Jump to content

The Document has moved, Redirecting


Guest McGolff
 Share

Recommended Posts

Guest McGolff

Merged 3 post

Merged 2 more

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.

I've been having issues with a virus that occasionally intercepts my website click and redirects me to an advertising site (most times). I've been putting up with it because it only happens on the first try. If I go back to the original site and re-click the same link it will take me to the correct place and will continue to work properly until a new browser session.

The problem is that yesterday is redirected me to a site that quickly downloaded the S.M.A.R.T. HDD virus...... two minutes later I had a screen full of false hard disk errors and SMART HDD was running on my desktop with no way to shut it down. When I went to Start/Programs to start running MalwareBytes I found that most of my programs were missing, including the ability to add/remove software. I shut the system down and brought in another laptop to help me fight the virus. When I rebooted, my start menu was completely blank and I couldn't get Windows Explorer access so that I could run the kill programs on my USB drive.

I did a full reboot again, this time everything was missing except the SMART HDD application and my Search Desktop entry box on the toolbar. I was able to use that to bring up Windows Explorer and ran Rkill.exe from the USB drive. That stopped Smart HDD.

Explorer showed that my drives were empty so, I ran UnHide.exe to get my Start Menu and directory structures back.

Then I installed and ran the latest version of MalwareBytes and did a full scan. it removed 2 items on my C partition and 2 items on my E partition.

When I restarted the system the C drive was still empty, so I had to run UnHide.exe again and all the files reappeared.

SMART HDD was showing as a "Newly Installed Program", was still in my program list and had a launch icon on my desktop as well.

I checked the properties of the desktop shortcut and removed all of the files with similar names in Documents & Settings/All Users/Application Data.

They looked something like GVHlwFLpzZ3put.exe, 4 files in all, the other 3 had the same name with different extensions. I removed them all

I then removed the Shortcut links from my user's Start Menu folder in Documents & Settings. There was an "Uninstall Smart HDD" link but it didn't seem like a smart idea to use it.

I did a full re-run of MalwareBytes and it found zero issues, however while it was running, Norton Antivirus popped up and said that it had located three instances of a Bloodhound heuristics virus and quarantined them - I did a full delete of those.

I then did a full run of AdAware and it found a malware in C:/Recycler (something that I deleted manually?) and a bunch of cookie issues.

I'm rerunning AdAware again just to see if anything is left, but while it was running Norton popped up again with a Trojan Malware alert in my java jar cache: 356222b46d9.jar-4d799c0e-1666db2d.zip. --- which it says that it deleted rather than quarantined.

Then the very first website that I went to after rebooting the system, I click on one of the internal links and "The Document has moved, Redirecting". So I'm basically back where I started except that I'm pretty sure there are still remnants of SMART HDD and potentially some more viruses lurking on the system and want to continue the process until I can get this beast completely clean. This last redirect cost me about 12 hours of time to get back up and running --- can't afford that again.

Just an add-on update to this --- AdAware just finished scanning again and is still finding a virus. Looks to be in the System Restore area?

Description: c:\system volume information\_restore{a8393674-085c-4723-b63e-39928c5f4c89}\rp837\a0156673.exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 17c21b6fdd8d0e3e160901bb4b2a771f

Norton full scan is in progress - 1 security risk found and quarantined:

Scan type: Manual Scan

Event: Security Risk Found!

Risk: SecurityRisk.URLRedir

File: Unavailable

Location: Quarantine

(Still feel that there are bits and pieces of several viruses spread around the system --- every time I run a scan with these three tools, they find something new)

Here are the DDS.Txt and Attach.txt reports:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by TimM at 16:32:39 on 2012-04-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1188 [GMT -4:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\dwrcs\DWRCS.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\dwrcs\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft Office Communicator\communicator.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.com/ie

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [TpShocks] TpShocks.exe

mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe

mRun: [TP4EX] tp4ex.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~2\VPTray.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DameWare MRC Agent] c:\windows\dwrcs\DWRCST.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{1ce60928-8325-49a8-8b06-633e48dd2b67}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: accruent.com\demoapp2v

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} - hxxp://demoapp2v.accruent.com/fps/TeeChart/teechart.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://demoapp2v.accruent.com/cosalesxi/MGViewer/mgaxctrl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252114649437

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254344453328

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{6595FD99-E07A-49CF-BE09-4E45BFEB1044} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: ACNotify - ACNotify.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll

Notify: MRCNotify - c:\windows\dwrcs\DWRCWXL.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

Notify: psfus - psqlpwd.dll

Notify: tpfnf2 - notifyf2.dll

Notify: tphotkey - tphklock.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Notification Packages = scecli psqlpwd ACGina

Hosts: 184.95.41.155 www.google-analytics.com.

Hosts: 184.95.41.155 ad-emea.doubleclick.net.

Hosts: 184.95.41.155 www.statcounter.com.

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\timm\application data\mozilla\firefox\profiles\ky1nsjzz.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-12 64512]

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]

R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-5 106104]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120426.002\naveng.sys [2012-4-26 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120426.002\navex15.sys [2012-4-26 1576312]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]

S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [2009-11-24 27392]

S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [2009-11-24 41728]

S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [2009-11-24 39808]

S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [2009-11-24 5888]

S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys --> c:\windows\system32\drivers\pwi_bus.sys [?]

S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys --> c:\windows\system32\drivers\pwi_mdfl.sys [?]

S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys --> c:\windows\system32\drivers\pwi_mdm.sys [?]

S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys --> c:\windows\system32\drivers\pwi_oflt.sys [?]

S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys --> c:\windows\system32\drivers\pwi_serd.sys [?]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-13 11520]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-04-24 20:16:29 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-03-30 17:04:51 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-30 17:04:51 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-28 00:47:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys

2012-03-28 00:47:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys

2012-03-28 00:47:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys

2012-03-28 00:47:55 110280 ----a-w- c:\windows\system32\drivers\sscdserd.sys

2012-03-28 00:47:54 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys

2012-03-28 00:47:52 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys

2012-03-28 00:47:52 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys

2012-03-28 00:47:52 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys

2012-03-28 00:47:47 -------- d-----w- c:\program files\SAMSUNG

2012-03-28 00:47:38 -------- d-----w- c:\documents and settings\all users\application data\Samsung

2012-03-28 00:47:30 53248 ----a-r- c:\documents and settings\timm\application data\microsoft\installer\{c0c1d2bc-72fe-4f77-a2f9-cd10d5aa8f93}\ARPPRODUCTICON.exe

.

==================== Find3M ====================

.

2012-04-17 19:51:00 249856 ------w- c:\windows\Setup1.exe

2012-04-17 19:50:59 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-12 10:59:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-03-12 10:59:08 16432 ----a-w- c:\windows\system32\lsdelete.exe

2012-03-09 17:40:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-06 20:30:33 60304 ----a-w- c:\documents and settings\timm\g2mdlhlpx.exe

1997-06-23 19:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll

1997-06-23 19:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll

.

============= FINISH: 16:34:06.10 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/4/2009 3:33:44 AM

System Uptime: 4/26/2012 8:50:32 AM (8 hours ago)

.

Motherboard: LENOVO | | 2623KEU

Processor: Intel® Core2 CPU T5600 @ 1.83GHz | None | 1828/167mhz

.

