Jump to content

gimmeanswers browser hijack


Recommended Posts

Merged 3 post

Greetings~

Yes, another victim.

Running XP, symptoms aren't quite what I've read elsewhere, clicking on a search result link sometimes redirects, going back and clicking again then does go to the correct link every time i've tried that. Odd infection.

Installed and ran malwarebytes and it found something but apparently not the gimmeanswers infection. Log of that session posted in case it helps.

Running the dds script didn't create an attach.txt file, only a dds.txt file which is copied below.

Any input greatly appreciated :)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20

Run by Aric at 11:05:51 on 2012-03-02

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.410 [GMT -8:00]

.

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\Anvshell.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.netflix.com/MemberHome

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

mDefault_Page_URL = hxxp://www.yahoo.com/

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [Anvshell] c:\windows\Anvshell.exe

mRun: [POINTER] point32.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [<NO NAME>]

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzc2NjkzNDU4LUtWMys3LUJBKzEtVDEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTEwQisxLUY5TTIrMS1ERFQrMTA4LUZMMTArMS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzEtU1QxMkZPSSsxLUYxME0xMkFVKzE"&"prod=90"&"ver=2012.0.1831"&"mid=acaf49d840a147d6824cd147e0c932b1-323075834804df9c07659491f1fe3952375350a2

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/217

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\program files\avira\antivir desktop\avsda.dll

LSP: mswsock.dll

DPF: {00000045-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/sg726acm.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279942794171

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279942783921

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7436B00D-0830-451D-AB69-B0FC1969D522} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\aric\application data\mozilla\firefox\profiles\xdpky5q7.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - component: c:\documents and settings\aric\application data\mozilla\firefox\profiles\xdpky5q7.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll

FF - component: c:\documents and settings\aric\application data\mozilla\firefox\profiles\xdpky5q7.default\extensions\firegpg@firegpg.team\platform\winnt_x86-msvc\components\ipc.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-23 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-23 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-23 110032]

R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-23 463824]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-23 74640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-1 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-1 20464]

S2 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]

S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2007-5-22 16777]

S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2007-5-22 12905]

S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2007-8-24 899884]

.

=============== Created Last 30 ================

.

2012-03-02 00:55:19 -------- d-----w- c:\documents and settings\aric\application data\Malwarebytes

2012-03-02 00:55:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-02 00:55:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-02 00:55:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-02 00:29:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-20 14:58:42 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-02-20 14:58:42 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-02-20 14:58:42 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-02-20 14:58:42 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-02-10 17:53:23 -------- d-----w- c:\program files\HRBlock2011

.

==================== Find3M ====================

.

2011-12-23 06:06:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 11:06:16.04 ===============

Here is the mbam log contents....

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 10

C:\Documents and Settings\LocalService\Application Data\020000007aeff1541349C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\020000007aeff1541349O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\020000007aeff1541349P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\020000007aeff1541349S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\020000007aeff1541349C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\020000007aeff1541349O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\020000007aeff1541349P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\020000007aeff1541349S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

(end)

I also notice that MWB is blocking outgoing attempts to access a site, with a popup in the tray stating it was successfully blocked.

Anything else I can add to help?

Did I say/do something wrong?

Now something new... MWB is disabled, trying to re-enable protection brings up an error:

"an error has occured. please report this issue to our support team (include content of all error messages and codes in your submission)

PROGRAM_ERROR_PROTECTION_MODULE (2, 0, ProtectionEnable)

The system cannot find the file specified.

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Thank you very much for your response and info.

Yes, I'd like to continue. I have considered a reformat however if you feel there's a reasonable chance of success, I'd like to try.

I do have a second computer and will take the steps you suggested.

Let me know how best to proceed. Thanks again!

Link to post
Share on other sites

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Followed your post. One thing was slightly different, after the scan, one object was identified as malware, and there was no "cure" option. The three options were delete,quarantine, skip. I choose delete.

Other than that, everything was as you described. Log contents are as follows...

(thanks again!)

06:56:27.0796 1900 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

06:56:29.0812 1900 ============================================================

06:56:29.0812 1900 Current date / time: 2012/03/06 06:56:29.0812

06:56:29.0812 1900 SystemInfo:

06:56:29.0812 1900

06:56:29.0812 1900 OS Version: 5.1.2600 ServicePack: 3.0

06:56:29.0812 1900 Product type: Workstation

06:56:29.0812 1900 ComputerName: KAP

06:56:29.0812 1900 UserName: Aric

06:56:29.0812 1900 Windows directory: C:\WINDOWS

06:56:29.0812 1900 System windows directory: C:\WINDOWS

06:56:29.0812 1900 Processor architecture: Intel x86

06:56:29.0812 1900 Number of processors: 2

06:56:29.0812 1900 Page size: 0x1000

06:56:29.0812 1900 Boot type: Normal boot

06:56:29.0812 1900 ============================================================

06:56:40.0968 1900 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

06:56:41.0015 1900 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

06:56:41.0078 1900 Drive \Device\Harddisk2\DR4 - Size: 0x3D680000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

06:56:41.0078 1900 \Device\Harddisk0\DR0:

06:56:41.0093 1900 MBR used

06:56:41.0093 1900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC

06:56:41.0093 1900 \Device\Harddisk1\DR1:

06:56:41.0093 1900 MBR used

06:56:41.0093 1900 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82

06:56:41.0093 1900 \Device\Harddisk2\DR4:

06:56:41.0093 1900 MBR used

06:56:41.0093 1900 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x6, StartLBA 0xF3, BlocksNum 0x1EB30D

06:56:41.0375 1900 Initialize success

06:56:41.0375 1900 ============================================================

06:57:17.0250 2124 ============================================================

06:57:17.0250 2124 Scan started

06:57:17.0250 2124 Mode: Manual; SigCheck; TDLFS;

06:57:17.0250 2124 ============================================================

06:57:18.0562 2124 Abiosdsk - ok

06:57:18.0640 2124 abp480n5 - ok

06:57:18.0734 2124 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

06:57:21.0093 2124 ACPI - ok

06:57:21.0375 2124 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

06:57:21.0671 2124 ACPIEC - ok

06:57:21.0718 2124 adpu160m - ok

06:57:21.0812 2124 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys

06:57:21.0875 2124 aeaudio - ok

06:57:22.0015 2124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

06:57:22.0281 2124 aec - ok

06:57:22.0359 2124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

06:57:22.0421 2124 AFD - ok

06:57:22.0515 2124 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

06:57:22.0765 2124 agp440 - ok

06:57:22.0828 2124 Aha154x - ok

06:57:22.0859 2124 aic78u2 - ok

06:57:22.0921 2124 aic78xx - ok

06:57:22.0984 2124 AliIde - ok

06:57:23.0031 2124 amsint - ok

06:57:23.0109 2124 asc - ok

06:57:23.0140 2124 asc3350p - ok

06:57:23.0187 2124 asc3550 - ok

06:57:23.0265 2124 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

06:57:23.0281 2124 Aspi32 ( UnsignedFile.Multi.Generic ) - warning

06:57:23.0281 2124 Aspi32 - detected UnsignedFile.Multi.Generic (1)

