Jump to content

Possible rootkit issue after Smart Fortress infection.


Recommended Posts

After removing Smart Fortress 2012 using rkill and MBAM, MBAM is now continually blocking access to some ip addresses.

See below the DDS log and the attached log files. Any help would be greatly appreciated.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by reevesg at 11:56:10 on 2012-05-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.384 [GMT 10:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mnmsrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\UltraVNC\WinVNC.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\MJPEG\MJPEGDecompressor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Okidata\OKI LPR Utility\Okilpr.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Documents and Settings\reevesg\Local Settings\Application Data\MJPEG\MJPEGDecompressor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uInternet Connection Wizard,ShellNext = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MJPEGDecompressor] "c:\documents and settings\reevesg\local settings\application data\mjpeg\MJPEGDecompressor.exe" /a

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [rpsvd] rundll32.exe "c:\docume~1\reevesg\locals~1\temp\rpsvd.dll",CreateVolumeTextureFromResourceW

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\okilpr~1.lnk - c:\program files\okidata\oki lpr utility\Okilpr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151984876687

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 202.3.192.29 202.3.192.61

TCP: Interfaces\{9F5AFF91-5182-431C-975A-FE0B054835B2} : DhcpNameServer = 202.3.192.29 202.3.192.61

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-10 654408]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-2-10 6016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-10 22344]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120506.006\naveng.sys [2012-5-8 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120506.006\navex15.sys [2012-5-8 1576312]

S2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]

.

=============== Created Last 30 ================

.

2012-05-09 03:08:45 -------- d-----w- c:\documents and settings\reevesg\local settings\application data\MJPEG

2012-05-09 02:04:07 883616 ----a-w- C:\FixExec.com

2012-05-08 05:22:52 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-05-08 05:11:53 -------- d-----w- c:\program files\common files\MJPEG

2012-05-08 05:11:52 -------- d-----w- c:\documents and settings\all users\application data\F4D5619C001087DD0B1F02F4D151FC4E

2012-05-06 21:27:18 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c157f02b-8a33-4e34-b48e-d8e609f24a93}\mpengine.dll

.

==================== Find3M ====================

.

2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec

2012-02-23 00:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 11:57:09.65 ===============

mbam-log-2012-05-09 (12-20-00).txt

attach.zip

Link to post
Share on other sites

Hello Markham30 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please try to follow my instructions in Normal mode, not in Safe mode.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

Hi Maniac,

Thanks for taking on my case.

TDSSKiller didn't find any malicious objects. After following above instructions MBAM is still blocking ip addresses.

Here are the log files

10:24:43.0421 3144 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

10:24:44.0640 3144 ============================================================

10:24:44.0640 3144 Current date / time: 2012/05/11 10:24:44.0640

10:24:44.0640 3144 SystemInfo:

10:24:44.0640 3144

10:24:44.0640 3144 OS Version: 5.1.2600 ServicePack: 3.0

10:24:44.0640 3144 Product type: Workstation

10:24:44.0656 3144 ComputerName: SALES-MANAGER

10:24:44.0656 3144 UserName: reevesg

10:24:44.0656 3144 Windows directory: C:\WINDOWS

10:24:44.0656 3144 System windows directory: C:\WINDOWS

10:24:44.0656 3144 Processor architecture: Intel x86

10:24:44.0656 3144 Number of processors: 2

10:24:44.0656 3144 Page size: 0x1000

10:24:44.0656 3144 Boot type: Normal boot

10:24:44.0656 3144 ============================================================

10:25:03.0890 3144 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:25:04.0031 3144 Drive \Device\Harddisk1\DR3 - Size: 0x1DE800000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:25:04.0031 3144 ============================================================

10:25:04.0031 3144 \Device\Harddisk0\DR0:

10:25:04.0078 3144 MBR partitions:

10:25:04.0078 3144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EAFF8

10:25:04.0078 3144 \Device\Harddisk1\DR3:

10:25:04.0078 3144 MBR partitions:

10:25:04.0078 3144 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEF3FC1

10:25:04.0078 3144 ============================================================

10:25:05.0953 3144 C: <-> \Device\Harddisk0\DR0\Partition0

10:25:05.0953 3144 ============================================================

10:25:05.0953 3144 Initialize success

10:25:05.0953 3144 ============================================================

10:25:59.0015 3752 ============================================================

10:25:59.0015 3752 Scan started

10:25:59.0015 3752 Mode: Manual; SigCheck; TDLFS;

10:25:59.0015 3752 ============================================================

10:26:00.0343 3752 Abiosdsk - ok

10:26:00.0390 3752 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

10:26:07.0781 3752 abp480n5 - ok

10:26:07.0828 3752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:26:08.0500 3752 ACPI - ok

10:26:08.0593 3752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:26:09.0031 3752 ACPIEC - ok

10:26:09.0078 3752 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:26:09.0515 3752 adpu160m - ok

10:26:09.0718 3752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:26:10.0046 3752 aec - ok

10:26:10.0062 3752 AeLookupSvc - ok

10:26:10.0109 3752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:26:10.0390 3752 AFD - ok

10:26:10.0437 3752 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

10:26:10.0687 3752 agp440 - ok

10:26:10.0703 3752 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

10:26:10.0906 3752 agpCPQ - ok

10:26:10.0953 3752 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

10:26:11.0093 3752 Aha154x - ok

10:26:11.0187 3752 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:26:11.0390 3752 aic78u2 - ok

10:26:11.0421 3752 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:26:11.0625 3752 aic78xx - ok

10:26:11.0687 3752 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

10:26:11.0937 3752 Alerter - ok

10:26:12.0000 3752 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

10:26:12.0296 3752 ALG - ok

10:26:12.0406 3752 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

10:26:12.0609 3752 AliIde - ok

10:26:12.0656 3752 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

10:26:12.0875 3752 alim1541 - ok

10:26:12.0968 3752 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

10:26:13.0296 3752 amdagp - ok

10:26:13.0328 3752 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

10:26:13.0421 3752 amsint - ok

10:26:13.0609 3752 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:26:13.0656 3752 Apple Mobile Device - ok

10:26:13.0875 3752 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

10:26:14.0203 3752 AppMgmt - ok

10:26:14.0750 3752 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

10:26:15.0078 3752 asc - ok

10:26:15.0171 3752 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

10:26:15.0343 3752 asc3350p - ok

10:26:15.0375 3752 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

10:26:15.0625 3752 asc3550 - ok

10:26:16.0062 3752 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

10:26:16.0187 3752 aspnet_state ( UnsignedFile.Multi.Generic ) - warning

10:26:16.0187 3752 aspnet_state - detected UnsignedFile.Multi.Generic (1)

10:26:16.0312 3752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:26:16.0578 3752 AsyncMac - ok

10:26:16.0609 3752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:26:16.0812 3752 atapi - ok

10:26:16.0812 3752 Atdisk - ok

10:26:16.0828 3752 ATIBTXBAR - ok

10:26:17.0109 3752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:26:17.0375 3752 Atmarpc - ok

10:26:17.0484 3752 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

10:26:17.0703 3752 AudioSrv - ok

10:26:17.0796 3752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:26:18.0015 3752 audstub - ok

10:26:18.0687 3752 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

10:26:18.0812 3752 b57w2k - ok

10:26:18.0828 3752 bdpredir - ok

10:26:18.0890 3752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:26:19.0125 3752 Beep - ok

10:26:19.0390 3752 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

10:26:19.0937 3752 BITS - ok

10:26:19.0953 3752 bobo - ok

10:26:20.0625 3752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

10:26:20.0750 3752 Bonjour Service - ok

10:26:21.0312 3752 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

10:26:21.0484 3752 Browser - ok

10:26:21.0562 3752 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

10:26:21.0781 3752 cbidf - ok

10:26:21.0796 3752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:26:21.0984 3752 cbidf2k - ok

10:26:22.0281 3752 ccEvtMgr (83053d67f40cd00d5fb3baa2c4d6f9ec) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

10:26:22.0296 3752 ccEvtMgr - ok

10:26:22.0390 3752 ccPwdSvc (ac60ad2fca93f0d0180c9610403782ef) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

10:26:22.0421 3752 ccPwdSvc - ok

10:26:22.0671 3752 ccSetMgr (2013a368106f5eb9aa6f492369f8063c) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

10:26:22.0687 3752 ccSetMgr - ok

10:26:22.0796 3752 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

10:26:22.0968 3752 cd20xrnt - ok

10:26:22.0968 3752 CdaC15BA - ok

10:26:23.0109 3752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:26:23.0312 3752 Cdaudio - ok

10:26:23.0562 3752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:26:23.0796 3752 Cdfs - ok

10:26:24.0140 3752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:26:24.0390 3752 Cdrom - ok

