Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspect Malware

Started by csurp34 , May 10 2011 11:41 AM

  • This topic is locked This topic is locked

#1
csurp34
Posted 10 May 2011 - 11:41 AM

csurp34

    Member

  • Member
  • PipPip
  • 43 posts
Hi,

I am running Vista Ultimate 32 bit no service packs on a Dell desktop All-In-One.

Lately my computer is running slower and I can't acces some sites such as Yahoo. I suspect that is because I run out of time.

I ran OTL and it generated two logs which I am posting here and standing by.

Thanks in advance.

OTL.txt

OTL logfile created on: 5/10/2011 1:18:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 418.25 Gb Free Space | 89.80% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/10 13:17:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/03/23 09:50:38 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/10/05 16:54:24 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/10/05 16:54:24 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/09/21 11:26:34 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/20 19:14:32 | 002,433,024 | ---- | M] () -- C:\Windows\System32\MediaButtons.exe
PRC - [2007/08/16 08:56:14 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007/08/16 08:55:52 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2007/08/03 16:25:02 | 001,069,056 | ---- | M] (DELL COMPUTER INC.) -- C:\Windows\System32\DELLOSD.exe
PRC - [2007/07/27 04:00:00 | 000,696,320 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/07/20 01:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM07Mon.exe
PRC - [2007/06/07 11:14:36 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
PRC - [2007/04/11 15:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2011/05/10 13:17:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/10/24 16:56:36 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/30 10:29:46 | 000,126,976 | ---- | M] (Capital Intellect Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe -- (Winferno Subscription Service)
SRV - [2007/07/24 05:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 05:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 02:11:13 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{365DDE67-33D5-4FDE-8751-D01D0D1C951D}\MpKsl37a66008.sys -- (MpKsl37a66008)
DRV - [2011/04/18 09:43:34 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110509.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 09:43:34 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/18 09:43:34 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110509.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/10/27 11:41:39 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/09/07 20:38:40 | 000,733,824 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\A885VCap.sys -- (CXSONORA)
DRV - [2007/07/20 01:00:00 | 000,235,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM07Vid.sys -- (OEM07Vid)
DRV - [2007/05/17 01:00:00 | 000,014,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLACPI.sys -- (DLXPDisplayName)
DRV - [2007/05/11 19:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/04/13 13:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM07Vfx.sys -- (OEM07Vfx)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/22 16:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 16:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 16:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/26 12:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/26 12:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2009/07/10 22:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2009/07/10 22:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/19 01:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MediaButtons] C:\Windows\System32\MediaButtons.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM07Mon.exe] C:\Windows\OEM07Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [DELL Webcam Manager] C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 13:17:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/05/09 09:33:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Malware Removal
[2011/05/09 08:51:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/05/09 08:50:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/09 08:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/09 08:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/09 08:50:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/09 08:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/08 13:03:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/05/07 20:28:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/07 20:27:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/07 19:55:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/27 13:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/21 10:20:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Google
[2011/04/21 10:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

========== Files - Modified Within 30 Days ==========

[2011/05/10 13:20:33 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8E6F3B8C-57FF-432D-A93D-139DA3D94AAA}.job
[2011/05/10 13:17:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/05/10 12:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/10 12:31:33 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 12:31:33 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 10:38:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/09 22:53:39 | 000,002,633 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Office Outlook 2003.lnk
[2011/05/09 21:53:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 21:31:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\WSSHelper.job
[2011/05/09 09:37:24 | 000,621,314 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/09 09:37:24 | 000,104,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/09 09:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 08:42:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/27 14:11:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/24 20:02:13 | 000,000,938 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/21 10:19:57 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/15 03:28:01 | 000,380,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/04/21 10:19:57 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/21 10:19:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/01/26 15:30:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2011/01/26 15:28:44 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2011/01/26 15:25:36 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/10 15:19:00 | 000,024,206 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2008/12/21 16:29:41 | 000,009,216 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 13:59:21 | 000,503,808 | ---- | C] () -- C:\Windows\System32\ProximitySensor.exe
[2008/10/27 13:59:20 | 002,433,024 | ---- | C] () -- C:\Windows\System32\MediaButtons.exe
[2008/10/27 13:42:58 | 000,000,332 | ---- | C] () -- C:\Windows\System32\CNCMFP23.INI
[2008/10/27 13:31:58 | 000,129,830 | ---- | C] () -- C:\Windows\HPHins13.dat
[2008/10/27 13:31:58 | 000,002,977 | ---- | C] () -- C:\Windows\hphmdl13.dat
[2008/10/27 12:55:34 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/10/27 12:08:00 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/10/27 12:07:59 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/24 16:42:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/24 15:42:38 | 000,000,140 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/10/24 14:02:00 | 000,014,656 | ---- | C] () -- C:\Windows\System32\drivers\DLACPI.sys
[2008/10/24 13:31:35 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/10/24 13:31:35 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/10/24 13:31:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/10/24 13:31:35 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/10/24 13:25:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/24 13:12:54 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2007/10/05 16:34:42 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/08/06 19:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,380,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:29 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006/11/02 08:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,621,314 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/04/07 14:24:06 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Chris\Documents\TurboTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Chris\Desktop\TurboTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Chris\Desktop\Marine Max:Roxio EMC Stream
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


Extras.txt

OTL Extras logfile created on: 5/10/2011 1:18:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 418.25 Gb Free Space | 89.80% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4234614814-3669509041-980374843-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1004A586-AE6B-453B-B079-0CE08311426E}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{E4C4189F-5B50-4CEB-8096-E10E4BF96606}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19D3B8EA-F9CD-40D2-931C-0F85066D72BC}" = protocol=1 | dir=in | [email protected],-28543 |
"{53AB3F60-AAA6-41F6-B63A-EEE3B9192CD1}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5939438C-7CD4-40F2-A662-2E71C537AF69}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{9722CB07-B497-429F-9E2B-D00B801FF3BA}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{A6C5FB66-4612-4B8F-9336-9C2F71F3094F}" = protocol=58 | dir=out | [email protected],-28546 |
"{AACE18C9-1822-49FB-AAAD-62C3E389B11C}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{D1AEE8EB-28FF-4D28-97B4-4FDC9CEC8D56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D8410C59-44A1-4548-9DD3-4DB285AFBF92}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D93969CB-A535-495A-94BF-38BBD8D54432}" = protocol=1 | dir=out | [email protected],-28544 |
"{F7FD946E-8C82-4427-9522-8214D555B3C0}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{184C54E7-E6B2-4904-9BE1-E095C3E7FC74}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{39AA2F50-E108-49A5-B371-F9F249D0AD33}C:\program files\info select\is.exe" = protocol=6 | dir=in | app=c:\program files\info select\is.exe |
"TCP Query User{5F012B8F-D4D5-4A47-B9C0-BEF2D75A2AA7}C:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe" = protocol=6 | dir=in | app=c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe |
"TCP Query User{ACF365DA-F440-4E0F-B9CD-6A78120D069F}C:\program files\info select\is.exe" = protocol=6 | dir=in | app=c:\program files\info select\is.exe |
"UDP Query User{528EC507-411A-4A1A-8111-62E529609BCF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6C994993-170C-4125-9929-0D957BE8021F}C:\program files\info select\is.exe" = protocol=17 | dir=in | app=c:\program files\info select\is.exe |
"UDP Query User{6D45F555-1C0F-493B-8A12-5627447682DC}C:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe" = protocol=17 | dir=in | app=c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe |
"UDP Query User{E048C562-952A-43BF-B7F9-EB5C7D1F3C31}C:\program files\info select\is.exe" = protocol=17 | dir=in | app=c:\program files\info select\is.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5900
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia MiniCard Hybrid TV
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ED9C10E6-565C-4D0F-B559-462BEA03804E}" = MediaButtons 1.0.1.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F324D324-6531-33DC-F5BA-CD360B156275}" = Comcast Access
"1EC636D2DBA2D9924E02E10DA797DEC16306C1A9" = Windows Driver Package - Logitech HIDClass (10/16/2006 1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BlackBerry_{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"Creative OEM007" = Integrated Webcam Driver (1.00.01.0720)
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia MiniCard Hybrid TV
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micro Logic Info Select 6.0" = Micro Logic Info Select 6.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel® PRO Network Connections Drivers
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2011 1:32:41 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\Windows\system32\services.exe
(PID 748) Time: Sunday, May 08, 2011 1:32:41 AM

