Jump to content

Please help us get rid of this virus...


Recommended Posts

My computer is infected with some virus or malware. We started noticing that our homepage kept changing a few months ago. We couldn't seem to get the computer to save our preferred page (google). Now our searches occasionally get rerouted to random other pages when we click on links. I have included the dds and attach logs. Any help would be greatly appreciated!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1

Run by D at 19:40:20 on 2012-06-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.804 [GMT -4:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\dlbfcoms.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\lotus\notes\ntmulti.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.bankofamerica.com

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File

TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File

TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [AdobeBridge]

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Cyberlink] rundll32.exe "c:\documents and settings\d\local settings\application data\cyberlink\qwxktqbm.dll",AllocatePfxEngineClient

uRun: [Ares] rundll32.exe "c:\documents and settings\d\local settings\application data\google\ares\ivnabfndt.dll",CreateInstance

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [Ares] rundll32.exe "c:\documents and settings\d\local settings\application data\google\ares\ivnabfndt.dll",CreateInstance

dRunOnce: [RunNarrator] Narrator.exe

IE: Add to Google Photos Screensa&ver

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206748501763

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\d\application data\mozilla\firefox\profiles\ty86au9v.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.bankofamerica.com

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: browser.startup.homepage - hxxps://www.bankofamerica.com

FF - user.js: browser.startup.page - 1

.

============= SERVICES / DRIVERS ===============

.

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]

R2 dlbf_device;dlbf_device;c:\windows\system32\dlbfcoms.exe -service --> c:\windows\system32\dlbfcoms.exe -service [?]

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-2 106104]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110902.002\naveng.sys [2011-9-2 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110902.002\navex15.sys [2011-9-2 1576312]

S2 gupdate1c985a741df6b8;Google Update Service (gupdate1c985a741df6b8);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]

S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2008-3-28 20160]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 257224]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 113120]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-2-11 30576]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]

.

=============== Created Last 30 ================

.

2012-06-16 21:06:10 -------- d-----w- c:\documents and settings\d\local settings\application data\Sun

2012-06-15 02:55:29 -------- d-----w- c:\program files\Oracle

2012-06-15 02:54:33 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-15 02:47:54 -------- d-----w- c:\program files\Adobe Download Assistant

2012-06-13 20:49:43 -------- d-----w- c:\documents and settings\d\local settings\application data\Cyberlink

2012-06-06 20:47:05 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-06 20:47:05 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-06-02 03:12:48 87960 ----a-r- c:\documents and settings\d\application data\microsoft\installer\{ecc01078-ac91-4a40-9f15-9d586f065cc7}\ARPPRODUCTICON.exe

2012-06-02 03:12:31 -------- d-----w- c:\documents and settings\d\local settings\application data\Scholastic

2012-06-02 03:12:09 -------- d-----w- c:\program files\common files\K-NFB Reading

2012-06-02 03:12:02 -------- d-----w- c:\program files\PlayReady

.

==================== Find3M ====================

.

2012-06-15 02:17:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-15 02:17:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-04 23:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll

2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl

2012-04-23 14:46:47 17408 ------w- c:\windows\system32\corpol.dll

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 19:42:12.89 ===============

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Link to post
Share on other sites

Thank you for your time!

The first time I tried to run the program windows explorer crashed part way through... this is results of the second scan:

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: D [Admin rights]

Mode: Scan -- Date: 06/22/2012 21:32:43

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] qwxktqbm.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll -> UNLOADED

[sUSP PATH] qwxktqbm.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll -> KILLED [TermProc]

[sUSP PATH] ivnabfndt.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll -> KILLED [TermProc]

¤¤¤ Registry Entries: 12 ¤¤¤

[bLACKLIST DLL] HKCU\[...]\Run : Cyberlink (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll",AllocatePfxEngineClient) -> FOUND

[bLACKLIST DLL] HKCU\[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-19_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005[...]\Run : Cyberlink (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll",AllocatePfxEngineClient) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A660648)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A5EB008)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A6677E0)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A6537D8)

SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x8A670EB0)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A66A9F8)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A582E50)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A675550)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A65E340)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A0F72C0)

SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x8A66C6B8)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A5ED9A8)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8A6E7008)

SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0x8A0E8038)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A5ED120)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A7638E0)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A7FE7E0)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8A5E8008)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A0ED350)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A7A7008)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A5ED838)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A7626F0)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A569770)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A663DA0)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.1001-search.info

127.0.0.1 1001-search.info

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980813ASG +++++

--- User ---

[MBR] 0d20519f4697fe02675d1961fb932b3e

[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

OK, run RogueKiller again and click Scan

When the scan completes > click on the Bad processes tab

Put a check next to all of these and uncheck the rest:

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] qwxktqbm.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll -> UNLOADED

[sUSP PATH] qwxktqbm.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll -> KILLED [TermProc]

[sUSP PATH] ivnabfndt.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll -> KILLED [TermProc]

Now click Delete on the right hand column.

Repeat the process for these

Click on the Registry Entries > put a check next to these and uncheck the rest

¤¤¤ Registry Entries: 12 ¤¤¤

[bLACKLIST DLL] HKCU\[...]\Run : Cyberlink (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll",AllocatePfxEngineClient) -> FOUND

[bLACKLIST DLL] HKCU\[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-19_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005[...]\Run : Cyberlink (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll",AllocatePfxEngineClient) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Click on Delete

---------------------------------------------

Next.......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Thank you MrC. I ran RogueKiller again and deleted the processes, then restarted the program and ran the scan again to delete the registry entries. On the second scan, the registry entries did not show up so I went ahead with the system restore and erunt, then ran the TDSSKILLER program.