10:26:24.0406 3752 Changer - ok

10:26:24.0500 3752 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

10:26:24.0765 3752 CiSvc - ok

10:26:24.0937 3752 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

10:26:25.0156 3752 ClipSrv - ok

10:26:25.0250 3752 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

10:26:25.0437 3752 CmdIde - ok

10:26:25.0453 3752 COMSysApp - ok

10:26:25.0562 3752 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

10:26:25.0765 3752 Cpqarray - ok

10:26:26.0078 3752 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

10:26:26.0312 3752 CryptSvc - ok

10:26:26.0546 3752 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

10:26:27.0203 3752 ctxusbm - ok

10:26:27.0343 3752 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

10:26:27.0656 3752 dac2w2k - ok

10:26:27.0703 3752 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

10:26:27.0906 3752 dac960nt - ok

10:26:28.0656 3752 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

10:26:28.0937 3752 DcomLaunch - ok

10:26:29.0140 3752 DefWatch (955924c3532efb803b0661b6aa516126) C:\Program Files\Symantec AntiVirus\DefWatch.exe

10:26:29.0156 3752 DefWatch - ok

10:26:29.0218 3752 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

10:26:29.0500 3752 Dhcp - ok

10:26:29.0687 3752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:26:29.0921 3752 Disk - ok

10:26:29.0921 3752 dmadmin - ok

10:26:30.0109 3752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:26:30.0781 3752 dmboot - ok

10:26:33.0109 3752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:26:33.0390 3752 dmio - ok

10:26:33.0828 3752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:26:34.0109 3752 dmload - ok

10:26:34.0984 3752 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

10:26:35.0515 3752 dmserver - ok

10:26:35.0640 3752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:26:35.0953 3752 DMusic - ok

10:26:35.0953 3752 DN2AKNET - ok

10:26:36.0656 3752 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

10:26:37.0140 3752 Dnscache - ok

10:26:37.0296 3752 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

10:26:37.0578 3752 Dot3svc - ok

10:26:37.0703 3752 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:26:37.0906 3752 dpti2o - ok

10:26:37.0937 3752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:26:38.0140 3752 drmkaud - ok

10:26:38.0531 3752 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

10:26:38.0562 3752 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

10:26:38.0562 3752 drvmcdb - detected UnsignedFile.Multi.Generic (1)

10:26:38.0578 3752 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

10:26:38.0656 3752 drvnddm ( UnsignedFile.Multi.Generic ) - warning

10:26:38.0656 3752 drvnddm - detected UnsignedFile.Multi.Generic (1)

10:26:38.0656 3752 dvd_2K - ok

10:26:39.0125 3752 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

10:26:39.0328 3752 E100B - ok

10:26:39.0343 3752 eabusb - ok

10:26:39.0562 3752 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

10:26:39.0734 3752 EapHost - ok

10:26:41.0421 3752 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

10:26:42.0453 3752 eeCtrl - ok

10:26:42.0468 3752 elnkupdateservice - ok

10:26:42.0718 3752 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys

10:26:42.0734 3752 EraserUtilDrv11122 - ok

10:26:42.0781 3752 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

10:26:43.0031 3752 ERSvc - ok

10:26:43.0375 3752 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:26:43.0562 3752 Eventlog - ok

10:26:43.0875 3752 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

10:26:44.0015 3752 EventSystem - ok

10:26:44.0062 3752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:26:44.0375 3752 Fastfat - ok

10:26:44.0437 3752 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:26:44.0843 3752 FastUserSwitchingCompatibility - ok

10:26:45.0171 3752 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

10:26:45.0781 3752 Fax - ok

10:26:45.0906 3752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:26:46.0140 3752 Fdc - ok

10:26:46.0406 3752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:26:46.0671 3752 Fips - ok

10:26:46.0703 3752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:26:46.0890 3752 Flpydisk - ok

10:26:47.0500 3752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:26:47.0781 3752 FltMgr - ok

10:26:47.0859 3752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:26:48.0062 3752 Fs_Rec - ok

10:26:48.0671 3752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:26:48.0953 3752 Ftdisk - ok

10:26:49.0031 3752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

10:26:49.0062 3752 GEARAspiWDM - ok

10:26:49.0203 3752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:26:49.0515 3752 Gpc - ok

10:26:49.0531 3752 Hardlock - ok

10:26:49.0531 3752 HBtnKey - ok

10:26:49.0687 3752 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

10:26:49.0906 3752 helpsvc - ok

10:26:49.0906 3752 HidServ - ok

10:26:50.0031 3752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:26:50.0265 3752 HidUsb - ok

10:26:50.0390 3752 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

10:26:50.0593 3752 hkmsvc - ok

10:26:50.0625 3752 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

10:26:50.0828 3752 hpn - ok

10:26:51.0656 3752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:26:51.0843 3752 HTTP - ok

10:26:51.0906 3752 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

10:26:52.0109 3752 HTTPFilter - ok

10:26:52.0171 3752 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:26:52.0390 3752 i2omgmt - ok

10:26:52.0531 3752 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

10:26:52.0734 3752 i2omp - ok

10:26:52.0906 3752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:26:53.0156 3752 i8042prt - ok

10:26:53.0406 3752 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

10:26:54.0156 3752 ialm - ok

10:26:54.0437 3752 Iap (be9a7ee5bfcfe8e3f11c98b892d8fef5) C:\Program Files\Dell\OpenManage\Client\Iap.exe

10:26:54.0546 3752 Iap ( UnsignedFile.Multi.Generic ) - warning

10:26:54.0546 3752 Iap - detected UnsignedFile.Multi.Generic (1)

10:26:55.0500 3752 IBMTPCHK - ok

10:26:55.0890 3752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:26:56.0203 3752 Imapi - ok

10:26:56.0531 3752 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

10:26:56.0750 3752 ImapiService - ok

10:26:57.0046 3752 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

10:26:57.0265 3752 ini910u - ok

10:26:57.0328 3752 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:26:57.0546 3752 IntelIde - ok

10:26:57.0609 3752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:26:57.0843 3752 intelppm - ok

10:26:57.0921 3752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:26:58.0156 3752 Ip6Fw - ok

10:26:58.0156 3752 iPassPeriodicUpdateApp - ok

10:26:58.0265 3752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:26:58.0484 3752 IpFilterDriver - ok

10:26:58.0515 3752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:26:58.0781 3752 IpInIp - ok

10:26:58.0828 3752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:26:59.0109 3752 IpNat - ok

10:26:59.0296 3752 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

10:26:59.0562 3752 iPod Service - ok

10:26:59.0578 3752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:26:59.0796 3752 IPSec - ok

10:26:59.0890 3752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:27:00.0125 3752 IRENUM - ok

10:27:00.0250 3752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:27:00.0484 3752 isapnp - ok

10:27:00.0500 3752 ivscheduler - ok

10:27:01.0156 3752 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

10:27:01.0281 3752 JavaQuickStarterService - ok

10:27:01.0296 3752 k750mdm - ok

10:27:01.0437 3752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:27:01.0671 3752 Kbdclass - ok

10:27:01.0812 3752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:27:02.0031 3752 kbdhid - ok

10:27:02.0234 3752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:27:02.0515 3752 kmixer - ok

10:27:02.0625 3752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:27:02.0984 3752 KSecDD - ok

10:27:03.0109 3752 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

10:27:03.0312 3752 lanmanserver - ok

10:27:03.0671 3752 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

10:27:03.0828 3752 lanmanworkstation - ok

10:27:03.0843 3752 lbrtfdc - ok

10:27:03.0843 3752 LC7981 - ok

10:27:03.0906 3752 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

10:27:04.0093 3752 LmHosts - ok

10:27:04.0109 3752 lusbaudio - ok

10:27:04.0109 3752 lvckap - ok

10:27:04.0218 3752 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

10:27:04.0250 3752 MBAMProtector - ok

10:27:05.0156 3752 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:27:05.0718 3752 MBAMService - ok

10:27:06.0328 3752 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

10:27:06.0515 3752 MDM - ok

10:27:06.0531 3752 mediamaxxlservice - ok

10:27:06.0593 3752 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

10:27:06.0796 3752 Messenger - ok

10:27:06.0875 3752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:27:07.0078 3752 mnmdd - ok

10:27:07.0171 3752 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

10:27:07.0375 3752 mnmsrvc - ok

10:27:07.0484 3752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:27:07.0703 3752 Modem - ok

10:27:07.0718 3752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:27:07.0921 3752 Mouclass - ok

10:27:07.0984 3752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:27:08.0171 3752 mouhid - ok

10:27:08.0218 3752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:27:08.0484 3752 MountMgr - ok

10:27:08.0531 3752 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

10:27:08.0734 3752 mraid35x - ok

10:27:08.0828 3752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:27:09.0125 3752 MRxDAV - ok

10:27:09.0562 3752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:27:09.0796 3752 MRxSmb - ok

10:27:09.0843 3752 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

10:27:10.0031 3752 MSDTC - ok

10:27:10.0140 3752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:27:10.0375 3752 Msfs - ok

10:27:10.0375 3752 MSIServer - ok

10:27:10.0421 3752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:27:10.0625 3752 MSKSSRV - ok

10:27:10.0640 3752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:27:10.0843 3752 MSPCLOCK - ok

10:27:10.0906 3752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:27:11.0171 3752 MSPQM - ok

10:27:11.0234 3752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:27:11.0437 3752 mssmbios - ok

10:27:13.0609 3752 MSSQL$MICROSOFTSMLBIZ (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