Error - 5/8/2011 6:14:50 PM | Computer Name = Chris-PC | Source = VSS | ID = 8194
Description =

Error - 5/8/2011 7:06:20 PM | Computer Name = Chris-PC | Source = VSS | ID = 8194
Description =

Error - 5/9/2011 1:30:44 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\Windows\system32\services.exe
(PID 720) Time: Monday, May 09, 2011 1:30:43 AM

Error - 5/9/2011 1:31:14 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\Windows\system32\services.exe
(PID 720) Time: Monday, May 09, 2011 1:31:14 AM

Error - 5/9/2011 1:31:45 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\Windows\system32\services.exe
(PID 720) Time: Monday, May 09, 2011 1:31:45 AM

Error - 5/9/2011 8:45:18 AM | Computer Name = Chris-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/10/2011 1:31:17 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\Windows\system32\services.exe
(PID 740) Time: Tuesday, May 10, 2011 1:31:17 AM

Error - 5/10/2011 1:31:46 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\Windows\system32\services.exe
(PID 740) Time: Tuesday, May 10, 2011 1:31:46 AM

Error - 5/10/2011 1:32:17 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\Windows\system32\services.exe
(PID 740) Time: Tuesday, May 10, 2011 1:32:17 AM

[ System Events ]
Error - 5/9/2011 10:46:10 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/9/2011 10:46:25 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/10/2011 1:31:16 AM | Computer Name = Chris-PC | Source = DCOM | ID = 10005
Description =

Error - 5/10/2011 1:31:17 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/10/2011 1:31:17 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/10/2011 1:31:47 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/10/2011 1:31:47 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/10/2011 1:32:18 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/10/2011 1:32:18 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/10/2011 1:34:09 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >
  • 0

Advertisements

#2
csurp34
Posted 10 May 2011 - 06:43 PM

csurp34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Update

I ran the Kapersky Virus Removal Program. It flashed a screen informing me of a threat and suggested that I quarantine. It would not quarantine so I deleted it.

Looks like there is another one also.

Here is the report:

utoscan: completed 3 minutes ago (events: 5, objects: 446505, time: 03:26:22)
5/10/2011 5:05:21 PM Task started
5/10/2011 5:22:36 PM Detected: HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04CC0000\4DCEE5EA.VBN/CryptZ
5/10/2011 5:22:37 PM Detected: Exploit.JS.Pdfka.asd C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0074.VBN/CryptZ/data0000
5/10/2011 5:35:24 PM Deleted: Exploit.JS.Pdfka.asd C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0074.VBN
5/10/2011 8:31:43 PM Task completed

Standing by.

Thanks.
  • 0

#3
csurp34
Posted 10 May 2011 - 07:02 PM

csurp34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here is the Gathering Information Report:

Gathering system information: completed 3 minutes ago (events: 86)
5/10/2011 8:54:19 PM Gathering system information Task completed
5/10/2011 8:52:39 PM >> Windows Explorer - show extensions of known file types
5/10/2011 8:52:39 PM >> Disable CD/DVD autorun
5/10/2011 8:52:38 PM >> Timeout of "Not Responding" verdict for processes is out of admissible values
5/10/2011 8:52:38 PM >> Service termination timeout is out of admissible values
5/10/2011 8:52:38 PM >> Process termination timeout is out of admissible values
5/10/2011 8:51:04 PM CmpCallCallBacks = 00000000
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtWriteVirtualMemory (16A) intercepted (831D71AB->8856DD08), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtUnmapViewOfSection (160) intercepted (831E0D88->8854C8F8), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtTerminateThread (153) intercepted (8321B707->88564E28), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtTerminateProcess (152) intercepted (8321B2B3->8854AE10), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtSuspendThread (14F) intercepted (8321D2B7->88564D68), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtSuspendProcess (14E) intercepted (8321D483->8856EA08), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtSetInformationThread (136) intercepted (8321861B->88565440), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtSetInformationProcess (135) intercepted (83215EBB->88565B38), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtSetContextThread (125) intercepted (8321AEBB->8856D4B0), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtResumeThread (119) intercepted (8321D3A0->88560428), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtOpenThreadToken (CA) intercepted (83241177->8856D590), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtOpenProcessToken (C3) intercepted (83240F8A->8854BA10), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtOpenEvent (B8) intercepted (832874B1->8856EB88), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtMapViewOfSection (B1) intercepted (831D0396->88565C80), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtImpersonateThread (9E) intercepted (832226C5->88560F28), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtImpersonateAnonymousToken (9C) intercepted (8324E117->88560E48), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtFreeVirtualMemory (93) intercepted (830BEC63->885599A0), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtCreateThread (4E) intercepted (8321217B->88540280), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtCreateMutant (43) intercepted (8329018A->8856EF90), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtConnectPort (36) intercepted (831BE1CB->88548308), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtAllocateVirtualMemory (12) intercepted (831D54AF->8856DD98), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtAlertThread (0E) intercepted (8321D53F->8856BDF8), hook not defined
5/10/2011 8:51:03 PM >>> Hook code blocked
5/10/2011 8:51:03 PM >>> Function restored successfully !
5/10/2011 8:51:03 PM Function NtAlertResumeThread (0D) intercepted (8321D597->8856BC78), hook not defined
5/10/2011 8:51:01 PM >> Danger ! Process masking detected
5/10/2011 8:51:00 PM IAT modification detected: FreeLibrary - 00B60400<>76354597
5/10/2011 8:51:00 PM IAT modification detected: GetProcAddress - 00B60390<>76354110
5/10/2011 8:51:00 PM IAT modification detected: LoadLibraryA - 00B60320<>76339A96
5/10/2011 8:51:00 PM IAT modification detected: LoadLibraryW - 00B60240<>7633971F
5/10/2011 8:51:00 PM IAT modification detected: CreateProcessW - 00B60160<>76311D27
5/10/2011 8:51:00 PM IAT modification detected: GetModuleFileNameW - 00B600F0<>763599ED
5/10/2011 8:51:00 PM IAT modification detected: GetModuleFileNameA - 00B60080<>7635B578
5/10/2011 8:51:00 PM IAT modification detected: CreateProcessA - 00B60010<>76311D5C
5/10/2011 8:50:48 PM Gathering system information Task started
  • 0

#4
sempai
Posted 14 May 2011 - 01:47 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello csurp34 and welcome to G2G. :)

Microsoft Securities Essentials (Don’t know where this came from) says I am protected but finds nothing.

