Leftover Virus

[kgej_73]

I was able to run Rkill, but ComboFix still gave me a blue screen. Here is the Rkill log:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/27/2013 08:11:04 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\System32\DLA\DLACTRLW.EXE (PID: 192) [WD-HEUR]

* C:\WINDOWS\system32\CTsvcCDA.EXE (PID: 328) [WD-HEUR]

* C:\WINDOWS\system32\WISPTIS.EXE (PID: 2100) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

Program finished at: 03/27/2013 08:11:47 PM

Execution time: 0 hours(s), 0 minute(s), and 42 seconds(s)

Before you first answered my topic the monitor for this computer crashed while my dad was trying to update the firmware, so we had to send it away to be fixed. We just got it back in the mail. Am I allowed to reinstall the monitor? I read somewhere on here that we aren't supposed to install anything while we are receiving assistance here without asking.

Also, in case this helps at all. Here are some parts of the blue screen of death that I get when I try to run ComboFix:

near the top of the screen it says DRIVER_IRQL_NOT_LESS_OR_EQUAL

near the bottom it says the error is iastor.sys

[Tomk1]

Hold off on installing your monitor for a little. I don't want you installing drivers on a machine that may be still infected.

Let's try a different tact:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

[kgej_73]

I ran aswMBR and it asked me to download the avast! definitions and I declined.

I ran the scan and in about 3 seconds I got the blue screen of death.

[Tomk1]

Hmmm....

Let's try MBAM's tool.

Go here: http://www.malwarebytes.org/products/mbar/

and download and run the Malwarebytes Anti-Rootkit tool. Directions are shown on the page.

Let me know how it goes.

[kgej_73]

I ran Malwarebytes Anti-Rootkit tool and it said no malware found. Here's the log:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

www.malwarebytes.org

Database version: v2013.03.28.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Glenn :: MAIN_COMPUTER [administrator]

3/28/2013 12:43:14 PM

mbar-log-2013-03-28 (12-43-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 26756

Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[kgej_73]

I rebooted my computer after doing the Malwarebytes Anti-Rootkit scan and when the desktop first started loading a command prompt window popped up for a second and disappeared. Then When XP finished loading I got a "Windows has recovered from a serious error" message. Is this normal after running the Malwarebytes Anti-Rootkit scan?

[Tomk1]

Not necessarily. Something is still scrambled but I'm not sure what it is. The same thing that is stopping you from running ComboFix, or aswMBR could be the culprit giving you that error. It may be a nefarious rootkit or software problem... it could be a hardware problem.

Let's try this:

Please delete your copy of TDSSKiller.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK
  

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Now download a new copy of TDSSKiller and run like before (only select cure if available - if no cure then skip).

[kgej_73]

Do you want me to just delete the TDSSKiller application icon on my desktop, or remove every file associated with TDSSKiller from my computer?

[Tomk1]

You only need to delete the application. This program is updated quite regularly and I just want to make sure you have the newest version.

[kgej_73]

i ran defogger successfully and deleted the tdss program then reinstalled it and did a scan.

here is the log from that:

23:23:36.0500 2596 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

23:23:36.0953 2596 ============================================================

23:23:36.0953 2596 Current date / time: 2013/03/28 23:23:36.0953

23:23:36.0953 2596 SystemInfo:

23:23:36.0953 2596

23:23:36.0953 2596 OS Version: 5.1.2600 ServicePack: 3.0

23:23:36.0953 2596 Product type: Workstation

23:23:36.0953 2596 ComputerName: MAIN_COMPUTER

23:23:36.0953 2596 UserName: Glenn

23:23:36.0953 2596 Windows directory: C:\WINDOWS

23:23:36.0953 2596 System windows directory: C:\WINDOWS

23:23:36.0953 2596 Processor architecture: Intel x86

23:23:36.0953 2596 Number of processors: 2

23:23:36.0953 2596 Page size: 0x1000

23:23:36.0953 2596 Boot type: Normal boot

23:23:36.0953 2596 ============================================================

23:23:37.0390 2596 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:23:37.0390 2596 ============================================================

23:23:37.0390 2596 \Device\Harddisk0\DR0:

23:23:37.0390 2596 MBR partitions:

23:23:37.0390 2596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x120A4B98

23:23:37.0390 2596 ============================================================

23:23:37.0421 2596 C: <-> \Device\Harddisk0\DR0\Partition1

23:23:37.0421 2596 ============================================================

23:23:37.0421 2596 Initialize success

23:23:37.0421 2596 ============================================================

23:23:46.0812 3328 ============================================================

23:23:46.0812 3328 Scan started

23:23:46.0812 3328 Mode: Manual; SigCheck; TDLFS;

23:23:46.0812 3328 ============================================================

23:23:46.0875 3328 ================ Scan system memory ========================

23:23:46.0875 3328 System memory - ok

23:23:46.0875 3328 ================ Scan services =============================

23:23:47.0000 3328 Abiosdsk - ok

23:23:47.0046 3328 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

23:23:48.0578 3328 abp480n5 - ok

23:23:48.0609 3328 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

23:23:48.0796 3328 ACPI - ok

23:23:48.0828 3328 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

23:23:48.0953 3328 ACPIEC - ok

23:23:48.0984 3328 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

23:23:49.0125 3328 adpu160m - ok

23:23:49.0171 3328 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

23:23:49.0296 3328 aec - ok

23:23:49.0343 3328 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

23:23:49.0421 3328 AFD - ok

23:23:49.0453 3328 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

23:23:49.0578 3328 agp440 - ok

23:23:49.0609 3328 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

23:23:49.0734 3328 agpCPQ - ok

23:23:49.0734 3328 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

23:23:49.0796 3328 Aha154x - ok

23:23:49.0796 3328 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

23:23:49.0921 3328 aic78u2 - ok

23:23:49.0953 3328 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

23:23:50.0093 3328 aic78xx - ok

23:23:50.0125 3328 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

23:23:50.0250 3328 Alerter - ok

23:23:50.0281 3328 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

23:23:50.0421 3328 ALG - ok

23:23:50.0437 3328 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

23:23:50.0546 3328 AliIde - ok

23:23:50.0578 3328 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

23:23:50.0703 3328 alim1541 - ok

23:23:50.0718 3328 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

23:23:50.0859 3328 amdagp - ok

23:23:50.0859 3328 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

23:23:50.0937 3328 amsint - ok

23:23:51.0062 3328 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:23:51.0078 3328 Apple Mobile Device - ok

23:23:51.0109 3328 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

23:23:51.0250 3328 AppMgmt - ok

23:23:51.0281 3328 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

23:23:51.0421 3328 Arp1394 - ok

23:23:51.0453 3328 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

23:23:51.0578 3328 asc - ok

23:23:51.0578 3328 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

23:23:51.0656 3328 asc3350p - ok

23:23:51.0656 3328 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

23:23:51.0781 3328 asc3550 - ok

23:23:51.0812 3328 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys

23:23:51.0812 3328 ASCTRM ( UnsignedFile.Multi.Generic ) - warning

23:23:51.0812 3328 ASCTRM - detected UnsignedFile.Multi.Generic (1)

23:23:51.0937 3328 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

23:23:51.0953 3328 aspnet_state - ok

23:23:51.0968 3328 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

23:23:52.0109 3328 AsyncMac - ok

23:23:52.0125 3328 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

23:23:52.0250 3328 atapi - ok

23:23:52.0250 3328 Atdisk - ok

23:23:52.0296 3328 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

23:23:52.0437 3328 Atmarpc - ok

23:23:52.0468 3328 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

23:23:52.0593 3328 AudioSrv - ok

23:23:52.0625 3328 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

23:23:52.0765 3328 audstub - ok

23:23:52.0812 3328 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

23:23:52.0937 3328 Beep - ok

23:23:53.0000 3328 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

23:23:53.0171 3328 BITS - ok

23:23:53.0234 3328 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:23:53.0250 3328 Bonjour Service - ok