10:27:15.0890 3752 MSSQL$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - warning

10:27:15.0890 3752 MSSQL$MICROSOFTSMLBIZ - detected UnsignedFile.Multi.Generic (1)

10:27:16.0218 3752 MSSQLServerADHelper (1d1b22613eab9287af902398867bc93c) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

10:27:16.0265 3752 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning

10:27:16.0265 3752 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)

10:27:17.0171 3752 MTDVC2 - ok

10:27:17.0421 3752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:27:17.0593 3752 Mup - ok

10:27:17.0593 3752 mvserver - ok

10:27:17.0812 3752 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

10:27:19.0656 3752 napagent - ok

10:27:20.0015 3752 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120506.006\naveng.sys

10:27:20.0046 3752 NAVENG - ok

10:27:21.0046 3752 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120506.006\navex15.sys

10:27:21.0156 3752 NAVEX15 - ok

10:27:21.0750 3752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:27:21.0984 3752 NDIS - ok

10:27:22.0046 3752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:27:22.0328 3752 NdisTapi - ok

10:27:22.0390 3752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:27:22.0656 3752 Ndisuio - ok

10:27:22.0671 3752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:27:23.0000 3752 NdisWan - ok

10:27:23.0218 3752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:27:23.0468 3752 NDProxy - ok

10:27:23.0500 3752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:27:23.0750 3752 NetBIOS - ok

10:27:23.0796 3752 NetBT (db05ad99947b8745c1383003d43a9102) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:27:23.0843 3752 NetBT ( UnsignedFile.Multi.Generic ) - warning

10:27:23.0843 3752 NetBT - detected UnsignedFile.Multi.Generic (1)

10:27:23.0921 3752 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:27:24.0234 3752 NetDDE - ok

10:27:24.0234 3752 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:27:24.0421 3752 NetDDEdsdm - ok

10:27:24.0500 3752 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:27:24.0718 3752 Netlogon - ok

10:27:24.0781 3752 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

10:27:25.0031 3752 Netman - ok

10:27:25.0046 3752 nimcdfxk - ok

10:27:25.0109 3752 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

10:27:25.0218 3752 Nla - ok

10:27:25.0218 3752 npfmntor - ok

10:27:25.0328 3752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:27:25.0546 3752 Npfs - ok

10:27:25.0796 3752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:27:26.0109 3752 Ntfs - ok

10:27:26.0125 3752 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:27:26.0343 3752 NtLmSsp - ok

10:27:26.0500 3752 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

10:27:26.0750 3752 NtmsSvc - ok

10:27:26.0812 3752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:27:27.0015 3752 Null - ok

10:27:27.0437 3752 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:27:28.0046 3752 nv - ok

10:27:28.0156 3752 nvedavt - ok

10:27:28.0281 3752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:27:28.0609 3752 NwlnkFlt - ok

10:27:28.0656 3752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:27:28.0859 3752 NwlnkFwd - ok

10:27:28.0937 3752 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

10:27:28.0968 3752 omci ( UnsignedFile.Multi.Generic ) - warning

10:27:28.0968 3752 omci - detected UnsignedFile.Multi.Generic (1)

10:27:29.0125 3752 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:27:29.0140 3752 ose - ok

10:27:29.0156 3752 parallel - ok

10:27:29.0343 3752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:27:29.0578 3752 Parport - ok

10:27:29.0625 3752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:27:29.0843 3752 PartMgr - ok

10:27:29.0921 3752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:27:30.0093 3752 ParVdm - ok

10:27:30.0281 3752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:27:30.0562 3752 PCI - ok

10:27:30.0562 3752 PCIDump - ok

10:27:30.0609 3752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:27:30.0859 3752 PCIIde - ok

10:27:30.0906 3752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:27:31.0140 3752 Pcmcia - ok

10:27:31.0140 3752 PDCOMP - ok

10:27:31.0156 3752 PDFRAME - ok

10:27:31.0156 3752 PDRELI - ok

10:27:31.0171 3752 PDRFRAME - ok

10:27:31.0234 3752 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

10:27:31.0437 3752 perc2 - ok

10:27:31.0703 3752 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

10:27:31.0906 3752 perc2hib - ok

10:27:32.0000 3752 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:27:32.0265 3752 PlugPlay - ok

10:27:32.0484 3752 Pml Driver HPZ12 (2fec35e69f33202b447cc508acf135cf) C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

10:27:32.0656 3752 Pml Driver HPZ12 - ok

10:27:32.0734 3752 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:27:32.0921 3752 PolicyAgent - ok

10:27:33.0000 3752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:27:33.0218 3752 PptpMiniport - ok

10:27:33.0218 3752 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:27:33.0406 3752 ProtectedStorage - ok

10:27:33.0484 3752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:27:33.0703 3752 PSched - ok

10:27:33.0781 3752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:27:33.0968 3752 Ptilink - ok

10:27:34.0093 3752 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:27:34.0125 3752 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

10:27:34.0125 3752 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

10:27:34.0437 3752 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

10:27:34.0671 3752 ql1080 - ok

10:27:34.0796 3752 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

10:27:35.0031 3752 Ql10wnt - ok

10:27:35.0156 3752 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

10:27:35.0406 3752 ql12160 - ok

10:27:35.0671 3752 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

10:27:35.0875 3752 ql1240 - ok

10:27:36.0015 3752 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

10:27:36.0203 3752 ql1280 - ok

10:27:36.0203 3752 radiosvr - ok

10:27:36.0296 3752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:27:36.0484 3752 RasAcd - ok

10:27:36.0531 3752 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

10:27:36.0750 3752 RasAuto - ok

10:27:36.0796 3752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:27:36.0984 3752 Rasl2tp - ok

10:27:37.0046 3752 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

10:27:37.0312 3752 RasMan - ok

10:27:37.0359 3752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:27:37.0562 3752 RasPppoe - ok

10:27:37.0562 3752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:27:37.0796 3752 Raspti - ok

10:27:37.0828 3752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:27:38.0031 3752 Rdbss - ok

10:27:38.0109 3752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:27:38.0343 3752 RDPCDD - ok

10:27:38.0375 3752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:27:38.0625 3752 rdpdr - ok

10:27:38.0718 3752 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

10:27:38.0906 3752 RDPWD - ok

10:27:39.0078 3752 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

10:27:39.0281 3752 RDSessMgr - ok

10:27:39.0343 3752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:27:39.0625 3752 redbook - ok

10:27:39.0828 3752 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

10:27:40.0031 3752 RemoteAccess - ok

10:27:40.0156 3752 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

10:27:40.0375 3752 RemoteRegistry - ok

10:27:40.0390 3752 rfcomm - ok

10:27:40.0390 3752 rnadiagreceiver - ok

10:27:40.0609 3752 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

10:27:40.0937 3752 RpcLocator - ok

10:27:41.0171 3752 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

10:27:41.0312 3752 RpcSs - ok

10:27:41.0421 3752 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

10:27:41.0687 3752 RSVP - ok

10:27:41.0765 3752 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:27:41.0937 3752 SamSs - ok

10:27:42.0187 3752 SavRoam (778f31aa8685426ca2d0d38b423c2512) C:\Program Files\Symantec AntiVirus\SavRoam.exe

10:27:42.0218 3752 SavRoam - ok

10:27:42.0328 3752 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys

10:27:42.0421 3752 SAVRT - ok

10:27:42.0437 3752 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

10:27:42.0453 3752 SAVRTPEL - ok

10:27:42.0593 3752 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

10:27:42.0843 3752 SCardSvr - ok

10:27:42.0921 3752 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

10:27:43.0281 3752 Schedule - ok

10:27:43.0296 3752 scsk4 - ok

10:27:43.0296 3752 SE2Emdfl - ok

10:27:43.0562 3752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:27:43.0890 3752 Secdrv - ok

10:27:43.0953 3752 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

10:27:44.0140 3752 seclogon - ok

10:27:44.0312 3752 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

10:27:44.0453 3752 senfilt ( UnsignedFile.Multi.Generic ) - warning

10:27:44.0453 3752 senfilt - detected UnsignedFile.Multi.Generic (1)

10:27:44.0484 3752 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

10:27:44.0718 3752 SENS - ok

10:27:44.0781 3752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:27:45.0015 3752 serenum - ok

10:27:45.0078 3752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:27:45.0328 3752 Serial - ok

10:27:45.0328 3752 servicelayer - ok

10:27:45.0375 3752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:27:45.0609 3752 Sfloppy - ok

10:27:45.0671 3752 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

10:27:45.0906 3752 SharedAccess - ok

10:27:45.0953 3752 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:27:46.0031 3752 ShellHWDetection - ok

10:27:46.0031 3752 Simbad - ok

10:27:46.0078 3752 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

10:27:46.0296 3752 sisagp - ok

10:27:46.0312 3752 smapint - ok

10:27:46.0312 3752 smserial - ok

10:27:46.0375 3752 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

10:27:46.0406 3752 smwdm ( UnsignedFile.Multi.Generic ) - warning

10:27:46.0406 3752 smwdm - detected UnsignedFile.Multi.Generic (1)

10:27:46.0406 3752 SNC - ok

10:27:46.0546 3752 SNDSrvc (443e397643965e08c5ab6a6caa732b97) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

10:27:46.0593 3752 SNDSrvc - ok

10:27:46.0609 3752 sonytvc - ok

10:27:46.0625 3752 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

10:27:46.0781 3752 Sparrow - ok

10:27:46.0890 3752 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

10:27:46.0937 3752 SPBBCDrv - ok

10:27:47.0046 3752 SPBBCSvc (ea07435c72a8534c3a8e02d87246e546) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

10:27:47.0156 3752 SPBBCSvc - ok

10:27:47.0359 3752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:27:47.0546 3752 splitter - ok

10:27:47.0781 3752 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

10:27:47.0921 3752 Spooler - ok

10:27:48.0109 3752 SQLAgent$MICROSOFTSMLBIZ (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE

10:27:48.0218 3752 SQLAgent$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - warning

10:27:48.0218 3752 SQLAgent$MICROSOFTSMLBIZ - detected UnsignedFile.Multi.Generic (1)

10:27:48.0359 3752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:27:48.0671 3752 sr - ok

10:27:48.0750 3752 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

10:27:48.0953 3752 srservice - ok

10:27:48.0953 3752 SRTSPL - ok

10:27:49.0828 3752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:27:50.0187 3752 Srv - ok

10:27:50.0234 3752 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

10:27:50.0265 3752 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

10:27:50.0265 3752 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

10:27:50.0359 3752 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

10:27:50.0562 3752 SSDPSRV - ok

10:27:50.0671 3752 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

10:27:50.0750 3752 ssrtln ( UnsignedFile.Multi.Generic ) - warning

10:27:50.0750 3752 ssrtln - detected UnsignedFile.Multi.Generic (1)

10:27:51.0000 3752 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

10:27:51.0312 3752 stisvc - ok

10:27:51.0390 3752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:27:51.0609 3752 swenum - ok

10:27:51.0890 3752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:27:52.0078 3752 swmidi - ok

10:27:52.0093 3752 SwPrv - ok

10:27:53.0281 3752 Symantec AntiVirus (bc59bc3b68d45eb1716cc95e567a3b69) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

10:27:53.0515 3752 Symantec AntiVirus - ok

10:27:53.0859 3752 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:27:54.0109 3752 symc810 - ok

10:27:54.0156 3752 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:27:54.0390 3752 symc8xx - ok

10:27:54.0718 3752 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS

10:27:54.0796 3752 SymEvent - ok

10:27:54.0968 3752 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

10:27:54.0984 3752 SYMREDRV - ok

10:27:55.0125 3752 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

10:27:55.0437 3752 SYMTDI - ok

10:27:55.0593 3752 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:27:55.0765 3752 sym_hi - ok

10:27:55.0921 3752 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:27:56.0250 3752 sym_u3 - ok

10:27:56.0296 3752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:27:56.0484 3752 sysaudio - ok

10:27:56.0578 3752 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

10:27:56.0765 3752 SysmonLog - ok

10:27:56.0953 3752 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

10:27:57.0328 3752 TapiSrv - ok

10:27:57.0921 3752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:27:58.0171 3752 Tcpip - ok

10:27:58.0187 3752 tcpip6 - ok

10:27:58.0296 3752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:27:58.0515 3752 TDPIPE - ok

10:27:58.0578 3752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:27:58.0781 3752 TDTCP - ok

10:27:58.0890 3752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:27:59.0093 3752 TermDD - ok

10:27:59.0265 3752 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

10:27:59.0515 3752 TermService - ok

10:27:59.0640 3752 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

10:27:59.0687 3752 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

10:27:59.0687 3752 tfsnboio - detected UnsignedFile.Multi.Generic (1)

10:27:59.0703 3752 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

10:27:59.0718 3752 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

10:27:59.0718 3752 tfsncofs - detected UnsignedFile.Multi.Generic (1)

10:27:59.0734 3752 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

10:27:59.0765 3752 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

10:27:59.0765 3752 tfsndrct - detected UnsignedFile.Multi.Generic (1)

10:27:59.0796 3752 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

10:27:59.0843 3752 tfsndres ( UnsignedFile.Multi.Generic ) - warning

10:27:59.0843 3752 tfsndres - detected UnsignedFile.Multi.Generic (1)

10:28:00.0171 3752 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

10:28:00.0234 3752 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

10:28:00.0234 3752 tfsnifs - detected UnsignedFile.Multi.Generic (1)

10:28:00.0328 3752 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

10:28:00.0375 3752 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

10:28:00.0375 3752 tfsnopio - detected UnsignedFile.Multi.Generic (1)

10:28:00.0421 3752 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

10:28:00.0468 3752 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

10:28:00.0468 3752 tfsnpool - detected UnsignedFile.Multi.Generic (1)

10:28:00.0515 3752 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

10:28:00.0546 3752 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

10:28:00.0546 3752 tfsnudf - detected UnsignedFile.Multi.Generic (1)

10:28:00.0562 3752 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

10:28:00.0609 3752 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

10:28:00.0609 3752 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

10:28:00.0671 3752 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:28:00.0890 3752 Themes - ok

10:28:00.0937 3752 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

10:28:01.0171 3752 TlntSvr - ok

10:28:01.0250 3752 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

10:28:01.0468 3752 TosIde - ok

10:28:01.0515 3752 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

10:28:01.0734 3752 TrkWks - ok

10:28:01.0859 3752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:28:02.0125 3752 Udfs - ok

10:28:02.0265 3752 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

10:28:02.0484 3752 ultra - ok

10:28:02.0500 3752 ultra66 - ok

10:28:03.0453 3752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:28:03.0765 3752 Update - ok

10:28:03.0765 3752 UpdateCenterService - ok

10:28:04.0156 3752 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

10:28:04.0421 3752 upnphost - ok

10:28:04.0515 3752 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

10:28:04.0718 3752 UPS - ok

10:28:04.0812 3752 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys

10:28:04.0843 3752 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

10:28:04.0843 3752 USBAAPL - detected UnsignedFile.Multi.Generic (1)

10:28:05.0015 3752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:28:05.0218 3752 usbccgp - ok

10:28:05.0234 3752 USBCCID - ok

10:28:05.0359 3752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:28:05.0578 3752 usbehci - ok

10:28:05.0656 3752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:28:05.0859 3752 usbhub - ok

10:28:05.0968 3752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:28:06.0187 3752 usbscan - ok

10:28:06.0296 3752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:28:06.0500 3752 USBSTOR - ok

10:28:06.0562 3752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:28:06.0796 3752 usbuhci - ok

10:28:06.0828 3752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:28:07.0015 3752 VgaSave - ok

10:28:07.0078 3752 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

10:28:07.0250 3752 viaagp - ok

10:28:07.0359 3752 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:28:07.0593 3752 ViaIde - ok

10:28:07.0687 3752 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS

10:28:07.0734 3752 vnccom ( UnsignedFile.Multi.Generic ) - warning

10:28:07.0734 3752 vnccom - detected UnsignedFile.Multi.Generic (1)

10:28:07.0812 3752 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys

10:28:07.0875 3752 vncdrv ( UnsignedFile.Multi.Generic ) - warning

10:28:07.0875 3752 vncdrv - detected UnsignedFile.Multi.Generic (1)

10:28:07.0937 3752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:28:08.0156 3752 VolSnap - ok

10:28:08.0156 3752 vpn5000service - ok

10:28:08.0312 3752 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

10:28:08.0593 3752 VSS - ok

10:28:08.0593 3752 w200bus - ok

10:28:08.0765 3752 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

10:28:08.0984 3752 w32time - ok

10:28:09.0000 3752 wampapache - ok

10:28:09.0062 3752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:28:09.0250 3752 Wanarp - ok

10:28:09.0265 3752 WDICA - ok

10:28:09.0312 3752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:28:09.0500 3752 wdmaud - ok

10:28:09.0578 3752 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

10:28:09.0812 3752 WebClient - ok

10:28:09.0812 3752 websensewfreportserver - ok

10:28:09.0921 3752 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

10:28:10.0218 3752 winmgmt - ok

10:28:10.0421 3752 winvnc (913ff5a608de6a2ab320eb919092049a) C:\Program Files\UltraVNC\WinVNC.exe

10:28:10.0500 3752 winvnc ( UnsignedFile.Multi.Generic ) - warning

10:28:10.0500 3752 winvnc - detected UnsignedFile.Multi.Generic (1)

10:28:10.0515 3752 wm - ok

10:28:10.0546 3752 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

10:28:10.0671 3752 WmdmPmSN - ok

10:28:10.0734 3752 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

10:28:10.0890 3752 Wmi - ok

10:28:11.0031 3752 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

10:28:11.0328 3752 WmiApSrv - ok

10:28:11.0578 3752 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

10:28:11.0703 3752 WMPNetworkSvc - ok

10:28:11.0781 3752 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

10:28:12.0093 3752 wuauserv - ok

10:28:12.0187 3752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:28:12.0265 3752 WudfPf - ok

10:28:12.0296 3752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:28:12.0328 3752 WudfRd - ok

10:28:12.0375 3752 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

10:28:12.0421 3752 WudfSvc - ok

10:28:12.0500 3752 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

10:28:12.0765 3752 WZCSVC - ok

10:28:12.0812 3752 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

10:28:13.0093 3752 xmlprov - ok

10:28:13.0109 3752 Xyz777b - ok

10:28:13.0125 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

10:28:13.0390 3752 \Device\Harddisk0\DR0 - ok

10:28:13.0406 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3

10:28:16.0968 3752 \Device\Harddisk1\DR3 - ok

10:28:17.0000 3752 Boot (0x1200) (b9479911a4a3ae78e490686ef35f8615) \Device\Harddisk0\DR0\Partition0

10:28:17.0031 3752 \Device\Harddisk0\DR0\Partition0 - ok

10:28:17.0046 3752 Boot (0x1200) (9c181f326c582b13d630cf65c14cba44) \Device\Harddisk1\DR3\Partition0

10:28:17.0046 3752 \Device\Harddisk1\DR3\Partition0 - ok

10:28:17.0046 3752 ============================================================

10:28:17.0046 3752 Scan finished

10:28:17.0046 3752 ============================================================

10:28:17.0234 2268 Detected object count: 27

10:28:17.0234 2268 Actual detected object count: 27

10:29:40.0406 2268 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0406 2268 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0421 2268 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0421 2268 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0421 2268 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0421 2268 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0421 2268 Iap ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0421 2268 Iap ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0421 2268 MSSQL$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0421 2268 MSSQL$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0421 2268 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0421 2268 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0421 2268 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0421 2268 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0421 2268 omci ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0421 2268 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0437 2268 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0437 2268 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0437 2268 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0437 2268 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0437 2268 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0437 2268 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0437 2268 SQLAgent$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0437 2268 SQLAgent$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0437 2268 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0437 2268 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0437 2268 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0437 2268 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0437 2268 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0437 2268 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0437 2268 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0437 2268 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0453 2268 vnccom ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0453 2268 vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0468 2268 vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0468 2268 vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:29:40.0468 2268 winvnc ( UnsignedFile.Multi.Generic ) - skipped by user

10:29:40.0468 2268 winvnc ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:31:19.0187 0804 Deinitialize success

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.11.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

reevesg :: SALES-MANAGER [administrator]

Protection: Enabled

11/05/2012 10:32:36 AM

mbam-log-2012-05-11 (10-32-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233963

Time elapsed: 12 minute(s), 53 second(s)

Memory Processes Detected: 1

C:\Documents and Settings\reevesg\Local Settings\Application Data\MJPEG\MJPEGDecompressor.exe (Spyware.Zeus) -> 3140 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MJPEGDecompressor (Spyware.Zeus) -> Data: "C:\Documents and Settings\reevesg\Local Settings\Application Data\MJPEG\MJPEGDecompressor.exe" /a -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rpsvd (Trojan.Medfos) -> Data: rundll32.exe "C:\DOCUME~1\reevesg\LOCALS~1\Temp\rpsvd.dll",CreateVolumeTextureFromResourceW -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Documents and Settings\reevesg\Local Settings\Application Data\MJPEG\MJPEGDecompressor.exe (Spyware.Zeus) -> Delete on reboot.

C:\Documents and Settings\reevesg\Local Settings\Temp\rpsvd.dll (Trojan.Medfos) -> Delete on reboot.

C:\Documents and Settings\reevesg\Local Settings\Temp\~!#1CB.tmp (Spyware.Zeus) -> Quarantined and deleted successfully.

C:\Documents and Settings\reevesg\Local Settings\Temp\~!#2B.tmp (Spyware.Zeus) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by reevesg at 4:00:23 on 2012-05-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.474 [GMT 10:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mnmsrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\UltraVNC\WinVNC.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Okidata\OKI LPR Utility\Okilpr.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uInternet Connection Wizard,ShellNext = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\okilpr~1.lnk - c:\program files\okidata\oki lpr utility\Okilpr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151984876687

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 202.3.192.29 202.3.192.61

TCP: Interfaces\{9F5AFF91-5182-431C-975A-FE0B054835B2} : DhcpNameServer = 202.3.192.29 202.3.192.61

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-10 654408]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-2-10 6016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-10 22344]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120506.006\naveng.sys [2012-5-8 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120506.006\navex15.sys [2012-5-8 1576312]

S2 mcdetect.exe;PciSd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]

S2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]

.

=============== Created Last 30 ================

.

2012-05-10 17:01:54 -------- d-----w- c:\documents and settings\reevesg\local settings\application data\PCHealth

2012-05-09 03:08:45 -------- d-----w- c:\documents and settings\reevesg\local settings\application data\MJPEG

2012-05-09 02:04:07 883616 ----a-w- C:\FixExec.com

2012-05-08 05:22:52 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-05-08 05:11:53 -------- d-----w- c:\program files\common files\MJPEG

2012-05-08 05:11:52 -------- d-----w- c:\documents and settings\all users\application data\F4D5619C001087DD0B1F02F4D151FC4E

2012-05-06 21:27:18 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c157f02b-8a33-4e34-b48e-d8e609f24a93}\mpengine.dll

.

==================== Find3M ====================

.

2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec

2012-02-23 00:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 4:01:23.53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 4/07/2006 1:34:50 PM

System Uptime: 11/05/2012 11:01:07 AM (17 hours ago)

.

Motherboard: Dell Inc. | | 0UG982

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 44.6 GiB free.

D: is CDROM ()

Z: is NetworkDisk (NTFS) - 15 GiB total, 4.486 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1537: 14/02/2012 7:42:05 AM - Software Distribution Service 3.0

RP1538: 15/02/2012 9:44:01 AM - System Checkpoint

RP1539: 16/02/2012 10:29:35 AM - System Checkpoint

RP1540: 16/02/2012 4:06:30 PM - Software Distribution Service 3.0

RP1541: 17/02/2012 7:30:45 AM - Software Distribution Service 3.0

RP1542: 20/02/2012 7:28:06 AM - Software Distribution Service 3.0

RP1543: 21/02/2012 10:03:55 AM - System Checkpoint

RP1544: 22/02/2012 7:35:44 AM - Software Distribution Service 3.0

RP1545: 23/02/2012 8:38:17 AM - System Checkpoint

RP1546: 24/02/2012 9:41:24 AM - System Checkpoint

RP1547: 27/02/2012 7:36:35 AM - Software Distribution Service 3.0

RP1548: 28/02/2012 8:17:22 AM - System Checkpoint

RP1549: 29/02/2012 7:41:31 AM - Software Distribution Service 3.0

RP1550: 1/03/2012 10:37:28 AM - System Checkpoint

RP1551: 2/03/2012 11:38:43 AM - System Checkpoint

RP1552: 5/03/2012 7:26:52 AM - Software Distribution Service 3.0

RP1553: 6/03/2012 10:05:49 AM - System Checkpoint

RP1554: 7/03/2012 7:41:27 AM - Software Distribution Service 3.0

RP1555: 8/03/2012 8:25:51 AM - System Checkpoint

RP1556: 9/03/2012 9:49:30 AM - System Checkpoint

RP1557: 13/03/2012 7:36:36 AM - Software Distribution Service 3.0

RP1558: 14/03/2012 9:45:08 AM - System Checkpoint

RP1559: 14/03/2012 2:08:52 PM - Software Distribution Service 3.0

RP1560: 14/03/2012 4:06:00 PM - Software Distribution Service 3.0

RP1561: 16/03/2012 9:33:33 AM - System Checkpoint

RP1562: 19/03/2012 7:38:50 AM - Software Distribution Service 3.0

RP1563: 20/03/2012 8:12:52 AM - System Checkpoint

RP1564: 21/03/2012 2:09:55 AM - Software Distribution Service 3.0

RP1565: 22/03/2012 2:16:16 AM - System Checkpoint

RP1566: 23/03/2012 3:10:58 AM - System Checkpoint

RP1567: 26/03/2012 7:17:44 AM - Software Distribution Service 3.0

RP1568: 27/03/2012 9:30:31 AM - System Checkpoint

RP1569: 28/03/2012 7:25:20 AM - Software Distribution Service 3.0

RP1570: 29/03/2012 8:19:19 AM - System Checkpoint

RP1571: 30/03/2012 9:00:19 AM - System Checkpoint

RP1572: 1/04/2012 4:22:24 PM - Software Distribution Service 3.0

RP1573: 4/04/2012 7:54:05 AM - Software Distribution Service 3.0

RP1574: 5/04/2012 11:43:14 AM - System Checkpoint

RP1575: 10/04/2012 7:13:05 AM - Software Distribution Service 3.0

RP1576: 11/04/2012 9:19:14 AM - System Checkpoint

RP1577: 12/04/2012 7:54:45 AM - Software Distribution Service 3.0

RP1578: 13/04/2012 3:00:18 AM - Software Distribution Service 3.0

RP1579: 14/04/2012 9:02:44 AM - Software Distribution Service 3.0

RP1580: 15/04/2012 9:53:43 AM - System Checkpoint

RP1581: 16/04/2012 11:46:41 AM - System Checkpoint

RP1582: 17/04/2012 3:03:20 PM - System Checkpoint

RP1583: 18/04/2012 7:12:35 AM - Software Distribution Service 3.0

RP1584: 19/04/2012 7:15:11 AM - System Checkpoint

RP1585: 20/04/2012 8:12:34 AM - System Checkpoint

RP1586: 23/04/2012 7:25:06 AM - Software Distribution Service 3.0

RP1587: 24/04/2012 8:07:51 AM - System Checkpoint

RP1588: 25/04/2012 10:54:14 AM - Software Distribution Service 3.0

RP1589: 26/04/2012 12:19:33 PM - System Checkpoint

RP1590: 30/04/2012 7:30:09 AM - Software Distribution Service 3.0

RP1591: 1/05/2012 8:18:38 AM - System Checkpoint

RP1592: 2/05/2012 7:29:04 AM - Software Distribution Service 3.0

RP1593: 3/05/2012 7:34:17 AM - System Checkpoint

RP1594: 4/05/2012 7:36:36 AM - Software Distribution Service 3.0

RP1595: 7/05/2012 7:26:19 AM - Software Distribution Service 3.0

RP1596: 8/05/2012 11:12:55 AM - System Checkpoint

RP1597: 9/05/2012 2:18:01 PM - System Checkpoint

RP1598: 10/05/2012 2:59:19 PM - System Checkpoint

RP1599: 11/05/2012 3:00:15 AM - Software Distribution Service 3.0

RP1600: 12/05/2012 3:06:20 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0.9

AdViews Reporter

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Broadcom Advanced Control Suite

CCleaner

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

e-tax 2006

e-tax 2007

e-tax 2008

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

hp LaserJet 2300 Uninstaller

Intel® Graphics Media Accelerator Driver

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 26

LiveUpdate 2.6 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Outlook 2003 with Business Contact Manager Update

Microsoft Office Professional Edition 2003

Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)

Microsoft User-Mode Driver Framework Feature Pack 1.0

OKI Color Swatch Utility

OKI LPR Utility

OKI Network Extension

OMCI

PowerDVD 5.5

QuickTime

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic Copy Module

Sonic DLA

Sonic Express Labeler

Sonic RecordNow Audio

Sonic RecordNow Data

Sonic Update Manager

SQLBase Clients 7.5.1

Symantec AntiVirus

UltraVNC v1.0.2

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VanDyke Software CRT 5.0

VLC media player 1.1.11

WebFldrs XP

Windows Defender

Windows Defender Signatures

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

9/05/2012 3:29:26 PM, error: Service Control Manager [7023] - The Thkeys service terminated with the following error: The specified module could not be found.

9/05/2012 3:14:26 PM, error: Service Control Manager [7023] - The Tphdexlgsvc service terminated with the following error: The specified module could not be found.

9/05/2012 2:59:26 PM, error: Service Control Manager [7023] - The Se2Bunic service terminated with the following error: The specified module could not be found.

9/05/2012 2:44:25 PM, error: Service Control Manager [7023] - The Firelm01 service terminated with the following error: The specified module could not be found.

9/05/2012 2:29:25 PM, error: Service Control Manager [7023] - The SPCtl service terminated with the following error: The specified module could not be found.

9/05/2012 2:14:24 PM, error: Service Control Manager [7023] - The Ldap service terminated with the following error: The specified module could not be found.

9/05/2012 12:18:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

9/05/2012 12:16:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm eeCtrl Fips intelppm SAVRT SAVRTPEL SYMTDI

9/05/2012 12:16:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/05/2012 12:10:57 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

9/05/2012 12:00:19 PM, error: Service Control Manager [7023] - The Ccs service terminated with the following error: The specified module could not be found.

9/05/2012 11:59:20 AM, error: Service Control Manager [7023] - The Ppped service terminated with the following error: The specified module could not be found.

9/05/2012 11:52:20 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL. Reference error message: The operation completed successfully. .

9/05/2012 11:52:20 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.

9/05/2012 11:52:20 AM, error: SideBySide [34] - Component identity found in manifest does not match the identity of the component requested

9/05/2012 11:51:38 AM, error: Service Control Manager [7023] - The StarOpen service terminated with the following error: The specified module could not be found.

9/05/2012 11:51:38 AM, error: Service Control Manager [7023] - The S117obex service terminated with the following error: The specified module could not be found.

9/05/2012 11:51:38 AM, error: Service Control Manager [7023] - The OEM02Vfx service terminated with the following error: The specified module could not be found.

9/05/2012 11:51:38 AM, error: Service Control Manager [7023] - The Ikhlayer service terminated with the following error: The specified module could not be found.

9/05/2012 11:51:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.

9/05/2012 11:51:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SavRoam service to connect.

9/05/2012 11:51:22 AM, error: W32Time [28] - The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are accessible. NtpClient has no source of accurate time.

9/05/2012 11:50:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

9/05/2012 11:16:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

9/05/2012 1:59:24 PM, error: Service Control Manager [7023] - The CoachUsb service terminated with the following error: The specified module could not be found.

9/05/2012 1:44:23 PM, error: Service Control Manager [7023] - The Mafwboot service terminated with the following error: The specified module could not be found.

9/05/2012 1:29:23 PM, error: Service Control Manager [7023] - The APLMp50 service terminated with the following error: The specified module could not be found.

9/05/2012 1:14:23 PM, error: Service Control Manager [7023] - The NSNDIS5 service terminated with the following error: The specified module could not be found.

9/05/2012 1:13:23 PM, error: Service Control Manager [7023] - The ASMMAP service terminated with the following error: The specified module could not be found.

8/05/2012 3:47:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

8/05/2012 3:44:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SYMTDI Tcpip

8/05/2012 3:44:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

8/05/2012 3:44:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/05/2012 3:44:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/05/2012 3:44:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

8/05/2012 3:44:06 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/05/2012 3:44:06 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/05/2012 3:23:41 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/05/2012 3:21:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Iap service to connect.

8/05/2012 3:21:14 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

8/05/2012 3:20:48 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 21 time(s).

8/05/2012 3:20:44 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 20 time(s).

8/05/2012 3:20:14 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 19 time(s).

8/05/2012 3:19:48 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 18 time(s).

8/05/2012 3:19:44 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 17 time(s).

8/05/2012 3:19:10 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 16 time(s).

8/05/2012 3:19:05 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 15 time(s).

8/05/2012 3:18:48 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 14 time(s).

8/05/2012 3:18:44 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 13 time(s).

8/05/2012 3:18:10 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 12 time(s).

8/05/2012 3:17:47 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 11 time(s).

8/05/2012 3:17:44 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 10 time(s).

8/05/2012 3:17:10 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 9 time(s).

8/05/2012 3:16:43 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 8 time(s).

8/05/2012 3:16:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

8/05/2012 3:16:37 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/05/2012 3:16:13 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 7 time(s).

8/05/2012 3:16:10 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 6 time(s).

8/05/2012 3:16:09 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 5 time(s).

8/05/2012 3:16:05 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 4 time(s).

8/05/2012 3:15:54 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 3 time(s).

8/05/2012 3:15:53 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 2 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The VNC Server service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The SavRoam service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The NetMeeting Remote Desktop Sharing service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTSMLBIZ service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

8/05/2012 3:15:36 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 1 time(s).

11/05/2012 7:44:57 AM, error: Service Control Manager [7023] - The Amon service terminated with the following error: The specified module could not be found.

11/05/2012 7:29:56 AM, error: Service Control Manager [7023] - The UsbDiag service terminated with the following error: The specified module could not be found.

.

==== End Of File ===========================

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi Maniac,

This seems to have fixed my problem. Fingers crossed.

Here is the ComboFix log.

ComboFix 12-05-11.04 - reevesg 12/05/2012 14:18:28.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.701 [GMT 10:00]

Running from: c:\documents and settings\reevesg\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\LOG108.tmp

c:\windows\$NtUninstallKB7112$\3324712894

c:\windows\$NtUninstallKB7112$\831269444\@

c:\windows\$NtUninstallKB7112$\831269444\cfg.ini

c:\windows\$NtUninstallKB7112$\831269444\Desktop.ini

c:\windows\$NtUninstallKB7112$\831269444\L\iahonoel

c:\windows\$NtUninstallKB7112$\831269444\oemid

c:\windows\$NtUninstallKB7112$\831269444\U\00000001.$

c:\windows\$NtUninstallKB7112$\831269444\U\00000001.@

c:\windows\$NtUninstallKB7112$\831269444\U\00000002.$

c:\windows\$NtUninstallKB7112$\831269444\U\00000002.@

c:\windows\$NtUninstallKB7112$\831269444\U\00000004.$

c:\windows\$NtUninstallKB7112$\831269444\U\00000004.@

c:\windows\$NtUninstallKB7112$\831269444\U\80000000.$

c:\windows\$NtUninstallKB7112$\831269444\U\80000000.@

c:\windows\$NtUninstallKB7112$\831269444\U\80000004.$

c:\windows\$NtUninstallKB7112$\831269444\U\80000004.@

c:\windows\$NtUninstallKB7112$\831269444\U\80000032.$

c:\windows\$NtUninstallKB7112$\831269444\U\80000032.@

c:\windows\$NtUninstallKB7112$\831269444\version

c:\windows\system32\dds_trash_log.cmd

c:\windows\$NtUninstallKB7112$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RADIOSVR

-------\Service_radiosvr

.

.

((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))

.

.

2012-05-10 18:15 . 2012-05-10 18:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2012-05-10 17:01 . 2012-05-10 17:01 -------- d-----w- c:\documents and settings\reevesg\Local Settings\Application Data\PCHealth

2012-05-09 03:08 . 2012-05-11 01:04 -------- d-----w- c:\documents and settings\reevesg\Local Settings\Application Data\MJPEG

2012-05-09 02:04 . 2012-05-09 02:04 883616 ----a-w- C:\FixExec.com

2012-05-08 05:47 . 2012-05-08 05:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-05-08 05:43 . 2012-05-08 05:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-05-08 05:26 . 2012-05-08 05:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-05-08 05:11 . 2012-05-08 05:11 -------- d-----w- c:\program files\Common Files\MJPEG

2012-05-08 05:11 . 2012-05-08 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5619C001087DD0B1F02F4D151FC4E

2012-05-06 21:27 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C157F02B-8A33-4E34-B48E-D8E609F24A93}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 07:36 . 2006-07-07 01:20 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-04-11 13:14 . 2004-08-11 09:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2004-08-11 09:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2004-08-03 14:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 05:56 . 2011-03-09 23:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01 . 2004-08-11 09:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-11 09:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-11 09:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-11 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-11 09:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-11 09:00 385024 ------w- c:\windows\system32\html.iec

2012-02-23 00:18 . 2009-10-04 20:42 237072 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]

"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\Okilpr.exe [2006-8-17 159744]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14/07/2010 11:51 AM 65584]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/03/2011 9:10 AM 654408]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [10/02/2009 9:53 AM 6016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/03/2011 9:10 AM 22344]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

ftsata2

zdeviceservice

pensup

MailService

mvserver

websensewfreportserver

GTWModem

lyncusbserv

k750mdm

vaiomediaplatform-integratedserver-http

LC7981

elnkupdateservice

Hardlock

HBtnKey

smapint

sonytvc

lusbaudio

mediamaxxlservice

rfcomm

bdpredir

AeLookupSvc

npfmntor

UpdateCenterService

IBMTPCHK

lvckap

SRTSPL

ultra66

CdaC15BA

SE2Emdfl

rnadiagreceiver

hpci

mcdetect.exe

WUSB54Gv4SVC

caboagp

DFUBTUSB

bdfdll

qbfcservice

DN2AKNET

ATIBTXBAR

nimcdfxk

ivscheduler

scsk4

SNC

smserial

nvedavt

dvd_2K

Xyz777b

parallel

w200bus

bobo

eabusb

servicelayer

vpn5000service

iPassPeriodicUpdateApp

MTDVC2

wm

prismxl

rp_fws

tcpip6

speedfan

EL2000

USBCCID

wampapache

sdcplh

scsiaccess

sysenforce

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]

.

2012-05-11 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uInternet Connection Wizard,ShellNext = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 202.3.192.29 202.3.192.61

.

- - - - ORPHANS REMOVED - - - -

.

Notify-NavLogon - (no file)

SafeBoot-WinDefend

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-12 14:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3944)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Dell\OpenManage\Client\Iap.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\program files\Citrix\ICA Client\wfcrun32.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-05-12 14:31:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-12 04:31

.

Pre-Run: 49,222,819,840 bytes free

Post-Run: 50,202,890,240 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 022B192236DA24EEDC0DE47A1669F330

Link to post
Share on other sites

It has not completely resolved, but made ​​a step forward.

Step 1

Open notepad and copy and paste next present in the quotebox below in it (don't forget to copy and paste REGEDIT4):

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Finally, reboot your PC.

Next, manually delete your ComboFix, download a new fresh copy and run it again. Post the log file in your next reply.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\windows\$NtUninstallKB7112$

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi Maniac,

Note:- After running the fix.reg file and rebooting the PC couldn't obtain an IP address from the DHCP server, even after rebooting again. However after running ComboFix all was good again.

Here is the log file from Step 1:-

ComboFix 12-05-13.04 - reevesg 14/05/2012 12:51:00.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.414 [GMT 10:00]

Running from: c:\documents and settings\reevesg\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))

.

.

2012-05-12 04:59 . 2012-05-12 04:59 -------- d-----w- c:\documents and settings\reevesg\Application Data\AVG2012

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\documents and settings\reevesg\Local Settings\Application Data\AVG Secure Search

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\documents and settings\reevesg\Application Data\AVG Secure Search

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\program files\AVG Secure Search

2012-05-12 04:56 . 2012-05-12 04:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-05-12 04:55 . 2012-05-12 04:55 -------- d-----w- C:\$AVG

2012-05-12 04:55 . 2012-05-13 23:58 -------- d-----w- c:\windows\system32\drivers\AVG

2012-05-12 04:55 . 2012-05-12 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-05-12 04:54 . 2012-05-12 04:54 -------- d-----w- c:\program files\AVG

2012-05-12 04:52 . 2012-05-13 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-05-10 18:15 . 2012-05-10 18:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2012-05-10 17:01 . 2012-05-10 17:01 -------- d-----w- c:\documents and settings\reevesg\Local Settings\Application Data\PCHealth

2012-05-09 03:08 . 2012-05-11 01:04 -------- d-----w- c:\documents and settings\reevesg\Local Settings\Application Data\MJPEG

2012-05-09 02:04 . 2012-05-09 02:04 883616 ----a-w- C:\FixExec.com

2012-05-08 05:47 . 2012-05-08 05:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-05-08 05:43 . 2012-05-08 05:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-05-08 05:26 . 2012-05-08 05:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-05-08 05:11 . 2012-05-12 18:54 -------- d-----w- c:\program files\Common Files\MJPEG

2012-05-08 05:11 . 2012-05-08 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5619C001087DD0B1F02F4D151FC4E

2012-05-06 21:27 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C157F02B-8A33-4E34-B48E-D8E609F24A93}\mpengine.dll

2012-04-18 18:50 . 2012-04-18 18:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 07:36 . 2006-07-07 01:20 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-04-11 13:14 . 2004-08-11 09:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2004-08-11 09:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2004-08-03 14:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 05:56 . 2011-03-09 23:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-18 19:17 . 2012-03-18 19:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-03-01 11:01 . 2004-08-11 09:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-11 09:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-11 09:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-11 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-11 09:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-11 09:00 385024 ------w- c:\windows\system32\html.iec

2012-02-23 00:18 . 2009-10-04 20:42 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-21 19:25 . 2012-02-21 19:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-12_04.28.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 14:02 . 2009-07-11 14:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-11 14:05 . 2009-07-11 14:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-11 14:05 . 2009-07-11 14:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2012-05-14 02:59 . 2012-05-14 02:59 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat

+ 2012-05-14 02:57 . 2012-05-14 02:57 16384 c:\windows\Temp\Perflib_Perfdata_608.dat

+ 2012-05-14 02:59 . 2012-05-14 02:59 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat

+ 2012-01-30 18:46 . 2012-01-30 18:46 31952 c:\windows\system32\drivers\avgrkx86.sys

+ 2011-12-23 03:32 . 2011-12-23 03:32 41040 c:\windows\system32\drivers\avgmfx86.sys

+ 2011-12-23 03:32 . 2011-12-23 03:32 17232 c:\windows\system32\drivers\avgidsshimx.sys

+ 2011-12-23 03:32 . 2011-12-23 03:32 24144 c:\windows\system32\drivers\avgidsfilterx.sys

+ 2009-07-11 14:02 . 2009-07-11 14:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-11 14:05 . 2009-07-11 14:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2011-12-23 03:32 . 2011-12-23 03:32 139856 c:\windows\system32\drivers\avgidsdriverx.sys

+ 2004-08-11 09:00 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll

+ 2012-05-12 04:54 . 2012-05-12 04:54 219648 c:\windows\Installer\1a5653.msi

+ 2009-07-11 14:02 . 2009-07-11 14:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2012-05-12 04:57 . 2012-05-12 04:57 5161984 c:\windows\Installer\1a565b.msi

+ 2012-05-12 04:54 . 2012-05-12 04:54 2208768 c:\windows\Installer\1a5657.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-05-12 04:57 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-12 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]

"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-12 1116544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\Okilpr.exe [2006-8-17 159744]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 4:46 AM 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 5:25 AM 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 5:17 AM 301248]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14/07/2010 11:51 AM 65584]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 9:44 AM 5106744]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4:53 AM 193288]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/03/2011 9:10 AM 654408]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [10/02/2009 9:53 AM 6016]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [12/05/2012 2:57 PM 932736]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 1:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 1:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 1:32 PM 17232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/03/2011 9:10 AM 22344]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

ftsata2

zdeviceservice

pensup

MailService

mvserver

websensewfreportserver

GTWModem

lyncusbserv

k750mdm

vaiomediaplatform-integratedserver-http

LC7981

elnkupdateservice

Hardlock

HBtnKey

smapint

sonytvc

lusbaudio

mediamaxxlservice

rfcomm

bdpredir

AeLookupSvc

npfmntor

UpdateCenterService

IBMTPCHK

lvckap

SRTSPL

ultra66

CdaC15BA

SE2Emdfl

rnadiagreceiver

hpci

mcdetect.exe

WUSB54Gv4SVC

caboagp

DFUBTUSB

bdfdll

qbfcservice

DN2AKNET

ATIBTXBAR

nimcdfxk

ivscheduler

scsk4

SNC

smserial

nvedavt

dvd_2K

Xyz777b

parallel

w200bus

bobo

eabusb

servicelayer

vpn5000service

iPassPeriodicUpdateApp

MTDVC2

wm

prismxl

rp_fws

tcpip6

speedfan

EL2000

USBCCID

wampapache

sdcplh

scsiaccess

sysenforce

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]

.

2012-05-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uInternet Connection Wizard,ShellNext = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll

TCP: DhcpNameServer = 202.3.192.29 202.3.192.61

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-14 13:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3764)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Dell\OpenManage\Client\Iap.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Citrix\ICA Client\wfcrun32.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-05-14 13:06:20 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-14 03:06

ComboFix2.txt 2012-05-12 04:31

.

Pre-Run: 53,206,134,784 bytes free

Post-Run: 53,218,619,392 bytes free

.

- - End Of File - - F0BAE903E648A04EF65F6C1DACDC272E

...and from Step 2:-

ComboFix 12-05-13.04 - reevesg 14/05/2012 13:09:28.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.499 [GMT 10:00]

Running from: c:\documents and settings\reevesg\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\reevesg\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))

.

.

2012-05-12 04:59 . 2012-05-12 04:59 -------- d-----w- c:\documents and settings\reevesg\Application Data\AVG2012

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\documents and settings\reevesg\Local Settings\Application Data\AVG Secure Search

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\documents and settings\reevesg\Application Data\AVG Secure Search

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-05-12 04:57 . 2012-05-12 04:57 -------- d-----w- c:\program files\AVG Secure Search

2012-05-12 04:56 . 2012-05-12 04:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-05-12 04:55 . 2012-05-12 04:55 -------- d-----w- C:\$AVG

2012-05-12 04:55 . 2012-05-13 23:58 -------- d-----w- c:\windows\system32\drivers\AVG

2012-05-12 04:55 . 2012-05-12 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-05-12 04:54 . 2012-05-12 04:54 -------- d-----w- c:\program files\AVG

2012-05-12 04:52 . 2012-05-13 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-05-10 18:15 . 2012-05-10 18:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2012-05-10 17:01 . 2012-05-10 17:01 -------- d-----w- c:\documents and settings\reevesg\Local Settings\Application Data\PCHealth

2012-05-09 03:08 . 2012-05-11 01:04 -------- d-----w- c:\documents and settings\reevesg\Local Settings\Application Data\MJPEG

2012-05-09 02:04 . 2012-05-09 02:04 883616 ----a-w- C:\FixExec.com

2012-05-08 05:47 . 2012-05-08 05:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-05-08 05:43 . 2012-05-08 05:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-05-08 05:26 . 2012-05-08 05:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-05-08 05:11 . 2012-05-12 18:54 -------- d-----w- c:\program files\Common Files\MJPEG

2012-05-08 05:11 . 2012-05-08 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5619C001087DD0B1F02F4D151FC4E

2012-05-06 21:27 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C157F02B-8A33-4E34-B48E-D8E609F24A93}\mpengine.dll

2012-04-18 18:50 . 2012-04-18 18:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 07:36 . 2006-07-07 01:20 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-04-11 13:14 . 2004-08-11 09:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2004-08-11 09:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2004-08-03 14:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 05:56 . 2011-03-09 23:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-18 19:17 . 2012-03-18 19:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-03-01 11:01 . 2004-08-11 09:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-11 09:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-11 09:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-11 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-11 09:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-11 09:00 385024 ------w- c:\windows\system32\html.iec

2012-02-23 00:18 . 2009-10-04 20:42 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-21 19:25 . 2012-02-21 19:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-12_04.28.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 14:02 . 2009-07-11 14:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-11 14:05 . 2009-07-11 14:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-11 14:05 . 2009-07-11 14:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2012-05-14 02:59 . 2012-05-14 02:59 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat

+ 2012-05-14 02:59 . 2012-05-14 02:59 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat

+ 2012-01-30 18:46 . 2012-01-30 18:46 31952 c:\windows\system32\drivers\avgrkx86.sys

+ 2011-12-23 03:32 . 2011-12-23 03:32 41040 c:\windows\system32\drivers\avgmfx86.sys

+ 2011-12-23 03:32 . 2011-12-23 03:32 17232 c:\windows\system32\drivers\avgidsshimx.sys

+ 2011-12-23 03:32 . 2011-12-23 03:32 24144 c:\windows\system32\drivers\avgidsfilterx.sys

+ 2009-07-11 14:02 . 2009-07-11 14:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-11 14:05 . 2009-07-11 14:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2011-12-23 03:32 . 2011-12-23 03:32 139856 c:\windows\system32\drivers\avgidsdriverx.sys

+ 2004-08-11 09:00 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll

+ 2012-05-12 04:54 . 2012-05-12 04:54 219648 c:\windows\Installer\1a5653.msi

+ 2009-07-11 14:02 . 2009-07-11 14:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-11 14:02 . 2009-07-11 14:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2012-05-12 04:57 . 2012-05-12 04:57 5161984 c:\windows\Installer\1a565b.msi

+ 2012-05-12 04:54 . 2012-05-12 04:54 2208768 c:\windows\Installer\1a5657.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-05-12 04:57 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-12 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]

"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-12 1116544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\Okilpr.exe [2006-8-17 159744]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 4:46 AM 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 5:25 AM 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 5:17 AM 301248]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14/07/2010 11:51 AM 65584]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4:53 AM 193288]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/03/2011 9:10 AM 654408]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [10/02/2009 9:53 AM 6016]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [12/05/2012 2:57 PM 932736]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 1:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 1:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 1:32 PM 17232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/03/2011 9:10 AM 22344]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 9:44 AM 5106744]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

ftsata2

zdeviceservice

pensup

MailService

mvserver

websensewfreportserver

GTWModem

lyncusbserv

k750mdm

vaiomediaplatform-integratedserver-http

LC7981

elnkupdateservice

Hardlock

HBtnKey

smapint

sonytvc

lusbaudio

mediamaxxlservice

rfcomm

bdpredir

AeLookupSvc

npfmntor

UpdateCenterService

IBMTPCHK

lvckap

SRTSPL

ultra66

CdaC15BA

SE2Emdfl

rnadiagreceiver

hpci

mcdetect.exe

WUSB54Gv4SVC

caboagp

DFUBTUSB

bdfdll

qbfcservice

DN2AKNET

ATIBTXBAR

nimcdfxk

ivscheduler

scsk4

SNC

smserial

nvedavt

dvd_2K

Xyz777b

parallel

w200bus

bobo

eabusb

servicelayer

vpn5000service

iPassPeriodicUpdateApp

MTDVC2

wm

prismxl

rp_fws

tcpip6

speedfan

EL2000

USBCCID

wampapache

sdcplh

scsiaccess

sysenforce

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]

.

2012-05-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uInternet Connection Wizard,ShellNext = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll

TCP: DhcpNameServer = 202.3.192.29 202.3.192.61

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-14 13:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(520)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-05-14 13:17:16

ComboFix-quarantined-files.txt 2012-05-14 03:17

ComboFix2.txt 2012-05-14 03:06

ComboFix3.txt 2012-05-12 04:31

.

Pre-Run: 53,228,253,184 bytes free

Post-Run: 53,211,172,864 bytes free

.

- - End Of File - - 16CCC5790F6C85C51A7E00C0C64C2AF3

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

There you go!

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=73b611f7d6ee4d4fa74d1cdf14ebd362

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-14 10:10:02

# local_time=2012-05-14 08:10:02 (+1000, Tasmania Standard Time)

# country="Australia"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=5889 16768382 80 100 95183142 177787908 0 96028362

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=59582

# found=1

# cleaned=0

# scan_time=2240

C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *netbt.sys*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 04:57 on 15/05/2012 by reevesg

Administrator - Elevation successful

========== filefind ==========

Searching for "*netbt.sys*"

C:\i386\netbt.sys --a---- 162816 bytes [23:24 06/07/2006] [21:00 03/08/2004] 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [21:48 23/06/2010] [21:00 03/08/2004] 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\ServicePackFiles\i386\netbt.sys ------- 162816 bytes [22:27 25/08/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [09:00 11/08/2004] [19:21 13/04/2008] DB05AD99947B8745C1383003D43A9102

-= EOF =-

Link to post
Share on other sites

Please manually delete your ComboFix copy, download a new fresh one and then:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\WINDOWS\ServicePackFiles\i386\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.