Please uninstall Microsoft Securities Essentials and then follow the instructions below.



Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#5
csurp34
Posted 14 May 2011 - 09:26 AM

csurp34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here you go. Thanks for your help.

ComboFix 11-05-13.03 - Chris 05/14/2011 11:01:57.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2022.787 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Parameters
.
.
((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 )))))))))))))))))))))))))))))))
.
.
2011-05-14 15:10 . 2011-05-14 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-10 21:01 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\87357712.sys
2011-05-10 21:01 . 2009-10-10 03:31 311312 ----a-w- c:\windows\system32\drivers\8735771.sys
2011-05-10 21:01 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\87357711.sys
2011-05-09 12:51 . 2011-05-09 12:51 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-05-09 12:50 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 12:50 . 2011-05-09 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-09 12:50 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 17:03 . 2011-05-08 17:09 -------- d-----w- c:\windows\system32\catroot2
2011-04-21 14:18 . 2011-04-21 14:19 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-10-24 1232896]
"DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-31 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-02 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-02 129560]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-21 4702208]
"OEM07Mon.exe"="c:\windows\OEM07Mon.exe" [2007-07-20 36864]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"MediaButtons"="c:\windows\System32\MediaButtons.exe" [2007-09-20 2433024]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_10.05.2011_23-44[1].lnk - c:\users\Chris\Desktop\Virus Removal Tool\setup_9.0.0.722_10.05.2011_23-44[1]\startup.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-5 727592]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-10-24 696320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"link"= 00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-10-24 20:56 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4234614814-3669509041-980374843-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl049353da;MpKsl049353da;\c:\\ProgramData\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{636EE14A-9E92-44E0-B6F4-85927032C65C}\\MpKsl049353da.sys [x]
R1 MpKsl13705659;MpKsl13705659;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9DB4BF-A685-4CEE-958F-2C6DF55AF0B3}\MpKsl13705659.sys [x]
R1 MpKsl13f7feae;MpKsl13f7feae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68E48968-CB0D-4439-ABC3-A127CFE62ACA}\MpKsl13f7feae.sys [x]
R1 MpKsl37a66008;MpKsl37a66008;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{365DDE67-33D5-4FDE-8751-D01D0D1C951D}\MpKsl37a66008.sys [x]
R1 MpKsl40d990f2;MpKsl40d990f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{127A47A6-1615-4662-ADAE-4E2DE0EDB49C}\MpKsl40d990f2.sys [x]
R1 MpKsl47b8f110;MpKsl47b8f110;\c:\\ProgramData\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{636EE14A-9E92-44E0-B6F4-85927032C65C}\\MpKsl47b8f110.sys [x]
R1 MpKsl4ec7d0aa;MpKsl4ec7d0aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C39FC02D-7DCD-4D57-BE1F-0F188A844B46}\MpKsl4ec7d0aa.sys [x]
R1 MpKsl570d4e2e;MpKsl570d4e2e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B217226-97CD-4091-9FB1-4C6799FAF012}\MpKsl570d4e2e.sys [x]
R1 MpKsl57efdfb2;MpKsl57efdfb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9DB4BF-A685-4CEE-958F-2C6DF55AF0B3}\MpKsl57efdfb2.sys [x]
R1 MpKsl5f44e7bc;MpKsl5f44e7bc;\c:\\ProgramData\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{9CF3BE01-6BC1-48D1-AD19-637FDEED08CD}\\MpKsl5f44e7bc.sys [x]
R1 MpKsl7b7ede55;MpKsl7b7ede55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{395F6889-F6C8-43A3-AED3-8B0322B3D7DD}\MpKsl7b7ede55.sys [x]
R1 MpKsl977d2ed0;MpKsl977d2ed0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9DB4BF-A685-4CEE-958F-2C6DF55AF0B3}\MpKsl977d2ed0.sys [x]
R1 MpKsld71cdbc3;MpKsld71cdbc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A881C4F-A80D-41BB-933D-C05C147CAFBA}\MpKsld71cdbc3.sys [x]
R1 MpKsled6c6cc5;MpKsled6c6cc5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9DB4BF-A685-4CEE-958F-2C6DF55AF0B3}\MpKsled6c6cc5.sys [x]
R1 MpKslf0846485;MpKslf0846485;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76F4ED40-316F-497A-BD03-0C804ECBCA37}\MpKslf0846485.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 ute4odq4;AVZ Kernel Driver;c:\windows\system32\Drivers\ute4odq4.sys [x]
R3 Winferno Subscription Service;Winferno Subscription Service;c:\program files\Common Files\Winferno\WSS\WSS.exe [2007-07-30 126976]
S0 87357712;87357712 Boot Guard Driver;c:\windows\system32\DRIVERS\87357712.sys [2009-10-22 37392]
S1 87357711;87357711;c:\windows\system32\DRIVERS\87357711.sys [2009-09-25 128016]
S3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\system32\drivers\A885VCap.sys [2007-09-08 733824]
S3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\DRIVERS\DLACPI.sys [2007-05-17 14656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-18 102448]
S3 OEM07Vfx;Creative Camera OEM007 Video VFX Driver;c:\windows\system32\DRIVERS\OEM07Vfx.sys [2007-03-05 7424]
S3 OEM07Vid;Creative Camera OEM007 Driver;c:\windows\system32\DRIVERS\OEM07Vid.sys [2007-07-20 235552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-31 01:41]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 19:43]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 19:43]
.
2011-05-14 c:\windows\Tasks\User_Feed_Synchronization-{8E6F3B8C-57FF-432D-A93D-139DA3D94AAA}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
2011-05-14 c:\windows\Tasks\WSSHelper.job
- c:\program files\Common Files\Winferno\WSS\WSSHelper.exe [2008-10-28 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5028)
c:\program files\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\msdtc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\DELLOSD.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-05-14 11:23:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-14 15:22
ComboFix2.txt 2011-05-14 14:52
ComboFix3.txt 2011-05-08 00:28
.
Pre-Run: 438,100,787,200 bytes free
Post-Run: 437,951,414,272 bytes free
.
- - End Of File - - 5393E1F8A00FB6AF33EB7CAB70FE9F7F
  • 0

#6
sempai
Posted 14 May 2011 - 08:24 PM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    c:\windows\system32\drivers\87357712.sys
    c:\windows\system32\drivers\8735771.sys
    c:\windows\system32\drivers\87357711.sys

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#7
csurp34
Posted 14 May 2011 - 09:22 PM

csurp34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I did get the pop up on each scan and selected scan again.

The file are 87357711.sys uploaded by other users and scanned successfully at 2010/06/11 08:53:38, and 36 softwares update the database from last scan to now.