06:57:23.0359 2124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

06:57:23.0609 2124 AsyncMac - ok

06:57:23.0671 2124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

06:57:23.0921 2124 atapi - ok

06:57:23.0968 2124 Atdisk - ok

06:57:24.0031 2124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

06:57:24.0281 2124 Atmarpc - ok

06:57:24.0468 2124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

06:57:24.0718 2124 audstub - ok

06:57:24.0812 2124 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

06:57:24.0890 2124 avgntflt - ok

06:57:25.0000 2124 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

06:57:25.0015 2124 avipbb - ok

06:57:25.0109 2124 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

06:57:25.0125 2124 avkmgr - ok

06:57:25.0218 2124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

06:57:25.0453 2124 Beep - ok

06:57:25.0546 2124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

06:57:25.0812 2124 cbidf2k - ok

06:57:25.0890 2124 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

06:57:26.0156 2124 CCDECODE - ok

06:57:26.0203 2124 cd20xrnt - ok

06:57:26.0281 2124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

06:57:26.0515 2124 Cdaudio - ok

06:57:26.0546 2124 cdb2cb3c ( Rootkit.Win32.PMax.gen ) - infected

06:57:26.0546 2124 cdb2cb3c - detected Rootkit.Win32.PMax.gen (0)

06:57:26.0656 2124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

06:57:26.0890 2124 Cdfs - ok

06:57:26.0953 2124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

06:57:27.0187 2124 Cdrom - ok

06:57:27.0234 2124 Changer - ok

06:57:27.0281 2124 CmdIde - ok

06:57:27.0343 2124 Cpqarray - ok

06:57:27.0390 2124 dac2w2k - ok

06:57:27.0421 2124 dac960nt - ok

06:57:27.0484 2124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

06:57:27.0734 2124 Disk - ok

06:57:27.0843 2124 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

06:57:28.0187 2124 dmboot - ok

06:57:28.0250 2124 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

06:57:28.0515 2124 dmio - ok

06:57:28.0593 2124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

06:57:28.0859 2124 dmload - ok

06:57:28.0968 2124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

06:57:29.0203 2124 DMusic - ok

06:57:29.0265 2124 dpti2o - ok

06:57:29.0312 2124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

06:57:29.0546 2124 drmkaud - ok

06:57:29.0671 2124 EIO (ee236706228a5df709ddd9bc1c6dafd0) C:\WINDOWS\system32\drivers\EIO.sys

06:57:29.0671 2124 EIO ( UnsignedFile.Multi.Generic ) - warning

06:57:29.0671 2124 EIO - detected UnsignedFile.Multi.Generic (1)

06:57:29.0750 2124 EL2000 (9d356817b223067ff6f7f9eb867585ef) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys

06:57:29.0812 2124 EL2000 - ok

06:57:29.0921 2124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

06:57:30.0203 2124 Fastfat - ok

06:57:30.0265 2124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

06:57:30.0500 2124 Fdc - ok

06:57:30.0593 2124 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

06:57:30.0843 2124 Fips - ok

06:57:30.0937 2124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

06:57:31.0171 2124 Flpydisk - ok

06:57:31.0281 2124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

06:57:31.0531 2124 FltMgr - ok

06:57:31.0609 2124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

06:57:31.0843 2124 Fs_Rec - ok

06:57:31.0968 2124 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

06:57:32.0234 2124 Ftdisk - ok

06:57:32.0328 2124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

06:57:32.0546 2124 Gpc - ok

06:57:32.0640 2124 grmn0200 (2c9d8145adb1d800a5e84d4781203f26) C:\WINDOWS\system32\Drivers\grmn0200.sys

06:57:32.0671 2124 grmn0200 ( UnsignedFile.Multi.Generic ) - warning

06:57:32.0671 2124 grmn0200 - detected UnsignedFile.Multi.Generic (1)

06:57:32.0750 2124 grmn1200 (c38fae430886ba32da9e3f7f7151211c) C:\WINDOWS\system32\Drivers\grmn1200.sys

06:57:32.0796 2124 grmn1200 ( UnsignedFile.Multi.Generic ) - warning

06:57:32.0796 2124 grmn1200 - detected UnsignedFile.Multi.Generic (1)

06:57:32.0890 2124 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

06:57:33.0109 2124 HidUsb - ok

06:57:33.0171 2124 hpn - ok

06:57:33.0265 2124 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

06:57:33.0515 2124 HTTP - ok

06:57:33.0546 2124 i2omgmt - ok

06:57:33.0609 2124 i2omp - ok

06:57:33.0703 2124 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

06:57:33.0921 2124 i8042prt - ok

06:57:34.0031 2124 imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

06:57:34.0234 2124 imapi - ok

06:57:34.0296 2124 ini910u - ok

06:57:34.0343 2124 IntelIde - ok

06:57:34.0421 2124 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

06:57:34.0656 2124 intelppm - ok

06:57:34.0718 2124 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

06:57:34.0968 2124 ip6fw - ok

06:57:35.0093 2124 IPFilter (d0b3dee109af605885c46a59bfc24cd2) C:\WINDOWS\system32\DRIVERS\IPFilter.sys

06:57:35.0140 2124 IPFilter - ok

06:57:35.0328 2124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

06:57:35.0593 2124 IpFilterDriver - ok

06:57:35.0671 2124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

06:57:35.0906 2124 IpInIp - ok

06:57:35.0953 2124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

06:57:36.0187 2124 IpNat - ok

06:57:36.0234 2124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

06:57:36.0453 2124 IPSec - ok

06:57:36.0515 2124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

06:57:36.0640 2124 IRENUM - ok

06:57:36.0703 2124 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

06:57:36.0937 2124 isapnp - ok

06:57:37.0015 2124 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

06:57:37.0234 2124 Kbdclass - ok

06:57:37.0328 2124 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

06:57:37.0562 2124 kbdhid - ok

06:57:37.0625 2124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

06:57:37.0859 2124 kmixer - ok

06:57:37.0953 2124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

06:57:38.0062 2124 KSecDD - ok

06:57:38.0156 2124 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

06:57:38.0171 2124 L8042Kbd - ok

06:57:38.0281 2124 lbrtfdc - ok

06:57:38.0375 2124 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

06:57:38.0390 2124 LHidFilt - ok

06:57:38.0484 2124 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

06:57:38.0500 2124 LMouFilt - ok

06:57:38.0546 2124 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

06:57:38.0562 2124 LUsbFilt - ok

06:57:38.0656 2124 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

06:57:38.0671 2124 MBAMProtector - ok

06:57:38.0781 2124 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys

06:57:38.0843 2124 MidiSyn - ok

06:57:38.0937 2124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

06:57:39.0156 2124 mnmdd - ok

06:57:39.0234 2124 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

06:57:39.0468 2124 Modem - ok

06:57:39.0531 2124 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

06:57:39.0750 2124 Mouclass - ok

06:57:39.0843 2124 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

06:57:40.0062 2124 mouhid - ok

06:57:40.0109 2124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

06:57:40.0328 2124 MountMgr - ok

06:57:40.0390 2124 mraid35x - ok

06:57:40.0468 2124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

06:57:40.0703 2124 MRxDAV - ok

06:57:40.0812 2124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

06:57:41.0046 2124 Msfs - ok

06:57:41.0109 2124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

06:57:41.0328 2124 MSKSSRV - ok

06:57:41.0421 2124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

06:57:41.0640 2124 MSPCLOCK - ok

06:57:41.0718 2124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

06:57:41.0968 2124 MSPQM - ok

06:57:42.0062 2124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

06:57:42.0265 2124 mssmbios - ok

06:57:42.0328 2124 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

06:57:42.0562 2124 MSTEE - ok

06:57:42.0656 2124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

06:57:42.0734 2124 Mup - ok

06:57:42.0812 2124 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

06:57:43.0031 2124 NABTSFEC - ok

06:57:43.0093 2124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

06:57:43.0312 2124 NDIS - ok

06:57:43.0406 2124 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

06:57:43.0625 2124 NdisIP - ok

06:57:43.0703 2124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

06:57:43.0765 2124 NdisTapi - ok

06:57:43.0828 2124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

06:57:44.0031 2124 Ndisuio - ok

06:57:44.0093 2124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

06:57:44.0281 2124 NdisWan - ok

06:57:44.0406 2124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

06:57:44.0468 2124 NDProxy - ok

06:57:44.0546 2124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

06:57:44.0750 2124 NetBIOS - ok

06:57:44.0812 2124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

06:57:45.0031 2124 NetBT - ok

06:57:45.0171 2124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

06:57:45.0390 2124 Npfs - ok

06:57:45.0484 2124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

06:57:45.0796 2124 Ntfs - ok

06:57:45.0921 2124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

06:57:46.0125 2124 Null - ok

06:57:46.0390 2124 nv (2b5fbc325d32795b529544b238acfadb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

06:57:46.0671 2124 nv ( UnsignedFile.Multi.Generic ) - warning

06:57:46.0671 2124 nv - detected UnsignedFile.Multi.Generic (1)

06:57:46.0750 2124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

06:57:46.0953 2124 NwlnkFlt - ok

06:57:47.0031 2124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

06:57:47.0406 2124 NwlnkFwd - ok

06:57:47.0500 2124 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

06:57:47.0718 2124 Parport - ok

06:57:47.0781 2124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

06:57:47.0968 2124 PartMgr - ok

06:57:48.0078 2124 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

06:57:48.0296 2124 ParVdm - ok

06:57:48.0359 2124 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

06:57:48.0593 2124 PCI - ok

06:57:48.0640 2124 PCIDump - ok

06:57:48.0687 2124 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

06:57:48.0890 2124 PCIIde - ok

06:57:48.0953 2124 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

06:57:49.0234 2124 Pcmcia - ok

06:57:49.0328 2124 Pcouffin (a09c1922ef8149e27500c0f935a55f60) C:\WINDOWS\system32\Drivers\Pcouffin.sys

06:57:49.0359 2124 Pcouffin ( UnsignedFile.Multi.Generic ) - warning

06:57:49.0359 2124 Pcouffin - detected UnsignedFile.Multi.Generic (1)

06:57:49.0421 2124 PDCOMP - ok

06:57:49.0468 2124 PDFRAME - ok

06:57:49.0515 2124 PDRELI - ok

06:57:49.0546 2124 PDRFRAME - ok

06:57:49.0625 2124 perc2 - ok

06:57:49.0687 2124 perc2hib - ok

06:57:49.0812 2124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

06:57:50.0000 2124 PptpMiniport - ok

06:57:50.0046 2124 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

06:57:50.0250 2124 Processor - ok

06:57:50.0312 2124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

06:57:50.0515 2124 PSched - ok

06:57:50.0578 2124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

06:57:50.0765 2124 Ptilink - ok

06:57:50.0859 2124 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

06:57:50.0890 2124 PxHelp20 - ok

06:57:50.0921 2124 ql1080 - ok

06:57:50.0968 2124 Ql10wnt - ok

06:57:51.0015 2124 ql12160 - ok

06:57:51.0078 2124 ql1240 - ok

06:57:51.0156 2124 ql1280 - ok

06:57:51.0234 2124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

06:57:51.0421 2124 RasAcd - ok

06:57:51.0531 2124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

06:57:51.0718 2124 Rasl2tp - ok

06:57:51.0781 2124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

06:57:51.0968 2124 RasPppoe - ok

06:57:52.0031 2124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

06:57:52.0234 2124 Raspti - ok

06:57:52.0296 2124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

06:57:52.0500 2124 Rdbss - ok

06:57:52.0562 2124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

06:57:52.0734 2124 RDPCDD - ok

06:57:52.0843 2124 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

06:57:52.0906 2124 RDPWD - ok

06:57:53.0000 2124 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

06:57:53.0187 2124 redbook - ok

06:57:53.0328 2124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

06:57:53.0453 2124 Secdrv - ok

06:57:53.0515 2124 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

06:57:53.0703 2124 serenum - ok

06:57:53.0765 2124 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

06:57:53.0968 2124 Serial - ok

06:57:54.0015 2124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

06:57:54.0218 2124 Sfloppy - ok

06:57:54.0281 2124 Simbad - ok

06:57:54.0343 2124 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

06:57:54.0546 2124 SLIP - ok

06:57:54.0687 2124 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys

06:57:54.0750 2124 smwdm - ok

06:57:54.0796 2124 Sparrow - ok

06:57:54.0843 2124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

06:57:55.0046 2124 splitter - ok

06:57:55.0156 2124 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

06:57:55.0296 2124 sr - ok

06:57:55.0406 2124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

06:57:55.0500 2124 Srv - ok

06:57:55.0593 2124 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

06:57:55.0609 2124 ssmdrv - ok

06:57:55.0687 2124 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

06:57:55.0906 2124 streamip - ok

06:57:56.0671 2124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

06:57:56.0890 2124 swenum - ok

06:57:57.0718 2124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

06:57:57.0937 2124 swmidi - ok

06:57:58.0750 2124 symc810 - ok

06:57:59.0484 2124 symc8xx - ok

06:58:00.0250 2124 sym_hi - ok

06:58:01.0000 2124 sym_u3 - ok

06:58:01.0875 2124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

06:58:02.0125 2124 sysaudio - ok

06:58:03.0015 2124 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

06:58:03.0312 2124 Tcpip - ok

06:58:04.0171 2124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

06:58:04.0406 2124 TDPIPE - ok

06:58:05.0218 2124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

06:58:05.0453 2124 TDTCP - ok

06:58:06.0250 2124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

06:58:06.0500 2124 TermDD - ok

06:58:07.0328 2124 TosIde - ok

06:58:08.0453 2124 UdfReadr (3831d5499ad1e61217abb88e93bb17dc) C:\WINDOWS\system32\drivers\UdfReadr.sys

06:58:08.0562 2124 UdfReadr ( UnsignedFile.Multi.Generic ) - warning

06:58:08.0562 2124 UdfReadr - detected UnsignedFile.Multi.Generic (1)

06:58:09.0484 2124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

06:58:09.0750 2124 Udfs - ok

06:58:10.0500 2124 ultra - ok

06:58:11.0500 2124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

06:58:11.0937 2124 Update - ok

06:58:12.0890 2124 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

06:58:13.0203 2124 usbaudio - ok

06:58:14.0234 2124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

06:58:14.0562 2124 usbccgp - ok

06:58:15.0578 2124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

06:58:15.0906 2124 usbehci - ok

06:58:16.0750 2124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

06:58:16.0968 2124 usbhub - ok

06:58:17.0828 2124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

06:58:18.0046 2124 usbscan - ok

06:58:18.0906 2124 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

06:58:19.0125 2124 USBSTOR - ok

06:58:20.0031 2124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

06:58:20.0250 2124 usbuhci - ok

06:58:21.0093 2124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

06:58:21.0343 2124 VgaSave - ok

06:58:22.0125 2124 ViaIde - ok

06:58:23.0031 2124 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

06:58:23.0265 2124 VolSnap - ok

06:58:24.0203 2124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

06:58:24.0421 2124 Wanarp - ok

06:58:25.0281 2124 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

06:58:25.0515 2124 Wdf01000 - ok

06:58:26.0359 2124 WDICA - ok

06:58:28.0281 2124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

06:58:28.0531 2124 wdmaud - ok

06:58:30.0390 2124 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

06:58:30.0625 2124 WS2IFSL - ok

06:58:31.0687 2124 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

06:58:32.0625 2124 WSTCODEC - ok

06:58:33.0781 2124 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

06:58:33.0953 2124 WudfPf - ok

06:58:35.0265 2124 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

06:58:35.0343 2124 WudfRd - ok

06:58:36.0406 2124 XIRLINK (f102397d7fc6d6eb3952e9dbda85a37a) C:\WINDOWS\system32\DRIVERS\ucdnt.sys

06:58:36.0796 2124 XIRLINK - ok

06:58:36.0875 2124 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

06:58:41.0031 2124 \Device\Harddisk0\DR0 - ok

06:58:41.0062 2124 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1

06:58:44.0812 2124 \Device\Harddisk1\DR1 - ok

06:58:44.0828 2124 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4

06:58:44.0968 2124 \Device\Harddisk2\DR4 - ok

06:58:44.0984 2124 Boot (0x1200) (1a3791020c51f99dca8125714e9de1ad) \Device\Harddisk0\DR0\Partition0

06:58:45.0000 2124 \Device\Harddisk0\DR0\Partition0 - ok

06:58:45.0015 2124 Boot (0x1200) (370f308590fb62960de3d201c0116706) \Device\Harddisk1\DR1\Partition0

06:58:45.0015 2124 \Device\Harddisk1\DR1\Partition0 - ok

06:58:45.0031 2124 Boot (0x1200) (5fade44019eb8df15bc94aae8a212674) \Device\Harddisk2\DR4\Partition0

06:58:45.0031 2124 \Device\Harddisk2\DR4\Partition0 - ok

06:58:45.0031 2124 ============================================================

06:58:45.0031 2124 Scan finished

06:58:45.0031 2124 ============================================================

06:58:45.0218 1644 Detected object count: 8

06:58:45.0218 1644 Actual detected object count: 8

07:00:20.0500 1644 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user

07:00:20.0500 1644 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:00:20.0500 1644 cdb2cb3c ( Rootkit.Win32.PMax.gen ) - skipped by user

07:00:20.0500 1644 cdb2cb3c ( Rootkit.Win32.PMax.gen ) - User select action: Skip

07:00:20.0500 1644 EIO ( UnsignedFile.Multi.Generic ) - skipped by user

07:00:20.0515 1644 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:00:20.0515 1644 grmn0200 ( UnsignedFile.Multi.Generic ) - skipped by user

07:00:20.0515 1644 grmn0200 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:00:20.0515 1644 grmn1200 ( UnsignedFile.Multi.Generic ) - skipped by user

07:00:20.0515 1644 grmn1200 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:00:20.0515 1644 nv ( UnsignedFile.Multi.Generic ) - skipped by user

07:00:20.0515 1644 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:00:20.0531 1644 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

07:00:20.0531 1644 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:00:20.0546 1644 UdfReadr ( UnsignedFile.Multi.Generic ) - skipped by user

07:00:20.0546 1644 UdfReadr ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:00:28.0421 2400 ============================================================

07:00:28.0421 2400 Scan started

07:00:28.0421 2400 Mode: Manual; SigCheck; TDLFS;

07:00:28.0421 2400 ============================================================

07:00:29.0500 2400 Abiosdsk - ok

07:00:29.0546 2400 abp480n5 - ok

07:00:29.0671 2400 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

07:00:29.0875 2400 ACPI - ok

07:00:29.0937 2400 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

07:00:30.0140 2400 ACPIEC - ok

07:00:30.0187 2400 adpu160m - ok

07:00:30.0296 2400 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys

07:00:30.0328 2400 aeaudio - ok

07:00:30.0390 2400 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

07:00:30.0578 2400 aec - ok

07:00:30.0671 2400 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

07:00:30.0718 2400 AFD - ok

07:00:30.0796 2400 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

07:00:30.0984 2400 agp440 - ok

07:00:31.0015 2400 Aha154x - ok

07:00:31.0078 2400 aic78u2 - ok

07:00:31.0140 2400 aic78xx - ok

07:00:31.0234 2400 AliIde - ok

07:00:31.0281 2400 amsint - ok

07:00:31.0343 2400 asc - ok

07:00:31.0390 2400 asc3350p - ok

07:00:31.0453 2400 asc3550 - ok

07:00:31.0531 2400 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

07:00:31.0546 2400 Aspi32 ( UnsignedFile.Multi.Generic ) - warning

07:00:31.0546 2400 Aspi32 - detected UnsignedFile.Multi.Generic (1)

07:00:31.0656 2400 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

07:00:31.0843 2400 AsyncMac - ok

07:00:31.0906 2400 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

07:00:32.0109 2400 atapi - ok

07:00:32.0171 2400 Atdisk - ok

07:00:32.0250 2400 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

07:00:32.0421 2400 Atmarpc - ok

07:00:32.0515 2400 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

07:00:32.0703 2400 audstub - ok

07:00:32.0765 2400 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

07:00:32.0796 2400 avgntflt - ok

07:00:32.0890 2400 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

07:00:32.0906 2400 avipbb - ok

07:00:33.0000 2400 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

07:00:33.0031 2400 avkmgr - ok

07:00:33.0140 2400 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

07:00:33.0328 2400 Beep - ok

07:00:33.0421 2400 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

07:00:33.0625 2400 cbidf2k - ok

07:00:33.0703 2400 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

07:00:33.0890 2400 CCDECODE - ok

07:00:33.0937 2400 cd20xrnt - ok

07:00:34.0000 2400 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

07:00:34.0187 2400 Cdaudio - ok

07:00:34.0218 2400 cdb2cb3c ( Rootkit.Win32.PMax.gen ) - infected

07:00:34.0218 2400 cdb2cb3c - detected Rootkit.Win32.PMax.gen (0)

07:00:34.0281 2400 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

07:00:34.0546 2400 Cdfs - ok

07:00:34.0593 2400 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

07:00:34.0843 2400 Cdrom - ok

07:00:34.0906 2400 Changer - ok

07:00:34.0968 2400 CmdIde - ok

07:00:35.0093 2400 Cpqarray - ok

07:00:35.0171 2400 dac2w2k - ok

07:00:35.0234 2400 dac960nt - ok

07:00:35.0296 2400 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

07:00:35.0515 2400 Disk - ok

07:00:35.0625 2400 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

07:00:35.0828 2400 dmboot - ok

07:00:35.0921 2400 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

07:00:36.0218 2400 dmio - ok

07:00:36.0296 2400 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

07:00:36.0515 2400 dmload - ok

07:00:36.0625 2400 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

07:00:36.0812 2400 DMusic - ok

07:00:36.0875 2400 dpti2o - ok

07:00:36.0968 2400 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

07:00:37.0171 2400 drmkaud - ok

07:00:37.0281 2400 EIO (ee236706228a5df709ddd9bc1c6dafd0) C:\WINDOWS\system32\drivers\EIO.sys

07:00:37.0281 2400 EIO ( UnsignedFile.Multi.Generic ) - warning

07:00:37.0281 2400 EIO - detected UnsignedFile.Multi.Generic (1)

07:00:37.0375 2400 EL2000 (9d356817b223067ff6f7f9eb867585ef) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys

07:00:37.0406 2400 EL2000 - ok

07:00:37.0515 2400 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

07:00:37.0703 2400 Fastfat - ok

07:00:37.0765 2400 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

07:00:37.0953 2400 Fdc - ok

07:00:38.0046 2400 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

07:00:38.0250 2400 Fips - ok

07:00:38.0312 2400 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

07:00:38.0500 2400 Flpydisk - ok

07:00:38.0578 2400 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

07:00:38.0781 2400 FltMgr - ok

07:00:38.0859 2400 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

07:00:39.0062 2400 Fs_Rec - ok

07:00:39.0140 2400 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

07:00:39.0343 2400 Ftdisk - ok

07:00:39.0453 2400 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

07:00:39.0671 2400 Gpc - ok

07:00:39.0750 2400 grmn0200 (2c9d8145adb1d800a5e84d4781203f26) C:\WINDOWS\system32\Drivers\grmn0200.sys

07:00:39.0781 2400 grmn0200 ( UnsignedFile.Multi.Generic ) - warning

07:00:39.0781 2400 grmn0200 - detected UnsignedFile.Multi.Generic (1)

07:00:39.0859 2400 grmn1200 (c38fae430886ba32da9e3f7f7151211c) C:\WINDOWS\system32\Drivers\grmn1200.sys

07:00:39.0890 2400 grmn1200 ( UnsignedFile.Multi.Generic ) - warning

07:00:39.0890 2400 grmn1200 - detected UnsignedFile.Multi.Generic (1)

07:00:40.0000 2400 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

07:00:40.0203 2400 HidUsb - ok

07:00:40.0265 2400 hpn - ok

07:00:40.0328 2400 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

07:00:40.0531 2400 HTTP - ok

07:00:40.0593 2400 i2omgmt - ok

07:00:40.0671 2400 i2omp - ok

07:00:40.0734 2400 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

07:00:40.0921 2400 i8042prt - ok

07:00:41.0000 2400 imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

07:00:41.0203 2400 imapi - ok

07:00:41.0281 2400 ini910u - ok

07:00:41.0343 2400 IntelIde - ok

07:00:41.0406 2400 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

07:00:41.0593 2400 intelppm - ok

07:00:41.0671 2400 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

07:00:41.0875 2400 ip6fw - ok

07:00:41.0953 2400 IPFilter (d0b3dee109af605885c46a59bfc24cd2) C:\WINDOWS\system32\DRIVERS\IPFilter.sys

07:00:41.0968 2400 IPFilter - ok

07:00:42.0078 2400 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

07:00:42.0265 2400 IpFilterDriver - ok

07:00:42.0343 2400 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

07:00:42.0578 2400 IpInIp - ok

07:00:42.0640 2400 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

07:00:42.0843 2400 IpNat - ok

07:00:42.0890 2400 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

07:00:43.0093 2400 IPSec - ok

07:00:43.0171 2400 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

07:00:43.0296 2400 IRENUM - ok

07:00:43.0359 2400 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

07:00:43.0562 2400 isapnp - ok

07:00:43.0640 2400 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

07:00:43.0812 2400 Kbdclass - ok

07:00:43.0906 2400 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

07:00:44.0093 2400 kbdhid - ok

07:00:44.0156 2400 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

07:00:44.0375 2400 kmixer - ok

07:00:44.0453 2400 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

07:00:44.0484 2400 KSecDD - ok

07:00:44.0593 2400 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

07:00:44.0609 2400 L8042Kbd - ok

07:00:44.0671 2400 lbrtfdc - ok

07:00:44.0765 2400 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

07:00:44.0781 2400 LHidFilt - ok

07:00:44.0843 2400 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

07:00:44.0859 2400 LMouFilt - ok

07:00:44.0921 2400 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

07:00:44.0937 2400 LUsbFilt - ok

07:00:45.0000 2400 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

07:00:45.0031 2400 MBAMProtector - ok

07:00:45.0140 2400 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys

07:00:45.0171 2400 MidiSyn - ok

07:00:45.0265 2400 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

07:00:45.0453 2400 mnmdd - ok

07:00:45.0546 2400 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

07:00:45.0718 2400 Modem - ok

07:00:45.0781 2400 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

07:00:45.0968 2400 Mouclass - ok

07:00:46.0062 2400 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

07:00:46.0250 2400 mouhid - ok

07:00:46.0312 2400 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

07:00:46.0500 2400 MountMgr - ok

07:00:46.0546 2400 mraid35x - ok

07:00:46.0640 2400 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

07:00:46.0828 2400 MRxDAV - ok

07:00:46.0906 2400 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

07:00:47.0109 2400 Msfs - ok

07:00:47.0187 2400 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

07:00:47.0390 2400 MSKSSRV - ok

07:00:47.0468 2400 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

07:00:47.0671 2400 MSPCLOCK - ok

07:00:47.0734 2400 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

07:00:47.0937 2400 MSPQM - ok

07:00:48.0031 2400 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

07:00:48.0218 2400 mssmbios - ok

07:00:48.0296 2400 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

07:00:48.0500 2400 MSTEE - ok

07:00:48.0578 2400 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

07:00:48.0640 2400 Mup - ok

07:00:48.0703 2400 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

07:00:48.0906 2400 NABTSFEC - ok

07:00:48.0984 2400 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

07:00:49.0171 2400 NDIS - ok

07:00:49.0265 2400 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

07:00:49.0453 2400 NdisIP - ok

07:00:49.0531 2400 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

07:00:49.0562 2400 NdisTapi - ok

07:00:49.0640 2400 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

07:00:49.0828 2400 Ndisuio - ok

07:00:49.0906 2400 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

07:00:50.0078 2400 NdisWan - ok

07:00:50.0171 2400 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

07:00:50.0218 2400 NDProxy - ok

07:00:50.0265 2400 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

07:00:50.0453 2400 NetBIOS - ok

07:00:50.0531 2400 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

07:00:50.0718 2400 NetBT - ok

07:00:50.0796 2400 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

07:00:50.0984 2400 Npfs - ok

07:00:51.0078 2400 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

07:00:51.0281 2400 Ntfs - ok

07:00:51.0390 2400 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

07:00:51.0578 2400 Null - ok

07:00:51.0843 2400 nv (2b5fbc325d32795b529544b238acfadb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

07:00:52.0000 2400 nv ( UnsignedFile.Multi.Generic ) - warning

07:00:52.0000 2400 nv - detected UnsignedFile.Multi.Generic (1)

07:00:52.0093 2400 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

07:00:52.0296 2400 NwlnkFlt - ok

07:00:52.0390 2400 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

07:00:52.0593 2400 NwlnkFwd - ok

07:00:52.0687 2400 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

07:00:52.0875 2400 Parport - ok

07:00:52.0921 2400 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

07:00:53.0125 2400 PartMgr - ok

07:00:53.0218 2400 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

07:00:53.0406 2400 ParVdm - ok

07:00:53.0468 2400 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

07:00:53.0656 2400 PCI - ok

07:00:53.0718 2400 PCIDump - ok

07:00:53.0781 2400 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

07:00:53.0984 2400 PCIIde - ok

07:00:54.0062 2400 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

07:00:54.0265 2400 Pcmcia - ok

07:00:54.0359 2400 Pcouffin (a09c1922ef8149e27500c0f935a55f60) C:\WINDOWS\system32\Drivers\Pcouffin.sys

07:00:54.0375 2400 Pcouffin ( UnsignedFile.Multi.Generic ) - warning

07:00:54.0375 2400 Pcouffin - detected UnsignedFile.Multi.Generic (1)

07:00:54.0421 2400 PDCOMP - ok

07:00:54.0468 2400 PDFRAME - ok

07:00:54.0531 2400 PDRELI - ok

07:00:54.0578 2400 PDRFRAME - ok

07:00:54.0656 2400 perc2 - ok

07:00:54.0703 2400 perc2hib - ok

07:00:54.0828 2400 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

07:00:55.0015 2400 PptpMiniport - ok

07:00:55.0109 2400 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

07:00:55.0296 2400 Processor - ok

07:00:55.0359 2400 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

07:00:55.0562 2400 PSched - ok

07:00:55.0656 2400 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

07:00:55.0828 2400 Ptilink - ok

07:00:55.0937 2400 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

07:00:55.0953 2400 PxHelp20 - ok

07:00:56.0000 2400 ql1080 - ok

07:00:56.0046 2400 Ql10wnt - ok

07:00:56.0109 2400 ql12160 - ok

07:00:56.0187 2400 ql1240 - ok

07:00:56.0265 2400 ql1280 - ok

07:00:56.0328 2400 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

07:00:56.0500 2400 RasAcd - ok

07:00:56.0609 2400 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

07:00:56.0796 2400 Rasl2tp - ok

07:00:56.0859 2400 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

07:00:57.0046 2400 RasPppoe - ok

07:00:57.0125 2400 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

07:00:57.0328 2400 Raspti - ok

07:00:57.0375 2400 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

07:00:57.0609 2400 Rdbss - ok

07:00:57.0656 2400 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

07:00:57.0843 2400 RDPCDD - ok

07:00:57.0937 2400 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

07:00:57.0968 2400 RDPWD - ok

07:00:58.0062 2400 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

07:00:58.0296 2400 redbook - ok

07:00:58.0453 2400 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

07:00:58.0562 2400 Secdrv - ok

07:00:58.0640 2400 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

07:00:58.0828 2400 serenum - ok

07:00:58.0890 2400 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

07:00:59.0078 2400 Serial - ok

07:00:59.0156 2400 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

07:00:59.0343 2400 Sfloppy - ok

07:00:59.0406 2400 Simbad - ok

07:00:59.0468 2400 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

07:00:59.0671 2400 SLIP - ok

07:00:59.0812 2400 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys

07:00:59.0843 2400 smwdm - ok

07:00:59.0906 2400 Sparrow - ok

07:00:59.0968 2400 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

07:01:00.0187 2400 splitter - ok

07:01:00.0843 2400 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

07:01:01.0015 2400 sr - ok

07:01:01.0906 2400 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

07:01:01.0953 2400 Srv - ok

07:01:02.0453 2400 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

07:01:02.0468 2400 ssmdrv - ok

07:01:02.0859 2400 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

07:01:03.0125 2400 streamip - ok

07:01:03.0812 2400 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

07:01:05.0359 2400 swenum - ok

07:01:05.0750 2400 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

07:01:05.0937 2400 swmidi - ok

07:01:06.0015 2400 symc810 - ok

07:01:06.0078 2400 symc8xx - ok

07:01:06.0125 2400 sym_hi - ok

07:01:06.0171 2400 sym_u3 - ok

07:01:06.0234 2400 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

07:01:06.0437 2400 sysaudio - ok

07:01:06.0546 2400 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

07:01:06.0671 2400 Tcpip - ok

07:01:06.0750 2400 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

07:01:06.0937 2400 TDPIPE - ok

07:01:07.0015 2400 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

07:01:07.0218 2400 TDTCP - ok

07:01:07.0312 2400 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

07:01:07.0484 2400 TermDD - ok

07:01:07.0546 2400 TosIde - ok

07:01:07.0671 2400 UdfReadr (3831d5499ad1e61217abb88e93bb17dc) C:\WINDOWS\system32\drivers\UdfReadr.sys

07:01:07.0671 2400 UdfReadr ( UnsignedFile.Multi.Generic ) - warning

07:01:07.0671 2400 UdfReadr - detected UnsignedFile.Multi.Generic (1)

07:01:07.0750 2400 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

07:01:07.0953 2400 Udfs - ok

07:01:08.0015 2400 ultra - ok

07:01:08.0125 2400 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

07:01:08.0359 2400 Update - ok

07:01:08.0421 2400 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

07:01:08.0609 2400 usbaudio - ok

07:01:08.0703 2400 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

07:01:08.0890 2400 usbccgp - ok

07:01:08.0953 2400 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

07:01:09.0171 2400 usbehci - ok

07:01:09.0500 2400 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

07:01:09.0796 2400 usbhub - ok

07:01:10.0609 2400 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

07:01:10.0843 2400 usbscan - ok

07:01:11.0687 2400 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

07:01:11.0921 2400 USBSTOR - ok

07:01:12.0671 2400 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

07:01:12.0890 2400 usbuhci - ok

07:01:13.0781 2400 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

07:01:14.0000 2400 VgaSave - ok

07:01:14.0656 2400 ViaIde - ok

07:01:15.0546 2400 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

07:01:15.0781 2400 VolSnap - ok

07:01:16.0437 2400 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

07:01:16.0765 2400 Wanarp - ok

07:01:17.0078 2400 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

07:01:17.0140 2400 Wdf01000 - ok

07:01:17.0203 2400 WDICA - ok

07:01:17.0359 2400 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

07:01:17.0656 2400 wdmaud - ok

07:01:17.0843 2400 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

07:01:18.0140 2400 WS2IFSL - ok

07:01:18.0218 2400 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

07:01:18.0531 2400 WSTCODEC - ok

07:01:18.0656 2400 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

07:01:18.0718 2400 WudfPf - ok

07:01:18.0796 2400 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

07:01:18.0859 2400 WudfRd - ok

07:01:18.0984 2400 XIRLINK (f102397d7fc6d6eb3952e9dbda85a37a) C:\WINDOWS\system32\DRIVERS\ucdnt.sys

07:01:19.0093 2400 XIRLINK - ok

07:01:19.0140 2400 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

07:01:19.0343 2400 \Device\Harddisk0\DR0 - ok

07:01:19.0359 2400 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1

07:01:23.0234 2400 \Device\Harddisk1\DR1 - ok

07:01:23.0250 2400 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4

07:01:23.0390 2400 \Device\Harddisk2\DR4 - ok

07:01:23.0390 2400 Boot (0x1200) (1a3791020c51f99dca8125714e9de1ad) \Device\Harddisk0\DR0\Partition0

07:01:23.0390 2400 \Device\Harddisk0\DR0\Partition0 - ok

07:01:23.0421 2400 Boot (0x1200) (370f308590fb62960de3d201c0116706) \Device\Harddisk1\DR1\Partition0

07:01:23.0421 2400 \Device\Harddisk1\DR1\Partition0 - ok

07:01:23.0437 2400 Boot (0x1200) (5fade44019eb8df15bc94aae8a212674) \Device\Harddisk2\DR4\Partition0

07:01:23.0437 2400 \Device\Harddisk2\DR4\Partition0 - ok

07:01:23.0437 2400 ============================================================

07:01:23.0437 2400 Scan finished

07:01:23.0437 2400 ============================================================

07:01:23.0468 2308 Detected object count: 8

07:01:23.0468 2308 Actual detected object count: 8

07:02:58.0140 2308 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user

07:02:58.0140 2308 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:02:58.0468 2308 HKLM\SYSTEM\ControlSet003\services\cdb2cb3c - will be deleted on reboot

07:02:58.0484 2308 HKLM\SYSTEM\ControlSet004\services\cdb2cb3c - will be deleted on reboot

07:02:58.0484 2308 C:\WINDOWS\1019982541:843920579.exe - will be deleted on reboot

07:02:58.0484 2308 cdb2cb3c ( Rootkit.Win32.PMax.gen ) - User select action: Delete

07:02:58.0500 2308 EIO ( UnsignedFile.Multi.Generic ) - skipped by user

07:02:58.0500 2308 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:02:58.0500 2308 grmn0200 ( UnsignedFile.Multi.Generic ) - skipped by user

07:02:58.0500 2308 grmn0200 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:02:58.0500 2308 grmn1200 ( UnsignedFile.Multi.Generic ) - skipped by user

07:02:58.0500 2308 grmn1200 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:02:58.0515 2308 nv ( UnsignedFile.Multi.Generic ) - skipped by user

07:02:58.0515 2308 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:02:58.0515 2308 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

07:02:58.0515 2308 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:02:58.0515 2308 UdfReadr ( UnsignedFile.Multi.Generic ) - skipped by user

07:02:58.0515 2308 UdfReadr ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:03:12.0703 3944 Deinitialize success

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Followed your directions exactly. CF ran with no apparent problems and finished, log attached below.

However, I can no longer get the machine on the network. The IP address will not renew. Rebooting the computer and the network hardware (cable modem and network router) doesn't work.

So, it's hard to describe how the computer is behaving as I have no internet connection. It does boot up and shutdown normally, just looking at files, launching programs, etc, seems to work normally.

Any idea what to do about the network?

As an aside, I will have to be out of town a few days starting thursday morning so a reply after the next step may be delayed.

ComboFix 12-03-06.01 - Aric 03/06/2012 13:58:01.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.688 [GMT -8:00]

Running from: c:\documents and settings\Aric\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi

c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi

c:\documents and settings\Aric\Application Data\Mozilla\Firefox\Profiles\xdpky5q7.default\extensions\{41ca6dd9-638e-4236-b2d3-095e1c4651ff}

c:\documents and settings\Aric\Application Data\Mozilla\Firefox\Profiles\xdpky5q7.default\extensions\{41ca6dd9-638e-4236-b2d3-095e1c4651ff}\chrome.manifest

c:\documents and settings\Aric\Application Data\Mozilla\Firefox\Profiles\xdpky5q7.default\extensions\{41ca6dd9-638e-4236-b2d3-095e1c4651ff}\chrome\xulcache.jar

c:\documents and settings\Aric\Application Data\Mozilla\Firefox\Profiles\xdpky5q7.default\extensions\{41ca6dd9-638e-4236-b2d3-095e1c4651ff}\defaults\preferences\xulcache.js

c:\documents and settings\Aric\Application Data\Mozilla\Firefox\Profiles\xdpky5q7.default\extensions\{41ca6dd9-638e-4236-b2d3-095e1c4651ff}\install.rdf

c:\documents and settings\Aric\hvcctmlgdj.tmp

c:\documents and settings\Aric\Start Menu\Internet Explorer.lnk

c:\documents and settings\Aric\WINDOWS

c:\windows\$NtUninstallKB1678$

c:\windows\$NtUninstallKB1678$\1268871539

c:\windows\$NtUninstallKB1678$\3451046716\@

c:\windows\$NtUninstallKB1678$\3451046716\bckfg.tmp

c:\windows\$NtUninstallKB1678$\3451046716\keywords

c:\windows\$NtUninstallKB1678$\3451046716\L(2)\laiuhoux

c:\windows\$NtUninstallKB1678$\3451046716\U(2)\00000001.@

c:\windows\$NtUninstallKB1678$\3451046716\U(2)\00000002.@

c:\windows\$NtUninstallKB1678$\3451046716\U(2)\00000004.@

c:\windows\$NtUninstallKB1678$\3451046716\U(2)\80000000.@

c:\windows\$NtUninstallKB1678$\3451046716\U(2)\80000004.@

c:\windows\$NtUninstallKB1678$\3451046716\U(2)\80000032.@

c:\windows\$NtUninstallKB63857$

c:\windows\$NtUninstallKB63857$\3132296330

c:\windows\$NtUninstallKB63857$\3451046716\@

c:\windows\$NtUninstallKB63857$\3451046716\L\laiuhoux

c:\windows\$NtUninstallKB63857$\3451046716\loader.tlb

c:\windows\$NtUninstallKB63857$\3451046716\U\@00000001

c:\windows\$NtUninstallKB63857$\3451046716\U\@000000c0

c:\windows\$NtUninstallKB63857$\3451046716\U\@000000cb

c:\windows\$NtUninstallKB63857$\3451046716\U\@000000cf

c:\windows\$NtUninstallKB63857$\3451046716\U\@80000000

c:\windows\$NtUninstallKB63857$\3451046716\U\@800000c0

c:\windows\$NtUninstallKB63857$\3451046716\U\@800000cb

c:\windows\$NtUninstallKB63857$\3451046716\U\@800000cf

c:\windows\desktop

c:\windows\desktop\Quicken Basic.lnk

c:\windows\explorer(2).exe

c:\windows\system32\

c:\windows\system32\ctfmon(2).exe

c:\windows\system32\ctfmon(3).exe

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\SET176.tmp

c:\windows\system32\SET182.tmp

c:\windows\system32\SET1BD.tmp

c:\windows\system32\usp10(2).dll

.

.

((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))

.

.

2012-03-06 15:02 . 2012-03-06 15:02 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-05 14:49 . 2012-03-05 14:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-03-04 23:26 . 2012-03-04 23:26 -------- d-sh--w- c:\documents and settings\Aric\IETldCache

2012-03-04 23:16 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-03-04 23:15 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-03-04 23:15 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-03-04 23:15 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2012-03-04 23:12 . 2012-03-04 23:14 -------- dc-h--w- c:\windows\ie8

2012-03-04 22:24 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-03-04 22:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-03-04 22:23 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-03-04 22:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-03-04 22:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-03-04 22:19 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2012-03-04 22:19 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll

2012-03-04 22:19 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-03-04 22:18 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2012-03-04 22:17 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2012-03-04 22:17 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2012-03-04 22:15 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2012-03-04 22:15 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2012-03-04 22:12 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2012-03-03 21:01 . 2012-03-03 21:01 -------- d-----w- c:\program files\Common Files\Java

2012-03-03 21:00 . 2012-03-03 20:59 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-03 19:59 . 2012-02-16 14:40 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-03-03 19:59 . 2012-02-16 10:42 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-03-03 19:59 . 2012-02-16 10:42 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-03-03 19:59 . 2012-02-16 10:42 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-03-03 19:02 . 2012-03-03 19:02 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-03 16:53 . 2012-03-03 16:53 1409 ----a-w- c:\windows\QTFont.for

2012-03-02 00:55 . 2012-03-02 00:55 -------- d-----w- c:\documents and settings\Aric\Application Data\Malwarebytes

2012-03-02 00:55 . 2012-03-02 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-03-02 00:55 . 2012-03-03 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-02 00:55 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-10 17:53 . 2012-02-10 17:54 -------- d-----w- c:\program files\HRBlock2011

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-04 03:12 . 2011-10-23 23:37 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-03-03 20:59 . 2010-04-24 04:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-12 16:53 . 2003-03-31 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-23 06:06 . 2011-06-23 13:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-19 08:13 . 2011-12-19 08:13 78336 ------w- c:\windows\system32\ieencode.dll

2011-12-17 19:46 . 2006-06-23 19:33 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2009-04-15 03:33 385024 ------w- c:\windows\system32\html.iec

2012-02-16 14:40 . 2011-06-26 16:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-11-21 10:18 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-30 790528]

"Anvshell"="c:\windows\Anvshell.exe" [2002-10-22 331776]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-29 7307264]

"nwiz"="nwiz.exe" [2005-10-29 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-29 86016]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 196608]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNzc2NjkzNDU4LUtWMys3LUJBKzEtVDEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTEwQisxLUY5TTIrMS1ERFQrMTA4LUZMMTArMS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzEtU1QxMkZPSSsxLUYxME0xMkFVKzE∏=90&ver=2012.0.1831&mid=acaf49d840a147d6824cd147e0c932b1-323075834804df9c07659491f1fe3952375350a2" [?]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-9-26 692224]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Aric^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Aric\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop]

javaw -cp c:\program files\LimeShop\System\Code Main lp: [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2006-09-14 14:55 61440 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]

2003-05-20 19:09 729088 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BillMinder]

1997-09-30 23:00 25600 ----a-w- c:\quickenw\billmind.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-09-01 23:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]

2007-01-18 21:20 190008 ----a-w- c:\program files\Seagate\SystemTray\StxMenuMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-01-07 18:38 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"<NO NAME>"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/23/2011 3:37 PM 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/23/2011 3:37 PM 86224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/1/2012 4:55 PM 20464]

R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [1/13/2007 9:38 AM 39264]

S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/23/2011 3:37 PM 463824]

S2 MBAMService;MBAMService;"\mbamservice.exe" --> \mbamservice.exe [?]

S2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 1:20 PM 24120]

S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [5/22/2007 10:41 AM 16777]

S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [5/22/2007 10:41 AM 12905]

S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [8/24/2007 10:49 PM 899884]

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-11-21 10:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.netflix.com/MemberHome

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\Aric\Application Data\Mozilla\Firefox\Profiles\xdpky5q7.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-POINTER - point32.exe

SafeBoot-78367634.sys

SafeBoot-aawservice

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

MSConfigStartUp-QuickenSEMessage - c:\quickenw\QSEMSG.EXE

MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

AddRemove-MP3 Remix for Winamp - c:\program files\Winamp\uninstall_mp3remix.exe

AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe

AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe

AddRemove-vis_milk.dllWinamp - c:\program files\Winamp\uninst-vis_milk.dll.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-06 14:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3132)

c:\windows\system32\WININET.dll

c:\windows\system32\nview.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-03-06 14:31:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-06 22:31

.

Pre-Run: 44,096,950,272 bytes free

Post-Run: 44,385,673,216 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 0F2DC9E6A6F305570ECA4CE1630CA0C0

Link to post
Share on other sites

LDT, thanks again for the advice and your valuable time.

I tried the repair install, it went ok without any apparent issue but afterwards, there were random errors, acting very sluggish and still no network. Worked on it a bit more but it was apparent things were just too corrupted.

Format/complete reinstall, everythings fine... jeesh. Learned things tho.

Thanks again Sir.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.