==== Disk Partitions =========================

.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Ad-Aware

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.4

AiO_Scan_CDA

AiOSoftwareNPI

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

ATI HYDRAVISION

Atomic Clock Sync

AutoCAD Map 3D 2009

AutoCAD Map 3D 2009 Version 4

Autodesk Design Review 2009

Bing Maps 3D

BlackBerry Java Development Environment 3.7

Bonjour

Cisco Systems VPN Client 5.0.07.0410

Configuration Manager Client

Curitel PC Card Software

CutePDF Writer 2.8

Dell Printer Software Uninstall

Digital Photo Navigator 1.5

eFax Messenger

Everio MediaBrowser

FAI9New

FAMIS Drawing Coordination 8.2.2.X/10.2.2.X/10.3.1.X

Fax_CDA

FreeMind

GoToMeeting 5.1.0.880

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB969084)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Photosmart, Officejet and Deskjet 7.0.A

Intel® PRO Network Connections Drivers

Intel® PROSet/Wireless Software

InterVideo WinDVD

InterVideo WinDVD Creator 3

iRise® Reader v7.3.0.0 (Build:22115)

iTunes

J2SE Runtime Environment 5.0 Update 22

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 24

LiveReg (Symantec Corporation)

LiveUpdate 3.1 (Symantec Corporation)

Logitech Webcam Software

Malwarebytes Anti-Malware version 1.61.0.1400

mCore

mDriver

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Communicator 2007 R2

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Project 2007 Service Pack 2 (SP2)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio 2007 Service Pack 2 (SP2)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

mMHouse

Mozilla Firefox 11.0 (x86 en-US)

mPfMgr

mProSafe

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

mWlsSafe

mXML

Network Recording Player

NewCopy_CDA

NotesLink

OGA Notifier 2.0.0048.0

Opera Mobile

PC-Doctor 5 for Windows

Picasa 2

Productivity Center Supplement for ThinkPad

QFolder

QuickTime

RDC

Readme

RecordNow Audio

RecordNow Copy

RecordNow Data

refresh

Remove Multimedia Center

SAMSUNG USB Driver for Mobile Phones V5.16.0.0

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio 2007 (KB2553010)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2483614)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Click to Call

Skype™ 5.5

SlingPlayer

SnagIt 7

Sonic DLA

Sonic Express Labeler

Sonic Icons for Lenovo

Sonic Update Manager

SoundMAX

Symantec AntiVirus

System Migration Assistant

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad Configuration

ThinkPad EasyEject Utility

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Keyboard Customizer Utility

ThinkPad Modem

ThinkPad PC Card Power Policy

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad Presentation Director

ThinkPad UltraNav Driver

ThinkPad UltraNav Wizard

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Away Manager

ThinkVantage Fingerprint Software 5.5

ThinkVantage Productivity Center

ThinkVantage Technologies Welcome Message

TrackPoint Accessibility Features

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Project 2007 Help (KB963668)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Visio 2007 Help (KB963666)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2362765)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows Internet Explorer 8 (KB982664)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2264107)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB943729)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

UPSDK411

VBA (2627.01)

VZAccess Manager

Wallpapers

WD SmartWare

WD Software Upgrader

WebEx

WebFldrs XP

WebReg

WebSlingPlayer ActiveX

WIMGAPI

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WinSABA-AutoCAD Interface v1.3

WinSABA-AutoCAD Interface v1.3 (C:\Program Files\WinSABA-AutoCAD Interface\)

XP Themes

.

==== Event Viewer Messages From Past Week ========

.

4/24/2012 3:55:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/24/2012 3:53:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC eeCtrl Fips IBMTPCHK intelppm SAVRT SAVRTPEL ShockMgr Smapint SPBBCDrv SYMTDI TDSMAPI TPHKDRV TPPWRIF TSMAPIP

4/24/2012 10:54:01 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 10:49:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0019D29F7D14 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

4/22/2012 5:57:26 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ACCRUENT due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

4/19/2012 1:34:25 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Guest McGolff

Well the Redirect virus is still there ---- got two clicks hijacked this morning from different sites. Didn't appear to be anything tagged as malicious on the TDSSKiller scan. Results are here:

18:11:38.0859 7608 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

18:11:39.0531 7608 ============================================================

18:11:39.0531 7608 Current date / time: 2012/04/30 18:11:39.0531

18:11:39.0531 7608 SystemInfo:

18:11:39.0531 7608

18:11:39.0531 7608 OS Version: 5.1.2600 ServicePack: 3.0

18:11:39.0531 7608 Product type: Workstation

18:11:39.0531 7608 ComputerName: MCLEAN-LT

18:11:39.0531 7608 UserName: TimM

18:11:39.0531 7608 Windows directory: C:\WINDOWS

18:11:39.0531 7608 System windows directory: C:\WINDOWS

18:11:39.0531 7608 Processor architecture: Intel x86

18:11:39.0531 7608 Number of processors: 2

18:11:39.0531 7608 Page size: 0x1000

18:11:39.0531 7608 Boot type: Normal boot

18:11:39.0531 7608 ============================================================

18:11:43.0953 7608 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

18:11:43.0953 7608 ============================================================

18:11:43.0953 7608 \Device\Harddisk0\DR0:

18:11:43.0953 7608 MBR partitions:

18:11:43.0953 7608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8BF8771

18:11:43.0968 7608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x950E14F, BlocksNum 0x950A5C1

18:11:43.0968 7608 ============================================================

18:11:44.0000 7608 C: <-> \Device\Harddisk0\DR0\Partition0

18:11:44.0031 7608 E: <-> \Device\Harddisk0\DR0\Partition1

18:11:44.0031 7608 ============================================================

18:11:44.0031 7608 Initialize success

18:11:44.0031 7608 ============================================================

18:12:25.0781 2592 ============================================================

18:12:25.0781 2592 Scan started

18:12:25.0781 2592 Mode: Manual; SigCheck; TDLFS;

18:12:25.0781 2592 ============================================================

18:12:26.0406 2592 Abiosdsk - ok

18:12:26.0437 2592 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:12:26.0718 2592 abp480n5 - ok

18:12:26.0750 2592 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

18:12:26.0875 2592 ac97intc - ok

18:12:26.0921 2592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:12:27.0046 2592 ACPI - ok

18:12:27.0062 2592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

18:12:27.0234 2592 ACPIEC - ok

18:12:27.0328 2592 AcPrfMgrSvc (b256d804e3af59023dfeedc743b4dd96) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

18:12:27.0359 2592 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning

18:12:27.0359 2592 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)

18:12:27.0375 2592 AcSvc (4abaf28ffcfca1bbdc2ed83af1b80faa) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

18:12:27.0421 2592 AcSvc ( UnsignedFile.Multi.Generic ) - warning

18:12:27.0421 2592 AcSvc - detected UnsignedFile.Multi.Generic (1)

18:12:27.0468 2592 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys

18:12:27.0546 2592 ADIHdAudAddService - ok

18:12:27.0578 2592 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:12:27.0703 2592 adpu160m - ok

18:12:27.0718 2592 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys

18:12:27.0750 2592 AEAudioService - ok

18:12:27.0796 2592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:12:27.0921 2592 aec - ok

18:12:27.0953 2592 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys

18:12:27.0984 2592 AegisP ( UnsignedFile.Multi.Generic ) - warning

18:12:27.0984 2592 AegisP - detected UnsignedFile.Multi.Generic (1)

18:12:28.0015 2592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:12:28.0109 2592 AFD - ok

18:12:28.0125 2592 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

18:12:28.0281 2592 agp440 - ok

18:12:28.0281 2592 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:12:28.0406 2592 agpCPQ - ok

18:12:28.0421 2592 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:12:28.0500 2592 Aha154x - ok

18:12:28.0515 2592 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:12:28.0656 2592 aic78u2 - ok

18:12:28.0687 2592 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:12:28.0812 2592 aic78xx - ok

18:12:28.0843 2592 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

18:12:28.0968 2592 Alerter - ok

18:12:29.0000 2592 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

18:12:29.0125 2592 ALG - ok

18:12:29.0140 2592 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

18:12:29.0250 2592 AliIde - ok

18:12:29.0265 2592 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:12:29.0375 2592 alim1541 - ok

18:12:29.0390 2592 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:12:29.0515 2592 amdagp - ok

18:12:29.0531 2592 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

18:12:29.0609 2592 amsint - ok

18:12:29.0640 2592 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

18:12:29.0671 2592 ANC ( UnsignedFile.Multi.Generic ) - warning

18:12:29.0671 2592 ANC - detected UnsignedFile.Multi.Generic (1)

18:12:29.0765 2592 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:12:29.0812 2592 Apple Mobile Device - ok

18:12:29.0843 2592 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

18:12:29.0968 2592 AppMgmt - ok

18:12:29.0984 2592 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

18:12:30.0109 2592 asc - ok

18:12:30.0125 2592 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:12:30.0187 2592 asc3350p - ok

18:12:30.0203 2592 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:12:30.0328 2592 asc3550 - ok

18:12:30.0390 2592 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

18:12:30.0500 2592 aspnet_state - ok

18:12:30.0515 2592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:12:30.0640 2592 AsyncMac - ok