File Name : 87357712.sys
File Size : 37392 byte
File Type : PE32 executable for MS Windows (DLL) (native) Intel 80386 32
MD5 : a305fad3719c5db0c13d1c2bfd08a04d
SHA1 : cd7300ae608db1ca6583736b9648cf36b476f832

Scanner results : Scanners did not find malware!
Time : 2011/05/14 22:29:04 (EDT)
Scanner
Engine Ver
Sig Ver
Sig Date
Scan result
Time

a-squared 5.1.0.2 20110514030832 2011-05-14 - 40.095
AhnLab V3 2011.05.15.00 2011.05.15 2011-05-15 - 40.094
AntiVir 8.2.4.228 7.11.8.21 2011-05-13 - 0.270
Antiy 2.0.18 20110205.7694535 2011-02-05 - 0.120
Arcavir 2011 201105080215 2011-05-08 - 0.032
Authentium 5.1.1 201105141019 2011-05-14 - 1.533
AVAST! 4.7.4 110514-1 2011-05-14 - 0.007
AVG 8.5.850 271.1.1/3638 2011-05-15 - 0.260
BitDefender 7.90123.7313396 7.37470 2011-05-15 - 5.807
ClamAV 0.96.5 13078 2011-05-14 - 0.016
Comodo 4.0 8703 2011-05-14 - 40.089
CP Secure 1.3.0.5 2011.05.14 2011-05-14 - 0.002
Dr.Web 5.0.2.3300 2011.05.15 2011-05-15 - 11.847
F-Prot 4.4.4.56 20110514 2011-05-14 - 1.526
F-Secure 7.02.73807 2011.05.14.01 2011-05-14 - 0.183
Fortinet 4.2.257 13.218 2011-05-13 - 40.091
GData 22.330/22.97 20110513 2011-05-13 - 40.090
Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 - 0.007
JiangMin 13.0.900 2011.05.14 2011-05-14 - 40.094
Kaspersky 5.5.10 2011.05.14 2011-05-14 - 0.097
KingSoft 2009.2.5.15 2011.5.15.9 2011-05-15 - 40.094
McAfee 5400.1158 6340 2011-05-08 - 9.069
Microsoft 1.6802 2011.05.14 2011-05-14 - 40.090
NOD32 3.0.21 6108 2011-05-09 - 0.007
Norman 6.07.08 6.07.00 2011-05-14 - 14.015
nProtect 20110514.01 3450444 2011-05-14 - 40.092
Panda 9.05.01 2011.05.14 2011-05-14 - 40.091
Quick Heal 11.00 2011.05.14 2011-05-14 - 40.089
Rising 20.0 23.57.04.05 2011-05-13 - 40.090
Sophos 3.19.1 4.65 2011-05-15 - 3.925
Sunbelt 3.9.2492.2 9238 2011-05-09 - 40.131
Symantec 1.3.0.24 20110514.002 2011-05-14 - 0.227
The Hacker 6.7.0.1 v00176 2011-04-18 - 40.092
Trend Micro 9.200-1012 8.156.05 2011-05-14 - 0.029
VBA32 3.12.16.0 20110511.2137 2011-05-11 - 4.315
ViRobot 20110514 2011.05.14 2011-05-14 - 40.102
VirusBuster 5.2.0.28 13.6.354.2/5179410 2011-05-15 - 0.002
• ■Heuristic/Suspicious ■Exact
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database.


File information
File Name : 8735771.sys
File Size : 311312 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 64d93ec1218765498c40619427a85a91
SHA1 : 5695668698653c1b24adf47fe4ed11aca821c9cd

Scanner results :
Scanners did not find malware!
Time : 2011/05/14 22:43:45 (EDT)
Scanner
Engine Ver
Sig Ver
Sig Date
Scan result
Time

a-squared 5.1.0.2 20110514030832 2011-05-14 - 40.094
AhnLab V3 2011.05.15.00 2011.05.15 2011-05-15 - 40.090
AntiVir 8.2.4.228 7.11.8.21 2011-05-13 - 0.271
Antiy 2.0.18 20110205.7694535 2011-02-05 - 0.121
Arcavir 2011 201105080215 2011-05-08 - 0.339
Authentium 5.1.1 201105141019 2011-05-14 - 2.584
AVAST! 4.7.4 110514-1 2011-05-14 - 0.028
AVG 8.5.850 271.1.1/3638 2011-05-15 - 0.256
BitDefender 7.90123.7313396 7.37470 2011-05-15 - 5.997
ClamAV 0.96.5 13078 2011-05-14 - 0.075
Comodo 4.0 8703 2011-05-14 - 40.091
CP Secure 1.3.0.5 2011.05.14 2011-05-14 - 0.002
Dr.Web 5.0.2.3300 2011.05.15 2011-05-15 - 11.977
F-Prot 4.4.4.56 20110514 2011-05-14 - 2.573
F-Secure 7.02.73807 2011.05.14.01 2011-05-14 - 0.193
Fortinet 4.2.257 13.218 2011-05-13 - 40.093
GData 22.330/22.97 20110513 2011-05-13 - 40.100
Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 - 0.007
JiangMin 13.0.900 2011.05.14 2011-05-14 - 40.091
Kaspersky 5.5.10 2011.05.14 2011-05-14 - 0.103
KingSoft 2009.2.5.15 2011.5.15.9 2011-05-15 - 40.097
McAfee 5400.1158 6340 2011-05-08 - 13.327
Microsoft 1.6802 2011.05.14 2011-05-14 - 40.090
NOD32 3.0.21 6108 2011-05-09 - 0.040
Norman 6.07.08 6.07.00 2011-05-14 - 26.026
nProtect 20110514.01 3450444 2011-05-14 - 40.091
Panda 9.05.01 2011.05.14 2011-05-14 - 40.102
Quick Heal 11.00 2011.05.14 2011-05-14 - 40.094
Rising 20.0 23.57.04.05 2011-05-13 - 40.205
Sophos 3.19.1 4.65 2011-05-15 - 4.283
Sunbelt 3.9.2492.2 9238 2011-05-09 - 40.106
Symantec 1.3.0.24 20110514.002 2011-05-14 - 0.219
The Hacker 6.7.0.1 v00176 2011-04-18 - 40.373
Trend Micro 9.200-1012 8.156.05 2011-05-14 - 0.062
VBA32 3.12.16.0 20110511.2137 2011-05-11 - 5.435
ViRobot 20110514 2011.05.14 2011-05-14 - 40.096
VirusBuster 5.2.0.28 13.6.354.2/5179410 2011-05-15 - 0.026
■Heuristic/Suspicious ■Exact
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database.