The results are as follows:

21:58:13.0812 2616 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

21:58:14.0046 2616 ============================================================

21:58:14.0046 2616 Current date / time: 2012/06/22 21:58:14.0046

21:58:14.0046 2616 SystemInfo:

21:58:14.0046 2616

21:58:14.0046 2616 OS Version: 5.1.2600 ServicePack: 3.0

21:58:14.0046 2616 Product type: Workstation

21:58:14.0046 2616 ComputerName: DFT43YF1

21:58:14.0046 2616 UserName: D

21:58:14.0046 2616 Windows directory: C:\WINDOWS

21:58:14.0046 2616 System windows directory: C:\WINDOWS

21:58:14.0046 2616 Processor architecture: Intel x86

21:58:14.0046 2616 Number of processors: 2

21:58:14.0046 2616 Page size: 0x1000

21:58:14.0046 2616 Boot type: Normal boot

21:58:14.0046 2616 ============================================================

21:58:15.0718 2616 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:58:15.0718 2616 ============================================================

21:58:15.0718 2616 \Device\Harddisk0\DR0:

21:58:15.0718 2616 MBR partitions:

21:58:15.0718 2616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94EAFF8

21:58:15.0718 2616 ============================================================

21:58:15.0750 2616 C: <-> \Device\Harddisk0\DR0\Partition0

21:58:15.0750 2616 ============================================================

21:58:15.0750 2616 Initialize success

21:58:15.0750 2616 ============================================================

21:58:56.0171 3184 ============================================================

21:58:56.0171 3184 Scan started

21:58:56.0171 3184 Mode: Manual; SigCheck; TDLFS;

21:58:56.0171 3184 ============================================================

21:58:56.0421 3184 Abiosdsk - ok

21:58:56.0468 3184 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

21:58:56.0734 3184 abp480n5 - ok

21:58:56.0765 3184 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:58:56.0921 3184 ACPI - ok

21:58:56.0984 3184 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:58:57.0093 3184 ACPIEC - ok

21:58:57.0125 3184 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS

21:58:57.0187 3184 ADM8511 - ok

21:58:57.0250 3184 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:58:57.0328 3184 AdobeFlashPlayerUpdateSvc - ok

21:58:57.0359 3184 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

21:58:57.0453 3184 adpu160m - ok

21:58:57.0500 3184 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:58:57.0593 3184 aec - ok

21:58:57.0640 3184 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:58:57.0687 3184 AFD - ok

21:58:57.0718 3184 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

21:58:57.0812 3184 agp440 - ok

21:58:57.0843 3184 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

21:58:57.0937 3184 agpCPQ - ok

21:58:57.0968 3184 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

21:58:58.0046 3184 Aha154x - ok

21:58:58.0062 3184 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

21:58:58.0156 3184 aic78u2 - ok

21:58:58.0171 3184 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

21:58:58.0281 3184 aic78xx - ok

21:58:58.0312 3184 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

21:58:58.0421 3184 Alerter - ok

21:58:58.0453 3184 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

21:58:58.0562 3184 ALG - ok

21:58:58.0593 3184 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

21:58:58.0687 3184 AliIde - ok

21:58:58.0734 3184 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

21:58:58.0812 3184 alim1541 - ok

21:58:58.0812 3184 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

21:58:58.0921 3184 amdagp - ok

21:58:58.0968 3184 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

21:58:59.0015 3184 amsint - ok

21:58:59.0046 3184 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

21:58:59.0062 3184 ApfiltrService ( UnsignedFile.Multi.Generic ) - warning

21:58:59.0062 3184 ApfiltrService - detected UnsignedFile.Multi.Generic (1)

21:58:59.0109 3184 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

21:58:59.0109 3184 APPDRV ( UnsignedFile.Multi.Generic ) - warning

21:58:59.0109 3184 APPDRV - detected UnsignedFile.Multi.Generic (1)

21:58:59.0187 3184 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:58:59.0187 3184 Apple Mobile Device - ok

21:58:59.0218 3184 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

21:58:59.0343 3184 AppMgmt - ok

21:58:59.0375 3184 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

21:58:59.0484 3184 Arp1394 - ok

21:58:59.0500 3184 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

21:58:59.0593 3184 asc - ok

21:58:59.0609 3184 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

21:58:59.0671 3184 asc3350p - ok

21:58:59.0687 3184 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

21:58:59.0796 3184 asc3550 - ok

21:58:59.0843 3184 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

21:58:59.0859 3184 ASFIPmon - ok

21:58:59.0937 3184 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:59:00.0015 3184 aspnet_state - ok

21:59:00.0015 3184 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:59:00.0109 3184 AsyncMac - ok

21:59:00.0156 3184 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:59:00.0234 3184 atapi - ok

21:59:00.0234 3184 Atdisk - ok

21:59:00.0250 3184 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:59:00.0343 3184 Atmarpc - ok

21:59:00.0390 3184 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

21:59:00.0484 3184 AudioSrv - ok

21:59:00.0515 3184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:59:00.0625 3184 audstub - ok

21:59:00.0656 3184 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

21:59:00.0656 3184 b57w2k ( UnsignedFile.Multi.Generic ) - warning

21:59:00.0656 3184 b57w2k - detected UnsignedFile.Multi.Generic (1)

21:59:00.0671 3184 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

21:59:00.0703 3184 BASFND ( UnsignedFile.Multi.Generic ) - warning

21:59:00.0703 3184 BASFND - detected UnsignedFile.Multi.Generic (1)

21:59:00.0750 3184 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

21:59:00.0781 3184 BCM43XX ( UnsignedFile.Multi.Generic ) - warning

21:59:00.0781 3184 BCM43XX - detected UnsignedFile.Multi.Generic (1)

21:59:00.0812 3184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:59:00.0921 3184 Beep - ok

21:59:00.0953 3184 bgsvcgen (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe

21:59:00.0984 3184 bgsvcgen ( UnsignedFile.Multi.Generic ) - warning

21:59:00.0984 3184 bgsvcgen - detected UnsignedFile.Multi.Generic (1)

21:59:01.0031 3184 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

21:59:01.0156 3184 BITS - ok

21:59:01.0281 3184 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe

21:59:01.0296 3184 Bonjour Service - ok

21:59:01.0343 3184 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

21:59:01.0437 3184 Browser - ok

21:59:01.0453 3184 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

21:59:01.0562 3184 cbidf - ok

21:59:01.0562 3184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:59:01.0656 3184 cbidf2k - ok

21:59:01.0750 3184 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe

21:59:01.0765 3184 CCALib8 ( UnsignedFile.Multi.Generic ) - warning

21:59:01.0765 3184 CCALib8 - detected UnsignedFile.Multi.Generic (1)

21:59:01.0796 3184 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:59:01.0890 3184 CCDECODE - ok

21:59:01.0968 3184 ccEvtMgr (73a35ad810cb750367cc01564a44b0e7) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

21:59:01.0968 3184 ccEvtMgr - ok

21:59:01.0984 3184 ccSetMgr (5e32d63b71495a8eda09f05bd153a537) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

21:59:02.0000 3184 ccSetMgr - ok

21:59:02.0015 3184 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

21:59:02.0062 3184 cd20xrnt - ok

21:59:02.0093 3184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:59:02.0390 3184 Cdaudio - ok

21:59:02.0421 3184 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:59:02.0578 3184 Cdfs - ok