18:12:30.0671 2592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:12:30.0765 2592 atapi - ok

18:12:30.0781 2592 Atdisk - ok

18:12:30.0828 2592 Ati HotKey Poller (c382626e3880f55f93c79002a246821f) C:\WINDOWS\system32\Ati2evxx.exe

18:12:30.0953 2592 Ati HotKey Poller - ok

18:12:31.0078 2592 ati2mtag (6fdb638e0921d99a48ec4ae52071173c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:12:31.0218 2592 ati2mtag - ok

18:12:31.0343 2592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:12:31.0484 2592 Atmarpc - ok

18:12:31.0500 2592 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

18:12:31.0578 2592 atmeltpm - ok

18:12:31.0609 2592 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

18:12:31.0750 2592 AudioSrv - ok

18:12:31.0781 2592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:12:31.0921 2592 audstub - ok

18:12:32.0015 2592 Autodesk Licensing Service (df687ee356b7f80a6442ae4d2c3ee3b4) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

18:12:32.0062 2592 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning

18:12:32.0062 2592 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)

18:12:32.0078 2592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:12:32.0218 2592 Beep - ok

18:12:32.0281 2592 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

18:12:32.0484 2592 BITS - ok

18:12:32.0562 2592 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

18:12:32.0609 2592 Bonjour Service - ok

18:12:32.0656 2592 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

18:12:32.0781 2592 Browser - ok

18:12:32.0828 2592 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

18:12:32.0953 2592 BthEnum - ok

18:12:32.0984 2592 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

18:12:33.0109 2592 BthPan - ok

18:12:33.0156 2592 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

18:12:33.0218 2592 BTHPORT - ok

18:12:33.0265 2592 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll

18:12:33.0406 2592 BthServ - ok

18:12:33.0421 2592 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

18:12:33.0546 2592 BTHUSB - ok

18:12:33.0625 2592 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

18:12:33.0687 2592 BTKRNL ( UnsignedFile.Multi.Generic ) - warning

18:12:33.0687 2592 BTKRNL - detected UnsignedFile.Multi.Generic (1)

18:12:33.0812 2592 btwdins (cb2a3bae9aad6b42f7b6473363bbc168) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

18:12:33.0875 2592 btwdins ( UnsignedFile.Multi.Generic ) - warning

18:12:33.0875 2592 btwdins - detected UnsignedFile.Multi.Generic (1)

18:12:33.0906 2592 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys

18:12:33.0953 2592 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

18:12:33.0953 2592 BTWUSB - detected UnsignedFile.Multi.Generic (1)

18:12:34.0000 2592 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:12:34.0187 2592 cbidf - ok

18:12:34.0187 2592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:12:34.0343 2592 cbidf2k - ok

18:12:34.0390 2592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:12:34.0562 2592 CCDECODE - ok

18:12:34.0625 2592 ccEvtMgr (0a6786c95a6f8715aa4285e3c27f201f) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

18:12:34.0640 2592 ccEvtMgr - ok

18:12:34.0734 2592 CcmExec (15434423b77f80036c71205a240c1507) C:\WINDOWS\system32\CCM\CcmExec.exe

18:12:34.0812 2592 CcmExec - ok

18:12:34.0828 2592 ccSetMgr (3b4898cf051bb04fb76e94361e336a83) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

18:12:34.0843 2592 ccSetMgr - ok

18:12:34.0875 2592 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:12:34.0968 2592 cd20xrnt - ok

18:12:34.0984 2592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:12:35.0109 2592 Cdaudio - ok

18:12:35.0140 2592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:12:35.0265 2592 Cdfs - ok

18:12:35.0312 2592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:12:35.0453 2592 Cdrom - ok

18:12:35.0453 2592 Changer - ok

18:12:35.0515 2592 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

18:12:35.0625 2592 CiSvc - ok

18:12:35.0640 2592 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

18:12:35.0781 2592 ClipSrv - ok

18:12:36.0031 2592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:12:36.0156 2592 clr_optimization_v2.0.50727_32 - ok

18:12:36.0218 2592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:12:36.0328 2592 clr_optimization_v4.0.30319_32 - ok

18:12:36.0343 2592 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:12:36.0484 2592 CmBatt - ok

18:12:36.0515 2592 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:12:36.0640 2592 CmdIde - ok

18:12:36.0718 2592 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:12:36.0843 2592 Compbatt - ok

18:12:36.0843 2592 COMSysApp - ok

18:12:36.0859 2592 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:12:36.0984 2592 Cpqarray - ok

18:12:37.0015 2592 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

18:12:37.0156 2592 CryptSvc - ok

18:12:37.0187 2592 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

18:12:37.0234 2592 CVirtA - ok

18:12:37.0359 2592 CVPND (30443eef52f5fb043654859eaa8e5247) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

18:12:37.0453 2592 CVPND - ok

18:12:37.0703 2592 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

18:12:37.0750 2592 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

18:12:37.0750 2592 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

18:12:37.0796 2592 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:12:37.0953 2592 dac2w2k - ok

18:12:37.0953 2592 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:12:38.0093 2592 dac960nt - ok

18:12:38.0125 2592 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:12:38.0187 2592 DcomLaunch - ok

18:12:38.0250 2592 DefWatch (1f709c66d8aadff35530c56ee261c462) C:\Program Files\Symantec AntiVirus\DefWatch.exe

18:12:38.0281 2592 DefWatch - ok

18:12:38.0312 2592 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

18:12:38.0437 2592 Dhcp - ok

18:12:38.0468 2592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:12:38.0593 2592 Disk - ok

18:12:38.0640 2592 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

18:12:38.0656 2592 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

18:12:38.0656 2592 DLABOIOM - detected UnsignedFile.Multi.Generic (1)

18:12:38.0671 2592 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

18:12:38.0687 2592 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

18:12:38.0687 2592 DLACDBHM - detected UnsignedFile.Multi.Generic (1)

18:12:38.0703 2592 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS

18:12:38.0718 2592 DLADResN ( UnsignedFile.Multi.Generic ) - warning

18:12:38.0718 2592 DLADResN - detected UnsignedFile.Multi.Generic (1)

18:12:38.0734 2592 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

18:12:38.0765 2592 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

18:12:38.0765 2592 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

18:12:38.0765 2592 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

18:12:38.0796 2592 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

18:12:38.0796 2592 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

18:12:38.0812 2592 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

18:12:38.0828 2592 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

18:12:38.0828 2592 DLAPoolM - detected UnsignedFile.Multi.Generic (1)

18:12:38.0859 2592 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

18:12:38.0906 2592 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

18:12:38.0906 2592 DLARTL_N - detected UnsignedFile.Multi.Generic (1)

18:12:38.0937 2592 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

18:12:38.0953 2592 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

18:12:38.0953 2592 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

18:12:38.0984 2592 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

18:12:39.0015 2592 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

18:12:39.0015 2592 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

18:12:39.0031 2592 dmadmin - ok

18:12:39.0140 2592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:12:39.0296 2592 dmboot - ok

18:12:39.0312 2592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:12:39.0453 2592 dmio - ok

18:12:39.0484 2592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:12:39.0640 2592 dmload - ok

18:12:39.0734 2592 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

18:12:39.0875 2592 dmserver - ok

18:12:39.0906 2592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:12:40.0046 2592 DMusic - ok

18:12:40.0093 2592 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys

18:12:40.0109 2592 DNE - ok

18:12:40.0156 2592 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

18:12:40.0281 2592 Dnscache - ok

18:12:40.0343 2592 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

18:12:40.0468 2592 Dot3svc - ok

18:12:40.0515 2592 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

18:12:40.0656 2592 Dot4 - ok

18:12:40.0687 2592 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

18:12:40.0828 2592 Dot4Print - ok

18:12:40.0828 2592 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

18:12:41.0031 2592 dot4usb - ok

18:12:41.0125 2592 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:12:41.0265 2592 dpti2o - ok

18:12:41.0296 2592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:12:41.0421 2592 drmkaud - ok

18:12:41.0468 2592 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

18:12:41.0484 2592 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

18:12:41.0484 2592 DRVMCDB - detected UnsignedFile.Multi.Generic (1)

18:12:41.0500 2592 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

18:12:41.0531 2592 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

18:12:41.0531 2592 DRVNDDM - detected UnsignedFile.Multi.Generic (1)

18:12:41.0562 2592 DwMirror (383182215a2c238e76b86e3b5ede40eb) C:\WINDOWS\system32\DRIVERS\DamewareMini.sys

18:12:41.0640 2592 DwMirror - ok

18:12:41.0656 2592 dwmrcs - ok

18:12:41.0687 2592 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\WINDOWS\system32\DRIVERS\dwvkbd.sys

18:12:41.0734 2592 dwvkbd - ok

18:12:41.0781 2592 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:12:41.0921 2592 E100B - ok

18:12:41.0968 2592 e1express (b1e9161ba28d5b826e49a1d0ded7fcc4) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

18:12:42.0453 2592 e1express - ok

18:12:42.0500 2592 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

18:12:42.0640 2592 EapHost - ok

18:12:42.0734 2592 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

18:12:42.0765 2592 eeCtrl - ok

18:12:42.0796 2592 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

18:12:42.0828 2592 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning

18:12:42.0828 2592 EGATHDRV - detected UnsignedFile.Multi.Generic (1)

18:12:42.0859 2592 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:12:42.0875 2592 EraserUtilRebootDrv - ok

18:12:42.0906 2592 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

18:12:43.0031 2592 ERSvc - ok

18:12:43.0078 2592 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:12:43.0109 2592 Eventlog - ok

18:12:43.0156 2592 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

18:12:43.0218 2592 EventSystem - ok

18:12:43.0281 2592 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

18:12:43.0343 2592 EvtEng ( UnsignedFile.Multi.Generic ) - warning

18:12:43.0343 2592 EvtEng - detected UnsignedFile.Multi.Generic (1)

18:12:43.0421 2592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:12:43.0593 2592 Fastfat - ok

18:12:43.0640 2592 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:12:43.0671 2592 FastUserSwitchingCompatibility - ok

18:12:43.0687 2592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:12:43.0812 2592 Fdc - ok

18:12:43.0828 2592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:12:43.0953 2592 Fips - ok

18:12:43.0968 2592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:12:44.0250 2592 Flpydisk - ok

18:12:44.0281 2592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:12:44.0406 2592 FltMgr - ok

18:12:44.0500 2592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:12:44.0531 2592 FontCache3.0.0.0 - ok

18:12:44.0546 2592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:12:44.0703 2592 Fs_Rec - ok

18:12:44.0718 2592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:12:44.0843 2592 Ftdisk - ok

18:12:44.0859 2592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:12:44.0875 2592 GEARAspiWDM - ok

18:12:44.0906 2592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:12:45.0015 2592 Gpc - ok

18:12:45.0031 2592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:12:45.0171 2592 HDAudBus - ok

18:12:45.0234 2592 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:12:45.0359 2592 helpsvc - ok

18:12:45.0390 2592 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

18:12:45.0500 2592 HidServ - ok

18:12:45.0546 2592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:12:45.0687 2592 HidUsb - ok

18:12:45.0734 2592 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

18:12:45.0875 2592 hkmsvc - ok

18:12:45.0953 2592 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

18:12:46.0031 2592 HP Port Resolver - ok

18:12:46.0062 2592 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

18:12:46.0140 2592 HP Status Server - ok

18:12:46.0171 2592 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

18:12:46.0281 2592 hpn - ok

18:12:46.0328 2592 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

18:12:46.0406 2592 HSFHWAZL - ok

18:12:46.0515 2592 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

18:12:46.0609 2592 HSF_DPV - ok

18:12:46.0671 2592 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys

18:12:46.0734 2592 HSXHWAZL - ok

18:12:46.0796 2592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:12:46.0859 2592 HTTP - ok

18:12:46.0890 2592 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

18:12:47.0031 2592 HTTPFilter - ok

18:12:47.0078 2592 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:12:47.0171 2592 i2omgmt - ok

18:12:47.0203 2592 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:12:47.0328 2592 i2omp - ok

18:12:47.0359 2592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:12:47.0484 2592 i8042prt - ok

18:12:47.0578 2592 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

18:12:47.0671 2592 iaStor ( UnsignedFile.Multi.Generic ) - warning

18:12:47.0671 2592 iaStor - detected UnsignedFile.Multi.Generic (1)

18:12:47.0703 2592 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

18:12:47.0718 2592 IBMPMDRV - ok

18:12:47.0734 2592 IBMPMSVC (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\WINDOWS\system32\ibmpmsvc.exe

18:12:47.0765 2592 IBMPMSVC - ok

18:12:47.0765 2592 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

18:12:47.0796 2592 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning

18:12:47.0796 2592 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)

18:12:47.0890 2592 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

18:12:47.0921 2592 IDriverT ( UnsignedFile.Multi.Generic ) - warning

18:12:47.0921 2592 IDriverT - detected UnsignedFile.Multi.Generic (1)

18:12:48.0046 2592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:12:48.0140 2592 idsvc - ok

18:12:48.0187 2592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:12:48.0312 2592 Imapi - ok

18:12:48.0359 2592 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

18:12:48.0484 2592 ImapiService - ok

18:12:48.0515 2592 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:12:48.0671 2592 ini910u - ok

18:12:48.0687 2592 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:12:48.0812 2592 IntelIde - ok

18:12:48.0828 2592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:12:48.0953 2592 intelppm - ok

18:12:48.0968 2592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:12:49.0093 2592 Ip6Fw - ok

18:12:49.0109 2592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:12:49.0234 2592 IpFilterDriver - ok

18:12:49.0250 2592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:12:49.0359 2592 IpInIp - ok

18:12:49.0406 2592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:12:49.0531 2592 IpNat - ok

18:12:49.0625 2592 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe

18:12:49.0703 2592 iPod Service - ok

18:12:49.0718 2592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:12:49.0828 2592 IPSec - ok

18:12:49.0859 2592 IPSSVC (4d1d3b3644737746fb98c4d272fb4a86) C:\WINDOWS\system32\IPSSVC.EXE

18:12:49.0906 2592 IPSSVC ( UnsignedFile.Multi.Generic ) - warning

18:12:49.0906 2592 IPSSVC - detected UnsignedFile.Multi.Generic (1)

18:12:49.0921 2592 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

18:12:50.0062 2592 irda - ok

18:12:50.0078 2592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:12:50.0187 2592 IRENUM - ok

18:12:50.0218 2592 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll

18:12:50.0328 2592 Irmon - ok

18:12:50.0375 2592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:12:50.0484 2592 isapnp - ok

18:12:50.0531 2592 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

18:12:50.0531 2592 Iviaspi ( UnsignedFile.Multi.Generic ) - warning

18:12:50.0531 2592 Iviaspi - detected UnsignedFile.Multi.Generic (1)

18:12:50.0546 2592 ivusb - ok

18:12:50.0625 2592 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe

18:12:50.0656 2592 JavaQuickStarterService - ok

18:12:50.0671 2592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:12:50.0781 2592 Kbdclass - ok

18:12:50.0812 2592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:12:50.0906 2592 kbdhid - ok

18:12:51.0015 2592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:12:51.0140 2592 kmixer - ok

18:12:51.0171 2592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:12:51.0281 2592 KSecDD - ok

18:12:51.0312 2592 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

18:12:51.0375 2592 lanmanserver - ok

18:12:51.0406 2592 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

18:12:51.0484 2592 lanmanworkstation - ok

18:12:51.0703 2592 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

18:12:51.0859 2592 Lavasoft Ad-Aware Service - ok

18:12:52.0015 2592 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

18:12:52.0031 2592 Lbd - ok

18:12:52.0031 2592 lbrtfdc - ok

18:12:52.0312 2592 LiveUpdate (fb3a35318ca7f6a10fa3c3826a69affe) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

18:12:52.0453 2592 LiveUpdate - ok

18:12:52.0609 2592 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

18:12:52.0750 2592 LmHosts - ok

18:12:52.0796 2592 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

18:12:52.0812 2592 LVPr2Mon - ok

18:12:52.0890 2592 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

18:12:52.0921 2592 LVPrcSrv - ok

18:12:52.0953 2592 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:12:52.0984 2592 mdmxsdk - ok

18:12:53.0015 2592 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

18:12:53.0140 2592 Messenger - ok

18:12:53.0218 2592 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

18:12:53.0265 2592 Microsoft Office Groove Audit Service - ok

18:12:53.0296 2592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:12:53.0421 2592 mnmdd - ok

18:12:53.0531 2592 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

18:12:53.0656 2592 mnmsrvc - ok

18:12:53.0687 2592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:12:53.0812 2592 Modem - ok

18:12:53.0843 2592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:12:53.0968 2592 Mouclass - ok

18:12:54.0000 2592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:12:54.0140 2592 mouhid - ok

18:12:54.0171 2592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:12:54.0312 2592 MountMgr - ok

18:12:54.0343 2592 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:12:54.0468 2592 mraid35x - ok

18:12:54.0484 2592 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:12:54.0562 2592 MRxDAV - ok

18:12:54.0609 2592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:12:54.0750 2592 MRxSmb - ok

18:12:54.0781 2592 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

18:12:54.0890 2592 MSDTC - ok

18:12:54.0890 2592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:12:55.0015 2592 Msfs - ok

18:12:55.0046 2592 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

18:12:55.0156 2592 MSIRCOMM - ok

18:12:55.0156 2592 MSIServer - ok

18:12:55.0203 2592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:12:55.0312 2592 MSKSSRV - ok

18:12:55.0343 2592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:12:55.0468 2592 MSPCLOCK - ok

18:12:55.0468 2592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:12:55.0593 2592 MSPQM - ok

18:12:55.0625 2592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:12:55.0734 2592 mssmbios - ok

18:12:55.0750 2592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:12:55.0875 2592 MSTEE - ok

18:12:55.0906 2592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:12:55.0968 2592 Mup - ok

18:12:56.0000 2592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:12:56.0109 2592 NABTSFEC - ok

18:12:56.0156 2592 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

18:12:56.0296 2592 napagent - ok

18:12:56.0421 2592 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120430.002\naveng.sys

18:12:56.0437 2592 NAVENG - ok

18:12:56.0593 2592 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120430.002\navex15.sys

18:12:56.0656 2592 NAVEX15 - ok

18:12:56.0828 2592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:12:56.0968 2592 NDIS - ok

18:12:57.0000 2592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:12:57.0109 2592 NdisIP - ok

18:12:57.0156 2592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:12:57.0203 2592 NdisTapi - ok

18:12:57.0218 2592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:12:57.0328 2592 Ndisuio - ok

18:12:57.0359 2592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:12:57.0484 2592 NdisWan - ok

18:12:57.0515 2592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:12:57.0546 2592 NDProxy - ok

18:12:57.0578 2592 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\WINDOWS\system32\HPZinw12.dll

18:12:57.0625 2592 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:12:57.0625 2592 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:12:57.0656 2592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:12:57.0781 2592 NetBIOS - ok

18:12:57.0812 2592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:12:57.0953 2592 NetBT - ok

18:12:58.0000 2592 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:12:58.0140 2592 NetDDE - ok

18:12:58.0140 2592 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:12:58.0234 2592 NetDDEdsdm - ok

18:12:58.0328 2592 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:12:58.0437 2592 Netlogon - ok

18:12:58.0453 2592 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

18:12:58.0593 2592 Netman - ok

18:12:58.0687 2592 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

18:12:58.0703 2592 NetTcpPortSharing - ok

18:12:58.0843 2592 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

18:12:58.0953 2592 NETw3x32 - ok

18:12:59.0140 2592 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

18:12:59.0171 2592 Nla - ok

18:12:59.0234 2592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:12:59.0375 2592 Npfs - ok

18:12:59.0406 2592 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

18:12:59.0515 2592 NSCIRDA - ok

18:12:59.0546 2592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:12:59.0718 2592 Ntfs - ok

18:12:59.0734 2592 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:12:59.0843 2592 NtLmSsp - ok

18:12:59.0890 2592 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

18:13:00.0031 2592 NtmsSvc - ok

18:13:00.0062 2592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:13:00.0203 2592 Null - ok

18:13:00.0531 2592 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:13:00.0750 2592 nv - ok

18:13:00.0875 2592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:13:01.0015 2592 NwlnkFlt - ok

18:13:01.0031 2592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:13:01.0171 2592 NwlnkFwd - ok

18:13:01.0281 2592 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:13:01.0343 2592 odserv - ok

18:13:01.0390 2592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:13:01.0453 2592 ose - ok

18:13:01.0500 2592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:13:01.0640 2592 Parport - ok

18:13:01.0687 2592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:13:01.0843 2592 PartMgr - ok

18:13:01.0875 2592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:13:02.0000 2592 ParVdm - ok

18:13:02.0015 2592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:13:02.0140 2592 PCI - ok

18:13:02.0140 2592 PCIDump - ok

18:13:02.0156 2592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:13:02.0281 2592 PCIIde - ok

18:13:02.0296 2592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

18:13:02.0406 2592 Pcmcia - ok

18:13:02.0421 2592 PDCOMP - ok

18:13:02.0421 2592 PDFRAME - ok

18:13:02.0421 2592 PDRELI - ok

18:13:02.0437 2592 PDRFRAME - ok

18:13:02.0437 2592 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

18:13:02.0578 2592 perc2 - ok

18:13:02.0578 2592 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:13:02.0718 2592 perc2hib - ok

18:13:02.0781 2592 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:13:02.0796 2592 PlugPlay - ok

18:13:02.0828 2592 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

18:13:02.0828 2592 pmem ( UnsignedFile.Multi.Generic ) - warning

18:13:02.0828 2592 pmem - detected UnsignedFile.Multi.Generic (1)

18:13:02.0859 2592 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\WINDOWS\system32\HPZipm12.dll

18:13:02.0906 2592 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:13:02.0906 2592 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:13:02.0937 2592 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:13:03.0031 2592 PolicyAgent - ok

18:13:03.0062 2592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:13:03.0171 2592 PptpMiniport - ok

18:13:03.0234 2592 prepdrvr (2a3e82aeaf8a4a1ed7bd22f6a2424a35) C:\WINDOWS\system32\CCM\prepdrv.sys

18:13:03.0281 2592 prepdrvr - ok

18:13:03.0296 2592 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

18:13:03.0328 2592 PROCDD ( UnsignedFile.Multi.Generic ) - warning

18:13:03.0328 2592 PROCDD - detected UnsignedFile.Multi.Generic (1)

18:13:03.0343 2592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

18:13:03.0453 2592 Processor - ok

18:13:03.0468 2592 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:13:03.0562 2592 ProtectedStorage - ok

18:13:03.0593 2592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:13:03.0718 2592 PSched - ok

18:13:03.0750 2592 PTDWBus (fbd9a22ec513457bc4b9227a239bce2c) C:\WINDOWS\system32\DRIVERS\PTDWBus.sys

18:13:03.0796 2592 PTDWBus - ok

18:13:03.0812 2592 PTDWMdm (33477b60160223e71c2850532cbba647) C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys

18:13:03.0859 2592 PTDWMdm - ok

18:13:03.0859 2592 PTDWVsp (80811c30bc5ec69078bd45cae6dec82e) C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys

18:13:03.0890 2592 PTDWVsp - ok

18:13:03.0921 2592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:13:04.0062 2592 Ptilink - ok

18:13:04.0078 2592 PWCTLDRV (f82f63e56c9d0c769a2bb385a972120b) C:\WINDOWS\system32\drivers\PWCTLDRV.sys

18:13:04.0109 2592 PWCTLDRV - ok

18:13:04.0109 2592 pwi_bus - ok

18:13:04.0125 2592 pwi_mdfl - ok

18:13:04.0125 2592 pwi_mdm - ok

18:13:04.0140 2592 pwi_oflt - ok

18:13:04.0140 2592 pwi_serd - ok

18:13:04.0171 2592 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:13:04.0203 2592 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

18:13:04.0203 2592 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

18:13:04.0218 2592 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:13:04.0359 2592 ql1080 - ok

18:13:04.0359 2592 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:13:04.0484 2592 Ql10wnt - ok

18:13:04.0500 2592 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:13:04.0625 2592 ql12160 - ok

18:13:04.0625 2592 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:13:04.0750 2592 ql1240 - ok

18:13:04.0765 2592 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:13:04.0875 2592 ql1280 - ok

18:13:04.0906 2592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:13:05.0250 2592 RasAcd - ok