File information
File Name : 87357711.sys
File Size : 128016 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 7dd41b7ac1fbb1dbf20bb1f4e4fbe58c
SHA1 : c763c52f8b0dbb6594f1a81246ae2c27c6f74557

Scanner results :
Scanners did not find malware!
Time : 2011/05/14 23:02:38 (EDT)
Scanner
Engine Ver
Sig Ver
Sig Date
Scan result
Time

a-squared 5.1.0.2 20110514030832 2011-05-14 - 40.091
AhnLab V3 2011.05.15.00 2011.05.15 2011-05-15 - 40.090
AntiVir 8.2.4.228 7.11.8.21 2011-05-13 - 0.283
Antiy 2.0.18 20110205.7694535 2011-02-05 - 0.121
Arcavir 2011 201105080215 2011-05-08 - 0.054
Authentium 5.1.1 201105141019 2011-05-14 - 1.787
AVAST! 4.7.4 110514-1 2011-05-14 - 0.025
AVG 8.5.850 271.1.1/3638 2011-05-15 - 0.252
BitDefender 7.90123.7313396 7.37470 2011-05-15 - 5.804
ClamAV 0.96.5 13078 2011-05-14 - 0.044
Comodo 4.0 8703 2011-05-14 - 40.090
CP Secure 1.3.0.5 2011.05.14 2011-05-14 - 0.002
Dr.Web 5.0.2.3300 2011.05.15 2011-05-15 - 11.999
F-Prot 4.4.4.56 20110514 2011-05-14 - 1.846
F-Secure 7.02.73807 2011.05.14.01 2011-05-14 - 0.166
Fortinet 4.2.257 13.218 2011-05-13 - 40.103
GData 22.330/22.97 20110513 2011-05-13 - 40.092
Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 - 0.007
JiangMin 13.0.900 2011.05.14 2011-05-14 - 40.090
Kaspersky 5.5.10 2011.05.14 2011-05-14 - 0.113
KingSoft 2009.2.5.15 2011.5.15.9 2011-05-15 - 40.099
McAfee 5400.1158 6340 2011-05-08 - 9.846
Microsoft 1.6802 2011.05.14 2011-05-14 - 40.096
NOD32 3.0.21 6108 2011-05-09 - 0.322
Norman 6.07.08 6.07.00 2011-05-14 - 16.019
nProtect 20110514.01 3450444 2011-05-14 - 40.099
Panda 9.05.01 2011.05.14 2011-05-14 - 40.090
Quick Heal 11.00 2011.05.14 2011-05-14 - 40.091
Rising 20.0 23.57.04.05 2011-05-13 - 40.094
Sophos 3.19.1 4.65 2011-05-15 - 4.008
Sunbelt 3.9.2492.2 9238 2011-05-09 - 40.090
Symantec 1.3.0.24 20110514.002 2011-05-14 - 0.205
The Hacker 6.7.0.1 v00176 2011-04-18 - 40.115
Trend Micro 9.200-1012 8.156.05 2011-05-14 - 0.116
VBA32 3.12.16.0 20110511.2137 2011-05-11 - 7.937
ViRobot 20110514 2011.05.14 2011-05-14 - 40.103
VirusBuster 5.2.0.28 13.6.354.2/5179410 2011-05-15 - 0.002
■Heuristic/Suspicious ■Exact
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database.
  • 0

#8
sempai
Posted 14 May 2011 - 09:46 PM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

File::
c:\windows\system32\Drivers\ute4odq4.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

Driver::
ute4odq4

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


  • 0

#9
csurp34
Posted 14 May 2011 - 11:29 PM

csurp34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
While combofix was preparing the log, a popup window came up with the message:

“Peu.cfxxe has stopped working. A problem caused the program to stop working correctly. Windows will close the program”. There was a close program button so I clicked it.

The window came back with the same message and I closed it again.

Also, while the log was being prepared there were twi identical lines showing.

“SED: can’t read catchlog. No such file or directory exists”.

The text log then came up.

ComboFix 11-05-14.01 - Chris 05/15/2011 0:58.4.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2022.934 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\Drivers\ute4odq4.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UTE4ODQ4
-------\Service_Parameters
-------\Service_ute4odq4
.
.
((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
.
.
2011-05-15 05:07 . 2011-05-15 05:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-15 02:57 . 2011-05-15 02:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 21:01 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\87357712.sys
2011-05-10 21:01 . 2009-10-10 03:31 311312 ----a-w- c:\windows\system32\drivers\8735771.sys
2011-05-10 21:01 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\87357711.sys
2011-05-09 12:51 . 2011-05-09 12:51 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-05-09 12:50 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 12:50 . 2011-05-09 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-09 12:50 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 17:03 . 2011-05-08 17:09 -------- d-----w- c:\windows\system32\catroot2
2011-04-21 14:18 . 2011-04-21 14:19 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-10-24 1232896]
"DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-31 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-02 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-02 129560]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-21 4702208]
"OEM07Mon.exe"="c:\windows\OEM07Mon.exe" [2007-07-20 36864]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"MediaButtons"="c:\windows\System32\MediaButtons.exe" [2007-09-20 2433024]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_10.05.2011_23-44[1].lnk - c:\users\Chris\Desktop\Virus Removal Tool\setup_9.0.0.722_10.05.2011_23-44[1]\startup.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-5 727592]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-10-24 696320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"link"= 00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-10-24 20:56 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4234614814-3669509041-980374843-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl049353da;MpKsl049353da;\c:\\ProgramData\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{636EE14A-9E92-44E0-B6F4-85927032C65C}\\MpKsl049353da.sys [x]
R1 MpKsl13705659;MpKsl13705659;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9DB4BF-A685-4CEE-958F-2C6DF55AF0B3}\MpKsl13705659.sys [x]
R1 MpKsl13f7feae;MpKsl13f7feae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68E48968-CB0D-4439-ABC3-A127CFE62ACA}\MpKsl13f7feae.sys [x]
R1 MpKsl37a66008;MpKsl37a66008;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{365DDE67-33D5-4FDE-8751-D01D0D1C951D}\MpKsl37a66008.sys [x]
R1 MpKsl40d990f2;MpKsl40d990f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{127A47A6-1615-4662-ADAE-4E2DE0EDB49C}\MpKsl40d990f2.sys [x]
R1 MpKsl47b8f110;MpKsl47b8f110;\c:\\ProgramData\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{636EE14A-9E92-44E0-B6F4-85927032C65C}\\MpKsl47b8f110.sys [x]
R1 MpKsl4ec7d0aa;MpKsl4ec7d0aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C39FC02D-7DCD-4D57-BE1F-0F188A844B46}\MpKsl4ec7d0aa.sys [x]
R1 MpKsl570d4e2e;MpKsl570d4e2e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B217226-97CD-4091-9FB1-4C6799FAF012}\MpKsl570d4e2e.sys [x]
R1 MpKsl57efdfb2;MpKsl57efdfb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9DB4BF-A685-4CEE-958F-2C6DF55AF0B3}\MpKsl57efdfb2.sys [x]
R1 MpKsl5f44e7bc;MpKsl5f44e7bc;\c:\\ProgramData\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{9CF3BE01-6BC1-48D1-AD19-637FDEED08CD}\\MpKsl5f44e7bc.sys [x]
R1 MpKsl7b7ede55;MpKsl7b7ede55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{395F6889-F6C8-43A3-AED3-8B0322B3D7DD}\MpKsl7b7ede55.sys [x]
R1 MpKsl977d2ed0;MpKsl977d2ed0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9DB4BF-A685-4CEE-958F-2C6DF55AF0B3}\MpKsl977d2ed0.sys [x]
R1 MpKsld71cdbc3;MpKsld71cdbc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A881C4F-A80D-41BB-933D-C05C147CAFBA}\MpKsld71cdbc3.sys [x]
R1 MpKsled6c6cc5;MpKsled6c6cc5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9DB4BF-A685-4CEE-958F-2C6DF55AF0B3}\MpKsled6c6cc5.sys [x]
R1 MpKslf0846485;MpKslf0846485;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76F4ED40-316F-497A-BD03-0C804ECBCA37}\MpKslf0846485.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 Winferno Subscription Service;Winferno Subscription Service;c:\program files\Common Files\Winferno\WSS\WSS.exe [2007-07-30 126976]
S0 87357712;87357712 Boot Guard Driver;c:\windows\system32\DRIVERS\87357712.sys [2009-10-22 37392]
S1 87357711;87357711;c:\windows\system32\DRIVERS\87357711.sys [2009-09-25 128016]
S3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\system32\drivers\A885VCap.sys [2007-09-08 733824]
S3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\DRIVERS\DLACPI.sys [2007-05-17 14656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-18 102448]
S3 OEM07Vfx;Creative Camera OEM007 Video VFX Driver;c:\windows\system32\DRIVERS\OEM07Vfx.sys [2007-03-05 7424]
S3 OEM07Vid;Creative Camera OEM007 Driver;c:\windows\system32\DRIVERS\OEM07Vid.sys [2007-07-20 235552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-31 01:41]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 19:43]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 19:43]
.
2011-05-15 c:\windows\Tasks\User_Feed_Synchronization-{8E6F3B8C-57FF-432D-A93D-139DA3D94AAA}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
2011-05-15 c:\windows\Tasks\WSSHelper.job
- c:\program files\Common Files\Winferno\WSS\WSSHelper.exe [2008-10-28 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
.
.
**************************************************************************
scanning hidden processes ...
.
c:\windows\System32\SearchFilterHost.exe [1576] 0x8530C5A0
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4304)
c:\program files\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\msdtc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-05-15 01:19:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-15 05:18
ComboFix2.txt 2011-05-14 15:23
ComboFix3.txt 2011-05-14 14:52
ComboFix4.txt 2011-05-08 00:28
.
Pre-Run: 432,146,337,792 bytes free
Post-Run: 432,776,916,992 bytes free
.
- - End Of File - - BF2C9CD79346C435325B7B3F625A8450
  • 0