23:23:53.0296 3328 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

23:23:53.0359 3328 Browser - ok

23:23:53.0359 3328 bvrp_pci - ok

23:23:53.0515 3328 catchme - ok

23:23:53.0546 3328 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

23:23:53.0703 3328 cbidf - ok

23:23:53.0703 3328 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

23:23:53.0828 3328 cbidf2k - ok

23:23:53.0859 3328 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

23:23:53.0921 3328 cd20xrnt - ok

23:23:53.0953 3328 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

23:23:54.0078 3328 Cdaudio - ok

23:23:54.0109 3328 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

23:23:54.0234 3328 Cdfs - ok

23:23:54.0250 3328 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

23:23:54.0390 3328 Cdrom - ok

23:23:54.0390 3328 Changer - ok

23:23:54.0421 3328 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

23:23:54.0562 3328 CiSvc - ok

23:23:54.0609 3328 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

23:23:54.0750 3328 ClipSrv - ok

23:23:54.0796 3328 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:23:54.0843 3328 clr_optimization_v2.0.50727_32 - ok

23:23:54.0875 3328 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

23:23:55.0000 3328 CmdIde - ok

23:23:55.0031 3328 [ 1EF05B641E9A67DED74AC8AD40055DBF ] COMMONFX.DLL C:\WINDOWS\system32\COMMONFX.DLL

23:23:55.0078 3328 COMMONFX.DLL - ok

23:23:55.0078 3328 COMSysApp - ok

23:23:55.0109 3328 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

23:23:55.0234 3328 Cpqarray - ok

23:23:55.0281 3328 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE

23:23:55.0296 3328 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning

23:23:55.0296 3328 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)

23:23:55.0328 3328 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

23:23:55.0453 3328 CryptSvc - ok

23:23:55.0484 3328 [ 6191A973461852A09D643609E1D5F7C6 ] CT20XUT.DLL C:\WINDOWS\system32\CT20XUT.DLL

23:23:55.0625 3328 CT20XUT.DLL - ok

23:23:55.0687 3328 [ 8AC5F77E30E37D2D11BD99EFF0C53D8C ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys

23:23:55.0703 3328 ctac32k - ok

23:23:55.0734 3328 [ 673241D314E932F4890509AE8EBF26DB ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys

23:23:55.0765 3328 ctaud2k - ok

23:23:55.0812 3328 [ 472B82D7E549E7FAB428852E4D16F21D ] CTAUDFX.DLL C:\WINDOWS\system32\CTAUDFX.DLL

23:23:55.0859 3328 CTAUDFX.DLL - ok

23:23:55.0921 3328 [ ED316D4C3D39C5B6C23DE067E275C183 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys

23:23:55.0937 3328 ctdvda2k - ok

23:23:55.0968 3328 [ 6A57F82009563AEE8826F117E1D3C72C ] CTEAPSFX.DLL C:\WINDOWS\system32\CTEAPSFX.DLL

23:23:56.0000 3328 CTEAPSFX.DLL - ok

23:23:56.0031 3328 [ C8AC1FFAEADD655193D7B1811A572D8D ] CTEDSPFX.DLL C:\WINDOWS\system32\CTEDSPFX.DLL

23:23:56.0078 3328 CTEDSPFX.DLL - ok

23:23:56.0093 3328 [ 44495D9DAF675257D00B25B041EE6667 ] CTEDSPIO.DLL C:\WINDOWS\system32\CTEDSPIO.DLL

23:23:56.0140 3328 CTEDSPIO.DLL - ok

23:23:56.0187 3328 [ 8E90B1762CB42E2FC76DAC9210C83C66 ] CTEDSPSY.DLL C:\WINDOWS\system32\CTEDSPSY.DLL

23:23:56.0234 3328 CTEDSPSY.DLL - ok

23:23:56.0265 3328 [ D3FBD9983325435B06795F29CB57ED3D ] CTERFXFX.DLL C:\WINDOWS\system32\CTERFXFX.DLL

23:23:56.0296 3328 CTERFXFX.DLL - ok

23:23:56.0375 3328 [ 2C48E9D8CA703964463F27AE341115B7 ] CTEXFIFX.DLL C:\WINDOWS\system32\CTEXFIFX.DLL

23:23:56.0484 3328 CTEXFIFX.DLL - ok

23:23:56.0500 3328 [ F7657C598E7C29C6683C1E4A8DD68884 ] CTHWIUT.DLL C:\WINDOWS\system32\CTHWIUT.DLL

23:23:56.0546 3328 CTHWIUT.DLL - ok

23:23:56.0578 3328 [ 34E7F8A499FD8361DF14FEDB724C0AD3 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys

23:23:56.0593 3328 ctprxy2k - ok

23:23:56.0609 3328 [ 679AE21EB7F48A08184813AEBABDEC7C ] CTSBLFX.DLL C:\WINDOWS\system32\CTSBLFX.DLL

23:23:56.0703 3328 CTSBLFX.DLL - ok

23:23:56.0718 3328 [ 32098497CB4DFE9EA7660FA62DD91060 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys

23:23:56.0734 3328 ctsfm2k - ok

23:23:56.0765 3328 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

23:23:56.0906 3328 dac2w2k - ok

23:23:56.0906 3328 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

23:23:57.0078 3328 dac960nt - ok

23:23:57.0125 3328 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

23:23:57.0187 3328 DcomLaunch - ok

23:23:57.0218 3328 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

23:23:57.0359 3328 Dhcp - ok

23:23:57.0375 3328 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

23:23:57.0500 3328 Disk - ok

23:23:57.0562 3328 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS

23:23:57.0578 3328 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0578 3328 DLABOIOM - detected UnsignedFile.Multi.Generic (1)

23:23:57.0593 3328 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

23:23:57.0609 3328 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0609 3328 DLACDBHM - detected UnsignedFile.Multi.Generic (1)

23:23:57.0625 3328 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS

23:23:57.0625 3328 DLADResN ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0625 3328 DLADResN - detected UnsignedFile.Multi.Generic (1)

23:23:57.0640 3328 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

23:23:57.0656 3328 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0656 3328 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

23:23:57.0656 3328 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

23:23:57.0671 3328 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0671 3328 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

23:23:57.0671 3328 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS

23:23:57.0687 3328 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0687 3328 DLAPoolM - detected UnsignedFile.Multi.Generic (1)

23:23:57.0687 3328 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

23:23:57.0703 3328 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0703 3328 DLARTL_N - detected UnsignedFile.Multi.Generic (1)

23:23:57.0718 3328 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

23:23:57.0734 3328 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0734 3328 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

23:23:57.0734 3328 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

23:23:57.0734 3328 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

23:23:57.0734 3328 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

23:23:57.0750 3328 dmadmin - ok

23:23:57.0828 3328 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

23:23:57.0968 3328 dmboot - ok

23:23:57.0984 3328 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

23:23:58.0109 3328 dmio - ok

23:23:58.0140 3328 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

23:23:58.0265 3328 dmload - ok

23:23:58.0296 3328 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

23:23:58.0421 3328 dmserver - ok

23:23:58.0437 3328 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

23:23:58.0578 3328 DMusic - ok

23:23:58.0625 3328 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

23:23:58.0687 3328 Dnscache - ok

23:23:58.0718 3328 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

23:23:58.0859 3328 Dot3svc - ok

23:23:58.0890 3328 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

23:23:59.0015 3328 dpti2o - ok

23:23:59.0046 3328 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

23:23:59.0171 3328 drmkaud - ok

23:23:59.0203 3328 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

23:23:59.0203 3328 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

23:23:59.0203 3328 DRVMCDB - detected UnsignedFile.Multi.Generic (1)

23:23:59.0218 3328 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

23:23:59.0234 3328 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

23:23:59.0234 3328 DRVNDDM - detected UnsignedFile.Multi.Generic (1)