18:13:05.0281 2592 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

18:13:05.0406 2592 RasAuto - ok

18:13:05.0437 2592 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

18:13:05.0515 2592 Rasirda - ok

18:13:05.0546 2592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:13:05.0687 2592 Rasl2tp - ok

18:13:05.0718 2592 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

18:13:05.0890 2592 RasMan - ok

18:13:05.0890 2592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:13:06.0015 2592 RasPppoe - ok

18:13:06.0031 2592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:13:06.0140 2592 Raspti - ok

18:13:06.0171 2592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:13:06.0296 2592 Rdbss - ok

18:13:06.0312 2592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:13:06.0453 2592 RDPCDD - ok

18:13:06.0484 2592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:13:06.0609 2592 rdpdr - ok

18:13:06.0656 2592 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

18:13:06.0734 2592 RDPWD - ok

18:13:06.0765 2592 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

18:13:06.0906 2592 RDSessMgr - ok

18:13:06.0921 2592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:13:07.0046 2592 redbook - ok

18:13:07.0140 2592 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

18:13:07.0187 2592 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

18:13:07.0187 2592 RegSrvc - detected UnsignedFile.Multi.Generic (1)

18:13:07.0234 2592 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

18:13:07.0359 2592 RemoteAccess - ok

18:13:07.0390 2592 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

18:13:07.0515 2592 RemoteRegistry - ok

18:13:07.0578 2592 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

18:13:07.0718 2592 RFCOMM - ok

18:13:07.0734 2592 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

18:13:07.0859 2592 RpcLocator - ok

18:13:07.0921 2592 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:13:07.0937 2592 RpcSs - ok

18:13:07.0968 2592 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

18:13:08.0109 2592 RSVP - ok

18:13:08.0281 2592 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

18:13:08.0343 2592 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

18:13:08.0343 2592 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

18:13:08.0406 2592 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys

18:13:08.0421 2592 s24trans ( UnsignedFile.Multi.Generic ) - warning

18:13:08.0421 2592 s24trans - detected UnsignedFile.Multi.Generic (1)

18:13:08.0453 2592 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:13:08.0562 2592 SamSs - ok

18:13:08.0609 2592 SavRoam (3525fdcfc567e807a337c61aff366be8) C:\Program Files\Symantec AntiVirus\SavRoam.exe

18:13:08.0640 2592 SavRoam - ok

18:13:08.0671 2592 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

18:13:08.0703 2592 SAVRT - ok

18:13:08.0734 2592 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

18:13:08.0750 2592 SAVRTPEL - ok

18:13:08.0796 2592 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

18:13:08.0921 2592 SCardSvr - ok

18:13:08.0968 2592 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

18:13:09.0109 2592 Schedule - ok

18:13:09.0140 2592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:13:09.0265 2592 Secdrv - ok

18:13:09.0281 2592 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

18:13:09.0406 2592 seclogon - ok

18:13:09.0421 2592 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

18:13:09.0562 2592 SENS - ok

18:13:09.0578 2592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:13:09.0703 2592 serenum - ok

18:13:09.0718 2592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:13:09.0843 2592 Serial - ok

18:13:09.0890 2592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:13:10.0000 2592 Sfloppy - ok

18:13:10.0062 2592 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

18:13:10.0187 2592 SharedAccess - ok

18:13:10.0218 2592 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:13:10.0234 2592 ShellHWDetection - ok

18:13:10.0265 2592 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys

18:13:10.0281 2592 ShockMgr ( UnsignedFile.Multi.Generic ) - warning

18:13:10.0281 2592 ShockMgr - detected UnsignedFile.Multi.Generic (1)

18:13:10.0312 2592 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys

18:13:10.0328 2592 Shockprf ( UnsignedFile.Multi.Generic ) - warning

18:13:10.0328 2592 Shockprf - detected UnsignedFile.Multi.Generic (1)

18:13:10.0343 2592 Simbad - ok

18:13:10.0375 2592 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:13:10.0484 2592 sisagp - ok

18:13:10.0531 2592 SlingAgentService (0973bd0931bf4d0dfb1885bd464e9766) C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

18:13:10.0562 2592 SlingAgentService - ok

18:13:10.0609 2592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:13:10.0734 2592 SLIP - ok

18:13:10.0765 2592 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys

18:13:10.0781 2592 Smapint ( UnsignedFile.Multi.Generic ) - warning

18:13:10.0781 2592 Smapint - detected UnsignedFile.Multi.Generic (1)

18:13:10.0828 2592 smihlp (01a4388e45ba272082bfc35b0c8dbf8a) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

18:13:10.0859 2592 smihlp ( UnsignedFile.Multi.Generic ) - warning

18:13:10.0859 2592 smihlp - detected UnsignedFile.Multi.Generic (1)

18:13:10.0890 2592 SMNDIS5 - ok

18:13:10.0921 2592 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS

18:13:10.0937 2592 SMSIVZAM5 - ok

18:13:10.0984 2592 smsmdd (4736f44316b481eb2ead736b639a7a7f) C:\WINDOWS\system32\DRIVERS\smsmdm.sys

18:13:11.0000 2592 smsmdd - ok

18:13:11.0031 2592 smstsmgr - ok

18:13:11.0093 2592 SNDSrvc (0d411eea92751c1ecd8453892f41e726) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

18:13:11.0140 2592 SNDSrvc - ok

18:13:11.0171 2592 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:13:11.0234 2592 Sparrow - ok

18:13:11.0281 2592 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

18:13:11.0312 2592 SPBBCDrv - ok

18:13:11.0406 2592 SPBBCSvc (c830007369e18a54aed23b5bb3afa2ba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

18:13:11.0484 2592 SPBBCSvc - ok

18:13:11.0640 2592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:13:11.0765 2592 splitter - ok

18:13:11.0796 2592 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:13:11.0875 2592 Spooler - ok

18:13:11.0890 2592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:13:12.0015 2592 sr - ok

18:13:12.0062 2592 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

18:13:12.0171 2592 srservice - ok

18:13:12.0234 2592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:13:12.0312 2592 Srv - ok

18:13:12.0343 2592 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

18:13:12.0375 2592 sscdbus - ok

18:13:12.0406 2592 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

18:13:12.0421 2592 sscdmdfl - ok

18:13:12.0437 2592 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

18:13:12.0468 2592 sscdmdm - ok

18:13:12.0500 2592 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys

18:13:12.0515 2592 sscdserd - ok

18:13:12.0562 2592 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

18:13:12.0703 2592 SSDPSRV - ok

18:13:12.0734 2592 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

18:13:12.0859 2592 StillCam - ok

18:13:12.0906 2592 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

18:13:13.0062 2592 stisvc - ok

18:13:13.0093 2592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:13:13.0218 2592 streamip - ok

18:13:13.0234 2592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:13:13.0359 2592 swenum - ok

18:13:13.0375 2592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:13:13.0484 2592 swmidi - ok

18:13:13.0500 2592 SwPrv - ok

18:13:13.0718 2592 Symantec AntiVirus (8fdaadf204a4f29214da1b03342e2735) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

18:13:13.0796 2592 Symantec AntiVirus - ok

18:13:13.0937 2592 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:13:14.0046 2592 symc810 - ok

18:13:14.0062 2592 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:13:14.0187 2592 symc8xx - ok

18:13:14.0281 2592 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS

18:13:14.0312 2592 SymEvent - ok

18:13:14.0328 2592 SYMIDSCO - ok

18:13:14.0343 2592 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

18:13:14.0359 2592 SYMREDRV - ok

18:13:14.0406 2592 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

18:13:14.0421 2592 SYMTDI - ok

18:13:14.0453 2592 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:13:14.0593 2592 sym_hi - ok

18:13:14.0609 2592 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:13:14.0734 2592 sym_u3 - ok

18:13:14.0781 2592 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys

18:13:14.0812 2592 SynTP - ok

18:13:14.0843 2592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:13:14.0968 2592 sysaudio - ok

18:13:15.0015 2592 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

18:13:15.0125 2592 SysmonLog - ok

18:13:15.0171 2592 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

18:13:15.0296 2592 TapiSrv - ok

18:13:15.0343 2592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:13:15.0390 2592 Tcpip - ok

18:13:15.0421 2592 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

18:13:15.0484 2592 TcUsb - ok

18:13:15.0515 2592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:13:15.0656 2592 TDPIPE - ok

18:13:15.0687 2592 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

18:13:15.0718 2592 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning

18:13:15.0718 2592 TDSMAPI - detected UnsignedFile.Multi.Generic (1)

18:13:15.0718 2592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:13:15.0828 2592 TDTCP - ok

18:13:15.0828 2592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:13:15.0953 2592 TermDD - ok

18:13:16.0000 2592 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

18:13:16.0140 2592 TermService - ok

18:13:16.0171 2592 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:13:16.0187 2592 Themes - ok

18:13:16.0234 2592 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

18:13:16.0359 2592 TlntSvr - ok

18:13:16.0390 2592 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

18:13:16.0500 2592 TosIde - ok

18:13:16.0546 2592 TPHDEXLGSVC (a3552782e8d402f3aa513765d93c852d) C:\WINDOWS\system32\TPHDEXLG.EXE

18:13:16.0562 2592 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - warning

18:13:16.0562 2592 TPHDEXLGSVC - detected UnsignedFile.Multi.Generic (1)

18:13:16.0593 2592 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys

18:13:16.0609 2592 TPHKDRV ( UnsignedFile.Multi.Generic ) - warning

18:13:16.0609 2592 TPHKDRV - detected UnsignedFile.Multi.Generic (1)

18:13:16.0625 2592 TpKmpSVC (dfb268ff0a6dcb9280015ff527f892ff) C:\WINDOWS\system32\TpKmpSVC.exe

18:13:16.0718 2592 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning

18:13:16.0718 2592 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)

18:13:16.0750 2592 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

18:13:16.0765 2592 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning

18:13:16.0765 2592 TPPWRIF - detected UnsignedFile.Multi.Generic (1)

18:13:16.0796 2592 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

18:13:16.0937 2592 TrkWks - ok

18:13:16.0968 2592 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys

18:13:17.0000 2592 TrueSight ( UnsignedFile.Multi.Generic ) - warning

18:13:17.0000 2592 TrueSight - detected UnsignedFile.Multi.Generic (1)

18:13:17.0031 2592 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

18:13:17.0046 2592 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning

18:13:17.0046 2592 TSMAPIP - detected UnsignedFile.Multi.Generic (1)

18:13:17.0046 2592 TVTPktFilter - ok

18:13:17.0078 2592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:13:17.0187 2592 Udfs - ok

18:13:17.0296 2592 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

18:13:17.0375 2592 ultra - ok

18:13:17.0437 2592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:13:17.0578 2592 Update - ok

18:13:17.0609 2592 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

18:13:17.0750 2592 upnphost - ok

18:13:17.0765 2592 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

18:13:17.0890 2592 UPS - ok

18:13:18.0000 2592 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:13:18.0078 2592 USBAAPL - ok

18:13:18.0109 2592 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:13:18.0234 2592 usbaudio - ok

18:13:18.0281 2592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:13:18.0390 2592 usbccgp - ok

18:13:18.0421 2592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:13:18.0546 2592 usbehci - ok

18:13:18.0578 2592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:13:18.0718 2592 usbhub - ok

18:13:18.0750 2592 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:13:18.0875 2592 usbohci - ok

18:13:18.0906 2592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:13:19.0031 2592 usbprint - ok

18:13:19.0062 2592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:13:19.0187 2592 usbscan - ok

18:13:19.0218 2592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:13:19.0328 2592 USBSTOR - ok

18:13:19.0421 2592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:13:19.0531 2592 usbuhci - ok

18:13:19.0593 2592 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

18:13:19.0718 2592 usbvideo - ok

18:13:19.0750 2592 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

18:13:19.0875 2592 usb_rndisx - ok

18:13:19.0875 2592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:13:19.0984 2592 VgaSave - ok

18:13:20.0015 2592 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:13:20.0140 2592 viaagp - ok

18:13:20.0156 2592 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:13:20.0281 2592 ViaIde - ok

18:13:20.0312 2592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:13:20.0421 2592 VolSnap - ok

18:13:20.0531 2592 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys

18:13:20.0578 2592 vsdatant - ok

18:13:20.0625 2592 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

18:13:20.0750 2592 VSS - ok

18:13:20.0781 2592 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

18:13:20.0906 2592 W32Time - ok

18:13:20.0937 2592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:13:21.0062 2592 Wanarp - ok

18:13:21.0093 2592 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

18:13:21.0171 2592 wceusbsh - ok

18:13:21.0203 2592 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

18:13:21.0234 2592 WDC_SAM - ok

18:13:21.0343 2592 WDDMService (300b4847e1157bdd7a306b18ed65a97e) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

18:13:21.0390 2592 WDDMService ( UnsignedFile.Multi.Generic ) - warning

18:13:21.0390 2592 WDDMService - detected UnsignedFile.Multi.Generic (1)

18:13:21.0453 2592 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

18:13:21.0500 2592 Wdf01000 - ok

18:13:21.0500 2592 WDICA - ok

18:13:21.0546 2592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:13:21.0671 2592 wdmaud - ok

18:13:21.0718 2592 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

18:13:21.0750 2592 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning

18:13:21.0750 2592 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)

18:13:21.0828 2592 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

18:13:21.0968 2592 WebClient - ok

18:13:22.0031 2592 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:13:22.0125 2592 winachsf - ok

18:13:22.0203 2592 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:13:22.0328 2592 winmgmt - ok

18:13:22.0421 2592 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

18:13:22.0531 2592 WinRM - ok

18:13:22.0578 2592 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

18:13:22.0671 2592 WmdmPmSN - ok

18:13:22.0734 2592 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

18:13:22.0781 2592 Wmi - ok

18:13:22.0859 2592 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:13:23.0000 2592 WmiApSrv - ok

18:13:23.0156 2592 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

18:13:23.0234 2592 WMPNetworkSvc - ok

18:13:23.0390 2592 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

18:13:23.0468 2592 WPFFontCache_v0400 - ok

18:13:23.0593 2592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:13:23.0734 2592 WS2IFSL - ok

18:13:23.0765 2592 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

18:13:23.0875 2592 wscsvc - ok

18:13:23.0890 2592 WSearch - ok

18:13:23.0984 2592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:13:24.0125 2592 WSTCODEC - ok

18:13:24.0140 2592 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

18:13:24.0265 2592 wuauserv - ok

18:13:24.0312 2592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:13:24.0359 2592 WudfPf - ok

18:13:24.0375 2592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:13:24.0406 2592 WudfRd - ok

18:13:24.0437 2592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

18:13:24.0468 2592 WudfSvc - ok

18:13:24.0562 2592 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

18:13:24.0671 2592 WZCSVC - ok

18:13:24.0703 2592 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

18:13:24.0843 2592 xmlprov - ok

18:13:24.0875 2592 MBR (0x1B8) (9ee25a1684c377f4043702db3a62f5d3) \Device\Harddisk0\DR0

18:13:25.0000 2592 \Device\Harddisk0\DR0 - ok

18:13:25.0015 2592 Boot (0x1200) (5ce2a9792ff2ce5d7bdd2e4807f32293) \Device\Harddisk0\DR0\Partition0

18:13:25.0015 2592 \Device\Harddisk0\DR0\Partition0 - ok

18:13:25.0031 2592 Boot (0x1200) (f8c23ec82b58646844ef826dfa233dc1) \Device\Harddisk0\DR0\Partition1

18:13:25.0031 2592 \Device\Harddisk0\DR0\Partition1 - ok

18:13:25.0031 2592 ============================================================

18:13:25.0031 2592 Scan finished

18:13:25.0031 2592 ============================================================

18:13:25.0140 7064 Detected object count: 48

18:13:25.0140 7064 Actual detected object count: 48

18:14:20.0953 7064 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0953 7064 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0953 7064 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0953 7064 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0953 7064 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0953 7064 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0953 7064 ANC ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0953 7064 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0968 7064 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0968 7064 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:20.0984 7064 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:20.0984 7064 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 IPSSVC ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 IPSSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 pmem ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0000 7064 ShockMgr ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0000 7064 ShockMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 Shockprf ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 Shockprf ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 smihlp ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 smihlp ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0015 7064 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0015 7064 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0031 7064 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0031 7064 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:14:21.0031 7064 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user

18:14:21.0031 7064 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:17:47.0437 4784 Deinitialize success

Link to post
Share on other sites

We're seeing a new infection like this.

Is it happenning only with FireFox?

You also have 2 AV running

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Link to post
Share on other sites

Guest McGolff

No, in fact I have not seen it with FireFox, which I do use several times a day for certain sites. This is always on Internet Explorer. First noticed it happening during March Maddness when I was on the CBS Sportsline.com site. I would click on one of the bracket links and it would pop into a search ad site. It would cause two page jumps to be placed in my page history so that I couldn't just hit back page to return to where I was. I always had to use the drop down selector and go down several entries to return to the Bracket site. After that, no matter what link I selected, it would go to the correct URL...... only happened the first time into a browser session. Did not happen from Google and did not happen when I was selecting sites from history on my Home Page or from my Favorite Links. It was always a jump link inside a website that caused the redirect. Also noticed that it was not the same entries in the history ---- there was some consistency, I noticed some that repeated several different occasions. But definitely not the same one every time.

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Guest McGolff

Finished Combofix. tested out a few websites without any hijacked clicks. Noticed that my login setting for this PC had been changed (Lenovo fingerprint login), tried to reset back to what it was. Big Mistake! Turns out that the VRLOGON.DLL file that was deleted was key to that particular process. On reboot, it got an error loaded that dll and the only option was a restart. Finally able to find my admin pdw and login through safe mode and turn the fingerprint stuff back off. Don't know how to put that back, since I can't seem to find it on my backup either.

Rest of system appears to be OK at the moment.

ComboFix results here:

ComboFix 12-05-01.01 - TimM 05/01/2012 9:39.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1783 [GMT -4:00]

Running from: c:\documents and settings\timm\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\timm\g2mdlhlpx.exe

c:\documents and settings\timm\GoToAssistDownloadHelper.exe

c:\documents and settings\timm\Local Settings\Application Data\assembly\tmp

c:\documents and settings\timm\WINDOWS

c:\windows\system32\TPAPSLOG.LOG

c:\windows\system32\TPHDLOG0.LOG

c:\windows\system32\vrlogon.dll

c:\windows\TEMP\logishrd\LVPrcInj02.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))

.

.

2012-04-25 19:08 . 2012-04-25 19:08 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2012-04-25 19:08 . 2012-04-25 19:08 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2012-04-24 20:16 . 2012-04-24 20:16 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-17 19:51 . 2010-11-16 14:49 249856 ------w- c:\windows\Setup1.exe

2012-04-17 19:50 . 2010-11-16 14:49 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-04-04 19:56 . 2010-10-04 00:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-28 00:47 . 2012-03-28 00:47 53248 ----a-r- c:\documents and settings\timm\Application Data\Microsoft\Installer\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}\ARPPRODUCTICON.exe

2012-03-12 10:59 . 2012-03-12 10:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-03-09 17:40 . 2011-06-10 03:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2010-12-14 12:02 . 2010-12-14 12:02 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-03-30 17:04 . 2011-08-17 13:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

1997-06-23 19:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll

1997-06-23 19:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2010-04-23 128296]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]

"TpShocks"="TpShocks.exe" [2006-03-16 106496]

"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]

"TP4EX"="tp4ex.exe" [2005-10-17 65536]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-12-25 110592]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]

"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2006-09-28 125168]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2011-09-06 5152096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2011-01-21 264064]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-4 24576]

MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-12-13 541976]

VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-12-20 6144]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MRCNotify]

2011-01-21 23:02 53632 ----a-w- c:\windows\dwrcs\DWRCWXL.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-112094599-710031513-4547331-6356\Scripts\Logon\0\0]

"Script"=pushprinterconnections.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 18:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2006-03-15 23:07 421888 ------w- c:\program files\Picasa2\PicasaMediaDetector.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\timm\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\OraHome_1\\jdk\\jre\\bin\\java.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry JDE 3.7\\bin\\OsLoader.exe"=

"c:\\Program Files\\Openwave\\UPSDK411\\upsim411.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"6129:TCP"= 6129:TCP:DameWare Mini Remote Control Service

"6129:UDP"= 6129:UDP:DameWare Mini Remote Control Service

.

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 7:00 AM 26624]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 11:33 PM 116464]

R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 3:16 PM 93960]

R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 10:00 PM 3456]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/17/2009 11:52 AM 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 10:58 AM 20480]

R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 7:00 AM 3712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/5/2012 5:06 AM 106104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [11/24/2009 12:33 AM 27392]

S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [11/24/2009 12:33 AM 41728]

S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [11/24/2009 12:33 AM 39808]

S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [11/24/2009 12:33 AM 5888]

S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\DRIVERS\pwi_bus.sys --> c:\windows\system32\DRIVERS\pwi_bus.sys [?]

S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\DRIVERS\pwi_mdfl.sys --> c:\windows\system32\DRIVERS\pwi_mdfl.sys [?]

S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\DRIVERS\pwi_mdm.sys --> c:\windows\system32\DRIVERS\pwi_mdm.sys [?]

S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\DRIVERS\pwi_oflt.sys --> c:\windows\system32\DRIVERS\pwi_oflt.sys [?]

S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\pwi_serd.sys --> c:\windows\system32\DRIVERS\pwi_serd.sys [?]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 4:43 PM 32408]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/13/2010 11:38 AM 11520]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 2:56 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-05-01 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-04 16:13]

.

2012-05-01 c:\windows\Tasks\User_Feed_Synchronization-{9D1E9383-44B5-4C49-B538-132A53A62BF1}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

2012-05-01 c:\windows\Tasks\User_Feed_Synchronization-{A3BAA395-A096-444C-8CE3-8F1C51123C8D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: accruent.com\demoapp2v

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} - hxxp://demoapp2v.accruent.com/fps/TeeChart/teechart.cab

FF - ProfilePath - c:\documents and settings\timm\Application Data\Mozilla\Firefox\Profiles\ky1nsjzz.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

Notify-ACNotify - ACNotify.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-01 10:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1392)

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\dwrcs\DWRCWXL.dll

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\infra.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\remote.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\windows\system32\tphklock.dll

c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

- - - - - - - > 'lsass.exe'(1448)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\infra.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

.

- - - - - - - > 'explorer.exe'(6616)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\PROCHLP.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\dwrcs\DWRCS.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\System32\TPHDEXLG.EXE

c:\windows\system32\TpKmpSVC.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\windows\system32\CCM\CcmExec.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\TpShocks.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.EXE

c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

c:\program files\ATI Technologies\ATI.ACE\cli.exe

.

**************************************************************************

.

Completion time: 2012-05-01 10:26:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-01 14:26

.

Pre-Run: 18,040,070,144 bytes free

Post-Run: 19,574,345,728 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 467CE29072D06EAC6E717650D029D3C2

Link to post
Share on other sites

Lets see if we can restore it.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.


Dequarantine::
C:\Qoobox\Quarantine\c:\windows\system32\vrlogon.vir
Quit::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Guest McGolff

Used the second method and it worked and restored that feature.

Did notice after I rebooted that while loading my home page the message at the bottom said something like "waiting for Http://zedo..............insert[Click Tracker]. it cleared before I could hit print screen to capture what it specifically said, but it definitely wasn't the site I was supposed to be waiting for....

I did try a couple of sites without any hijacking, so this may just be something that MSN.com loads every time you pass through it.

Also, as you mentioned, the autostart on CD's and USB insertion is turned off. If I choose to turn it back on later, (knowing that is the way a lot of viruses load), how do I do that?

Link to post
Share on other sites

Also, as you mentioned, the autostart on CD's and USB insertion is turned off. If I choose to turn it back on later, (knowing that is the way a lot of viruses load), how do I do that?

Combofix didn't remove the autorun feature.

If they don't autoplay try this:

http://www.microsoft.com/download/en/details.aspx?id=2648

Autoplay Repair Wizard

http://www.microsoft.com/downloads/details.aspx?FamilyID=c680a7b6-e8fa-45c4-a171-1b389cfacdad&DisplayLang=en

http://www.moonvalley.com/products/rwavdc/enable.htm

Lets uninstall combofix and give it a day or two and see hjow it goes.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Securing Your Web Browser
    This paper will help you configure your web browser for safer internet surfing.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.