21:59:02.0640 3184 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:59:02.0781 3184 Cdrom - ok

21:59:02.0781 3184 Changer - ok

21:59:02.0843 3184 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

21:59:02.0921 3184 CiSvc - ok

21:59:02.0968 3184 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

21:59:03.0078 3184 ClipSrv - ok

21:59:03.0156 3184 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:59:03.0218 3184 clr_optimization_v2.0.50727_32 - ok

21:59:03.0250 3184 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:59:03.0343 3184 CmBatt - ok

21:59:03.0375 3184 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

21:59:03.0484 3184 CmdIde - ok

21:59:03.0500 3184 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:59:03.0609 3184 Compbatt - ok

21:59:03.0609 3184 COMSysApp - ok

21:59:03.0625 3184 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

21:59:03.0734 3184 Cpqarray - ok

21:59:03.0781 3184 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

21:59:03.0859 3184 CryptSvc - ok

21:59:03.0890 3184 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

21:59:03.0984 3184 dac2w2k - ok

21:59:04.0015 3184 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

21:59:04.0125 3184 dac960nt - ok

21:59:04.0171 3184 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

21:59:04.0234 3184 DcomLaunch - ok

21:59:04.0312 3184 DefWatch (7f7efcc3ef73160147b27a8270b4cb9e) C:\Program Files\Symantec AntiVirus\DefWatch.exe

21:59:04.0312 3184 DefWatch - ok

21:59:04.0343 3184 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

21:59:04.0453 3184 Dhcp - ok

21:59:04.0468 3184 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:59:04.0562 3184 Disk - ok

21:59:04.0578 3184 dlbf_device - ok

21:59:04.0578 3184 dlcx_device - ok

21:59:04.0578 3184 dmadmin - ok

21:59:04.0656 3184 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:59:04.0765 3184 dmboot - ok

21:59:04.0765 3184 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:59:04.0859 3184 dmio - ok

21:59:04.0890 3184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:59:04.0984 3184 dmload - ok

21:59:05.0015 3184 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

21:59:05.0187 3184 dmserver - ok

21:59:05.0203 3184 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:59:05.0281 3184 DMusic - ok

21:59:05.0312 3184 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

21:59:05.0406 3184 Dnscache - ok

21:59:05.0437 3184 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

21:59:05.0593 3184 Dot3svc - ok

21:59:05.0671 3184 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

21:59:05.0828 3184 dot4 - ok

21:59:05.0875 3184 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys

21:59:05.0953 3184 Dot4 HPH11 - ok

21:59:05.0984 3184 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

21:59:06.0140 3184 Dot4Print - ok

21:59:06.0203 3184 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys

21:59:06.0234 3184 Dot4Print HPH11 - ok

21:59:06.0265 3184 Dot4Storage HPH11 (df0a7516e9f803c1c64796b81605495c) C:\WINDOWS\system32\Drivers\hphs2k11.sys

21:59:06.0296 3184 Dot4Storage HPH11 - ok

21:59:06.0328 3184 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

21:59:06.0468 3184 dot4usb - ok

21:59:06.0515 3184 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys

21:59:06.0546 3184 Dot4Usb HPH11 - ok

21:59:06.0578 3184 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

21:59:06.0671 3184 dpti2o - ok

21:59:06.0687 3184 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:59:06.0765 3184 drmkaud - ok

21:59:06.0812 3184 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

21:59:06.0812 3184 DXEC01 ( UnsignedFile.Multi.Generic ) - warning

21:59:06.0812 3184 DXEC01 - detected UnsignedFile.Multi.Generic (1)

21:59:06.0843 3184 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

21:59:06.0953 3184 E100B - ok

21:59:06.0984 3184 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

21:59:07.0187 3184 EapHost - ok

21:59:07.0328 3184 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

21:59:07.0375 3184 eeCtrl - ok

21:59:07.0406 3184 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:59:07.0421 3184 EraserUtilRebootDrv - ok

21:59:07.0437 3184 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

21:59:07.0640 3184 ERSvc - ok

21:59:07.0718 3184 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

21:59:07.0765 3184 Eventlog - ok

21:59:07.0812 3184 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

21:59:07.0906 3184 EventSystem - ok

21:59:07.0937 3184 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:59:08.0156 3184 Fastfat - ok

21:59:08.0218 3184 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:59:08.0281 3184 FastUserSwitchingCompatibility - ok

21:59:08.0281 3184 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

21:59:08.0390 3184 Fdc - ok

21:59:08.0406 3184 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:59:08.0500 3184 Fips - ok

21:59:08.0515 3184 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:59:08.0625 3184 Flpydisk - ok

21:59:08.0656 3184 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:59:08.0750 3184 FltMgr - ok

21:59:08.0843 3184 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:59:08.0875 3184 FontCache3.0.0.0 - ok

21:59:08.0890 3184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:59:09.0015 3184 Fs_Rec - ok

21:59:09.0078 3184 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:59:09.0218 3184 Ftdisk - ok

21:59:09.0281 3184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:59:09.0281 3184 GEARAspiWDM - ok

21:59:09.0296 3184 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:59:09.0453 3184 Gpc - ok

21:59:09.0515 3184 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

21:59:09.0531 3184 guardian2 ( UnsignedFile.Multi.Generic ) - warning

21:59:09.0531 3184 guardian2 - detected UnsignedFile.Multi.Generic (1)

21:59:09.0609 3184 gupdate1c985a741df6b8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

21:59:09.0625 3184 gupdate1c985a741df6b8 - ok

21:59:09.0625 3184 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

21:59:09.0640 3184 gupdatem - ok

21:59:09.0703 3184 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

21:59:09.0734 3184 gusvc - ok

21:59:09.0781 3184 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:59:09.0984 3184 HDAudBus - ok

21:59:10.0062 3184 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:59:10.0171 3184 helpsvc - ok

21:59:10.0203 3184 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

21:59:10.0296 3184 HidServ - ok

21:59:10.0328 3184 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:59:10.0421 3184 HidUsb - ok

21:59:10.0453 3184 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

21:59:10.0593 3184 hkmsvc - ok

21:59:10.0625 3184 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

21:59:10.0765 3184 hpn - ok

21:59:10.0812 3184 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

21:59:10.0843 3184 HSFHWAZL ( UnsignedFile.Multi.Generic ) - warning

21:59:10.0843 3184 HSFHWAZL - detected UnsignedFile.Multi.Generic (1)

21:59:10.0906 3184 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

21:59:10.0953 3184 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning

21:59:10.0953 3184 HSF_DPV - detected UnsignedFile.Multi.Generic (1)

21:59:11.0000 3184 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:59:11.0062 3184 HTTP - ok

21:59:11.0093 3184 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

21:59:11.0187 3184 HTTPFilter - ok

21:59:11.0234 3184 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

21:59:11.0421 3184 i2omgmt - ok

21:59:11.0468 3184 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

21:59:11.0562 3184 i2omp - ok

21:59:11.0578 3184 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:59:11.0671 3184 i8042prt - ok

21:59:11.0953 3184 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:59:12.0359 3184 ialm ( UnsignedFile.Multi.Generic ) - warning

21:59:12.0359 3184 ialm - detected UnsignedFile.Multi.Generic (1)

21:59:12.0453 3184 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

21:59:12.0500 3184 IDriverT ( UnsignedFile.Multi.Generic ) - warning

21:59:12.0500 3184 IDriverT - detected UnsignedFile.Multi.Generic (1)

21:59:12.0656 3184 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:59:12.0875 3184 idsvc - ok

21:59:12.0953 3184 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:59:13.0062 3184 Imapi - ok

21:59:13.0093 3184 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

21:59:13.0203 3184 ImapiService - ok

21:59:13.0234 3184 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

21:59:13.0343 3184 ini910u - ok

21:59:13.0375 3184 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:59:13.0468 3184 IntelIde - ok

21:59:13.0500 3184 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:59:13.0578 3184 intelppm - ok

21:59:13.0609 3184 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:59:13.0687 3184 Ip6Fw - ok

21:59:13.0734 3184 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:59:13.0828 3184 IpFilterDriver - ok

21:59:13.0875 3184 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:59:13.0953 3184 IpInIp - ok

21:59:13.0968 3184 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:59:14.0062 3184 IpNat - ok

21:59:14.0156 3184 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe

21:59:14.0234 3184 iPod Service - ok

21:59:14.0281 3184 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:59:14.0375 3184 IPSec - ok

21:59:14.0390 3184 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:59:14.0484 3184 IRENUM - ok

21:59:14.0500 3184 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:59:14.0609 3184 isapnp - ok

21:59:14.0671 3184 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

21:59:14.0687 3184 JavaQuickStarterService - ok

21:59:14.0687 3184 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:59:14.0796 3184 Kbdclass - ok

21:59:14.0812 3184 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:59:14.0906 3184 kbdhid - ok

21:59:14.0937 3184 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:59:15.0015 3184 kmixer - ok

21:59:15.0062 3184 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:59:15.0125 3184 KSecDD - ok

21:59:15.0156 3184 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

21:59:15.0218 3184 lanmanserver - ok

21:59:15.0250 3184 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

21:59:15.0281 3184 lanmanworkstation - ok

21:59:15.0281 3184 lbrtfdc - ok

21:59:15.0312 3184 LHidFilt (597d79382c154cedb638a65012925a23) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

21:59:15.0312 3184 LHidFilt - ok

21:59:15.0500 3184 LiveUpdate (7c63055bfb959199eeef366bbbe56456) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

21:59:15.0812 3184 LiveUpdate - ok

21:59:15.0906 3184 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

21:59:16.0109 3184 LmHosts - ok

21:59:16.0171 3184 LMouFilt (9ead053d28182bd6acb19d5f58202194) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

21:59:16.0187 3184 LMouFilt - ok

21:59:16.0265 3184 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

21:59:16.0312 3184 MDM - ok

21:59:16.0343 3184 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

21:59:16.0375 3184 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning

21:59:16.0375 3184 mdmxsdk - detected UnsignedFile.Multi.Generic (1)

21:59:16.0406 3184 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

21:59:16.0625 3184 Messenger - ok

21:59:16.0656 3184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:59:16.0750 3184 mnmdd - ok

21:59:16.0781 3184 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

21:59:16.0890 3184 mnmsrvc - ok

21:59:16.0921 3184 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:59:17.0000 3184 Modem - ok

21:59:17.0046 3184 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:59:17.0140 3184 Mouclass - ok

21:59:17.0156 3184 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:59:17.0281 3184 mouhid - ok

21:59:17.0328 3184 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:59:17.0421 3184 MountMgr - ok

21:59:17.0468 3184 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:59:17.0546 3184 MozillaMaintenance - ok

21:59:17.0562 3184 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

21:59:17.0687 3184 mraid35x - ok

21:59:17.0718 3184 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:59:17.0843 3184 MRxDAV - ok

21:59:17.0906 3184 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:59:18.0000 3184 MRxSmb - ok

21:59:18.0062 3184 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

21:59:18.0078 3184 MSCamSvc - ok

21:59:18.0109 3184 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:59:18.0250 3184 Msfs - ok

21:59:18.0296 3184 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys

21:59:18.0312 3184 MSHUSBVideo - ok

21:59:18.0312 3184 MSIServer - ok

21:59:18.0343 3184 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:59:18.0453 3184 MSKSSRV - ok

21:59:18.0468 3184 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:59:18.0562 3184 MSPCLOCK - ok

21:59:18.0593 3184 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:59:18.0687 3184 MSPQM - ok

21:59:18.0718 3184 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:59:18.0812 3184 mssmbios - ok

21:59:18.0843 3184 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:59:18.0953 3184 MSTEE - ok

21:59:19.0000 3184 Multi-user Cleanup Service (6822fb514a3b9d2348727a64f19b0100) C:\lotus\notes\ntmulti.exe

21:59:19.0031 3184 Multi-user Cleanup Service - ok

21:59:19.0078 3184 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:59:19.0125 3184 Mup - ok

21:59:19.0156 3184 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:59:19.0250 3184 NABTSFEC - ok

21:59:19.0296 3184 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

21:59:19.0437 3184 napagent - ok

21:59:19.0546 3184 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110902.002\naveng.sys

21:59:19.0562 3184 NAVENG - ok

21:59:19.0656 3184 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110902.002\navex15.sys

21:59:19.0781 3184 NAVEX15 - ok

21:59:19.0906 3184 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:59:20.0000 3184 NDIS - ok

21:59:20.0046 3184 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:59:20.0140 3184 NdisIP - ok

21:59:20.0171 3184 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:59:20.0218 3184 NdisTapi - ok

21:59:20.0250 3184 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:59:20.0359 3184 Ndisuio - ok

21:59:20.0375 3184 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:59:20.0484 3184 NdisWan - ok

21:59:20.0515 3184 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:59:20.0562 3184 NDProxy - ok

21:59:20.0578 3184 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:59:20.0671 3184 NetBIOS - ok

21:59:20.0718 3184 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:59:20.0812 3184 NetBT - ok

21:59:20.0843 3184 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:59:21.0031 3184 NetDDE - ok

21:59:21.0031 3184 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:59:21.0109 3184 NetDDEdsdm - ok

21:59:21.0171 3184 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:59:21.0281 3184 Netlogon - ok

21:59:21.0312 3184 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

21:59:21.0406 3184 Netman - ok

21:59:21.0500 3184 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:59:21.0531 3184 NetTcpPortSharing - ok

21:59:21.0546 3184 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

21:59:21.0656 3184 NIC1394 - ok

21:59:21.0750 3184 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

21:59:21.0781 3184 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning

21:59:21.0781 3184 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)

21:59:21.0828 3184 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

21:59:21.0859 3184 Nla - ok

21:59:21.0875 3184 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:59:21.0984 3184 Npfs - ok

21:59:22.0031 3184 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:59:22.0140 3184 Ntfs - ok

21:59:22.0171 3184 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:59:22.0343 3184 NtLmSsp - ok

21:59:22.0421 3184 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

21:59:22.0562 3184 NtmsSvc - ok

21:59:22.0593 3184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:59:22.0703 3184 Null - ok

21:59:22.0812 3184 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:59:23.0015 3184 nv - ok

21:59:23.0125 3184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:59:23.0234 3184 NwlnkFlt - ok

21:59:23.0250 3184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:59:23.0343 3184 NwlnkFwd - ok

21:59:23.0375 3184 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

21:59:23.0484 3184 ohci1394 - ok

21:59:23.0546 3184 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:59:23.0562 3184 ose - ok

21:59:23.0578 3184 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

21:59:23.0671 3184 Parport - ok

21:59:23.0687 3184 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:59:23.0781 3184 PartMgr - ok

21:59:23.0812 3184 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:59:23.0921 3184 ParVdm - ok

21:59:23.0953 3184 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

21:59:23.0953 3184 PBADRV - ok

21:59:23.0968 3184 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:59:24.0062 3184 PCI - ok

21:59:24.0062 3184 PCIDump - ok

21:59:24.0093 3184 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:59:24.0203 3184 PCIIde - ok

21:59:24.0234 3184 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

21:59:24.0343 3184 Pcmcia - ok

21:59:24.0343 3184 PDCOMP - ok

21:59:24.0343 3184 PDFRAME - ok

21:59:24.0359 3184 PDRELI - ok

21:59:24.0359 3184 PDRFRAME - ok

21:59:24.0390 3184 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

21:59:24.0468 3184 perc2 - ok

21:59:24.0515 3184 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

21:59:24.0593 3184 perc2hib - ok

21:59:24.0640 3184 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

21:59:24.0656 3184 PlugPlay - ok

21:59:24.0703 3184 Pml Driver HPH11 (0d337e0cf7041c5f538b27c2f86e48bf) C:\WINDOWS\system32\HPHipm11.exe

21:59:24.0750 3184 Pml Driver HPH11 - ok

21:59:24.0781 3184 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:59:24.0859 3184 PolicyAgent - ok

21:59:24.0875 3184 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:59:24.0984 3184 PptpMiniport - ok

21:59:24.0984 3184 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:59:25.0062 3184 ProtectedStorage - ok

21:59:25.0078 3184 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:59:25.0171 3184 PSched - ok

21:59:25.0203 3184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:59:25.0312 3184 Ptilink - ok

21:59:25.0343 3184 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:59:25.0343 3184 PxHelp20 - ok

21:59:25.0375 3184 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

21:59:25.0468 3184 ql1080 - ok

21:59:25.0468 3184 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

21:59:25.0546 3184 Ql10wnt - ok

21:59:25.0578 3184 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

21:59:25.0656 3184 ql12160 - ok

21:59:25.0687 3184 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

21:59:25.0765 3184 ql1240 - ok

21:59:25.0796 3184 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

21:59:25.0890 3184 ql1280 - ok

21:59:25.0921 3184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:59:26.0000 3184 RasAcd - ok

21:59:26.0015 3184 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

21:59:26.0140 3184 RasAuto - ok

21:59:26.0156 3184 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:59:26.0234 3184 Rasl2tp - ok

21:59:26.0281 3184 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

21:59:26.0375 3184 RasMan - ok

21:59:26.0375 3184 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:59:26.0468 3184 RasPppoe - ok

21:59:26.0500 3184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:59:26.0593 3184 Raspti - ok

21:59:26.0625 3184 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:59:26.0718 3184 Rdbss - ok

21:59:26.0765 3184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:59:26.0859 3184 RDPCDD - ok

21:59:26.0890 3184 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:59:26.0984 3184 rdpdr - ok

21:59:27.0046 3184 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

21:59:27.0093 3184 RDPWD - ok

21:59:27.0125 3184 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

21:59:27.0281 3184 RDSessMgr - ok

21:59:27.0328 3184 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:59:27.0421 3184 redbook - ok

21:59:27.0453 3184 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

21:59:27.0562 3184 RemoteAccess - ok

21:59:27.0593 3184 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

21:59:27.0687 3184 RemoteRegistry - ok

21:59:27.0718 3184 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

21:59:27.0812 3184 RpcLocator - ok

21:59:27.0859 3184 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

21:59:27.0906 3184 RpcSs - ok

21:59:27.0953 3184 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

21:59:28.0062 3184 RSVP - ok

21:59:28.0093 3184 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:59:28.0171 3184 SamSs - ok

21:59:28.0234 3184 SavRoam (92554f1d5037033146501f72c74b4d9f) C:\Program Files\Symantec AntiVirus\SavRoam.exe

21:59:28.0265 3184 SavRoam - ok

21:59:28.0296 3184 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

21:59:28.0328 3184 SAVRT - ok

21:59:28.0343 3184 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

21:59:28.0359 3184 SAVRTPEL - ok

21:59:28.0390 3184 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

21:59:28.0500 3184 SCardSvr - ok

21:59:28.0531 3184 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

21:59:28.0640 3184 Schedule - ok

21:59:28.0687 3184 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:59:28.0781 3184 Secdrv - ok

21:59:28.0828 3184 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

21:59:28.0921 3184 seclogon - ok

21:59:29.0000 3184 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

21:59:29.0078 3184 SecureStorageService ( UnsignedFile.Multi.Generic ) - warning

21:59:29.0078 3184 SecureStorageService - detected UnsignedFile.Multi.Generic (1)

21:59:29.0109 3184 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

21:59:29.0203 3184 SENS - ok

21:59:29.0234 3184 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:59:29.0312 3184 serenum - ok

21:59:29.0328 3184 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

21:59:29.0437 3184 Serial - ok

21:59:29.0468 3184 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

21:59:29.0578 3184 Sfloppy - ok

21:59:29.0625 3184 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

21:59:29.0718 3184 SharedAccess - ok

21:59:29.0765 3184 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:59:29.0796 3184 ShellHWDetection - ok

21:59:29.0796 3184 Simbad - ok

21:59:29.0828 3184 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

21:59:29.0937 3184 sisagp - ok

21:59:29.0968 3184 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:59:30.0062 3184 SLIP - ok

21:59:30.0140 3184 SNDSrvc (213c7eb70a762afdbb095e3535e8545c) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

21:59:30.0187 3184 SNDSrvc - ok

21:59:30.0218 3184 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

21:59:30.0281 3184 Sparrow - ok

21:59:30.0328 3184 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

21:59:30.0359 3184 SPBBCDrv - ok

21:59:30.0437 3184 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

21:59:30.0484 3184 SPBBCSvc - ok

21:59:30.0593 3184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:59:30.0687 3184 splitter - ok

21:59:30.0734 3184 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

21:59:30.0781 3184 Spooler - ok

21:59:30.0812 3184 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:59:30.0906 3184 sr - ok

21:59:30.0953 3184 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

21:59:31.0062 3184 srservice - ok

21:59:31.0109 3184 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:59:31.0171 3184 Srv - ok

21:59:31.0203 3184 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

21:59:31.0296 3184 SSDPSRV - ok

21:59:31.0343 3184 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe

21:59:31.0359 3184 STacSV ( UnsignedFile.Multi.Generic ) - warning

21:59:31.0359 3184 STacSV - detected UnsignedFile.Multi.Generic (1)

21:59:31.0453 3184 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

21:59:31.0500 3184 STHDA ( UnsignedFile.Multi.Generic ) - warning

21:59:31.0500 3184 STHDA - detected UnsignedFile.Multi.Generic (1)

21:59:31.0546 3184 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

21:59:31.0671 3184 stisvc - ok

21:59:31.0718 3184 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:59:31.0812 3184 streamip - ok

21:59:31.0843 3184 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:59:31.0937 3184 swenum - ok

21:59:32.0109 3184 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

21:59:32.0250 3184 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

21:59:32.0250 3184 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

21:59:32.0281 3184 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:59:32.0375 3184 swmidi - ok

21:59:32.0375 3184 SwPrv - ok

21:59:32.0515 3184 Symantec AntiVirus (7ac1fccc7976857aac3906d45a81d77b) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

21:59:32.0671 3184 Symantec AntiVirus - ok

21:59:32.0781 3184 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

21:59:32.0875 3184 symc810 - ok

21:59:32.0890 3184 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

21:59:33.0000 3184 symc8xx - ok

21:59:33.0046 3184 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

21:59:33.0062 3184 SymEvent - ok

21:59:33.0078 3184 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

21:59:33.0078 3184 SYMREDRV - ok

21:59:33.0093 3184 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

21:59:33.0109 3184 SYMTDI - ok

21:59:33.0140 3184 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

21:59:33.0234 3184 sym_hi - ok

21:59:33.0250 3184 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

21:59:33.0359 3184 sym_u3 - ok

21:59:33.0390 3184 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:59:33.0500 3184 sysaudio - ok

21:59:33.0531 3184 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

21:59:33.0625 3184 SysmonLog - ok

21:59:33.0656 3184 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

21:59:33.0765 3184 TapiSrv - ok

21:59:33.0812 3184 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:59:33.0828 3184 Tcpip - ok

21:59:33.0968 3184 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

21:59:34.0015 3184 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning

21:59:34.0015 3184 tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1)

21:59:34.0093 3184 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

21:59:34.0125 3184 TdmService ( UnsignedFile.Multi.Generic ) - warning

21:59:34.0125 3184 TdmService - detected UnsignedFile.Multi.Generic (1)

21:59:34.0250 3184 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:59:34.0343 3184 TDPIPE - ok

21:59:34.0375 3184 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:59:34.0468 3184 TDTCP - ok

21:59:34.0484 3184 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:59:34.0578 3184 TermDD - ok

21:59:34.0625 3184 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

21:59:34.0734 3184 TermService - ok

21:59:34.0765 3184 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:59:34.0781 3184 Themes - ok

21:59:34.0812 3184 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

21:59:34.0968 3184 TlntSvr - ok

21:59:35.0000 3184 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

21:59:35.0015 3184 toshidpt ( UnsignedFile.Multi.Generic ) - warning

21:59:35.0015 3184 toshidpt - detected UnsignedFile.Multi.Generic (1)

21:59:35.0046 3184 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

21:59:35.0125 3184 TosIde - ok

21:59:35.0156 3184 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys

21:59:35.0171 3184 tosporte ( UnsignedFile.Multi.Generic ) - warning

21:59:35.0171 3184 tosporte - detected UnsignedFile.Multi.Generic (1)

21:59:35.0203 3184 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys

21:59:35.0218 3184 tosrfbd ( UnsignedFile.Multi.Generic ) - warning

21:59:35.0218 3184 tosrfbd - detected UnsignedFile.Multi.Generic (1)

21:59:35.0250 3184 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

21:59:35.0250 3184 tosrfbnp ( UnsignedFile.Multi.Generic ) - warning

21:59:35.0250 3184 tosrfbnp - detected UnsignedFile.Multi.Generic (1)

21:59:35.0281 3184 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

21:59:35.0296 3184 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning

21:59:35.0296 3184 Tosrfcom - detected UnsignedFile.Multi.Generic (1)

21:59:35.0328 3184 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

21:59:35.0359 3184 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning

21:59:35.0359 3184 Tosrfhid - detected UnsignedFile.Multi.Generic (1)

21:59:35.0375 3184 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

21:59:35.0406 3184 tosrfnds ( UnsignedFile.Multi.Generic ) - warning

21:59:35.0406 3184 tosrfnds - detected UnsignedFile.Multi.Generic (1)

21:59:35.0421 3184 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys

21:59:35.0437 3184 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning

21:59:35.0437 3184 Tosrfusb - detected UnsignedFile.Multi.Generic (1)

21:59:35.0468 3184 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

21:59:35.0578 3184 TrkWks - ok

21:59:35.0593 3184 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:59:35.0687 3184 Udfs - ok

21:59:35.0734 3184 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

21:59:35.0796 3184 ultra - ok

21:59:35.0843 3184 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:59:35.0921 3184 Update - ok

21:59:35.0968 3184 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

21:59:36.0093 3184 upnphost - ok

21:59:36.0109 3184 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

21:59:36.0218 3184 UPS - ok

21:59:36.0250 3184 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:59:36.0328 3184 USBAAPL - ok

21:59:36.0359 3184 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:59:36.0453 3184 usbaudio - ok

21:59:36.0484 3184 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:59:36.0593 3184 usbccgp - ok

21:59:36.0625 3184 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:59:36.0703 3184 usbehci - ok

21:59:36.0718 3184 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:59:36.0812 3184 usbhub - ok

21:59:36.0843 3184 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:59:36.0937 3184 usbprint - ok

21:59:36.0968 3184 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:59:37.0046 3184 usbscan - ok

21:59:37.0062 3184 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:59:37.0140 3184 USBSTOR - ok

21:59:37.0156 3184 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:59:37.0234 3184 usbuhci - ok

21:59:37.0265 3184 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:59:37.0359 3184 usbvideo - ok

21:59:37.0375 3184 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:59:37.0468 3184 VgaSave - ok

21:59:37.0515 3184 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

21:59:37.0593 3184 viaagp - ok

21:59:37.0625 3184 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

21:59:37.0718 3184 ViaIde - ok

21:59:37.0734 3184 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:59:37.0812 3184 VolSnap - ok

21:59:37.0859 3184 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

21:59:37.0968 3184 VSS - ok

21:59:37.0984 3184 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

21:59:38.0109 3184 w32time - ok

21:59:38.0140 3184 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:59:38.0218 3184 Wanarp - ok

21:59:38.0218 3184 Wave UCSPlus - ok

21:59:38.0343 3184 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

21:59:38.0390 3184 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - warning

21:59:38.0390 3184 WaveEnrollmentService - detected UnsignedFile.Multi.Generic (1)

21:59:38.0437 3184 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

21:59:38.0453 3184 WaveFDE ( UnsignedFile.Multi.Generic ) - warning

21:59:38.0453 3184 WaveFDE - detected UnsignedFile.Multi.Generic (1)

21:59:38.0484 3184 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

21:59:38.0500 3184 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning

21:59:38.0500 3184 WavxDMgr - detected UnsignedFile.Multi.Generic (1)

21:59:38.0531 3184 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

21:59:38.0546 3184 Wdf01000 - ok

21:59:38.0562 3184 WDICA - ok

21:59:38.0578 3184 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:59:38.0687 3184 wdmaud - ok

21:59:38.0718 3184 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

21:59:38.0812 3184 WebClient - ok

21:59:38.0906 3184 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

21:59:38.0953 3184 winachsf ( UnsignedFile.Multi.Generic ) - warning

21:59:38.0953 3184 winachsf - detected UnsignedFile.Multi.Generic (1)

21:59:39.0000 3184 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

21:59:39.0109 3184 winmgmt - ok

21:59:39.0109 3184 wltrysvc - ok

21:59:39.0140 3184 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

21:59:39.0203 3184 WmdmPmSN - ok

21:59:39.0250 3184 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

21:59:39.0312 3184 Wmi - ok

21:59:39.0375 3184 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

21:59:39.0468 3184 WmiAcpi - ok

21:59:39.0500 3184 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

21:59:39.0625 3184 WmiApSrv - ok

21:59:39.0734 3184 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

21:59:39.0843 3184 WMPNetworkSvc - ok

21:59:39.0890 3184 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

21:59:39.0984 3184 wscsvc - ok

21:59:40.0031 3184 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:59:40.0125 3184 WSTCODEC - ok

21:59:40.0156 3184 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

21:59:40.0250 3184 wuauserv - ok

21:59:40.0265 3184 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:59:40.0328 3184 WudfPf - ok

21:59:40.0343 3184 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:59:40.0375 3184 WudfRd - ok

21:59:40.0390 3184 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

21:59:40.0437 3184 WudfSvc - ok

21:59:40.0484 3184 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

21:59:40.0625 3184 WZCSVC - ok

21:59:40.0640 3184 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

21:59:40.0781 3184 xmlprov - ok

21:59:40.0796 3184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:59:41.0218 3184 \Device\Harddisk0\DR0 - ok

21:59:41.0250 3184 Boot (0x1200) (bc30ec154761c164ee51f69bb07f7e3a) \Device\Harddisk0\DR0\Partition0

21:59:41.0250 3184 \Device\Harddisk0\DR0\Partition0 - ok

21:59:41.0250 3184 ============================================================

21:59:41.0250 3184 Scan finished

21:59:41.0250 3184 ============================================================

21:59:41.0359 0844 Detected object count: 33

21:59:41.0359 0844 Actual detected object count: 33

22:02:12.0609 0844 ApfiltrService ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0609 0844 ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0609 0844 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0609 0844 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0609 0844 b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0609 0844 b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0609 0844 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0609 0844 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0609 0844 BCM43XX ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0609 0844 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0625 0844 bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0625 0844 bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0625 0844 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0625 0844 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0625 0844 DXEC01 ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0625 0844 DXEC01 ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0625 0844 guardian2 ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0625 0844 guardian2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0625 0844 HSFHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0625 0844 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0625 0844 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0625 0844 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0625 0844 ialm ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0625 0844 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0640 0844 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0640 0844 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0640 0844 mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0640 0844 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0640 0844 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0640 0844 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0640 0844 SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0640 0844 SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0640 0844 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0640 0844 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0640 0844 STHDA ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0640 0844 STHDA ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 TdmService ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 TdmService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0656 0844 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0656 0844 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0671 0844 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0671 0844 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0671 0844 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0671 0844 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0671 0844 WaveFDE ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0671 0844 WaveFDE ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0671 0844 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0671 0844 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:02:12.0671 0844 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user

22:02:12.0671 0844 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

That scan was clean, please do this........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Thank you for your help. I downloaded and ran combofix 2x. I have attached the results of the second scan.

ComboFix 12-06-23.05 - D 06/23/2012 9:55.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1392 [GMT -4:00]

Running from: c:\documents and settings\D\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))

.

.

2012-06-23 01:56 . 2012-06-23 01:56 -------- d-----w- c:\program files\ERUNT

2012-06-16 21:06 . 2012-06-16 21:06 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Sun

2012-06-15 02:55 . 2012-06-15 02:55 -------- d-----w- c:\program files\Oracle

2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- c:\documents and settings\D\Application Data\Oracle

2012-06-15 02:54 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-15 02:47 . 2012-06-15 02:47 -------- d-----w- c:\program files\Adobe Download Assistant

2012-06-13 20:49 . 2012-06-13 20:49 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Cyberlink

2012-06-06 20:47 . 2012-06-01 15:39 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-06 20:47 . 2012-06-01 15:39 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-02 03:12 . 2012-06-02 03:12 87960 ----a-r- c:\documents and settings\D\Application Data\Microsoft\Installer\{ECC01078-AC91-4A40-9F15-9D586F065CC7}\ARPPRODUCTICON.exe

2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Scholastic

2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\program files\Common Files\K-NFB Reading

2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\program files\PlayReady

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-15 02:17 . 2012-03-28 14:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-15 02:17 . 2011-07-14 11:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 19:19 . 2007-07-30 23:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2004-08-11 23:12 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2004-08-11 23:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2004-08-11 23:12 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2007-07-30 23:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2004-08-11 23:12 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2004-08-11 23:12 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2004-08-11 23:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2007-07-30 23:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2004-08-11 23:12 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2004-08-11 23:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2008-03-31 21:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 19:18 . 2008-03-31 21:09 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2007-07-30 23:18 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-15 15:39 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2004-08-11 23:00 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 10:40 . 2008-03-28 23:04 0 ----a-w- c:\documents and settings\D\Local Settings\Application Data\WavXMapDrive.bat

2012-05-04 23:29 . 2008-06-30 14:18 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-04 23:29 . 2012-01-02 01:32 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-04 13:16 . 2004-08-11 23:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2004-08-11 23:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 14:46 . 2004-08-11 23:00 1830912 ------w- c:\windows\system32\inetcpl.cpl

2012-04-23 14:46 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2012-04-23 14:46 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll

2012-04-04 19:56 . 2012-05-02 01:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-17 17:37 . 2012-01-05 01:40 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-30 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2007-10-08 125368]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\D\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-01-25 08:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2007-10-09 10:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-05-14 19:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]

2006-10-16 05:31 106496 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcxtime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-05-18 17:45 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]

2006-01-06 19:07 348160 ----a-w- c:\windows\system32\hphmon04.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-05-18 17:45 138008 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]

2006-11-02 19:05 282624 ----a-w- c:\windows\system32\KADxMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2007-01-12 00:15 101136 ----a-w- c:\windows\KHALMNPR.Exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 20:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

2007-01-12 00:15 101136 ----a-w- c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-05-18 17:45 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostCopy]

2001-07-25 21:16 20480 ------w- c:\windows\system32\BELKIN\F5D5050\PostCopy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]

2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-12-05 23:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-10-13 13:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-08-30 22:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-04-05 13:47 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

2007-10-08 00:48 125368 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]

2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\D\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dlbfcoms.exe"=

.

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]

R2 dlbf_device;dlbf_device;c:\windows\system32\dlbfcoms.exe -service --> c:\windows\system32\dlbfcoms.exe -service [?]

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/2/2012 6:10 AM 106104]

S2 gupdate1c985a741df6b8;Google Update Service (gupdate1c985a741df6b8);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 10:27 PM 133104]

S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [3/28/2008 7:18 PM 20160]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/28/2012 10:16 AM 257224]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 10:27 PM 133104]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/30/2012 7:08 AM 113120]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/11/2011 8:09 PM 30576]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 02:17]

.

2012-05-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-DFT43YF1-D.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-10-02 21:42]

.

2012-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-05-11 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-30 07:42]

.

2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 02:27]

.

2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 02:27]

.

2012-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-939076650-941321340-1201637723-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]

.

2012-05-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-939076650-941321340-1201637723-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.bankofamerica.com

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 167.206.254.1 167.206.254.2

FF - ProfilePath - c:\documents and settings\D\Application Data\Mozilla\Firefox\Profiles\ty86au9v.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.bankofamerica.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: browser.startup.homepage - hxxps://www.bankofamerica.com

FF - user.js: browser.startup.page - 1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-23 09:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1248)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'lsass.exe'(1304)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(2116)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-06-23 10:01:08

ComboFix-quarantined-files.txt 2012-06-23 14:01

ComboFix2.txt 2012-06-23 13:48

.

Pre-Run: 12,913,041,408 bytes free

Post-Run: 12,895,879,168 bytes free

.

- - End Of File - - 82D3BFDAC56472EBD30767F9CAFD903B

Link to post
Share on other sites

Unfortunately the computer is still redirecting webpage clicks and changing our homepage... Ran MBAM again. Here are the results:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.23.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

D :: DFT43YF1 [administrator]

6/23/2012 10:37:59 AM

mbam-log-2012-06-23 (10-37-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 220790

Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

We primarily use the Mozilla Foxfire browser, version 13.0.1 I checked and the homepage was also changed in IE but I was able to successfully change it back to google and did not experience any link redirections during my short search engine experiement.

I ran RogueKiller again. The results are as follows:

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: D [Admin rights]

Mode: Scan -- Date: 06/23/2012 11:08:22

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A433AD8)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x89F0D800)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A4658C0)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89EA0AA8)

SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x89F03B98)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A464EC0)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A46E608)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A16B5F8)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A433848)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A632D20)

SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x89F10A70)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A5DB198)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8A5536D8)

SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0x8A612198)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A46BDF0)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A47AEF8)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A513D90)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8A68DA50)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A5E0198)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A643AD0)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A479E40)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A6ECBF8)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A46E0D0)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A464950)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980813ASG +++++

--- User ---

[MBR] 0d20519f4697fe02675d1961fb932b3e

[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Does your homepage change to any particular site??

I see you have SpybotSD installed and TeaTimer and SDHelper.dll running.

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

Please disable them or uninstall SpybotSD for now.

http://www.malwarehe...t-teatimer.html

Let me know if there's any change, MrC

Link to post
Share on other sites

If that worked Good, sometimes that's what has to be done.

Use it for today and let me know how it is tomorrow.

For now...a little cleanup to do........

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport[any #].txt, RK_Quarantine folder, etc....

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java™ 6 Update 30

Java™ 6 Update 5

Java™ 6 Update 7

JavaFX 2.1.1

-----------------------------------

Any questions...please post back and let me know how it is tomorrow.

Take a look at My Preventive Maintenance to avoid being infected again.

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.