23:23:59.0250 3328 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

23:23:59.0375 3328 E100B - ok

23:23:59.0406 3328 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

23:23:59.0453 3328 e1express - ok

23:23:59.0500 3328 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

23:23:59.0625 3328 EapHost - ok

23:23:59.0671 3328 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

23:23:59.0718 3328 ehRecvr - ok

23:23:59.0750 3328 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe

23:23:59.0796 3328 ehSched - ok

23:23:59.0843 3328 [ 1976FEDF6D7F87135C9B7F5CB4C8C868 ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys

23:23:59.0875 3328 ELacpi - ok

23:23:59.0906 3328 [ AE65C02444907966378454138B9F99F0 ] ELhid C:\WINDOWS\system32\DRIVERS\ELhid.sys

23:23:59.0921 3328 ELhid ( UnsignedFile.Multi.Generic ) - warning

23:23:59.0921 3328 ELhid - detected UnsignedFile.Multi.Generic (1)

23:23:59.0921 3328 [ E485C3BA1DADDEEF3E14FEA1E8FDA6E1 ] ELkbd C:\WINDOWS\system32\DRIVERS\ELkbd.sys

23:23:59.0921 3328 ELkbd ( UnsignedFile.Multi.Generic ) - warning

23:23:59.0921 3328 ELkbd - detected UnsignedFile.Multi.Generic (1)

23:23:59.0937 3328 [ 0D87CB825ED6CB2EBCC147A10A42F1D6 ] ELmon C:\WINDOWS\system32\DRIVERS\ELmon.sys

23:23:59.0937 3328 ELmon ( UnsignedFile.Multi.Generic ) - warning

23:23:59.0937 3328 ELmon - detected UnsignedFile.Multi.Generic (1)

23:23:59.0937 3328 [ A4ADD3847B67BACAB6FC851A2B60FDB3 ] ELmou C:\WINDOWS\system32\DRIVERS\ELmou.sys

23:23:59.0953 3328 ELmou ( UnsignedFile.Multi.Generic ) - warning

23:23:59.0953 3328 ELmou - detected UnsignedFile.Multi.Generic (1)

23:24:00.0015 3328 [ D1DE16926C682DCD3D99AE5500CA5522 ] ELService C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

23:24:00.0031 3328 ELService ( UnsignedFile.Multi.Generic ) - warning

23:24:00.0031 3328 ELService - detected UnsignedFile.Multi.Generic (1)

23:24:00.0078 3328 [ 2885F72D2DAFFD0329272F12E16D6579 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys

23:24:00.0093 3328 emupia - ok

23:24:00.0125 3328 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

23:24:00.0250 3328 ERSvc - ok

23:24:00.0296 3328 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

23:24:00.0328 3328 Eventlog - ok

23:24:00.0359 3328 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

23:24:00.0421 3328 EventSystem - ok

23:24:00.0437 3328 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

23:24:00.0578 3328 Fastfat - ok

23:24:00.0609 3328 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

23:24:00.0656 3328 FastUserSwitchingCompatibility - ok

23:24:00.0703 3328 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

23:24:00.0828 3328 Fax - ok

23:24:00.0859 3328 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

23:24:00.0984 3328 Fdc - ok

23:24:01.0015 3328 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

23:24:01.0140 3328 Fips - ok

23:24:01.0171 3328 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

23:24:01.0296 3328 Flpydisk - ok

23:24:01.0343 3328 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

23:24:01.0468 3328 FltMgr - ok

23:24:01.0546 3328 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

23:24:01.0578 3328 FontCache3.0.0.0 - ok

23:24:01.0593 3328 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

23:24:01.0718 3328 Fs_Rec - ok

23:24:01.0750 3328 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

23:24:01.0890 3328 Ftdisk - ok

23:24:01.0921 3328 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys

23:24:02.0046 3328 gameenum - ok

23:24:02.0093 3328 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

23:24:02.0109 3328 GEARAspiWDM - ok

23:24:02.0140 3328 [ 1BFABBB4C99E1FDBC7B756BE39868D03 ] gfiark C:\WINDOWS\system32\drivers\gfiark.sys

23:24:02.0156 3328 gfiark - ok

23:24:02.0171 3328 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

23:24:02.0343 3328 Gpc - ok

23:24:02.0390 3328 [ DA2C735B66D2E7B739F9A46146581A9D ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys

23:24:02.0406 3328 ha10kx2k - ok

23:24:02.0453 3328 [ 5C7D6D68796E4621B4168C879908DAE0 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys

23:24:02.0468 3328 hap16v2k - ok

23:24:02.0500 3328 [ A595B88AD16D8B5693DDF08113CAF30E ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys

23:24:02.0515 3328 hap17v2k - ok

23:24:02.0609 3328 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

23:24:02.0734 3328 helpsvc - ok

23:24:02.0750 3328 HidServ - ok

23:24:02.0765 3328 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

23:24:02.0890 3328 HidUsb - ok

23:24:02.0921 3328 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

23:24:03.0062 3328 hkmsvc - ok

23:24:03.0109 3328 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

23:24:03.0234 3328 hpn - ok

23:24:03.0250 3328 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

23:24:03.0312 3328 HSFHWBS2 - ok

23:24:03.0343 3328 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

23:24:03.0406 3328 HSF_DP - ok

23:24:03.0468 3328 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

23:24:03.0531 3328 HTTP - ok

23:24:03.0562 3328 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

23:24:03.0687 3328 HTTPFilter - ok

23:24:03.0703 3328 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

23:24:03.0828 3328 i2omgmt - ok

23:24:03.0859 3328 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

23:24:03.0984 3328 i2omp - ok

23:24:03.0984 3328 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

23:24:04.0125 3328 i8042prt - ok

23:24:04.0171 3328 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

23:24:04.0171 3328 IAANTMon ( UnsignedFile.Multi.Generic ) - warning

23:24:04.0171 3328 IAANTMon - detected UnsignedFile.Multi.Generic (1)

23:24:04.0218 3328 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys

23:24:04.0312 3328 iastor - ok

23:24:04.0437 3328 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:24:04.0484 3328 idsvc - ok

23:24:04.0500 3328 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

23:24:04.0625 3328 Imapi - ok

23:24:04.0656 3328 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

23:24:04.0796 3328 ImapiService - ok

23:24:04.0828 3328 [ 1DA147ACB525A4822228BE06154C7CBB ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys

23:24:04.0843 3328 InCDfs - ok

23:24:04.0859 3328 [ 2EC469A401AE6FE7A67D80EFFD3091B1 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys

23:24:04.0875 3328 InCDPass - ok

23:24:04.0890 3328 [ 544498D06B8CA187A5960B4F3B4BD63E ] InCDRec C:\WINDOWS\system32\drivers\InCDRec.sys

23:24:04.0906 3328 InCDRec - ok

23:24:04.0906 3328 [ 2863A00B0F64D937F0CD9561C53B5A37 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys

23:24:04.0921 3328 incdrm - ok

23:24:05.0015 3328 [ CA32EA0F5FC2A36CA44AD7238F18C248 ] InCDsrv C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

23:24:05.0093 3328 InCDsrv - ok

23:24:05.0140 3328 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

23:24:05.0265 3328 ini910u - ok

23:24:05.0281 3328 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

23:24:05.0421 3328 IntelIde - ok

23:24:05.0453 3328 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

23:24:05.0578 3328 intelppm - ok

23:24:05.0625 3328 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

23:24:05.0750 3328 Ip6Fw - ok

23:24:05.0781 3328 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

23:24:05.0906 3328 IpFilterDriver - ok

23:24:05.0953 3328 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

23:24:06.0062 3328 IpInIp - ok

23:24:06.0093 3328 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

23:24:06.0218 3328 IpNat - ok

23:24:06.0265 3328 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:24:06.0281 3328 iPod Service - ok

23:24:06.0328 3328 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

23:24:06.0453 3328 IPSec - ok

23:24:06.0484 3328 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

23:24:06.0593 3328 IRENUM - ok

23:24:06.0640 3328 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

23:24:06.0781 3328 isapnp - ok

23:24:06.0890 3328 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

23:24:06.0906 3328 JavaQuickStarterService - ok

23:24:06.0921 3328 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

23:24:07.0046 3328 Kbdclass - ok

23:24:07.0062 3328 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

23:24:07.0187 3328 kbdhid - ok

23:24:07.0218 3328 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

23:24:07.0343 3328 kmixer - ok

23:24:07.0375 3328 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

23:24:07.0406 3328 KSecDD - ok

23:24:07.0453 3328 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

23:24:07.0515 3328 lanmanserver - ok

23:24:07.0546 3328 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

23:24:07.0593 3328 lanmanworkstation - ok

23:24:07.0593 3328 lbrtfdc - ok

23:24:07.0671 3328 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

23:24:07.0796 3328 LmHosts - ok

23:24:07.0828 3328 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

23:24:07.0843 3328 MBAMProtector - ok

23:24:07.0890 3328 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

23:24:07.0921 3328 MBAMScheduler - ok

23:24:07.0968 3328 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

23:24:08.0000 3328 MBAMService - ok

23:24:08.0031 3328 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys

23:24:08.0046 3328 MBAMSwissArmy - ok

23:24:08.0078 3328 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

23:24:08.0125 3328 McrdSvc - ok

23:24:08.0156 3328 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

23:24:08.0187 3328 MDM - ok

23:24:08.0203 3328 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

23:24:08.0218 3328 mdmxsdk - ok

23:24:08.0265 3328 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

23:24:08.0406 3328 Messenger - ok

23:24:08.0437 3328 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

23:24:08.0453 3328 MHN ( UnsignedFile.Multi.Generic ) - warning

23:24:08.0453 3328 MHN - detected UnsignedFile.Multi.Generic (1)

23:24:08.0484 3328 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

23:24:08.0484 3328 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

23:24:08.0484 3328 MHNDRV - detected UnsignedFile.Multi.Generic (1)

23:24:08.0515 3328 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

23:24:08.0640 3328 mnmdd - ok

23:24:08.0671 3328 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

23:24:08.0812 3328 mnmsrvc - ok

23:24:08.0843 3328 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

23:24:08.0968 3328 Modem - ok

23:24:09.0000 3328 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

23:24:09.0140 3328 MODEMCSA - ok

23:24:09.0203 3328 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

23:24:09.0328 3328 Mouclass - ok

23:24:09.0359 3328 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

23:24:09.0484 3328 mouhid - ok

23:24:09.0500 3328 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

23:24:09.0625 3328 MountMgr - ok

23:24:09.0656 3328 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

23:24:09.0796 3328 mraid35x - ok

23:24:09.0812 3328 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

23:24:09.0937 3328 MRxDAV - ok

23:24:09.0984 3328 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

23:24:10.0046 3328 MRxSmb - ok

23:24:10.0093 3328 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

23:24:10.0218 3328 MSDTC - ok

23:24:10.0234 3328 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

23:24:10.0375 3328 Msfs - ok

23:24:10.0375 3328 MSIServer - ok

23:24:10.0406 3328 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

23:24:10.0531 3328 MSKSSRV - ok

23:24:10.0562 3328 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

23:24:10.0671 3328 MSPCLOCK - ok

23:24:10.0718 3328 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

23:24:10.0843 3328 MSPQM - ok

23:24:10.0875 3328 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

23:24:10.0984 3328 mssmbios - ok

23:24:11.0015 3328 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

23:24:11.0078 3328 Mup - ok

23:24:11.0109 3328 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

23:24:11.0265 3328 napagent - ok

23:24:11.0281 3328 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

23:24:11.0421 3328 NDIS - ok

23:24:11.0437 3328 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

23:24:11.0500 3328 NdisTapi - ok

23:24:11.0515 3328 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

23:24:11.0640 3328 Ndisuio - ok

23:24:11.0656 3328 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

23:24:11.0781 3328 NdisWan - ok

23:24:11.0812 3328 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

23:24:11.0859 3328 NDProxy - ok

23:24:11.0906 3328 [ A8960FA773CCC3E38515F637E19A76C0 ] NeroRegInCDSrv C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

23:24:11.0921 3328 NeroRegInCDSrv - ok

23:24:11.0937 3328 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

23:24:12.0062 3328 NetBIOS - ok

23:24:12.0125 3328 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

23:24:12.0250 3328 NetBT - ok

23:24:12.0296 3328 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

23:24:12.0437 3328 NetDDE - ok

23:24:12.0437 3328 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

23:24:12.0562 3328 NetDDEdsdm - ok

23:24:12.0593 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

23:24:12.0718 3328 Netlogon - ok

23:24:12.0750 3328 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

23:24:12.0875 3328 Netman - ok

23:24:13.0015 3328 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

23:24:13.0031 3328 NetSvc ( UnsignedFile.Multi.Generic ) - warning

23:24:13.0031 3328 NetSvc - detected UnsignedFile.Multi.Generic (1)

23:24:13.0093 3328 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:24:13.0109 3328 NetTcpPortSharing - ok

23:24:13.0140 3328 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

23:24:13.0265 3328 NIC1394 - ok

23:24:13.0296 3328 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

23:24:13.0312 3328 Nla - ok

23:24:13.0390 3328 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

23:24:13.0421 3328 NMIndexingService - ok

23:24:13.0437 3328 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

23:24:13.0578 3328 Npfs - ok

23:24:13.0625 3328 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

23:24:13.0765 3328 Ntfs - ok

23:24:13.0781 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

23:24:13.0906 3328 NtLmSsp - ok

23:24:13.0984 3328 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

23:24:14.0109 3328 NtmsSvc - ok

23:24:14.0125 3328 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

23:24:14.0265 3328 Null - ok

23:24:14.0625 3328 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

23:24:15.0062 3328 nv - ok

23:24:15.0109 3328 [ 1982E96B2C5C2EFFEF38EFC37293A42E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

23:24:15.0125 3328 NVSvc - ok

23:24:15.0234 3328 [ E6568D2D90028207587CB43CD8E5FD01 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

23:24:15.0328 3328 nvUpdatusService - ok

23:24:15.0359 3328 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

23:24:15.0500 3328 NwlnkFlt - ok

23:24:15.0500 3328 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

23:24:15.0640 3328 NwlnkFwd - ok

23:24:15.0656 3328 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

23:24:15.0781 3328 ohci1394 - ok

23:24:15.0828 3328 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:24:15.0843 3328 ose - ok

23:24:15.0875 3328 [ 61C85AFEAA6EF0C1B32D43F84F7BFBCF ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys

23:24:15.0890 3328 ossrv - ok

23:24:15.0921 3328 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

23:24:16.0062 3328 Parport - ok

23:24:16.0062 3328 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

23:24:16.0187 3328 PartMgr - ok

23:24:16.0218 3328 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

23:24:16.0359 3328 ParVdm - ok

23:24:16.0375 3328 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

23:24:16.0500 3328 PCI - ok

23:24:16.0500 3328 PCIDump - ok

23:24:16.0531 3328 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

23:24:16.0671 3328 PCIIde - ok

23:24:16.0734 3328 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

23:24:16.0859 3328 Pcmcia - ok

23:24:16.0859 3328 PDCOMP - ok

23:24:16.0859 3328 PDFRAME - ok

23:24:16.0875 3328 PDRELI - ok

23:24:16.0875 3328 PDRFRAME - ok

23:24:16.0906 3328 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

23:24:17.0046 3328 perc2 - ok

23:24:17.0062 3328 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

23:24:17.0203 3328 perc2hib - ok

23:24:17.0375 3328 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE

23:24:17.0406 3328 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning

23:24:17.0406 3328 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)

23:24:17.0437 3328 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

23:24:17.0453 3328 PlugPlay - ok

23:24:17.0453 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

23:24:17.0578 3328 PolicyAgent - ok

23:24:17.0609 3328 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

23:24:17.0750 3328 PptpMiniport - ok

23:24:17.0750 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

23:24:17.0875 3328 ProtectedStorage - ok

23:24:17.0875 3328 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

23:24:18.0000 3328 PSched - ok

23:24:18.0015 3328 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

23:24:18.0156 3328 Ptilink - ok

23:24:18.0203 3328 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

23:24:18.0218 3328 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

23:24:18.0218 3328 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

23:24:18.0234 3328 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

23:24:18.0359 3328 ql1080 - ok

23:24:18.0406 3328 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

23:24:18.0546 3328 Ql10wnt - ok

23:24:18.0546 3328 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

23:24:18.0671 3328 ql12160 - ok

23:24:18.0671 3328 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

23:24:18.0812 3328 ql1240 - ok

23:24:18.0812 3328 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

23:24:18.0937 3328 ql1280 - ok

23:24:18.0953 3328 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

23:24:19.0078 3328 RasAcd - ok

23:24:19.0109 3328 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

23:24:19.0250 3328 RasAuto - ok

23:24:19.0265 3328 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

23:24:19.0390 3328 Rasl2tp - ok

23:24:19.0437 3328 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

23:24:19.0546 3328 RasMan - ok

23:24:19.0562 3328 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

23:24:19.0687 3328 RasPppoe - ok

23:24:19.0687 3328 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

23:24:19.0828 3328 Raspti - ok

23:24:19.0843 3328 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

23:24:19.0968 3328 Rdbss - ok

23:24:19.0968 3328 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

23:24:20.0093 3328 RDPCDD - ok

23:24:20.0125 3328 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

23:24:20.0265 3328 rdpdr - ok

23:24:20.0296 3328 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

23:24:20.0343 3328 RDPWD - ok

23:24:20.0406 3328 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

23:24:20.0531 3328 RDSessMgr - ok

23:24:20.0546 3328 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

23:24:20.0671 3328 redbook - ok

23:24:20.0734 3328 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

23:24:20.0859 3328 RemoteAccess - ok

23:24:20.0906 3328 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

23:24:21.0031 3328 RemoteRegistry - ok

23:24:21.0109 3328 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

23:24:21.0234 3328 RpcLocator - ok

23:24:21.0265 3328 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

23:24:21.0281 3328 RpcSs - ok

23:24:21.0328 3328 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

23:24:21.0453 3328 RSVP - ok

23:24:21.0484 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

23:24:21.0593 3328 SamSs - ok

23:24:21.0625 3328 [ D087A031E2E07B21E7A4F92ED657B985 ] SamsungMonitorFirmware C:\WINDOWS\system32\drivers\MFWCtwl.sys

23:24:21.0640 3328 SamsungMonitorFirmware ( UnsignedFile.Multi.Generic ) - warning

23:24:21.0640 3328 SamsungMonitorFirmware - detected UnsignedFile.Multi.Generic (1)

23:24:21.0796 3328 [ 03C67BDB26D79BC71406F52E385926A1 ] SBAMSvc C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe

23:24:21.0921 3328 SBAMSvc - ok

23:24:21.0953 3328 [ 40AA51F794921683CA143EE27F2F4171 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys

23:24:21.0968 3328 sbaphd - ok

23:24:22.0000 3328 [ 701109A92E144182E262BCC8DD898DC5 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys

23:24:22.0015 3328 sbapifs - ok

23:24:22.0046 3328 [ E0F866D00F85F55A04E066FEE23065F9 ] SBPIMSvc C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe

23:24:22.0062 3328 SBPIMSvc - ok

23:24:22.0109 3328 [ 0FCFE672B915687F5BFC0FD8944B360C ] sbtis C:\WINDOWS\system32\drivers\sbtis.sys

23:24:22.0125 3328 sbtis - ok

23:24:22.0171 3328 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

23:24:22.0328 3328 SCardSvr - ok

23:24:22.0359 3328 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

23:24:22.0484 3328 Schedule - ok

23:24:22.0500 3328 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

23:24:22.0625 3328 Secdrv - ok

23:24:22.0656 3328 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

23:24:22.0781 3328 seclogon - ok

23:24:22.0828 3328 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

23:24:22.0953 3328 SENS - ok

23:24:22.0968 3328 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

23:24:23.0078 3328 serenum - ok

23:24:23.0093 3328 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

23:24:23.0234 3328 Serial - ok

23:24:23.0265 3328 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

23:24:23.0421 3328 Sfloppy - ok

23:24:23.0468 3328 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

23:24:23.0609 3328 SharedAccess - ok

23:24:23.0625 3328 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

23:24:23.0687 3328 ShellHWDetection - ok

23:24:23.0703 3328 Simbad - ok

23:24:23.0734 3328 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

23:24:23.0859 3328 sisagp - ok

23:24:23.0890 3328 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

23:24:23.0937 3328 Sparrow - ok

23:24:23.0968 3328 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

23:24:24.0078 3328 splitter - ok

23:24:24.0125 3328 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

23:24:24.0187 3328 Spooler - ok

23:24:24.0218 3328 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

23:24:24.0359 3328 sr - ok

23:24:24.0390 3328 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

23:24:24.0515 3328 srservice - ok

23:24:24.0562 3328 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

23:24:24.0671 3328 Srv - ok

23:24:24.0718 3328 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

23:24:24.0843 3328 SSDPSRV - ok

23:24:24.0875 3328 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

23:24:25.0046 3328 stisvc - ok

23:24:25.0062 3328 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

23:24:25.0187 3328 swenum - ok

23:24:25.0218 3328 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

23:24:25.0343 3328 swmidi - ok

23:24:25.0343 3328 SwPrv - ok

23:24:25.0375 3328 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

23:24:25.0515 3328 symc810 - ok

23:24:25.0515 3328 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

23:24:25.0671 3328 symc8xx - ok

23:24:25.0671 3328 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

23:24:25.0796 3328 sym_hi - ok

23:24:25.0812 3328 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

23:24:25.0937 3328 sym_u3 - ok

23:24:25.0968 3328 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

23:24:26.0093 3328 sysaudio - ok

23:24:26.0140 3328 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

23:24:26.0265 3328 SysmonLog - ok

23:24:26.0296 3328 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

23:24:26.0453 3328 TapiSrv - ok

23:24:26.0500 3328 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

23:24:26.0515 3328 Tcpip - ok

23:24:26.0578 3328 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

23:24:26.0703 3328 TDPIPE - ok

23:24:26.0718 3328 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

23:24:26.0859 3328 TDTCP - ok

23:24:26.0890 3328 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

23:24:27.0015 3328 TermDD - ok

23:24:27.0046 3328 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

23:24:27.0187 3328 TermService - ok

23:24:27.0203 3328 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

23:24:27.0218 3328 Themes - ok

23:24:27.0250 3328 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

23:24:27.0390 3328 TlntSvr - ok

23:24:27.0406 3328 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

23:24:27.0531 3328 TosIde - ok

23:24:27.0562 3328 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

23:24:27.0687 3328 TrkWks - ok

23:24:27.0718 3328 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

23:24:27.0843 3328 Udfs - ok

23:24:27.0875 3328 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

23:24:27.0937 3328 ultra - ok

23:24:27.0968 3328 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

23:24:28.0093 3328 Update - ok

23:24:28.0140 3328 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

23:24:28.0265 3328 upnphost - ok

23:24:28.0281 3328 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

23:24:28.0406 3328 UPS - ok

23:24:28.0437 3328 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

23:24:28.0468 3328 USBAAPL - ok

23:24:28.0484 3328 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

23:24:28.0625 3328 usbehci - ok

23:24:28.0656 3328 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

23:24:28.0781 3328 usbhub - ok

23:24:28.0812 3328 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

23:24:28.0921 3328 usbprint - ok

23:24:28.0953 3328 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

23:24:29.0078 3328 usbscan - ok

23:24:29.0109 3328 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys

23:24:29.0218 3328 usbser - ok

23:24:29.0250 3328 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

23:24:29.0390 3328 USBSTOR - ok

23:24:29.0406 3328 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

23:24:29.0531 3328 usbuhci - ok

23:24:29.0546 3328 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

23:24:29.0671 3328 VgaSave - ok

23:24:29.0718 3328 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

23:24:29.0843 3328 viaagp - ok

23:24:29.0875 3328 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

23:24:30.0015 3328 ViaIde - ok

23:24:30.0031 3328 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

23:24:30.0140 3328 VolSnap - ok

23:24:30.0250 3328 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

23:24:30.0375 3328 VSS - ok

23:24:30.0406 3328 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll

23:24:30.0531 3328 w32time - ok

23:24:30.0546 3328 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

23:24:30.0671 3328 Wanarp - ok

23:24:30.0687 3328 wanatw - ok

23:24:30.0687 3328 WDICA - ok

23:24:30.0734 3328 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

23:24:30.0859 3328 wdmaud - ok

23:24:30.0890 3328 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

23:24:31.0031 3328 WebClient - ok

23:24:31.0078 3328 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

23:24:31.0156 3328 winachsf - ok

23:24:31.0203 3328 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

23:24:31.0312 3328 winmgmt - ok

23:24:31.0359 3328 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

23:24:31.0437 3328 WmdmPmSN - ok

23:24:31.0484 3328 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

23:24:31.0546 3328 Wmi - ok

23:24:31.0578 3328 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

23:24:31.0718 3328 WmiApSrv - ok

23:24:31.0812 3328 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

23:24:31.0890 3328 WMPNetworkSvc - ok

23:24:31.0890 3328 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

23:24:32.0031 3328 WS2IFSL - ok

23:24:32.0078 3328 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

23:24:32.0203 3328 wscsvc - ok

23:24:32.0218 3328 WSearch - ok

23:24:32.0234 3328 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

23:24:32.0375 3328 wuauserv - ok

23:24:32.0390 3328 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

23:24:32.0468 3328 WudfPf - ok

23:24:32.0484 3328 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

23:24:32.0515 3328 WudfRd - ok

23:24:32.0531 3328 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

23:24:32.0562 3328 WudfSvc - ok

23:24:32.0609 3328 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

23:24:32.0796 3328 WZCSVC - ok

23:24:32.0828 3328 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

23:24:32.0953 3328 xmlprov - ok

23:24:32.0968 3328 ================ Scan global ===============================

23:24:33.0015 3328 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

23:24:33.0046 3328 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

23:24:33.0062 3328 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

23:24:33.0078 3328 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

23:24:33.0078 3328 [Global] - ok

23:24:33.0078 3328 ================ Scan MBR ==================================

23:24:33.0109 3328 [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0

23:24:33.0343 3328 \Device\Harddisk0\DR0 - ok

23:24:33.0343 3328 ================ Scan VBR ==================================

23:24:33.0343 3328 [ 9C4EB5919C002C7721F1E0947BA4A8CF ] \Device\Harddisk0\DR0\Partition1

23:24:33.0343 3328 \Device\Harddisk0\DR0\Partition1 - ok

23:24:33.0343 3328 ============================================================

23:24:33.0343 3328 Scan finished

23:24:33.0343 3328 ============================================================

23:24:33.0468 3320 Detected object count: 25

23:24:33.0468 3320 Actual detected object count: 25

23:25:06.0468 3320 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0468 3320 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0468 3320 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0468 3320 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0484 3320 ELhid ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0484 3320 ELhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 ELkbd ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 ELkbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 ELmon ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 ELmon ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 ELmou ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 ELmou ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 ELService ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 ELService ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:06.0500 3320 SamsungMonitorFirmware ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:06.0500 3320 SamsungMonitorFirmware ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:25:21.0250 0324 Deinitialize success

we ran the windows malicious software tool also and it found 6 variations of the Alureon trojan. win32/alureon.en, win32/alureon.fa, win32/alureon.ff, win64/alureon.gen!g, win64/alureon.gen!i, winnt/alureon.aa

the windows malicious software said that it partially removed some of it and manual steps were required.

thanks!

[Tomk1]

Now that you have ran the malicious software removal tool... please see if Combofix will run.

[kgej_73]

ComboFix ran all the way to creating the log file, and then it blue screened.

This is all I got:

ComboFix 13-03-28.01 - Glenn 03/29/2013 1:08:04.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2555 [GMT -4:00]

Running from: C:\Documents and Settings\Glenn\Desktop\ComboFix.exe

AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

* Created a new restore point

[Tomk1]

Ok... let's try a tool that some of my colleagues have had success with.

Go here: http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99 and download and run the Backdoor.Tidserv Removal tool. Directions are found on the page.

Once you've ran it... let m know how it goes. Don't worry about the manual instructions at the bottom of the page.

[kgej_73]

I ran the symantec program and it said "backdoor.Tidsevr has not been found on your computer".

[Tomk1]

That is excellent news... as that is the active virus you had... but I'm still unsure of why CF won't run.

Please try it once more. If it doesn't run this time... we won't worry about it as it is not imperative that we run it. It would just be good to know that it does run because I don't like anomalies.

If it doesn't run... please try aswMBR again and see if it will run now.

[kgej_73]

Both ComboFix and aswMBR still give me the blue screen of death. However, something different when I tried to run combofix was that an error popped up during the beginning of the scan saying "catchme.3xe encountered an error and needed to close".

[Tomk1]

Ok. That is something. There are some similarities in a routine ran by both programs.

Let's try this:

Please rename Combofix.exe on your desktop to nombr.exe

Now please try to run it again.

[kgej_73]

It finally worked! Here is the log:

ComboFix 13-03-28.01 - Glenn 03/29/2013 14:06:52.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2585 [GMT -4:00]

Running from: c:\documents and settings\Glenn\Desktop\nombr.exe

AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

.

((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 )))))))))))))))))))))))))))))))

.

.

2013-03-29 00:32 . 2013-03-29 00:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-03-23 21:05 . 2013-03-23 21:09 -------- d-----w- C:\Netgear

2013-03-23 20:53 . 2013-03-23 20:53 -------- d-----w- c:\windows\system32\wbem\Repository

2013-03-21 02:17 . 2013-03-21 02:17 -------- d-----w- C:\TDSSKiller_Quarantine

2013-03-18 01:10 . 2008-04-14 10:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2013-03-16 00:34 . 2013-03-16 00:34 -------- d-----w- c:\program files\Common Files\Adobe

2013-03-16 00:07 . 2013-03-16 00:09 -------- d-----w- c:\program files\HRBlock2012

2013-03-16 00:07 . 2013-03-16 00:07 -------- d-----w- c:\program files\PDF995

2013-03-16 00:04 . 2013-03-16 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\TaxCut

2013-03-15 01:34 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-15 01:34 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys

2013-03-12 02:57 . 2013-03-12 02:57 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-12 02:57 . 2013-03-12 02:57 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-12 02:23 . 2013-03-12 02:23 -------- d-----w- C:\b3d49f0659b2ad7319dd55e7

2013-03-12 01:39 . 2013-03-12 02:25 -------- d-----w- c:\program files\Windows Desktop Search

2013-03-12 01:39 . 2013-03-12 01:39 -------- d-----w- c:\windows\system32\GroupPolicy

2013-03-12 01:38 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2013-03-12 01:38 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2013-03-12 01:38 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2013-03-12 01:37 . 2013-03-12 01:38 -------- d-----w- c:\program files\Windows Media Connect 2

2013-03-12 01:36 . 2013-03-12 01:36 -------- d-----w- c:\windows\system32\drivers\UMDF

2013-03-12 01:33 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

2013-03-11 23:50 . 2008-04-14 04:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys

2013-03-11 23:27 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll

2013-03-11 23:27 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2013-03-11 23:27 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2013-03-11 23:27 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2013-03-11 23:11 . 2008-04-14 04:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2013-03-11 23:11 . 2008-04-14 04:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2013-03-11 22:57 . 2013-03-11 22:59 -------- d-----w- C:\Arduino_1_0_4

2013-03-11 11:09 . 2013-03-11 11:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-03-11 09:09 . 2013-03-11 09:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\GFI Software

2013-03-11 09:09 . 2013-03-11 09:09 -------- d-s---w- c:\documents and settings\Administrator\IETldCache

2013-03-11 07:23 . 2013-03-11 07:25 -------- d-----w- c:\program files\Common Files\Nero

2013-03-11 07:23 . 2013-03-11 07:23 -------- d-----w- c:\program files\Nero

2013-03-11 07:23 . 2013-03-11 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2013-03-11 06:28 . 2011-03-11 14:10 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2013-03-11 06:14 . 2013-03-11 06:14 -------- d-----w- c:\program files\MSXML 4.0

2013-03-11 06:04 . 2013-02-05 20:05 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll

2013-03-11 06:03 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll

2013-03-11 06:03 . 2012-07-04 14:05 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys

2013-03-11 06:02 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2013-03-11 06:02 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2013-03-11 06:01 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2013-03-11 06:01 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2013-03-11 06:00 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2013-03-11 05:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2013-03-11 05:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2013-03-11 05:59 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2013-03-11 05:59 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2013-03-11 05:59 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2013-03-11 05:59 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2013-03-11 05:59 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2013-03-11 05:58 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2013-03-11 05:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2013-03-11 05:57 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2013-03-11 05:57 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2013-03-11 05:56 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2013-03-11 05:54 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2013-03-11 05:54 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2013-03-11 05:54 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2013-03-11 05:53 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2013-03-11 05:53 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2013-03-11 05:49 . 2012-06-02 20:19 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2013-03-11 05:49 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll

2013-03-11 05:49 . 2012-06-02 20:19 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2013-03-11 05:49 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2013-03-11 05:49 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2013-03-11 05:40 . 2013-02-05 20:05 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll

2013-03-11 05:40 . 2013-02-05 20:05 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2013-03-11 05:40 . 2013-02-05 20:05 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2013-03-11 05:40 . 2013-02-05 20:05 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2013-03-11 05:40 . 2013-02-05 20:05 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2013-03-11 05:40 . 2013-02-05 20:05 2004992 ------w- c:\windows\system32\dllcache\iertutil.dll

2013-03-11 05:40 . 2013-02-05 20:05 11111424 ------w- c:\windows\system32\dllcache\ieframe.dll

2013-03-11 05:31 . 2013-03-11 05:31 -------- d-s---w- c:\documents and settings\NetworkService\IETldCache

2013-03-11 05:27 . 2013-03-11 05:28 -------- dc-h--w- c:\windows\ie8

2013-03-11 05:06 . 2013-03-11 05:06 -------- d-----w- c:\program files\MSECache

2013-03-11 04:47 . 2003-06-18 22:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2013-03-11 04:47 . 2003-06-18 22:31 17920 ----a-w- c:\windows\system32\mdimon.dll

2013-03-11 04:47 . 2013-03-11 04:47 -------- d-----w- c:\program files\Common Files\L&H

2013-03-11 04:47 . 2013-03-11 04:47 -------- d-----w- c:\program files\Microsoft ActiveSync

2013-03-11 04:47 . 2013-03-11 04:47 -------- d-----w- c:\program files\Microsoft Works

2013-03-11 04:47 . 2013-03-11 04:47 -------- d-----w- c:\windows\SHELLNEW

2013-03-11 04:46 . 2013-03-11 04:46 -------- d-----w- c:\program files\Microsoft.NET

2013-03-11 04:44 . 2013-03-11 04:44 -------- d-----r- C:\MSOCache

2013-03-11 03:23 . 2011-12-23 15:42 14848 ----a-w- c:\windows\system32\drivers\MFWCtwl.sys

2013-03-11 03:23 . 2013-03-11 03:23 -------- d-----w- c:\program files\SamsungFirmwareUpdater

2013-03-11 03:16 . 2013-03-11 03:16 -------- d-----w- c:\program files\MonitorDriver

2013-03-11 03:04 . 2013-03-11 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2013-03-11 03:04 . 2013-03-23 20:53 -------- d-----w- c:\documents and settings\UpdatusUser

2013-03-11 03:01 . 2013-03-11 03:04 -------- d-----w- c:\program files\NVIDIA Corporation

2013-03-11 03:01 . 2013-03-11 03:01 -------- d-----w- C:\NVIDIA

2013-03-11 02:58 . 2013-03-11 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA

2013-03-11 02:58 . 2013-03-11 02:58 -------- d-----w- c:\windows\Sun

2013-03-11 02:57 . 2013-03-11 02:57 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-11 02:57 . 2013-03-11 02:57 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-03-11 02:57 . 2013-03-11 02:57 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-11 02:57 . 2013-03-11 02:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-11 02:57 . 2013-03-11 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2013-03-11 02:45 . 2013-03-11 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-03-11 02:45 . 2013-03-11 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-11 02:45 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-11 02:18 . 2013-02-11 17:28 35896 ----a-w- c:\windows\system32\drivers\gfiark.sys

2013-03-11 02:16 . 2012-12-05 02:01 68904 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2013-03-11 02:16 . 2012-12-05 02:01 23088 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2013-03-11 02:16 . 2013-03-11 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software

2013-03-11 02:16 . 2012-12-27 02:02 222960 ----a-w- c:\windows\system32\drivers\sbtis.sys

2013-03-11 02:16 . 2013-03-11 02:16 -------- d-----w- c:\windows\system32\drivers\VDD

2013-03-11 02:16 . 2013-03-11 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

2013-03-11 02:16 . 2013-03-11 02:16 -------- d-----w- c:\program files\GFI Software

2013-03-11 01:41 . 2013-03-12 01:36 -------- d-----w- c:\windows\system32\LogFiles

2013-03-11 01:35 . 2013-03-29 13:41 -------- d-----w- c:\documents and settings\Glenn

2013-03-11 01:33 . 2006-04-11 16:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Creative

2013-03-11 01:33 . 2006-04-11 15:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Corel

2013-03-11 01:33 . 2006-04-11 15:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Gtek

2013-03-11 01:27 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2013-03-11 01:27 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2013-03-11 01:27 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2013-03-11 01:27 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-21 02:30 . 2013-02-21 02:30 13632 ----a-w- c:\windows\system32\drivers\VDD\apvdd.dll

2013-02-21 02:30 . 2013-02-21 02:30 44864 ----a-w- c:\windows\system32\sbbd.exe

2013-02-12 00:32 . 2005-08-16 09:18 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-05 20:05 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll

2013-02-05 20:05 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-02-05 20:05 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-05 05:53 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec

2013-01-31 11:22 . 2006-04-11 15:28 19189760 ----a-w- c:\windows\system32\nvoglnt.dll

2013-01-31 11:22 . 2005-08-16 09:35 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2013-01-31 11:22 . 2005-08-16 09:35 4494336 ----a-w- c:\windows\system32\nv4_disp.dll

2013-01-31 09:06 . 2006-04-11 15:28 126976 ----a-w- c:\windows\system32\nvrszht.dll

2013-01-31 09:06 . 2006-04-11 15:28 274432 ----a-w- c:\windows\system32\nvrsnl.dll

2013-01-31 09:06 . 2006-04-11 15:28 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2013-01-31 09:06 . 2006-04-11 15:28 266240 ----a-w- c:\windows\system32\nvrsko.dll

2013-01-31 09:06 . 2006-04-11 15:28 253952 ----a-w- c:\windows\system32\nvrssv.dll

2013-01-31 09:06 . 2006-04-11 15:28 253952 ----a-w- c:\windows\system32\nvrsno.dll

2013-01-31 09:06 . 2006-04-11 15:28 229376 ----a-w- c:\windows\system32\nvrszhc.dll

2013-01-31 09:06 . 2006-04-11 15:28 286720 ----a-w- c:\windows\system32\nvrsfr.dll

2013-01-31 09:06 . 2006-04-11 15:28 282624 ----a-w- c:\windows\system32\nvrsit.dll

2013-01-31 09:06 . 2006-04-11 15:28 282624 ----a-w- c:\windows\system32\nvrses.dll

2013-01-31 09:06 . 2006-04-11 15:28 274432 ----a-w- c:\windows\system32\nvrsja.dll

2013-01-31 09:06 . 2006-04-11 15:28 249856 ----a-w- c:\windows\system32\nvrsfi.dll

2013-01-31 09:06 . 2006-04-11 15:28 278528 ----a-w- c:\windows\system32\nvrsde.dll

2013-01-31 09:06 . 2006-04-11 15:28 253952 ----a-w- c:\windows\system32\nvrsda.dll

2013-01-31 09:02 . 2006-04-11 15:28 54272 ----a-w- c:\windows\system32\nvwddi.dll

2013-01-31 09:02 . 2006-04-11 15:28 156448 ----a-w- c:\windows\system32\nvsvc32.exe

2013-01-31 09:02 . 2006-04-11 15:28 108832 ----a-w- c:\windows\system32\nvmctray.dll

2013-01-31 09:02 . 2006-04-11 15:28 15517472 ----a-w- c:\windows\system32\nvcpl.dll

2013-01-26 03:55 . 2005-08-16 09:18 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19 . 2005-08-16 09:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37 . 2004-08-04 03:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20 . 2005-08-16 09:18 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2005-08-16 09:18 1292288 ----a-w- c:\windows\system32\quartz.dll

2013-03-07 14:31 . 2013-03-11 02:12 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-07-10 12:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2013-02-21 3154752]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]

"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-11 24576]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2008-07-10 12:23 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-06-24 19:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-09 18:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-04-11 15:54 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-04-11 15:54 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2008-07-10 12:23 2049320 ----a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys [3/10/2013 11:23 PM 14848]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [3/10/2013 10:16 PM 23088]

R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [3/10/2013 10:16 PM 222960]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/10/2013 10:45 PM 398184]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [3/10/2013 10:16 PM 68904]

R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [2/20/2013 10:30 PM 175936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/10/2013 10:45 PM 21104]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/10/2013 10:45 PM 682344]

S2 SBAMSvc;VIPRE Antivirus;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [2/20/2013 10:30 PM 3680512]

S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [3/10/2013 10:18 PM 35896]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/28/2013 8:32 PM 40776]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\4939n7d9.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - ExtSQL: 2013-03-10 22:49; https-everywhere@eff.org; c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\4939n7d9.default\extensions\https-everywhere@eff.org

FF - ExtSQL: 2013-03-11 22:21; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-29 14:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2013-03-29 14:13:57

ComboFix-quarantined-files.txt 2013-03-29 18:13

.

Pre-Run: 110,667,771,904 bytes free

Post-Run: 110,626,619,392 bytes free

.

- - End Of File - - 139C232D9ECFCEA9962F1566C31CC325

[Tomk1]

That is excellent. I feel better knowing the problem wasn't related to a virus.

Let's get an online scan:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here then click on:

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology

[*]Now click on:

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on:

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Also, please update me as to how things seem to be running at this point.

[kgej_73]

Here is the log file from the on line scanner. the first time we ran it we forgot to turn off the anti virus software. so we had to scan it again.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=e1a128e445e0f4448dce9ba6686cc14b

# engine=13513

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-03-29 07:57:13

# local_time=2013-03-29 03:57:13 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=9732 16777213 100 95 0 160581147 0 0

# scanned=70856

# found=6

# cleaned=0

# scan_time=4323

sh=1238F6E12158079E821E2C709C98B932147F0014 ft=1 fh=a16150051c4bc0a5 vn="Win64/Olmasco.Y trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0006.dta"

sh=A8BD0C439D7D54532445A68600D7F9A420B7F1EA ft=1 fh=00a7a3e908704888 vn="Win32/Olmasco.O trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0007.dta"

sh=E3F9312A48E3F9098364871D6368719319C44865 ft=1 fh=007800bc27690928 vn="Win64/Olmasco.AA trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0010.dta"

sh=614A4E374797F94A1327F4C7D08A79A948660E9A ft=1 fh=1cb93ee4eea17c9e vn="Win32/Olmasco.Q trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0011.dta"

sh=9D2E7DE60D42D7DCE2FCD9C3923EC098B4BFB51D ft=1 fh=66fa15f5ce12754e vn="Win32/Olmasco.AA trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0014.dta"

sh=FA0B1157F3426C7D945CD3215872C0F7E61311AA ft=1 fh=842bfd24ed0098fa vn="Win64/Olmasco.Z trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0015.dta"

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=e1a128e445e0f4448dce9ba6686cc14b

# engine=13515

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-03-29 08:52:15

# local_time=2013-03-29 04:52:15 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=9732 16777214 100 96 0 160584449 0 0

# scanned=70878

# found=6

# cleaned=0

# scan_time=2735

sh=1238F6E12158079E821E2C709C98B932147F0014 ft=1 fh=a16150051c4bc0a5 vn="Win64/Olmasco.Y trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0006.dta"

sh=A8BD0C439D7D54532445A68600D7F9A420B7F1EA ft=1 fh=00a7a3e908704888 vn="Win32/Olmasco.O trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0007.dta"

sh=E3F9312A48E3F9098364871D6368719319C44865 ft=1 fh=007800bc27690928 vn="Win64/Olmasco.AA trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0010.dta"

sh=614A4E374797F94A1327F4C7D08A79A948660E9A ft=1 fh=1cb93ee4eea17c9e vn="Win32/Olmasco.Q trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0011.dta"

sh=9D2E7DE60D42D7DCE2FCD9C3923EC098B4BFB51D ft=1 fh=66fa15f5ce12754e vn="Win32/Olmasco.AA trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0014.dta"

sh=FA0B1157F3426C7D945CD3215872C0F7E61311AA ft=1 fh=842bfd24ed0098fa vn="Win64/Olmasco.Z trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.03.2013_22.10.10\tdlfs0000\tsk0015.dta"

[kgej_73]

My computer seems to be running ok. since the malicious software scan had detected and partially removed 6 threats we have been mostly running scans and not doing much else. But it seems to be running fine.

[Tomk1]

Everything ESET found was already quarantined by TDSSKiller.

I think you are good to go.

Time for some housekeeping

• Click START then RUN
  
• 
  
• Now type ComboFix /Uninstall in the runbox and click OK.
  
• Note the space between the X and the U, it needs to be there.
  
• 
  

The above procedure will:

• Implement some cleanup procedures.
  
• Reset System Restore.
  

1. Double click on OTL to run it.
   
2. Click on CleanUp!
   
3. When done, you will be prompted to restart your computer. Please restart your computer.
   

Any tools or logs that are left can just be deleted.

Please re-enable any security that was disabled.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

Also: "How to prevent malware"

by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

[kgej_73]

We couldn't find the OTL application on our computer, and when we tried to use the link you provided earlier to re-download it we got this error:

"Forbidden

You don't have permission to access /OTL.exe on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."

Also, is it safe to delete the TDSSQuarantine folder?

[Tomk1]

Yes. It is safe to delete the quarantine folder.

Try this first before deleting it manually. This program does the same thing as the cleanup routine in OTL. I think it will clean it out for you.

• Make sure you have an Internet Connection.
  
• Download OTC to your desktop and run it
  
• A list of tool components used in the cleanup of malware will be downloaded.
  
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  
• Click Yes to begin the cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  

[kgej_73]

Cleanup is all done. Thank you very much for all your help!