#10
sempai
Posted 14 May 2011 - 11:49 PM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

Advertisements

#11
csurp34
Posted 15 May 2011 - 08:00 AM

csurp34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I noticed this morning that Symantec had run a scheduled scan (no negative results). I thought that I had disabled it so I uninstalled it prior to running MBAM.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6583

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

5/15/2011 9:54:35 AM
mbam-log-2011-05-15 (09-54-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 250352
Time elapsed: 1 hour(s), 0 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
sempai
Posted 15 May 2011 - 08:24 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Let's run a final scan to make sure that there is no more remnant.


1. I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



2. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe (Run as Administrator for windows Vista/7) and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



3. Please run OTL and click the Quick Scan button, post the new report for my review.
  • 0

#13
csurp34
Posted 15 May 2011 - 08:45 AM

csurp34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Your grreen button doesn't work with or without the control key. I click on the blue eset link and I get to the site. After I click the license box and start, a small blue window opens with a small picture in the upper left (picture doesn't open) and everything freezes.

I did just try to run OTL but it still freezes.
  • 0

#14
sempai
Posted 16 May 2011 - 07:13 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Let's run some more scanners for a deeper analysis.


1. Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



2. Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  • 0

#15
csurp34
Posted 16 May 2011 - 08:32 AM

csurp34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
2011/05/16 09:40:43.0394 5112 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 09:40:43.0830 5112 ================================================================================
2011/05/16 09:40:43.0830 5112 SystemInfo:
2011/05/16 09:40:43.0830 5112
2011/05/16 09:40:43.0830 5112 OS Version: 6.0.6000 ServicePack: 0.0
2011/05/16 09:40:43.0830 5112 Product type: Workstation
2011/05/16 09:40:43.0830 5112 ComputerName: CHRIS-PC
2011/05/16 09:40:43.0830 5112 UserName: Chris
2011/05/16 09:40:43.0830 5112 Windows directory: C:\Windows
2011/05/16 09:40:43.0830 5112 System windows directory: C:\Windows
2011/05/16 09:40:43.0830 5112 Processor architecture: Intel x86
2011/05/16 09:40:43.0830 5112 Number of processors: 2
2011/05/16 09:40:43.0830 5112 Page size: 0x1000
2011/05/16 09:40:43.0830 5112 Boot type: Normal boot
2011/05/16 09:40:43.0830 5112 ================================================================================
2011/05/16 09:40:44.0314 5112 Initialize success
2011/05/16 09:40:54.0407 4860 ================================================================================
2011/05/16 09:40:54.0407 4860 Scan started
2011/05/16 09:40:54.0407 4860 Mode: Manual;
2011/05/16 09:40:54.0407 4860 ================================================================================
2011/05/16 09:40:56.0310 4860 87357711 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\87357711.sys
2011/05/16 09:40:56.0342 4860 87357712 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\87357712.sys
2011/05/16 09:40:56.0388 4860 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/05/16 09:40:56.0435 4860 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/16 09:40:56.0482 4860 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/16 09:40:56.0513 4860 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/16 09:40:56.0560 4860 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/16 09:40:56.0622 4860 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/05/16 09:40:56.0669 4860 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/16 09:40:56.0716 4860 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/16 09:40:56.0747 4860 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/05/16 09:40:56.0778 4860 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/16 09:40:56.0810 4860 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/05/16 09:40:56.0841 4860 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/16 09:40:56.0872 4860 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/16 09:40:56.0934 4860 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/16 09:40:56.0966 4860 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/16 09:40:57.0012 4860 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/16 09:40:57.0122 4860 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/05/16 09:40:57.0215 4860 BCM43XV (8f960919326fdf929043cb909fb421a9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/16 09:40:57.0293 4860 BCM43XX (8f960919326fdf929043cb909fb421a9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/16 09:40:57.0340 4860 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/05/16 09:40:57.0418 4860 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/16 09:40:57.0480 4860 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/16 09:40:57.0496 4860 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/16 09:40:57.0543 4860 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/16 09:40:57.0558 4860 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/16 09:40:57.0605 4860 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/16 09:40:57.0621 4860 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/16 09:40:57.0683 4860 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/16 09:40:57.0714 4860 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/16 09:40:57.0746 4860 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/16 09:40:57.0792 4860 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/05/16 09:40:57.0824 4860 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/16 09:40:57.0855 4860 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
2011/05/16 09:40:57.0886 4860 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/05/16 09:40:57.0917 4860 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/16 09:40:57.0995 4860 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/16 09:40:58.0058 4860 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/16 09:40:58.0338 4860 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/16 09:40:58.0385 4860 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/05/16 09:40:58.0432 4860 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/05/16 09:40:58.0463 4860 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/16 09:40:58.0510 4860 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/16 09:40:58.0541 4860 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/16 09:40:58.0635 4860 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
2011/05/16 09:40:58.0744 4860 CXSONORA (449a7ca685c7342771baa7e162b94777) C:\Windows\system32\drivers\A885VCap.sys
2011/05/16 09:40:58.0838 4860 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/05/16 09:40:58.0916 4860 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/05/16 09:40:58.0962 4860 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/05/16 09:40:58.0994 4860 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/05/16 09:40:59.0087 4860 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/05/16 09:40:59.0118 4860 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2011/05/16 09:40:59.0150 4860 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/05/16 09:40:59.0181 4860 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/05/16 09:40:59.0196 4860 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/05/16 09:40:59.0228 4860 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/05/16 09:40:59.0274 4860 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/05/16 09:40:59.0290 4860 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/05/16 09:40:59.0368 4860 DLXPDisplayName (999e4dbed85966ff4e7d82a774107af7) C:\Windows\system32\DRIVERS\DLACPI.sys
2011/05/16 09:40:59.0446 4860 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/16 09:40:59.0477 4860 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/05/16 09:40:59.0524 4860 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/05/16 09:40:59.0571 4860 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/16 09:40:59.0633 4860 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/16 09:40:59.0711 4860 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/16 09:40:59.0774 4860 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/05/16 09:40:59.0836 4860 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/16 09:40:59.0930 4860 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/05/16 09:40:59.0976 4860 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/16 09:41:00.0039 4860 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/05/16 09:41:00.0054 4860 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/05/16 09:41:00.0164 4860 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/16 09:41:00.0242 4860 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/05/16 09:41:00.0304 4860 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/16 09:41:00.0335 4860 fvevol (06a1cf72fbe3b50035fbff428c8d84b4) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/16 09:41:00.0382 4860 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/16 09:41:00.0476 4860 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/16 09:41:00.0522 4860 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/16 09:41:00.0569 4860 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\Windows\system32\DRIVERS\HECI.sys
2011/05/16 09:41:00.0616 4860 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/16 09:41:00.0647 4860 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/16 09:41:00.0694 4860 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/16 09:41:00.0725 4860 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/16 09:41:00.0756 4860 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/05/16 09:41:00.0803 4860 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/16 09:41:00.0850 4860 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/16 09:41:00.0897 4860 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/16 09:41:00.0990 4860 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/16 09:41:01.0146 4860 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/16 09:41:01.0256 4860 IntcAzAudAddService (a7fd19846ba93ca7d15b55919695d06a) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/16 09:41:01.0365 4860 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/05/16 09:41:01.0427 4860 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/16 09:41:01.0490 4860 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/16 09:41:01.0583 4860 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/16 09:41:01.0630 4860 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/16 09:41:01.0646 4860 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/05/16 09:41:01.0677 4860 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/16 09:41:01.0708 4860 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/16 09:41:01.0739 4860 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/16 09:41:01.0755 4860 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/16 09:41:01.0802 4860 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/16 09:41:01.0833 4860 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/16 09:41:01.0880 4860 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/16 09:41:01.0958 4860 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/16 09:41:02.0020 4860 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/16 09:41:02.0223 4860 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/16 09:41:02.0270 4860 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/16 09:41:02.0301 4860 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/16 09:41:02.0332 4860 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/16 09:41:02.0363 4860 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/05/16 09:41:02.0426 4860 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/05/16 09:41:02.0504 4860 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/16 09:41:02.0550 4860 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/05/16 09:41:02.0597 4860 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/16 09:41:02.0628 4860 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/16 09:41:02.0660 4860 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/16 09:41:02.0706 4860 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/05/16 09:41:02.0753 4860 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/16 09:41:03.0533 4860 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/16 09:41:03.0861 4860 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/16 09:41:04.0017 4860 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/05/16 09:41:04.0079 4860 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/16 09:41:04.0251 4860 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/16 09:41:04.0344 4860 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/16 09:41:04.0438 4860 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys
2011/05/16 09:41:04.0516 4860 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/16 09:41:04.0594 4860 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/05/16 09:41:04.0641 4860 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/05/16 09:41:04.0734 4860 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/16 09:41:04.0766 4860 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/16 09:41:04.0812 4860 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/05/16 09:41:04.0890 4860 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/05/16 09:41:04.0937 4860 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/16 09:41:05.0031 4860 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/05/16 09:41:05.0078 4860 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/05/16 09:41:05.0187 4860 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/16 09:41:05.0265 4860 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/05/16 09:41:05.0312 4860 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/16 09:41:05.0343 4860 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/16 09:41:05.0374 4860 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/16 09:41:05.0405 4860 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/05/16 09:41:05.0452 4860 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/16 09:41:05.0499 4860 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/16 09:41:05.0608 4860 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/16 09:41:05.0686 4860 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/05/16 09:41:05.0748 4860 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/16 09:41:05.0842 4860 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/05/16 09:41:05.0936 4860 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/16 09:41:05.0998 4860 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/05/16 09:41:06.0107 4860 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/05/16 09:41:06.0154 4860 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/05/16 09:41:06.0248 4860 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/16 09:41:06.0388 4860 OEM07Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM07Vfx.sys
2011/05/16 09:41:06.0435 4860 OEM07Vid (bca1f5249018277cd423f00de448a8d2) C:\Windows\system32\DRIVERS\OEM07Vid.sys
2011/05/16 09:41:06.0497 4860 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/16 09:41:06.0747 4860 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/16 09:41:06.0825 4860 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/05/16 09:41:06.0887 4860 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/16 09:41:06.0934 4860 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/05/16 09:41:07.0028 4860 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
2011/05/16 09:41:07.0074 4860 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/16 09:41:07.0152 4860 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/16 09:41:07.0355 4860 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/16 09:41:07.0386 4860 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/16 09:41:07.0480 4860 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/16 09:41:07.0527 4860 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/16 09:41:07.0589 4860 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/16 09:41:07.0636 4860 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/16 09:41:07.0683 4860 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/16 09:41:07.0714 4860 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/16 09:41:07.0761 4860 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/16 09:41:07.0792 4860 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/16 09:41:07.0839 4860 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/16 09:41:07.0854 4860 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/16 09:41:07.0948 4860 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/05/16 09:41:07.0995 4860 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/16 09:41:08.0057 4860 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/05/16 09:41:08.0120 4860 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/16 09:41:08.0229 4860 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/16 09:41:08.0276 4860 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/16 09:41:08.0354 4860 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2011/05/16 09:41:08.0400 4860 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/05/16 09:41:08.0432 4860 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/16 09:41:08.0478 4860 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
2011/05/16 09:41:08.0588 4860 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/16 09:41:08.0775 4860 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/16 09:41:09.0087 4860 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/16 09:41:09.0149 4860 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/16 09:41:09.0227 4860 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/16 09:41:09.0336 4860 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/16 09:41:09.0383 4860 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/05/16 09:41:09.0508 4860 setup_9.0.0.722_10.05.2011_23-44[1]drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\8735771.sys
2011/05/16 09:41:09.0539 4860 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/16 09:41:09.0602 4860 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/16 09:41:09.0633 4860 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/16 09:41:09.0695 4860 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/16 09:41:09.0758 4860 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/16 09:41:09.0867 4860 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/16 09:41:09.0960 4860 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/16 09:41:10.0116 4860 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/05/16 09:41:10.0179 4860 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/05/16 09:41:10.0304 4860 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/16 09:41:10.0366 4860 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/16 09:41:10.0413 4860 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/16 09:41:10.0475 4860 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/16 09:41:10.0584 4860 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/16 09:41:10.0662 4860 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/16 09:41:10.0772 4860 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/16 09:41:10.0896 4860 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/05/16 09:41:11.0115 4860 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/16 09:41:11.0240 4860 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/16 09:41:11.0318 4860 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/05/16 09:41:11.0364 4860 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/16 09:41:11.0396 4860 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/16 09:41:11.0427 4860 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/16 09:41:11.0489 4860 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/16 09:41:11.0520 4860 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/16 09:41:11.0567 4860 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/16 09:41:11.0598 4860 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/16 09:41:11.0630 4860 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/16 09:41:11.0661 4860 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/16 09:41:11.0692 4860 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/16 09:41:11.0723 4860 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/16 09:41:11.0754 4860 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/16 09:41:11.0786 4860 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/16 09:41:11.0848 4860 usbccgp (05bca54c08783cd8e5f66b918672c465) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/16 09:41:11.0879 4860 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/16 09:41:11.0910 4860 usbehci (2eb960b1d4d3955d6869828a795b4942) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/16 09:41:11.0957 4860 usbhub (eb2ae90cf43f490f4832669d7f84e7da) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/16 09:41:11.0988 4860 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/16 09:41:12.0020 4860 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/16 09:41:12.0051 4860 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/16 09:41:12.0098 4860 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/16 09:41:12.0144 4860 usbuhci (1b3f9bbb6f3cd76745759ef8e0c94fab) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/16 09:41:12.0191 4860 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/16 09:41:12.0285 4860 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/16 09:41:12.0300 4860 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/05/16 09:41:12.0332 4860 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/16 09:41:12.0363 4860 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/16 09:41:12.0394 4860 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/05/16 09:41:12.0425 4860 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/05/16 09:41:12.0456 4860 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/05/16 09:41:12.0503 4860 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/05/16 09:41:12.0550 4860 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/16 09:41:12.0644 4860 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/16 09:41:12.0675 4860 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 09:41:12.0706 4860 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 09:41:12.0815 4860 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/16 09:41:12.0893 4860 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/16 09:41:13.0174 4860 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/16 09:41:13.0283 4860 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/16 09:41:13.0330 4860 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/16 09:41:13.0408 4860 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/16 09:41:13.0486 4860 ================================================================================
2011/05/16 09:41:13.0486 4860 Scan finished
2011/05/16 09:41:13.0486 4860 ================================================================================

RK didn’t have the buttons that you described. I clicked on drivers, scan, report.

Then Stealth (nothing there), scan (nothing), report


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
0x8BC93000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x8D770000 C:\Windows\system32\DRIVERS\8735771.sys 327680 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wlh_x86])
0x8DCE0000 C:\Windows\system32\DRIVERS\87357711.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0x8875F000 C:\Windows\system32\DRIVERS\87357712.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)
0x8C40C000 C:\Windows\system32\drivers\A885VCap.sys 737280 bytes (AVerMedia TECHNOLOGIES, Inc., AVerMedia CX23885 AVStream Video Capture Driver)
0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x82FA1000 ACPI_HAL 212992 bytes
0x8D9B9000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB249F000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8040D000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80798000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8CCFE000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1056768 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x895F5000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x8943C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x80255000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xA9FF0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8BE3C000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8E21F000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x96C3C000 C:\Windows\System32\Drivers\bthport.sys 237568 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x96F40000 C:\Windows\System32\Drivers\BTHUSB.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x98480000 C:\Windows\system32\drivers\btwaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x96E3A000 C:\Windows\system32\drivers\btwavdt.sys 421888 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x895EC000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0xA8E10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0xB1659000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8CC53000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0x8CC03000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x88775000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8021A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8BEE1000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8876C000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D898000 C:\Windows\system32\drivers\csc.sys 339968 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8D881000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x88796000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x89458000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x8940B000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x894BC000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x8BD31000 C:\Windows\system32\DRIVERS\DLACPI.sys 32768 bytes (-, DL ACPI Utility)
0x96E35000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0x98421000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0x96EF3000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0x894C0000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0x8BDB8000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x9846A000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xA920C000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x8D00D000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x80733000 C:\Windows\System32\Drivers\DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0x8DCBF000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x8D866000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8BC48000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8BFE5000 C:\Windows\System32\Drivers\dump_msahci.sys 36864 bytes
0x8BE14000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8C538000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C4FD000 C:\Windows\system32\DRIVERS\e1e6032.sys 241664 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x88405000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80749000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x80759000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8BFF7000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x887A7000 C:\Windows\System32\DRIVERS\fvevol.sys 143360 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8D648000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x82FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8BCA1000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8BC24000 C:\Windows\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0x890A0000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8DC3B000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8944A000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8BFC1000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB1C71000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8C5D5000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6467584 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8BC2F000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8BCBE000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BFDC000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8CCD4000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8842A000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x89466000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x96F10000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8BD79000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x98439000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8BDC4000 C:\Windows\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
0x80266000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8BEBA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8E207000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8C401000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8BD69000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80415000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0xAC42A000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0xAC474000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB2442000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0xAC462000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x80404000 C:\Windows\system32\drivers\msahci.sys 36864 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8D744000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x80459000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8CC28000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x885D5000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8BE00000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x80600000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80626000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8BC88000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8BE82000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D19D000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x890E0000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x8D979000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D987000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8859C000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB2502000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8D736000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8BE0A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88494000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x82C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x8942E000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xA9EBC000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x96D7A000 C:\Windows\system32\DRIVERS\OEM07Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0x96D06000 C:\Windows\system32\DRIVERS\OEM07Vid.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x89090000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D609000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8060F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x80434000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8078A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB3C62000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x82C00000 PnpManager 3805184 bytes
0x8D032000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8025D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8072A000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8BF82000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x8CC11000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x891B4000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D18A000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x82C00000 RAW 3805184 bytes
0x8D92B000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BD29000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D103000 C:\Windows\system32\DRIVERS\rdpdr.sys 552960 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8BD39000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8DC1F000 C:\Windows\system32\DRIVERS\rfcomm.sys 69632 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x8BD09000 C:\Windows\system32\DRIVERS\rimmptsk.sys 32768 bytes (REDC, RICOH MMC Driver)
0x89435000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8BEAD000 C:\Windows\system32\DRIVERS\rimsptsk.sys 53248 bytes (REDC, RICOH MS Driver)
0x8CC6B000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x8BD71000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xAA024000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D220000 C:\Windows\system32\drivers\RTKVHDA.sys 1966080 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8CCBC000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8BE6E000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8D61F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8061E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAA077000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0xB176F000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xB1C0D000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0xAA009000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x8D1C0000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x894C8000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D661000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)
0x8DC46000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8BC00000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8D633000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0x8BD8B000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0xA8E00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BFD3000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BC3D000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BED4000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8E3A9000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x96EA1000 C:\Windows\system32\DRIVERS\usbcir.sys 90112 bytes (Microsoft Corporation, USB Consumer IR Driver for eHome)
0x894BE000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8BC0B000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8D06F000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8C4C0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8BE1E000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x8BF2F000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x8BC19000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8D001000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D74F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x80425000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x807B6000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x887CA000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D966000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BEA0000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x8020D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x96200000 Win32k 2097152 bytes
0x96200000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x80204000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82C00000 WMIxWDM 3805184 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP