5592 MountMgr - ok

11:02:57.0379 5592 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

11:02:57.0520 5592 mraid35x - ok

11:02:57.0535 5592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:02:57.0660 5592 MRxDAV - ok

11:02:57.0723 5592 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:02:57.0754 5592 MRxSmb - ok

11:02:57.0785 5592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:02:57.0926 5592 Msfs - ok

11:02:57.0957 5592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:02:58.0098 5592 MSKSSRV - ok

11:02:58.0113 5592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:02:58.0254 5592 MSPCLOCK - ok

11:02:58.0270 5592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:02:58.0395 5592 MSPQM - ok

11:02:58.0426 5592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:02:58.0551 5592 mssmbios - ok

11:02:58.0566 5592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:02:58.0707 5592 MSTEE - ok

11:02:58.0738 5592 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

11:02:58.0910 5592 Mup - ok

11:02:58.0941 5592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:02:59.0066 5592 NABTSFEC - ok

11:02:59.0098 5592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:02:59.0238 5592 NDIS - ok

11:02:59.0254 5592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:02:59.0379 5592 NdisIP - ok

11:02:59.0910 5592 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:03:00.0066 5592 NdisTapi - ok

11:03:00.0941 5592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:03:01.0098 5592 Ndisuio - ok

11:03:01.0520 5592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:03:01.0660 5592 NdisWan - ok

11:03:01.0910 5592 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

11:03:02.0051 5592 NDProxy - ok

11:03:02.0129 5592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:03:02.0254 5592 NetBIOS - ok

11:03:02.0316 5592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:03:02.0441 5592 NetBT - ok

11:03:02.0488 5592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:03:02.0613 5592 Npfs - ok

11:03:02.0629 5592 npkcusb - ok

11:03:02.0676 5592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:03:02.0879 5592 Ntfs - ok

11:03:02.0926 5592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:03:03.0051 5592 Null - ok

11:03:03.0129 5592 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

11:03:03.0254 5592 nv - ok

11:03:03.0285 5592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:03:03.0410 5592 NwlnkFlt - ok

11:03:03.0441 5592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:03:03.0582 5592 NwlnkFwd - ok

11:03:03.0629 5592 oreans32 (21dc5b289dce2d32a32baab7bcf29a6a) C:\WINDOWS\system32\drivers\oreans32.sys

11:03:03.0629 5592 oreans32 ( UnsignedFile.Multi.Generic ) - warning

11:03:03.0629 5592 oreans32 - detected UnsignedFile.Multi.Generic (1)

11:03:03.0676 5592 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

11:03:03.0707 5592 ossrv - ok

11:03:03.0723 5592 ovt519 - ok

11:03:03.0738 5592 PalmUSBD - ok

11:03:03.0770 5592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:03:03.0910 5592 Parport - ok

11:03:03.0941 5592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:03:04.0051 5592 PartMgr - ok

11:03:04.0082 5592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:03:04.0207 5592 ParVdm - ok

11:03:04.0223 5592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:03:04.0348 5592 PCI - ok

11:03:04.0348 5592 PCIDump - ok

11:03:04.0363 5592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:03:04.0473 5592 PCIIde - ok

11:03:04.0520 5592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:03:04.0629 5592 Pcmcia - ok

11:03:04.0645 5592 PDCOMP - ok

11:03:04.0645 5592 PDFRAME - ok

11:03:04.0660 5592 PDRELI - ok

11:03:04.0676 5592 PDRFRAME - ok

11:03:04.0707 5592 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

11:03:04.0832 5592 perc2 - ok

11:03:04.0848 5592 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

11:03:04.0973 5592 perc2hib - ok

11:03:05.0020 5592 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys

11:03:05.0035 5592 PfModNT ( UnsignedFile.Multi.Generic ) - warning

11:03:05.0035 5592 PfModNT - detected UnsignedFile.Multi.Generic (1)

11:03:05.0098 5592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:03:05.0207 5592 PptpMiniport - ok

11:03:05.0223 5592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:03:05.0348 5592 PSched - ok

11:03:05.0348 5592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:03:05.0473 5592 Ptilink - ok

11:03:05.0520 5592 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:03:05.0520 5592 PxHelp20 - ok

11:03:05.0551 5592 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

11:03:05.0676 5592 ql1080 - ok

11:03:05.0676 5592 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

11:03:05.0832 5592 Ql10wnt - ok

11:03:05.0848 5592 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

11:03:05.0973 5592 ql12160 - ok

11:03:06.0004 5592 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

11:03:06.0129 5592 ql1240 - ok

11:03:06.0145 5592 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

11:03:06.0254 5592 ql1280 - ok

11:03:06.0285 5592 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

11:03:06.0285 5592 QWAVEDRV ( UnsignedFile.Multi.Generic ) - warning

11:03:06.0285 5592 QWAVEDRV - detected UnsignedFile.Multi.Generic (1)

11:03:06.0316 5592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:03:06.0441 5592 RasAcd - ok

11:03:06.0488 5592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:03:06.0629 5592 Rasl2tp - ok

11:03:06.0660 5592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:03:06.0785 5592 RasPppoe - ok

11:03:06.0785 5592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:03:06.0910 5592 Raspti - ok

11:03:06.0957 5592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:03:07.0066 5592 Rdbss - ok

11:03:07.0082 5592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:03:07.0223 5592 RDPCDD - ok

11:03:07.0238 5592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:03:07.0348 5592 rdpdr - ok

11:03:07.0379 5592 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

11:03:07.0504 5592 RDPWD - ok

11:03:07.0551 5592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:03:07.0691 5592 redbook - ok

11:03:07.0754 5592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:03:07.0910 5592 Secdrv - ok

11:03:07.0957 5592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:03:08.0082 5592 serenum - ok

11:03:08.0113 5592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:03:08.0238 5592 Serial - ok

11:03:08.0285 5592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:03:08.0410 5592 Sfloppy - ok

11:03:08.0488 5592 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys

11:03:08.0551 5592 sigfilt - ok

11:03:08.0551 5592 Simbad - ok

11:03:08.0598 5592 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

11:03:08.0738 5592 sisagp - ok

11:03:08.0738 5592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:03:08.0863 5592 SLIP - ok

11:03:08.0895 5592 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

11:03:09.0020 5592 SONYPVU1 - ok

11:03:09.0051 5592 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

11:03:09.0113 5592 Sparrow - ok

11:03:09.0145 5592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:03:09.0270 5592 splitter - ok

11:03:09.0285 5592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:03:09.0426 5592 sr - ok

11:03:09.0488 5592 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

11:03:09.0520 5592 Srv - ok

11:03:09.0582 5592 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys

11:03:09.0613 5592 STHDA - ok

11:03:09.0660 5592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:03:09.0816 5592 streamip - ok

11:03:09.0848 5592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:03:09.0957 5592 swenum - ok

11:03:10.0004 5592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:03:10.0145 5592 swmidi - ok

11:03:10.0176 5592 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

11:03:10.0285 5592 symc810 - ok

11:03:10.0301 5592 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

11:03:10.0426 5592 symc8xx - ok

11:03:10.0426 5592 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

11:03:10.0551 5592 sym_hi - ok

11:03:10.0551 5592 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

11:03:10.0676 5592 sym_u3 - ok

11:03:10.0723 5592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:03:10.0848 5592 sysaudio - ok

11:03:10.0895 5592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:03:10.0926 5592 Tcpip - ok

11:03:10.0973 5592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:03:11.0098 5592 TDPIPE - ok

11:03:11.0129 5592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:03:11.0270 5592 TDTCP - ok

11:03:11.0316 5592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:03:11.0441 5592 TermDD - ok

11:03:11.0488 5592 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

11:03:11.0613 5592 TosIde - ok

11:03:11.0629 5592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:03:11.0754 5592 Udfs - ok

11:03:11.0770 5592 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

11:03:11.0879 5592 ultra - ok

11:03:11.0926 5592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:03:12.0051 5592 Update - ok

11:03:12.0098 5592 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

11:03:12.0129 5592 USBAAPL - ok

11:03:12.0160 5592 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:03:12.0301 5592 usbaudio - ok

11:03:12.0332 5592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:03:12.0457 5592 usbccgp - ok

11:03:12.0504 5592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:03:12.0645 5592 usbehci - ok

11:03:12.0676 5592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:03:12.0801 5592 usbhub - ok

11:03:12.0832 5592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:03:12.0973 5592 usbprint - ok

11:03:13.0004 5592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:03:13.0129 5592 usbscan - ok

11:03:13.0160 5592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:03:13.0270 5592 USBSTOR - ok

11:03:13.0301 5592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:03:13.0410 5592 usbuhci - ok

11:03:13.0426 5592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:03:13.0566 5592 VgaSave - ok

11:03:13.0598 5592 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

11:03:13.0738 5592 viaagp - ok

11:03:13.0754 5592 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

11:03:13.0910 5592 ViaIde - ok

11:03:13.0926 5592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:03:14.0051 5592 VolSnap - ok

11:03:14.0098 5592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:03:14.0238 5592 Wanarp - ok

11:03:14.0238 5592 wanatw - ok

11:03:14.0254 5592 wbyyiaih - ok

11:03:14.0301 5592 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

11:03:14.0332 5592 Wdf01000 - ok

11:03:14.0332 5592 WDICA - ok

11:03:14.0363 5592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:03:14.0504 5592 wdmaud - ok

11:03:14.0551 5592 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

11:03:14.0566 5592 winachsf - ok

11:03:14.0629 5592 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

11:03:14.0645 5592 WinUSB - ok

11:03:14.0691 5592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

11:03:14.0816 5592 WS2IFSL - ok

11:03:14.0848 5592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:03:14.0973 5592 WSTCODEC - ok

11:03:15.0020 5592 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:03:15.0035 5592 WudfPf - ok

11:03:15.0035 5592 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:03:15.0082 5592 WudfRd - ok

11:03:15.0113 5592 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

11:03:15.0207 5592 \Device\Harddisk0\DR0 - ok

11:03:15.0207 5592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4

11:03:18.0691 5592 \Device\Harddisk1\DR4 - ok

11:03:18.0707 5592 Boot (0x1200) (0a66a4e618afc8288a4dbecab99de22f) \Device\Harddisk0\DR0\Partition0

11:03:18.0707 5592 \Device\Harddisk0\DR0\Partition0 - ok

11:03:18.0723 5592 Boot (0x1200) (8f6150e1df65a8bc73dd9a4f5ad4da44) \Device\Harddisk1\DR4\Partition0

11:03:18.0723 5592 \Device\Harddisk1\DR4\Partition0 - ok

11:03:18.0723 5592 ============================================================

11:03:18.0723 5592 Scan finished

11:03:18.0723 5592 ============================================================

11:03:18.0738 1940 Detected object count: 17

11:03:18.0738 1940 Actual detected object count: 17

11:03:47.0848 1940 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0863 1940 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0863 1940 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0863 1940 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0863 1940 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0863 1940 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0863 1940 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0863 1940 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0863 1940 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0863 1940 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0879 1940 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0879 1940 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0879 1940 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0879 1940 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0879 1940 ELUSB ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0879 1940 ELUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0879 1940 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0879 1940 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0879 1940 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0879 1940 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0879 1940 oreans32 ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0879 1940 oreans32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0879 1940 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0879 1940 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:47.0895 1940 QWAVEDRV ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:47.0895 1940 QWAVEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:53.0910 3696 Deinitialize success

LDTate · March 6, 2012

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

drcho2112 · March 7, 2012

logs from combofix

ComboFix 12-03-06.01 - Mary Borchardt 03/06/2012 16:34:19.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.447 [GMT -8:00]

Running from: c:\documents and settings\Mary Borchardt\Desktop\ComboFix.exe

FW: Platinum 2007 Personal Firewall *Disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\MARYBO~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp

c:\documents and settings\Mary Borchardt\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp

.

((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))

.

2012-03-02 00:24 . 2012-03-02 00:24 709968 ----a-w- c:\windows\is-VR0AL.exe

2012-02-27 17:14 . 2012-02-27 17:14 -------- d-----w- c:\documents and settings\David Cho\Application Data\Incredibar.com

2012-02-27 17:14 . 2012-02-27 17:14 -------- d-----w- c:\documents and settings\David Cho\Application Data\mediabarbs

2012-02-27 17:14 . 2012-02-27 17:14 -------- d-----w- c:\documents and settings\David Cho\Application Data\wincorebsband

2012-02-27 17:14 . 2012-02-27 17:14 -------- d-----w- c:\documents and settings\David Cho\AppData

2012-02-26 19:29 . 2012-02-26 19:29 -------- d-----w- c:\documents and settings\Mary Borchardt\Application Data\Incredibar.com

2012-02-26 18:09 . 2012-02-26 18:09 -------- d-----w- c:\documents and settings\David Cho\Application Data\MyHeritage

2012-02-11 23:08 . 2012-02-11 23:08 -------- d-----w- c:\documents and settings\Mary Borchardt\Local Settings\Application Data\Premiumplay Codec-C

2012-02-11 23:07 . 2012-02-11 23:08 -------- d-----w- c:\program files\Premiumplay Codec-C

2012-02-11 23:07 . 2012-02-27 20:41 -------- d-----w- c:\documents and settings\Mary Borchardt\Local Settings\Application Data\WeatherBug

2012-02-11 23:07 . 2012-02-11 23:07 -------- d-----w- C:\codec-info

2012-02-11 23:07 . 2012-02-11 23:07 -------- d-----w- c:\documents and settings\Mary Borchardt\Application Data\WeatherBug

2012-02-11 23:07 . 2012-02-11 23:07 18944 ----a-r- c:\documents and settings\Mary Borchardt\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2012-02-11 23:07 . 2012-02-11 23:07 11264 ----a-r- c:\documents and settings\Mary Borchardt\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe

2012-02-11 23:07 . 2012-02-11 23:07 -------- d-----w- c:\program files\AWS

2012-02-11 23:05 . 2012-02-11 23:05 449 ----a-w- C:\user.js

2012-02-11 23:04 . 2012-02-11 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate

2012-02-11 19:11 . 2012-02-11 19:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2012-02-06 04:57 . 2012-02-06 04:57 -------- d-----w- c:\program files\iPod

2012-02-06 04:57 . 2012-02-06 04:58 -------- d-----w- c:\program files\iTunes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 23:24 . 2010-01-26 00:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-24 00:56 . 2011-04-01 04:01 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((( SnapShot_2012-02-28_18.27.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-02 00:22 . 2012-03-02 00:22 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat

+ 2012-03-02 00:22 . 2012-03-02 00:22 16384 c:\windows\Temp\Perflib_Perfdata_398.dat

+ 2011-08-16 06:46 . 2012-03-02 04:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2011-08-16 06:46 . 2012-01-11 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-03-28 02:09 . 2012-03-02 04:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-03-28 02:09 . 2012-01-11 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2012-03-02 04:41 . 2012-03-02 04:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2011-08-16 06:46 . 2012-01-11 00:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

.

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]

2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]

2011-10-31 12:14 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll" [2011-10-31 87480]

.

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

.

[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

.

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 68856]

"Aim"="c:\program files\AIM7\aim.exe" [2009-12-01 3951976]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-30 1652736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]

"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]

"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-04 198160]

"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-11-02 222736]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"InnoSetupRegFile.0000000001"="c:\windows\is-VR0AL.exe" [2012-03-02 709968]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 19 (0x13)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [11/24/2007 10:37 PM 33824]

R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ArcGIS\License10.0\bin\lmgrd.exe [11/5/2008 11:59 PM 1500424]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/25/2010 4:44 PM 652872]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/25/2010 4:44 PM 20464]

S0 wbyyiaih;wbyyiaih;c:\windows\system32\drivers\pncoinl.sys --> c:\windows\system32\drivers\pncoinl.sys [?]

S2 gupdate1c9fe004505b918;Google Update Service (gupdate1c9fe004505b918);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2009 10:09 PM 133104]

S3 ELUSB;DUET Status Monitor Driver;c:\windows\system32\drivers\ELUSB.sys [7/31/2009 3:38 PM 35200]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2009 10:09 PM 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 22902473

*NewlyCreated* - 92897989

*Deregistered* - 22902473

*Deregistered* - 92897989

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:57]

.

2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 06:09]

.

2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 06:09]

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://search.myheritage.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: turbotax.com

Trusted Zone: yahoo.com\www

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Mary Borchardt\Application Data\Mozilla\Firefox\Profiles\xomo98zl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=CYBTDF&PC=CYBD&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=710&systemid=2&sr=0&q=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OysBmRNMM&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - dcdd24b7000000000000001372b38ca4

FF - user.js: extensions.incredibar_i.hardId - dcdd24b7000000000000001372b38ca4

FF - user.js: extensions.incredibar_i.instlDay - 15381

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:05

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OysBmRNMM

FF - user.js: extensions.incredibar_i.upn2n - 92260884094850476

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 48

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-06 16:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4179990619-145677384-1142958219-1006\Software\SecuROM\License information*]

"datasecu"=hex:cb,20,ae,f2,87,43,38,64,75,66,0a,c7,f6,ea,cf,0b,fc,25,68,21,dc,

63,4a,93,3e,11,ef,54,bc,96,fb,ef,a6,85,74,d3,b6,ac,a3,54,4e,11,8a,47,17,f8,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

Completion time: 2012-03-06 16:51:18

ComboFix-quarantined-files.txt 2012-03-07 00:51

ComboFix2.txt 2012-02-28 18:32

ComboFix3.txt 2010-07-10 00:48

ComboFix4.txt 2010-07-09 23:04

.

Pre-Run: 108,282,314,752 bytes free

Post-Run: 108,263,530,496 bytes free

.

- - End Of File - - C01F88C03DFF34033B83B0DB886A26B6

Thanks

LDTate · March 7, 2012

Did you install this?

c:\program files\Premiumplay Codec-C

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::

Folder::
c:\program files\Family Toolbar
c:\progra~1\BEARSH~1\MediaBar
c:\documents and settings\David Cho\Application Data\Incredibar.com
c:\documents and settings\David Cho\Application Data\mediabarbs
c:\documents and settings\David Cho\Application Data\wincorebsband
c:\documents and settings\David Cho\AppData
c:\documents and settings\Mary Borchardt\Application Data\Incredibar.com

FireFox::
FF - ProfilePath - c:\documents and settings\Mary Borchardt\Application Data\Mozilla\Firefox\Profiles\xomo98zl.default\
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=710&systemid=2&sr=0&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OysBmRNMM&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - dcdd24b7000000000000001372b38ca4
FF - user.js: extensions.incredibar_i.hardId - dcdd24b7000000000000001372b38ca4
FF - user.js: extensions.incredibar_i.instlDay - 15381
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:05
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OysBmRNMM
FF - user.js: extensions.incredibar_i.upn2n - 92260884094850476
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 48

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"=- 
[-HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[-HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[-HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=- 
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"=-
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
[-HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=- 
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

drcho2112 · March 8, 2012

No, I don't recognize that program. I did as instructed but when I run combofix it just hangs at the bluescreen. it's been in the same state since last night. i did not click in the screen or touch my PC after it started running. Currently PC behavior is that normal PC stuff seems to be fine;opening docs, exploring, running other programs etc. It's only web traffic that is hosed and it seems intermittent, Strangely it seems to like going to Yahoo and Google but nowhere else.

LDTate · March 8, 2012

See if you can uninstall this via Add/Remove programs.

c:\program files\Premiumplay Codec-C

drcho2112 · March 10, 2012

I deleted that program and ran combofix again and it did get thru the entire process this time. Logs below

ComboFix 12-03-06.01 - Mary Borchardt 03/08/2012 14:45:52.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.344 [GMT -8:00]

Running from: c:\documents and settings\Mary Borchardt\Desktop\ComboFix.exe

FW: Platinum 2007 Personal Firewall *Disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\MARYBO~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp

c:\documents and settings\Mary Borchardt\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp

c:\windows\isRS-000.tmp

.

((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))

.

2012-03-08 14:51 . 2012-03-08 14:51 -------- d-----w- c:\documents and settings\Mary Borchardt\Local Settings\Application Data\PackageAware

2012-03-08 14:45 . 2012-03-08 14:45 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2012-03-08 14:45 . 2012-03-08 14:45 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2012-03-08 14:45 . 2012-03-08 14:45 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2012-03-08 14:45 . 2012-03-08 14:45 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2012-03-08 14:45 . 2012-03-08 14:45 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2012-03-08 14:45 . 2012-03-08 14:45 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2012-03-08 14:45 . 2012-03-08 14:45 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2012-03-08 14:45 . 2012-03-08 14:45 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2012-03-08 14:45 . 2012-03-08 14:45 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2012-03-08 14:44 . 2012-03-08 14:44 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2012-03-08 14:44 . 2012-03-08 14:44 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2012-03-08 14:44 . 2012-03-08 14:44 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2012-03-08 14:44 . 2012-03-08 14:44 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2012-03-08 14:44 . 2012-03-08 14:44 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2012-03-08 14:44 . 2012-03-08 14:44 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2012-03-08 14:44 . 2012-03-08 14:44 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2012-03-08 14:44 . 2012-03-08 14:44 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS