Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

internet Browser is opening by itself and links to websites that I try


  • This topic is locked This topic is locked

#1
HelenS

HelenS

    New Member

  • Member
  • Pip
  • 6 posts
Hello,

For the past two weeks, I have been having issues that seem to be getting worse. I have anti-virus software which I run frequently and have had several Trojan Horse attacks in the past couple of months. My virus software shows these files are quarantined, however, I am experiencing unusual behavior and am not sure if it there is something that my software didn't find or if something is left over. There are a couple of things that are happening: 1) an error dialog box stating that 'Host Process for Windows Services has stopped working' repeatedly appears (here is what is displayed under the details - Problem signature:
Problem Event Name: APPCRASH
Application Name: svchost.exe
Application Version: 6.1.7600.16385
Application Timestamp: 4a5bc3c1
Fault Module Name: mshtml.dll
Fault Module Version: 8.0.7600.16853
Fault Module Timestamp: 4e292627
Exception Code: c0000005
Exception Offset: 000000000019a604
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional Information 1: 45ab
Additional Information 2: 45ab80cc33f5b4f243297a5b9c95febc
Additional Information 3: 88b7
Additional Information 4: 88b72486eaebe864d1e1c29fe9acbe61
2) Internet browser launches on its own and opens several windows with Google start page;
3) When I click on internet links, I am being redirected to other sites

Per instructions, below is OTL log:
OTL logfile created on: 11/8/2011 12:37:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\a\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.74% Memory free
8.00 Gb Paging File | 6.35 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 663.08 Gb Total Space | 612.81 Gb Free Space | 92.42% Space Free | Partition Type: NTFS
Drive E: | 120.83 Mb Total Space | 8.19 Mb Free Space | 6.78% Space Free | Partition Type: FAT

Computer Name: A-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 12:37:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\a\Downloads\OTL.exe
PRC - [2011/09/09 09:50:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/08 09:48:48 | 000,825,960 | ---- | M] (Fortinet Inc.) -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/12 15:38:34 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/07/24 17:24:14 | 000,275,840 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/07/09 10:08:10 | 000,023,608 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2009/07/09 10:05:00 | 000,021,560 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/18 14:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2008/08/28 20:49:00 | 002,516,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006/12/13 19:02:08 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2006/12/13 19:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/12/13 19:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006/12/07 18:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/09 09:50:55 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 15:10:03 | 002,147,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\7e02ce44d03bc0802d8061678feb3356\ReachFramework.ni.dll
MOD - [2011/08/16 15:09:43 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/16 15:09:35 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/16 15:09:33 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/16 15:09:21 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/16 15:09:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/16 15:09:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/16 15:09:10 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/16 15:09:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/26 20:07:32 | 003,884,312 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/12 18:15:06 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/15 14:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/02/08 09:48:48 | 000,825,960 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/12 18:13:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/12 15:38:34 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 17:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/24 17:24:14 | 000,275,840 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/07/09 10:05:00 | 000,021,560 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2006/12/13 19:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/12/13 19:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 11:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/29 08:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/01/13 09:49:07 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/12 17:21:33 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/12 15:38:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/01/12 15:38:33 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/01/12 15:38:32 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/01/12 15:38:28 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009/08/04 15:14:00 | 001,019,776 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2009/07/21 15:53:06 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 10:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/22 17:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006/11/22 17:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006/11/22 17:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2011/10/18 05:55:24 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\EX64.SYS -- (NAVEX15)
DRV - [2011/10/18 05:55:24 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\ENG64.SYS -- (NAVENG)
DRV - [2011/08/12 03:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/30 03:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/11/22 17:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006/11/22 17:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006/11/22 17:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.search.us.com?user_id=1969836&guid={D9427AA5-2491-4855-B3EF-11A1A7ABDBBC}&s=11
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 0A E6 8E 36 72 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 8E 56 00 3C F9 DB 49 BC 5B F5 63 1D 0D 73 AC [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\a\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll (Hulu LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/09 09:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/19 08:16:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{81e90980-2fbb-4c51-8460-347a10c86d40}: C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Firefox\ [2010/11/01 18:35:41 | 000,000,000 | ---D | M]

[2011/08/19 08:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\Mozilla\Extensions
[2011/10/18 08:25:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1j7m3mzw.default\extensions
[2011/10/18 08:25:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1j7m3mzw.default\extensions\{2734dea7-0fb4-425d-b677-d20d5ba9c2c8}
[2011/08/19 08:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/28 17:30:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/09 09:50:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/27 00:20:44 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll
[2010/12/28 17:30:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/01/12 17:23:47 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Reg Error: Value error.) - {00568E23-F93C-49DB-BC5B-F5631D0D73Ac} - C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-032.dll (People Can Fly)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {1631550F-191D-4826-B069-D9439253D926} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (PureDef ToolBar) - {E3A80BA5-D967-4eab-891F-A49CADD92835} - C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Toolbop_3.3.dll (Tightrope Interactive)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (PureDef ToolBar) - {E3A80BA5-D967-4EAB-891F-A49CADD92835} - C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Toolbop_3.3.dll (Tightrope Interactive)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vptray] C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [winupd] C:\Users\a\AppData\Local\Temp\winupd.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk = C:\Users\a\AppData\Local\Temp\winupd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66C5D16-332A-4502-B136-80272027CF18}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\g7ps - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\a\AppData\Local\3b9b1deb\X) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eff36036-ffc8-11de-8d12-00247e60aad4}\Shell - "" = AutoRun
O33 - MountPoints2\{eff36036-ffc8-11de-8d12-00247e60aad4}\Shell\AutoRun\command - "" = G:\Autoplay.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 08:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/08 08:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/26 11:14:46 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/26 11:14:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/25 15:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/10/25 15:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/10/25 15:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011/10/25 15:43:21 | 000,000,000 | ---D | C] -- C:\rei
[2011/10/25 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/10/20 10:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
[2011/10/20 10:16:22 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2011/10/20 10:16:08 | 000,931,168 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2011/10/20 10:16:08 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/10/20 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2011/10/20 10:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink
[2011/10/20 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\ParetoLogic
[2011/10/20 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\DriverCure
[2011/10/20 09:59:44 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/10/20 09:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2011/10/20 09:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/10/20 09:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2011/10/10 06:28:55 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\a\taskmgr.exe
[2011/10/10 06:28:52 | 000,000,000 | -HSD | C] -- C:\Users\a\AppData\Local\3b9b1deb

========== Files - Modified Within 30 Days ==========

[2011/11/08 12:38:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 12:38:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 12:15:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 08:40:08 | 000,002,093 | ---- | M] () -- C:\Users\a\Desktop\HijackThis.lnk
[2011/11/06 22:29:22 | 000,000,972 | R-S- | M] () -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
[2011/11/06 22:28:21 | 000,002,821 | ---- | M] () -- C:\Users\a\Desktop\Microsoft Office Word 2007.lnk
[2011/11/06 22:28:21 | 000,002,781 | ---- | M] () -- C:\Users\a\Desktop\Microsoft Office Excel 2007.lnk
[2011/11/06 22:28:21 | 000,001,058 | ---- | M] () -- C:\Users\a\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/11/06 22:28:21 | 000,001,054 | ---- | M] () -- C:\Users\a\Desktop\SpywareBlaster.lnk
[2011/11/06 00:20:04 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/11/05 23:56:12 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/11/05 23:56:12 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\PureDef Toolbar Updater.job
[2011/10/27 19:29:14 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/27 19:29:14 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/27 19:29:14 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/27 19:24:30 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 11:14:46 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/25 15:43:53 | 000,000,272 | ---- | M] () -- C:\Windows\reimage.ini
[2011/10/25 15:43:21 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/10/20 15:27:21 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/10/20 15:27:21 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/10/20 10:07:54 | 000,000,010 | ---- | M] () -- C:\0.bak

========== Files Created - No Company Name ==========

[2011/11/08 08:40:08 | 000,002,093 | ---- | C] () -- C:\Users\a\Desktop\HijackThis.lnk
[2011/11/06 22:29:22 | 000,000,972 | R-S- | C] () -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
[2011/10/25 15:48:29 | 000,001,054 | ---- | C] () -- C:\Users\a\Desktop\SpywareBlaster.lnk
[2011/10/25 15:43:39 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/25 15:43:21 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/10/20 10:16:10 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/10/20 10:16:08 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/10/20 10:07:54 | 000,000,010 | ---- | C] () -- C:\0.bak
[2011/10/20 09:59:59 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/10/20 09:59:44 | 000,001,058 | ---- | C] () -- C:\Users\a\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/10/20 09:59:44 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/10/20 09:59:44 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/10/20 09:59:43 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/08/18 00:00:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\46cf1321
[2011/07/27 00:20:45 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2011/07/27 00:20:45 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2010/11/11 23:49:32 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/11 23:03:47 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2010/11/11 23:02:56 | 000,000,919 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/11/11 23:02:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2010/07/02 18:30:09 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Any assistance that you can offer would be GREATLY appreciated.

Many thanks,
Helen
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Helen! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :yes:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



I can see a few infections present in your OTL log, so lets start removing them :)

Just follow the steps below, then get back to me with the relevant logs please.



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 8E 56 00 3C F9 DB 49 BC 5B F5 63 1D 0D 73 AC [binary data]
    [2011/10/18 08:25:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1j7m3mzw.default\extensions\{2734dea7-0fb4-425d-b677-d20d5ba9c2c8}
    O2 - BHO: (Reg Error: Value error.) - {00568E23-F93C-49DB-BC5B-F5631D0D73Ac} - C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-032.dll (People Can Fly)
    O2 - BHO: (no name) - {1631550F-191D-4826-B069-D9439253D926} - No CLSID value found.
    O4 - HKCU..\Run: [winupd] C:\Users\a\AppData\Local\Temp\winupd.exe ()
    O4 - Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk = C:\Users\a\AppData\Local\Temp\winupd.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Users\a\AppData\Local\3b9b1deb\X) - File not found
    O33 - MountPoints2\{eff36036-ffc8-11de-8d12-00247e60aad4}\Shell - "" = AutoRun
    O33 - MountPoints2\{eff36036-ffc8-11de-8d12-00247e60aad4}\Shell\AutoRun\command - "" = G:\Autoplay.exe -auto
    [2011/10/10 06:28:55 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\a\taskmgr.exe
    [2011/10/10 06:28:52 | 000,000,000 | -HSD | C] -- C:\Users\a\AppData\Local\3b9b1deb
    [2011/11/06 22:29:22 | 000,000,972 | R-S- | M] () -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
    [2011/10/20 15:27:21 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2011/10/20 15:27:21 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
    
    :Services
    
    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.




In your next reply
Please post the contents of...
OTL log
TDSSKiller log

  • 0

#3
HelenS

HelenS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello, THANK YOU SO MUCH for the quick response!

I have followed your instructions and am providing the requested logs below. One item to note, TDSSKILLER found malware and defaulted to cure instead of skip so I left it and clicked continue and ran the scan again. I was not required to reboot.

OTL logfile created on: 11/8/2011 4:19:34 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\a\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.60% Memory free
8.00 Gb Paging File | 6.56 Gb Available in Paging File | 82.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 663.08 Gb Total Space | 613.33 Gb Free Space | 92.50% Space Free | Partition Type: NTFS
Drive E: | 120.83 Mb Total Space | 8.19 Mb Free Space | 6.78% Space Free | Partition Type: FAT

Computer Name: A-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 12:37:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\a\Downloads\OTL.exe
PRC - [2011/02/08 09:48:48 | 000,825,960 | ---- | M] (Fortinet Inc.) -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/12 15:38:34 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/08/28 11:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/24 17:24:14 | 000,275,840 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/07/24 17:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/09 10:08:10 | 000,023,608 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2009/07/09 10:05:00 | 000,021,560 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/18 14:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006/12/13 19:02:08 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2006/12/13 19:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/12/13 19:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006/12/07 18:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/16 15:10:03 | 002,147,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\7e02ce44d03bc0802d8061678feb3356\ReachFramework.ni.dll
MOD - [2011/08/16 15:09:43 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/16 15:09:35 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/16 15:09:33 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/16 15:09:21 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/16 15:09:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/16 15:09:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/16 15:09:10 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/16 15:09:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/28 11:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/24 17:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/07/24 17:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/07/24 17:24:16 | 000,034,088 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009/07/24 17:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/12 18:15:06 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/15 14:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/02/08 09:48:48 | 000,825,960 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/12 18:13:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/12 15:38:34 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 17:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/24 17:24:14 | 000,275,840 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/07/09 10:05:00 | 000,021,560 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2006/12/13 19:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/12/13 19:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 11:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/29 08:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/01/13 09:49:07 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/12 17:21:33 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/12 15:38:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/01/12 15:38:33 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/01/12 15:38:32 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/01/12 15:38:28 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009/08/04 15:14:00 | 001,019,776 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2009/07/21 15:53:06 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 10:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/22 17:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006/11/22 17:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006/11/22 17:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2011/10/18 05:55:24 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\EX64.SYS -- (NAVEX15)
DRV - [2011/10/18 05:55:24 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\ENG64.SYS -- (NAVENG)
DRV - [2011/08/12 03:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/30 03:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/11/22 17:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006/11/22 17:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006/11/22 17:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 8E 56 00 3C F9 DB 49 BC 5B F5 63 1D 0D 73 AC [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 8E 56 00 3C F9 DB 49 BC 5B F5 63 1D 0D 73 AC [binary data]

IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.search.us.com?user_id=1969836&guid={D9427AA5-2491-4855-B3EF-11A1A7ABDBBC}&s=11
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 0A E6 8E 36 72 CB 01 [binary data]
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\a\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll (Hulu LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/09 09:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/19 08:16:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{81e90980-2fbb-4c51-8460-347a10c86d40}: C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Firefox\ [2010/11/01 18:35:41 | 000,000,000 | ---D | M]

[2011/08/19 08:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\Mozilla\Extensions
[2011/11/08 16:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1j7m3mzw.default\extensions
[2011/08/19 08:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/28 17:30:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1J7M3MZW.DEFAULT\EXTENSIONS\{2734DEA7-0FB4-425D-B677-D20D5BA9C2C8}
[2011/09/09 09:50:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/27 00:20:44 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll
[2010/12/28 17:30:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/08 16:06:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (PureDef ToolBar) - {E3A80BA5-D967-4eab-891F-A49CADD92835} - C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Toolbop_3.3.dll (Tightrope Interactive)
O3 - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\..\Toolbar\WebBrowser: (PureDef ToolBar) - {E3A80BA5-D967-4EAB-891F-A49CADD92835} - C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Toolbop_3.3.dll (Tightrope Interactive)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vptray] C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66C5D16-332A-4502-B136-80272027CF18}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\g7ps - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 16:06:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 08:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/08 08:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/26 11:14:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/25 15:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/10/25 15:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/10/25 15:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011/10/25 15:43:21 | 000,000,000 | ---D | C] -- C:\rei
[2011/10/25 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/10/20 10:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
[2011/10/20 10:16:22 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2011/10/20 10:16:08 | 000,931,168 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2011/10/20 10:16:08 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/10/20 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2011/10/20 10:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink
[2011/10/20 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\ParetoLogic
[2011/10/20 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\DriverCure
[2011/10/20 09:59:44 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/10/20 09:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2011/10/20 09:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/10/20 09:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic

========== Files - Modified Within 30 Days ==========

[2011/11/08 16:20:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 16:20:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 16:17:56 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 16:17:56 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 16:17:56 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 16:13:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 16:13:04 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 16:06:19 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/08 13:00:01 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\PureDef Toolbar Updater.job
[2011/11/08 08:40:08 | 000,002,093 | ---- | M] () -- C:\Users\a\Desktop\HijackThis.lnk
[2011/11/06 22:28:21 | 000,002,821 | ---- | M] () -- C:\Users\a\Desktop\Microsoft Office Word 2007.lnk
[2011/11/06 22:28:21 | 000,002,781 | ---- | M] () -- C:\Users\a\Desktop\Microsoft Office Excel 2007.lnk
[2011/11/06 22:28:21 | 000,001,058 | ---- | M] () -- C:\Users\a\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/11/06 22:28:21 | 000,001,054 | ---- | M] () -- C:\Users\a\Desktop\SpywareBlaster.lnk
[2011/11/06 00:20:04 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/11/05 23:56:12 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/10/25 15:43:53 | 000,000,272 | ---- | M] () -- C:\Windows\reimage.ini
[2011/10/25 15:43:21 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/10/20 10:07:54 | 000,000,010 | ---- | M] () -- C:\0.bak

========== Files Created - No Company Name ==========

[2011/11/08 08:40:08 | 000,002,093 | ---- | C] () -- C:\Users\a\Desktop\HijackThis.lnk
[2011/10/25 15:48:29 | 000,001,054 | ---- | C] () -- C:\Users\a\Desktop\SpywareBlaster.lnk
[2011/10/25 15:43:39 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/25 15:43:21 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/10/20 10:16:10 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/10/20 10:16:08 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/10/20 10:07:54 | 000,000,010 | ---- | C] () -- C:\0.bak
[2011/10/20 09:59:59 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/10/20 09:59:44 | 000,001,058 | ---- | C] () -- C:\Users\a\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/10/20 09:59:44 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/08/18 00:00:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\46cf1321
[2011/07/27 00:20:45 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2011/07/27 00:20:45 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2010/11/11 23:49:32 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/11 23:03:47 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2010/11/11 23:02:56 | 000,000,919 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/11/11 23:02:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2010/07/02 18:30:09 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/01/12 15:41:00 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Acronis
[2011/07/28 11:14:18 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\AlbumGV
[2011/10/20 09:59:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\DriverCure
[2011/08/14 15:28:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FIXIO PC Utilities
[2010/07/02 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\G7PS
[2010/11/11 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NetMedia Providers
[2011/10/20 09:59:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ParetoLogic
[2010/11/11 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Publish Providers
[2010/11/01 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Search.us.com
[2010/11/12 09:39:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Singlesnet
[2011/07/10 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\wargaming.net
[2010/11/01 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\WeatherBug
[2010/01/12 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\WinBatch
[2011/11/05 23:56:12 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/11/06 00:20:04 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/11/08 13:00:01 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\PureDef Toolbar Updater.job
[2009/07/14 00:08:49 | 000,012,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



TDSSKILLER log:

16:25:41.0357 2436 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
16:25:41.0576 2436 ============================================================
16:25:41.0576 2436 Current date / time: 2011/11/08 16:25:41.0576
16:25:41.0576 2436 SystemInfo:
16:25:41.0576 2436
16:25:41.0576 2436 OS Version: 6.1.7600 ServicePack: 0.0
16:25:41.0576 2436 Product type: Workstation
16:25:41.0576 2436 ComputerName: A-PC
16:25:41.0576 2436 UserName: a
16:25:41.0576 2436 Windows directory: C:\Windows
16:25:41.0576 2436 System windows directory: C:\Windows
16:25:41.0576 2436 Running under WOW64
16:25:41.0576 2436 Processor architecture: Intel x64
16:25:41.0576 2436 Number of processors: 2
16:25:41.0576 2436 Page size: 0x1000
16:25:41.0576 2436 Boot type: Normal boot
16:25:41.0576 2436 ============================================================
16:25:42.0059 2436 Initialize success
16:25:55.0351 4628 ============================================================
16:25:55.0351 4628 Scan started
16:25:55.0351 4628 Mode: Manual; SigCheck; TDLFS;
16:25:55.0351 4628 ============================================================
16:25:55.0772 4628 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:25:55.0865 4628 1394ohci - ok
16:25:55.0928 4628 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:25:55.0959 4628 ACPI - ok
16:25:55.0990 4628 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:25:56.0037 4628 AcpiPmi - ok
16:25:56.0068 4628 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
16:25:56.0115 4628 ACPIService - ok
16:25:56.0162 4628 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
16:25:56.0177 4628 adfs - ok
16:25:56.0224 4628 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
16:25:56.0271 4628 ADIHdAudAddService - ok
16:25:56.0349 4628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:25:56.0396 4628 adp94xx - ok
16:25:56.0411 4628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:25:56.0458 4628 adpahci - ok
16:25:56.0474 4628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:25:56.0505 4628 adpu320 - ok
16:25:56.0552 4628 afcdp (3426a6eaa09077f3ab946fb9ceb85d8e) C:\Windows\system32\DRIVERS\afcdp.sys
16:25:56.0583 4628 afcdp - ok
16:25:56.0661 4628 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
16:25:56.0739 4628 AFD - ok
16:25:56.0786 4628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:25:56.0801 4628 agp440 - ok
16:25:56.0833 4628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:25:56.0864 4628 aliide - ok
16:25:56.0864 4628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:25:56.0895 4628 amdide - ok
16:25:56.0926 4628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:25:56.0973 4628 AmdK8 - ok
16:25:56.0989 4628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:25:57.0035 4628 AmdPPM - ok
16:25:57.0067 4628 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:25:57.0082 4628 amdsata - ok
16:25:57.0113 4628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:25:57.0145 4628 amdsbs - ok
16:25:57.0176 4628 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:25:57.0191 4628 amdxata - ok
16:25:57.0223 4628 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:25:57.0269 4628 AppID - ok
16:25:57.0301 4628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:25:57.0332 4628 arc - ok
16:25:57.0347 4628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:25:57.0379 4628 arcsas - ok
16:25:57.0410 4628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:57.0472 4628 AsyncMac - ok
16:25:57.0488 4628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:25:57.0519 4628 atapi - ok
16:25:57.0550 4628 AVerAVF2 (59e75082dc7da252592ec3489a2cf4ea) C:\Windows\system32\DRIVERS\AVerAVF2.sys
16:25:57.0628 4628 AVerAVF2 - ok
16:25:57.0675 4628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:25:57.0722 4628 b06bdrv - ok
16:25:57.0753 4628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:25:57.0800 4628 b57nd60a - ok
16:25:57.0831 4628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:25:57.0878 4628 Beep - ok
16:25:57.0909 4628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:25:57.0940 4628 blbdrive - ok
16:25:58.0003 4628 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:25:58.0034 4628 bowser - ok
16:25:58.0049 4628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:25:58.0096 4628 BrFiltLo - ok
16:25:58.0112 4628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:25:58.0143 4628 BrFiltUp - ok
16:25:58.0159 4628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:25:58.0205 4628 Brserid - ok
16:25:58.0221 4628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:25:58.0268 4628 BrSerWdm - ok
16:25:58.0283 4628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:25:58.0299 4628 BrUsbMdm - ok
16:25:58.0361 4628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:25:58.0393 4628 BrUsbSer - ok
16:25:58.0439 4628 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
16:25:58.0486 4628 BthEnum - ok
16:25:58.0517 4628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:25:58.0549 4628 BTHMODEM - ok
16:25:58.0580 4628 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:25:58.0627 4628 BthPan - ok
16:25:58.0658 4628 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
16:25:58.0705 4628 BTHPORT - ok
16:25:58.0720 4628 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
16:25:58.0783 4628 BTHUSB - ok
16:25:58.0798 4628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:25:58.0861 4628 cdfs - ok
16:25:58.0907 4628 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:25:58.0939 4628 cdrom - ok
16:25:58.0970 4628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:25:59.0032 4628 circlass - ok
16:25:59.0063 4628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:25:59.0110 4628 CLFS - ok
16:25:59.0126 4628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:59.0173 4628 CmBatt - ok
16:25:59.0188 4628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:25:59.0219 4628 cmdide - ok
16:25:59.0235 4628 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:25:59.0282 4628 CNG - ok
16:25:59.0297 4628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:25:59.0329 4628 Compbatt - ok
16:25:59.0360 4628 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:25:59.0407 4628 CompositeBus - ok
16:25:59.0469 4628 cpuz134 - ok
16:25:59.0500 4628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:25:59.0547 4628 crcdisk - ok
16:25:59.0594 4628 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
16:25:59.0641 4628 CSC - ok
16:25:59.0703 4628 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:25:59.0750 4628 DfsC - ok
16:25:59.0765 4628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:25:59.0843 4628 discache - ok
16:25:59.0859 4628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:25:59.0890 4628 Disk - ok
16:25:59.0921 4628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:25:59.0953 4628 drmkaud - ok
16:25:59.0999 4628 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
16:26:00.0046 4628 DXGKrnl - ok
16:26:00.0171 4628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:26:00.0311 4628 ebdrv - ok
16:26:00.0389 4628 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:26:00.0436 4628 eeCtrl - ok
16:26:00.0467 4628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:26:00.0499 4628 elxstor - ok
16:26:00.0545 4628 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:26:00.0577 4628 EraserUtilRebootDrv - ok
16:26:00.0608 4628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:26:00.0655 4628 ErrDev - ok
16:26:00.0733 4628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:26:00.0795 4628 exfat - ok
16:26:00.0826 4628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:26:00.0904 4628 fastfat - ok
16:26:00.0935 4628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:26:00.0967 4628 fdc - ok
16:26:00.0982 4628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:26:01.0029 4628 FileInfo - ok
16:26:01.0045 4628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:26:01.0107 4628 Filetrace - ok
16:26:01.0138 4628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:26:01.0185 4628 flpydisk - ok
16:26:01.0247 4628 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:26:01.0279 4628 FltMgr - ok
16:26:01.0310 4628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:26:01.0341 4628 FsDepends - ok
16:26:01.0372 4628 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:26:01.0419 4628 Fs_Rec - ok
16:26:01.0450 4628 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:26:01.0497 4628 fvevol - ok
16:26:01.0513 4628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:26:01.0544 4628 gagp30kx - ok
16:26:01.0575 4628 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:26:01.0606 4628 GEARAspiWDM - ok
16:26:01.0637 4628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:26:01.0684 4628 hcw85cir - ok
16:26:01.0731 4628 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:26:01.0778 4628 HdAudAddService - ok
16:26:01.0793 4628 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:26:01.0840 4628 HDAudBus - ok
16:26:01.0840 4628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:26:01.0887 4628 HidBatt - ok
16:26:01.0903 4628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:26:01.0965 4628 HidBth - ok
16:26:01.0981 4628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:26:02.0043 4628 HidIr - ok
16:26:02.0059 4628 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:26:02.0105 4628 HidUsb - ok
16:26:02.0137 4628 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:26:02.0168 4628 HpSAMD - ok
16:26:02.0215 4628 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:26:02.0293 4628 HTTP - ok
16:26:02.0308 4628 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:26:02.0339 4628 hwpolicy - ok
16:26:02.0386 4628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:26:02.0433 4628 i8042prt - ok
16:26:02.0464 4628 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
16:26:02.0511 4628 iaStor - ok
16:26:02.0527 4628 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:26:02.0558 4628 iaStorV - ok
16:26:02.0589 4628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:26:02.0620 4628 iirsp - ok
16:26:02.0636 4628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:26:02.0667 4628 intelide - ok
16:26:02.0683 4628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:26:02.0729 4628 intelppm - ok
16:26:02.0745 4628 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:26:02.0807 4628 IpFilterDriver - ok
16:26:02.0823 4628 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:26:02.0854 4628 IPMIDRV - ok
16:26:02.0870 4628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:26:02.0932 4628 IPNAT - ok
16:26:02.0963 4628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:26:02.0995 4628 IRENUM - ok
16:26:03.0010 4628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:26:03.0041 4628 isapnp - ok
16:26:03.0057 4628 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:26:03.0088 4628 iScsiPrt - ok
16:26:03.0119 4628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:26:03.0151 4628 kbdclass - ok
16:26:03.0151 4628 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:26:03.0182 4628 kbdhid - ok
16:26:03.0197 4628 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:26:03.0213 4628 KSecDD - ok
16:26:03.0244 4628 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
16:26:03.0275 4628 KSecPkg - ok
16:26:03.0291 4628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:26:03.0338 4628 ksthunk - ok
16:26:03.0431 4628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:26:03.0525 4628 lltdio - ok
16:26:03.0572 4628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:26:03.0587 4628 LSI_FC - ok
16:26:03.0603 4628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:26:03.0634 4628 LSI_SAS - ok
16:26:03.0650 4628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:26:03.0665 4628 LSI_SAS2 - ok
16:26:03.0712 4628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:26:03.0743 4628 LSI_SCSI - ok
16:26:03.0759 4628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:26:03.0821 4628 luafv - ok
16:26:03.0868 4628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:26:03.0884 4628 megasas - ok
16:26:03.0899 4628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:26:03.0931 4628 MegaSR - ok
16:26:03.0962 4628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:26:04.0024 4628 Modem - ok
16:26:04.0040 4628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:26:04.0087 4628 monitor - ok
16:26:04.0102 4628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:26:04.0133 4628 mouclass - ok
16:26:04.0165 4628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:26:04.0196 4628 mouhid - ok
16:26:04.0211 4628 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:26:04.0243 4628 mountmgr - ok
16:26:04.0274 4628 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:26:04.0289 4628 mpio - ok
16:26:04.0305 4628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:26:04.0367 4628 mpsdrv - ok
16:26:04.0399 4628 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:26:04.0445 4628 MRxDAV - ok
16:26:04.0477 4628 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:26:04.0492 4628 mrxsmb - ok
16:26:04.0539 4628 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:26:04.0570 4628 mrxsmb10 - ok
16:26:04.0586 4628 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:26:04.0601 4628 mrxsmb20 - ok
16:26:04.0617 4628 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:26:04.0648 4628 msahci - ok
16:26:04.0664 4628 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:26:04.0695 4628 msdsm - ok
16:26:04.0726 4628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:26:04.0773 4628 Msfs - ok
16:26:04.0804 4628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:26:04.0851 4628 mshidkmdf - ok
16:26:04.0867 4628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:26:04.0882 4628 msisadrv - ok
16:26:04.0913 4628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:26:04.0976 4628 MSKSSRV - ok
16:26:05.0007 4628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:26:05.0054 4628 MSPCLOCK - ok
16:26:05.0069 4628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:26:05.0147 4628 MSPQM - ok
16:26:05.0163 4628 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:26:05.0194 4628 MsRPC - ok
16:26:05.0210 4628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:26:05.0241 4628 mssmbios - ok
16:26:05.0257 4628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:26:05.0303 4628 MSTEE - ok
16:26:05.0303 4628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:26:05.0350 4628 MTConfig - ok
16:26:05.0366 4628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:26:05.0397 4628 Mup - ok
16:26:05.0428 4628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:26:05.0475 4628 NativeWifiP - ok
16:26:05.0569 4628 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111105.009\ENG64.SYS
16:26:05.0600 4628 NAVENG - ok
16:26:05.0647 4628 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111105.009\EX64.SYS
16:26:05.0709 4628 NAVEX15 - ok
16:26:05.0740 4628 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:26:05.0787 4628 NDIS - ok
16:26:05.0803 4628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:26:05.0865 4628 NdisCap - ok
16:26:05.0896 4628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:26:05.0959 4628 NdisTapi - ok
16:26:05.0974 4628 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:26:06.0052 4628 Ndisuio - ok
16:26:06.0068 4628 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:26:06.0115 4628 NdisWan - ok
16:26:06.0130 4628 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:26:06.0193 4628 NDProxy - ok
16:26:06.0208 4628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:26:06.0271 4628 NetBIOS - ok
16:26:06.0302 4628 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:26:06.0364 4628 NetBT - ok
16:26:06.0411 4628 netr28x (b964d4c524a80aba22db16fc1eded0a9) C:\Windows\system32\DRIVERS\netr28x.sys
16:26:06.0458 4628 netr28x - ok
16:26:06.0473 4628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:26:06.0505 4628 nfrd960 - ok
16:26:06.0520 4628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:26:06.0583 4628 Npfs - ok
16:26:06.0583 4628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:26:06.0645 4628 nsiproxy - ok
16:26:06.0692 4628 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:26:06.0754 4628 Ntfs - ok
16:26:06.0770 4628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:26:06.0832 4628 Null - ok
16:26:07.0051 4628 nvlddmkm (2218c0f9d4c694460340f2f8adccc9c0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:26:07.0253 4628 nvlddmkm - ok
16:26:07.0269 4628 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:26:07.0316 4628 nvraid - ok
16:26:07.0331 4628 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:26:07.0363 4628 nvstor - ok
16:26:07.0378 4628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:26:07.0425 4628 nv_agp - ok
16:26:07.0441 4628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:26:07.0472 4628 ohci1394 - ok
16:26:07.0503 4628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:26:07.0534 4628 Parport - ok
16:26:07.0565 4628 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:26:07.0597 4628 partmgr - ok
16:26:07.0612 4628 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:26:07.0643 4628 pci - ok
16:26:07.0659 4628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:26:07.0675 4628 pciide - ok
16:26:07.0690 4628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:26:07.0721 4628 pcmcia - ok
16:26:07.0737 4628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:26:07.0768 4628 pcw - ok
16:26:07.0784 4628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:26:07.0862 4628 PEAUTH - ok
16:26:07.0940 4628 pppop (b0e7d5d2cfaa6ed5f20eb8b84a35e593) C:\Windows\system32\DRIVERS\pppop64.sys
16:26:07.0971 4628 pppop - ok
16:26:07.0987 4628 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:26:08.0049 4628 PptpMiniport - ok
16:26:08.0080 4628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:26:08.0127 4628 Processor - ok
16:26:08.0158 4628 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:26:08.0221 4628 Psched - ok
16:26:08.0252 4628 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
16:26:08.0299 4628 PxHlpa64 - ok
16:26:08.0330 4628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:26:08.0392 4628 ql2300 - ok
16:26:08.0408 4628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:26:08.0439 4628 ql40xx - ok
16:26:08.0470 4628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:26:08.0501 4628 QWAVEdrv - ok
16:26:08.0517 4628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:26:08.0595 4628 RasAcd - ok
16:26:08.0657 4628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:26:08.0735 4628 RasAgileVpn - ok
16:26:08.0767 4628 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:26:08.0829 4628 Rasl2tp - ok
16:26:08.0845 4628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:26:08.0923 4628 RasPppoe - ok
16:26:08.0938 4628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:26:09.0016 4628 RasSstp - ok
16:26:09.0032 4628 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:26:09.0110 4628 rdbss - ok
16:26:09.0125 4628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:26:09.0172 4628 rdpbus - ok
16:26:09.0188 4628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:26:09.0235 4628 RDPCDD - ok
16:26:09.0281 4628 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
16:26:09.0328 4628 RDPDR - ok
16:26:09.0359 4628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:26:09.0422 4628 RDPENCDD - ok
16:26:09.0437 4628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:26:09.0484 4628 RDPREFMP - ok
16:26:09.0515 4628 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:26:09.0578 4628 RDPWD - ok
16:26:09.0593 4628 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:26:09.0640 4628 rdyboost - ok
16:26:09.0687 4628 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:26:09.0718 4628 RFCOMM - ok
16:26:09.0749 4628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:26:09.0827 4628 rspndr - ok
16:26:09.0843 4628 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:26:09.0890 4628 RTL8167 - ok
16:26:09.0905 4628 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
16:26:09.0937 4628 s3cap - ok
16:26:09.0968 4628 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:26:10.0015 4628 sbp2port - ok
16:26:10.0030 4628 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:26:10.0108 4628 scfilter - ok
16:26:10.0124 4628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:26:10.0186 4628 secdrv - ok
16:26:10.0202 4628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:26:10.0249 4628 Serenum - ok
16:26:10.0264 4628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:26:10.0311 4628 Serial - ok
16:26:10.0327 4628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:26:10.0373 4628 sermouse - ok
16:26:10.0405 4628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:26:10.0436 4628 sffdisk - ok
16:26:10.0451 4628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:26:10.0498 4628 sffp_mmc - ok
16:26:10.0498 4628 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:26:10.0545 4628 sffp_sd - ok
16:26:10.0561 4628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:26:10.0592 4628 sfloppy - ok
16:26:10.0607 4628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:26:10.0639 4628 SiSRaid2 - ok
16:26:10.0654 4628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:26:10.0701 4628 SiSRaid4 - ok
16:26:10.0732 4628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:26:10.0795 4628 Smb - ok
16:26:10.0826 4628 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
16:26:10.0873 4628 snapman - ok
16:26:10.0904 4628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:26:10.0951 4628 spldr - ok
16:26:10.0997 4628 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
16:26:10.0997 4628 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
16:26:11.0013 4628 sptd ( LockedFile.Multi.Generic ) - warning
16:26:11.0013 4628 sptd - detected LockedFile.Multi.Generic (1)
16:26:11.0044 4628 SRTSP (c2ddf8538a868639289663004a2020c4) C:\Windows\system32\Drivers\SRTSP64.SYS
16:26:11.0091 4628 SRTSP - ok
16:26:11.0107 4628 SRTSPL (bac5f3ad735b0d1c85f48ca00a422cf9) C:\Windows\system32\Drivers\SRTSPL64.SYS
16:26:11.0169 4628 SRTSPL ( UnsignedFile.Multi.Generic ) - warning
16:26:11.0169 4628 SRTSPL - detected UnsignedFile.Multi.Generic (1)
16:26:11.0185 4628 SRTSPX (2bc8cfcd55481b6159ae2fcd09c8a4a6) C:\Windows\system32\Drivers\SRTSPX64.SYS
16:26:11.0231 4628 SRTSPX ( UnsignedFile.Multi.Generic ) - warning
16:26:11.0231 4628 SRTSPX - detected UnsignedFile.Multi.Generic (1)
16:26:11.0263 4628 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:26:11.0325 4628 srv - ok
16:26:11.0356 4628 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:26:11.0419 4628 srv2 - ok
16:26:11.0434 4628 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:26:11.0465 4628 srvnet - ok
16:26:11.0512 4628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:26:11.0559 4628 stexstor - ok
16:26:11.0590 4628 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:26:11.0637 4628 storflt - ok
16:26:11.0653 4628 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
16:26:11.0699 4628 storvsc - ok
16:26:11.0715 4628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:26:11.0762 4628 swenum - ok
16:26:11.0793 4628 SymEvent (6fefa9749bfb5fd8c3a20e5c58817936) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:26:11.0840 4628 SymEvent - ok
16:26:11.0918 4628 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
16:26:12.0011 4628 Tcpip - ok
16:26:12.0074 4628 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
16:26:12.0152 4628 TCPIP6 - ok
16:26:12.0167 4628 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:26:12.0230 4628 tcpipreg - ok
16:26:12.0245 4628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:26:12.0339 4628 TDPIPE - ok
16:26:12.0386 4628 tdrpman251 (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
16:26:12.0464 4628 tdrpman251 - ok
16:26:12.0479 4628 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:26:12.0557 4628 TDTCP - ok
16:26:12.0573 4628 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:26:12.0651 4628 tdx - ok
16:26:12.0667 4628 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:26:12.0698 4628 TermDD - ok
16:26:12.0729 4628 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
16:26:12.0791 4628 timounter - ok
16:26:12.0823 4628 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:26:12.0901 4628 tssecsrv - ok
16:26:12.0932 4628 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:26:13.0010 4628 tunnel - ok
16:26:13.0057 4628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:26:13.0103 4628 uagp35 - ok
16:26:13.0119 4628 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:26:13.0197 4628 udfs - ok
16:26:13.0228 4628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:26:13.0275 4628 uliagpkx - ok
16:26:13.0291 4628 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:26:13.0337 4628 umbus - ok
16:26:13.0353 4628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:26:13.0400 4628 UmPass - ok
16:26:13.0431 4628 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:26:13.0493 4628 usbccgp - ok
16:26:13.0525 4628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:26:13.0571 4628 usbcir - ok
16:26:13.0587 4628 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:26:13.0618 4628 usbehci - ok
16:26:13.0649 4628 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:26:13.0727 4628 usbhub - ok
16:26:13.0774 4628 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:26:13.0805 4628 usbohci - ok
16:26:13.0837 4628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:26:13.0868 4628 usbprint - ok
16:26:13.0899 4628 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:26:13.0946 4628 usbscan - ok
16:26:13.0961 4628 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:26:13.0993 4628 USBSTOR - ok
16:26:14.0008 4628 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:26:14.0039 4628 usbuhci - ok
16:26:14.0055 4628 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
16:26:14.0086 4628 usbvideo - ok
16:26:14.0133 4628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:26:14.0164 4628 vdrvroot - ok
16:26:14.0180 4628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:26:14.0211 4628 vga - ok
16:26:14.0227 4628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:26:14.0289 4628 VgaSave - ok
16:26:14.0305 4628 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:26:14.0336 4628 vhdmp - ok
16:26:14.0351 4628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:26:14.0383 4628 viaide - ok
16:26:14.0414 4628 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
16:26:14.0429 4628 vmbus - ok
16:26:14.0461 4628 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:26:14.0507 4628 VMBusHID - ok
16:26:14.0523 4628 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:26:14.0554 4628 volmgr - ok
16:26:14.0570 4628 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:26:14.0601 4628 volmgrx - ok
16:26:14.0617 4628 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:26:14.0648 4628 volsnap - ok
16:26:14.0679 4628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:26:14.0710 4628 vsmraid - ok
16:26:14.0726 4628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:26:14.0757 4628 vwifibus - ok
16:26:14.0788 4628 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:26:14.0819 4628 vwififlt - ok
16:26:14.0835 4628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:26:14.0866 4628 WacomPen - ok
16:26:14.0897 4628 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:26:14.0960 4628 WANARP - ok
16:26:14.0960 4628 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:26:15.0022 4628 Wanarpv6 - ok
16:26:15.0053 4628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:26:15.0069 4628 Wd - ok
16:26:15.0100 4628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:26:15.0131 4628 Wdf01000 - ok
16:26:15.0178 4628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:26:15.0225 4628 WfpLwf - ok
16:26:15.0256 4628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:26:15.0272 4628 WIMMount - ok
16:26:15.0350 4628 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:26:15.0397 4628 WinUsb - ok
16:26:15.0412 4628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:26:15.0443 4628 WmiAcpi - ok
16:26:15.0459 4628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:26:15.0521 4628 ws2ifsl - ok
16:26:15.0553 4628 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:26:15.0615 4628 WudfPf - ok
16:26:15.0646 4628 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:26:15.0709 4628 WUDFRd - ok
16:26:15.0740 4628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:26:15.0818 4628 \Device\Harddisk0\DR0 - ok
16:26:15.0818 4628 MBR (0x1B8) (4970ccb56261089bdae6aa49d27e65d5) \Device\Harddisk1\DR1
16:26:15.0833 4628 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.kmy ) - infected
16:26:15.0833 4628 \Device\Harddisk1\DR1 - detected Backdoor.Win32.Sinowal.kmy (0)
16:26:15.0974 4628 Boot (0x1200) (6af7725c4b33ddbc7a9bf3ca9a4af47c) \Device\Harddisk0\DR0\Partition0
16:26:15.0974 4628 \Device\Harddisk0\DR0\Partition0 - ok
16:26:16.0005 4628 Boot (0x1200) (bc0fe9f0fb46f29c652430bcc14c1ed2) \Device\Harddisk0\DR0\Partition1
16:26:16.0005 4628 \Device\Harddisk0\DR0\Partition1 - ok
16:26:16.0021 4628 Boot (0x1200) (43fab1e1156bdefc58273e28131deeed) \Device\Harddisk1\DR1\Partition0
16:26:16.0021 4628 \Device\Harddisk1\DR1\Partition0 - ok
16:26:16.0021 4628 ============================================================
16:26:16.0021 4628 Scan finished
16:26:16.0021 4628 ============================================================
16:26:16.0036 4648 Detected object count: 4
16:26:16.0036 4648 Actual detected object count: 4
16:27:32.0164 4648 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:27:32.0164 4648 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:27:32.0164 4648 SRTSPL ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:32.0164 4648 SRTSPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:32.0164 4648 SRTSPX ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:32.0164 4648 SRTSPX ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:32.0180 4648 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.kmy ) - cured
16:27:32.0180 4648 \Device\Harddisk1\DR1 - ok
16:27:32.0180 4648 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.kmy ) - User select action: Cure
16:28:48.0355 3736 ============================================================
16:28:48.0355 3736 Scan started
16:28:48.0355 3736 Mode: Manual; SigCheck; TDLFS;
16:28:48.0355 3736 ============================================================
16:28:48.0682 3736 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:28:48.0729 3736 1394ohci - ok
16:28:48.0760 3736 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:28:48.0792 3736 ACPI - ok
16:28:48.0823 3736 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:28:48.0838 3736 AcpiPmi - ok
16:28:48.0885 3736 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
16:28:48.0916 3736 ACPIService - ok
16:28:48.0948 3736 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
16:28:48.0979 3736 adfs - ok
16:28:49.0026 3736 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
16:28:49.0057 3736 ADIHdAudAddService - ok
16:28:49.0119 3736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:49.0150 3736 adp94xx - ok
16:28:49.0182 3736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:28:49.0213 3736 adpahci - ok
16:28:49.0275 3736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:28:49.0306 3736 adpu320 - ok
16:28:49.0353 3736 afcdp (3426a6eaa09077f3ab946fb9ceb85d8e) C:\Windows\system32\DRIVERS\afcdp.sys
16:28:49.0384 3736 afcdp - ok
16:28:49.0416 3736 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
16:28:49.0462 3736 AFD - ok
16:28:49.0478 3736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:28:49.0509 3736 agp440 - ok
16:28:49.0540 3736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:28:49.0572 3736 aliide - ok
16:28:49.0572 3736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:28:49.0603 3736 amdide - ok
16:28:49.0618 3736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:28:49.0650 3736 AmdK8 - ok
16:28:49.0665 3736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:28:49.0696 3736 AmdPPM - ok
16:28:49.0712 3736 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:28:49.0743 3736 amdsata - ok
16:28:49.0743 3736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:49.0774 3736 amdsbs - ok
16:28:49.0790 3736 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:28:49.0821 3736 amdxata - ok
16:28:49.0837 3736 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:28:49.0868 3736 AppID - ok
16:28:49.0884 3736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:28:49.0915 3736 arc - ok
16:28:49.0930 3736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:28:49.0962 3736 arcsas - ok
16:28:49.0977 3736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:50.0040 3736 AsyncMac - ok
16:28:50.0055 3736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:28:50.0071 3736 atapi - ok
16:28:50.0118 3736 AVerAVF2 (59e75082dc7da252592ec3489a2cf4ea) C:\Windows\system32\DRIVERS\AVerAVF2.sys
16:28:50.0164 3736 AVerAVF2 - ok
16:28:50.0196 3736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:50.0242 3736 b06bdrv - ok
16:28:50.0258 3736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:50.0289 3736 b57nd60a - ok
16:28:50.0320 3736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:28:50.0367 3736 Beep - ok
16:28:50.0383 3736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:50.0414 3736 blbdrive - ok
16:28:50.0445 3736 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:28:50.0476 3736 bowser - ok
16:28:50.0508 3736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:50.0539 3736 BrFiltLo - ok
16:28:50.0586 3736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:50.0617 3736 BrFiltUp - ok
16:28:50.0648 3736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:28:50.0679 3736 Brserid - ok
16:28:50.0742 3736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:50.0773 3736 BrSerWdm - ok
16:28:50.0820 3736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:50.0851 3736 BrUsbMdm - ok
16:28:50.0866 3736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:50.0898 3736 BrUsbSer - ok
16:28:50.0929 3736 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
16:28:50.0960 3736 BthEnum - ok
16:28:50.0976 3736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:51.0007 3736 BTHMODEM - ok
16:28:51.0022 3736 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:28:51.0054 3736 BthPan - ok
16:28:51.0085 3736 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
16:28:51.0116 3736 BTHPORT - ok
16:28:51.0132 3736 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
16:28:51.0163 3736 BTHUSB - ok
16:28:51.0194 3736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:28:51.0241 3736 cdfs - ok
16:28:51.0256 3736 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:28:51.0288 3736 cdrom - ok
16:28:51.0303 3736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:28:51.0334 3736 circlass - ok
16:28:51.0366 3736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:28:51.0397 3736 CLFS - ok
16:28:51.0412 3736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:51.0428 3736 CmBatt - ok
16:28:51.0459 3736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:28:51.0475 3736 cmdide - ok
16:28:51.0506 3736 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:28:51.0537 3736 CNG - ok
16:28:51.0553 3736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:28:51.0584 3736 Compbatt - ok
16:28:51.0600 3736 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:28:51.0646 3736 CompositeBus - ok
16:28:51.0678 3736 cpuz134 - ok
16:28:51.0693 3736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:51.0724 3736 crcdisk - ok
16:28:51.0756 3736 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
16:28:51.0787 3736 CSC - ok
16:28:51.0834 3736 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:28:51.0865 3736 DfsC - ok
16:28:51.0896 3736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:28:51.0943 3736 discache - ok
16:28:51.0958 3736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:28:51.0990 3736 Disk - ok
16:28:52.0021 3736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:28:52.0036 3736 drmkaud - ok
16:28:52.0083 3736 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
16:28:52.0130 3736 DXGKrnl - ok
16:28:52.0192 3736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:28:52.0255 3736 ebdrv - ok
16:28:52.0333 3736 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:28:52.0364 3736 eeCtrl - ok
16:28:52.0395 3736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:28:52.0426 3736 elxstor - ok
16:28:52.0458 3736 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:28:52.0473 3736 EraserUtilRebootDrv - ok
16:28:52.0504 3736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:28:52.0520 3736 ErrDev - ok
16:28:52.0551 3736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:28:52.0598 3736 exfat - ok
16:28:52.0629 3736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:28:52.0692 3736 fastfat - ok
16:28:52.0707 3736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:28:52.0738 3736 fdc - ok
16:28:52.0770 3736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:28:52.0785 3736 FileInfo - ok
16:28:52.0801 3736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:28:52.0863 3736 Filetrace - ok
16:28:52.0879 3736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:52.0910 3736 flpydisk - ok
16:28:52.0926 3736 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:28:52.0941 3736 FltMgr - ok
16:28:52.0957 3736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:28:52.0988 3736 FsDepends - ok
16:28:53.0004 3736 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:28:53.0035 3736 Fs_Rec - ok
16:28:53.0050 3736 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:28:53.0082 3736 fvevol - ok
16:28:53.0097 3736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:53.0128 3736 gagp30kx - ok
16:28:53.0160 3736 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:28:53.0191 3736 GEARAspiWDM - ok
16:28:53.0206 3736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:28:53.0238 3736 hcw85cir - ok
16:28:53.0253 3736 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:28:53.0284 3736 HdAudAddService - ok
16:28:53.0316 3736 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:28:53.0331 3736 HDAudBus - ok
16:28:53.0347 3736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:53.0378 3736 HidBatt - ok
16:28:53.0378 3736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:28:53.0409 3736 HidBth - ok
16:28:53.0440 3736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:28:53.0472 3736 HidIr - ok
16:28:53.0487 3736 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:28:53.0503 3736 HidUsb - ok
16:28:53.0534 3736 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:28:53.0565 3736 HpSAMD - ok
16:28:53.0596 3736 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:28:53.0659 3736 HTTP - ok
16:28:53.0674 3736 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:28:53.0690 3736 hwpolicy - ok
16:28:53.0706 3736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:28:53.0737 3736 i8042prt - ok
16:28:53.0768 3736 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
16:28:53.0799 3736 iaStor - ok
16:28:53.0830 3736 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:28:53.0862 3736 iaStorV - ok
16:28:53.0877 3736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:28:53.0908 3736 iirsp - ok
16:28:53.0924 3736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:28:53.0955 3736 intelide - ok
16:28:53.0971 3736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:28:54.0002 3736 intelppm - ok
16:28:54.0018 3736 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:54.0080 3736 IpFilterDriver - ok
16:28:54.0096 3736 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:28:54.0127 3736 IPMIDRV - ok
16:28:54.0142 3736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:28:54.0205 3736 IPNAT - ok
16:28:54.0220 3736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:28:54.0252 3736 IRENUM - ok
16:28:54.0267 3736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:28:54.0298 3736 isapnp - ok
16:28:54.0314 3736 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:28:54.0361 3736 iScsiPrt - ok
16:28:54.0376 3736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:28:54.0408 3736 kbdclass - ok
16:28:54.0408 3736 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:28:54.0439 3736 kbdhid - ok
16:28:54.0454 3736 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:28:54.0486 3736 KSecDD - ok
16:28:54.0517 3736 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
16:28:54.0548 3736 KSecPkg - ok
16:28:54.0564 3736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:28:54.0610 3736 ksthunk - ok
16:28:54.0642 3736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:28:54.0688 3736 lltdio - ok
16:28:54.0720 3736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:54.0735 3736 LSI_FC - ok
16:28:54.0751 3736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:54.0782 3736 LSI_SAS - ok
16:28:54.0798 3736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:54.0829 3736 LSI_SAS2 - ok
16:28:54.0844 3736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:54.0860 3736 LSI_SCSI - ok
16:28:54.0876 3736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:28:54.0938 3736 luafv - ok
16:28:54.0969 3736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:28:55.0000 3736 megasas - ok
16:28:55.0016 3736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:55.0047 3736 MegaSR - ok
16:28:55.0063 3736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:28:55.0125 3736 Modem - ok
16:28:55.0141 3736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:28:55.0156 3736 monitor - ok
16:28:55.0188 3736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:28:55.0203 3736 mouclass - ok
16:28:55.0219 3736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:28:55.0234 3736 mouhid - ok
16:28:55.0266 3736 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:28:55.0297 3736 mountmgr - ok
16:28:55.0312 3736 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:28:55.0344 3736 mpio - ok
16:28:55.0359 3736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:28:55.0406 3736 mpsdrv - ok
16:28:55.0437 3736 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:28:55.0468 3736 MRxDAV - ok
16:28:55.0500 3736 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:55.0531 3736 mrxsmb - ok
16:28:55.0593 3736 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:55.0624 3736 mrxsmb10 - ok
16:28:55.0656 3736 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:55.0687 3736 mrxsmb20 - ok
16:28:55.0718 3736 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:28:55.0749 3736 msahci - ok
16:28:55.0796 3736 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:28:55.0827 3736 msdsm - ok
16:28:55.0858 3736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:28:55.0905 3736 Msfs - ok
16:28:55.0921 3736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:28:55.0968 3736 mshidkmdf - ok
16:28:55.0983 3736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:28:55.0999 3736 msisadrv - ok
16:28:56.0030 3736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:28:56.0077 3736 MSKSSRV - ok
16:28:56.0092 3736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:56.0139 3736 MSPCLOCK - ok
16:28:56.0155 3736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:28:56.0202 3736 MSPQM - ok
16:28:56.0233 3736 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:28:56.0248 3736 MsRPC - ok
16:28:56.0264 3736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:28:56.0295 3736 mssmbios - ok
16:28:56.0295 3736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:28:56.0358 3736 MSTEE - ok
16:28:56.0358 3736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:56.0389 3736 MTConfig - ok
16:28:56.0404 3736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:28:56.0420 3736 Mup - ok
16:28:56.0436 3736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:28:56.0482 3736 NativeWifiP - ok
16:28:56.0592 3736 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111105.009\ENG64.SYS
16:28:56.0623 3736 NAVENG - ok
16:28:56.0670 3736 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111105.009\EX64.SYS
16:28:56.0732 3736 NAVEX15 - ok
16:28:56.0779 3736 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:28:56.0810 3736 NDIS - ok
16:28:56.0826 3736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:56.0872 3736 NdisCap - ok
16:28:56.0904 3736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:56.0950 3736 NdisTapi - ok
16:28:56.0966 3736 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:57.0028 3736 Ndisuio - ok
16:28:57.0028 3736 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:57.0091 3736 NdisWan - ok
16:28:57.0106 3736 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:28:57.0153 3736 NDProxy - ok
16:28:57.0184 3736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:28:57.0231 3736 NetBIOS - ok
16:28:57.0247 3736 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:28:57.0294 3736 NetBT - ok
16:28:57.0356 3736 netr28x (b964d4c524a80aba22db16fc1eded0a9) C:\Windows\system32\DRIVERS\netr28x.sys
16:28:57.0387 3736 netr28x - ok
16:28:57.0403 3736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:57.0434 3736 nfrd960 - ok
16:28:57.0450 3736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:28:57.0512 3736 Npfs - ok
16:28:57.0528 3736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:28:57.0574 3736 nsiproxy - ok
16:28:57.0606 3736 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:28:57.0668 3736 Ntfs - ok
16:28:57.0684 3736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:28:57.0730 3736 Null - ok
16:28:57.0933 3736 nvlddmkm (2218c0f9d4c694460340f2f8adccc9c0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:28:58.0136 3736 nvlddmkm - ok
16:28:58.0167 3736 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:28:58.0198 3736 nvraid - ok
16:28:58.0214 3736 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:28:58.0245 3736 nvstor - ok
16:28:58.0261 3736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:28:58.0292 3736 nv_agp - ok
16:28:58.0323 3736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:28:58.0339 3736 ohci1394 - ok
16:28:58.0370 3736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:28:58.0401 3736 Parport - ok
16:28:58.0417 3736 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:28:58.0448 3736 partmgr - ok
16:28:58.0464 3736 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:28:58.0495 3736 pci - ok
16:28:58.0510 3736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:28:58.0542 3736 pciide - ok
16:28:58.0557 3736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:58.0588 3736 pcmcia - ok
16:28:58.0604 3736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:28:58.0620 3736 pcw - ok
16:28:58.0651 3736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:28:58.0713 3736 PEAUTH - ok
16:28:58.0776 3736 pppop (b0e7d5d2cfaa6ed5f20eb8b84a35e593) C:\Windows\system32\DRIVERS\pppop64.sys
16:28:58.0791 3736 pppop - ok
16:28:58.0807 3736 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:28:58.0869 3736 PptpMiniport - ok
16:28:58.0885 3736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:28:58.0916 3736 Processor - ok
16:28:58.0932 3736 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:28:58.0994 3736 Psched - ok
16:28:59.0025 3736 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
16:28:59.0056 3736 PxHlpa64 - ok
16:28:59.0088 3736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:28:59.0134 3736 ql2300 - ok
16:28:59.0166 3736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:59.0181 3736 ql40xx - ok
16:28:59.0201 3736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:28:59.0248 3736 QWAVEdrv - ok
16:28:59.0263 3736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:28:59.0310 3736 RasAcd - ok
16:28:59.0341 3736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:59.0404 3736 RasAgileVpn - ok
16:28:59.0419 3736 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:59.0466 3736 Rasl2tp - ok
16:28:59.0482 3736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:59.0544 3736 RasPppoe - ok
16:28:59.0560 3736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:28:59.0606 3736 RasSstp - ok
16:28:59.0622 3736 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:28:59.0684 3736 rdbss - ok
16:28:59.0700 3736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:59.0731 3736 rdpbus - ok
16:28:59.0747 3736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:59.0794 3736 RDPCDD - ok
16:28:59.0825 3736 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
16:28:59.0872 3736 RDPDR - ok
16:28:59.0887 3736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:28:59.0934 3736 RDPENCDD - ok
16:28:59.0950 3736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:29:00.0012 3736 RDPREFMP - ok
16:29:00.0028 3736 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:29:00.0090 3736 RDPWD - ok
16:29:00.0106 3736 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:29:00.0137 3736 rdyboost - ok
16:29:00.0168 3736 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:29:00.0199 3736 RFCOMM - ok
16:29:00.0215 3736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:29:00.0277 3736 rspndr - ok
16:29:00.0293 3736 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:29:00.0324 3736 RTL8167 - ok
16:29:00.0355 3736 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
16:29:00.0371 3736 s3cap - ok
16:29:00.0402 3736 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:29:00.0433 3736 sbp2port - ok
16:29:00.0464 3736 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:29:00.0511 3736 scfilter - ok
16:29:00.0527 3736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:29:00.0589 3736 secdrv - ok
16:29:00.0620 3736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:29:00.0636 3736 Serenum - ok
16:29:00.0667 3736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:29:00.0714 3736 Serial - ok
16:29:00.0714 3736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:29:00.0745 3736 sermouse - ok
16:29:00.0776 3736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:29:00.0808 3736 sffdisk - ok
16:29:00.0823 3736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:29:00.0839 3736 sffp_mmc - ok
16:29:00.0886 3736 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:29:00.0917 3736 sffp_sd - ok
16:29:00.0948 3736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:29:00.0979 3736 sfloppy - ok
16:29:01.0010 3736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:29:01.0042 3736 SiSRaid2 - ok
16:29:01.0057 3736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:29:01.0088 3736 SiSRaid4 - ok
16:29:01.0104 3736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:29:01.0166 3736 Smb - ok
16:29:01.0198 3736 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
16:29:01.0229 3736 snapman - ok
16:29:01.0244 3736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:29:01.0276 3736 spldr - ok
16:29:01.0322 3736 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
16:29:01.0322 3736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
16:29:01.0322 3736 sptd ( LockedFile.Multi.Generic ) - warning
16:29:01.0322 3736 sptd - detected LockedFile.Multi.Generic (1)
16:29:01.0354 3736 SRTSP (c2ddf8538a868639289663004a2020c4) C:\Windows\system32\Drivers\SRTSP64.SYS
16:29:01.0385 3736 SRTSP - ok
16:29:01.0416 3736 SRTSPL (bac5f3ad735b0d1c85f48ca00a422cf9) C:\Windows\system32\Drivers\SRTSPL64.SYS
16:29:01.0447 3736 SRTSPL ( UnsignedFile.Multi.Generic ) - warning
16:29:01.0447 3736 SRTSPL - detected UnsignedFile.Multi.Generic (1)
16:29:01.0463 3736 SRTSPX (2bc8cfcd55481b6159ae2fcd09c8a4a6) C:\Windows\system32\Drivers\SRTSPX64.SYS
16:29:01.0494 3736 SRTSPX ( UnsignedFile.Multi.Generic ) - warning
16:29:01.0494 3736 SRTSPX - detected UnsignedFile.Multi.Generic (1)
16:29:01.0525 3736 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:29:01.0556 3736 srv - ok
16:29:01.0588 3736 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:29:01.0619 3736 srv2 - ok
16:29:01.0650 3736 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:29:01.0681 3736 srvnet - ok
16:29:01.0697 3736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:29:01.0728 3736 stexstor - ok
16:29:01.0759 3736 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:29:01.0775 3736 storflt - ok
16:29:01.0790 3736 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
16:29:01.0822 3736 storvsc - ok
16:29:01.0837 3736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:29:01.0868 3736 swenum - ok
16:29:01.0900 3736 SymEvent (6fefa9749bfb5fd8c3a20e5c58817936) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:29:01.0915 3736 SymEvent - ok
16:29:01.0978 3736 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
16:29:02.0040 3736 Tcpip - ok
16:29:02.0087 3736 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
16:29:02.0149 3736 TCPIP6 - ok
16:29:02.0165 3736 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:29:02.0212 3736 tcpipreg - ok
16:29:02.0243 3736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:29:02.0290 3736 TDPIPE - ok
16:29:02.0336 3736 tdrpman251 (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
16:29:02.0383 3736 tdrpman251 - ok
16:29:02.0399 3736 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:29:02.0461 3736 TDTCP - ok
16:29:02.0477 3736 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:29:02.0524 3736 tdx - ok
16:29:02.0539 3736 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:29:02.0555 3736 TermDD - ok
16:29:02.0602 3736 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
16:29:02.0633 3736 timounter - ok
16:29:02.0664 3736 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:29:02.0711 3736 tssecsrv - ok
16:29:02.0726 3736 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:29:02.0789 3736 tunnel - ok
16:29:02.0804 3736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:29:02.0836 3736 uagp35 - ok
16:29:02.0851 3736 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:29:02.0914 3736 udfs - ok
16:29:02.0929 3736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:29:02.0960 3736 uliagpkx - ok
16:29:02.0976 3736 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:29:03.0007 3736 umbus - ok
16:29:03.0038 3736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:29:03.0054 3736 UmPass - ok
16:29:03.0085 3736 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:29:03.0116 3736 usbccgp - ok
16:29:03.0132 3736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:29:03.0179 3736 usbcir - ok
16:29:03.0194 3736 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:29:03.0210 3736 usbehci - ok
16:29:03.0241 3736 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:29:03.0272 3736 usbhub - ok
16:29:03.0288 3736 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:29:03.0304 3736 usbohci - ok
16:29:03.0319 3736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:29:03.0350 3736 usbprint - ok
16:29:03.0382 3736 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:29:03.0413 3736 usbscan - ok
16:29:03.0428 3736 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:29:03.0460 3736 USBSTOR - ok
16:29:03.0475 3736 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:29:03.0506 3736 usbuhci - ok
16:29:03.0522 3736 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
16:29:03.0553 3736 usbvideo - ok
16:29:03.0584 3736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:29:03.0616 3736 vdrvroot - ok
16:29:03.0631 3736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:29:03.0662 3736 vga - ok
16:29:03.0678 3736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:29:03.0725 3736 VgaSave - ok
16:29:03.0756 3736 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:29:03.0787 3736 vhdmp - ok
16:29:03.0803 3736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:29:03.0834 3736 viaide - ok
16:29:03.0865 3736 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
16:29:03.0881 3736 vmbus - ok
16:29:03.0896 3736 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:29:03.0928 3736 VMBusHID - ok
16:29:03.0943 3736 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:29:03.0974 3736 volmgr - ok
16:29:03.0990 3736 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:29:04.0021 3736 volmgrx - ok
16:29:04.0037 3736 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:29:04.0068 3736 volsnap - ok
16:29:04.0084 3736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:29:04.0130 3736 vsmraid - ok
16:29:04.0146 3736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:29:04.0177 3736 vwifibus - ok
16:29:04.0193 3736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:29:04.0224 3736 vwififlt - ok
16:29:04.0240 3736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:29:04.0271 3736 WacomPen - ok
16:29:04.0286 3736 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:04.0349 3736 WANARP - ok
16:29:04.0349 3736 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:04.0411 3736 Wanarpv6 - ok
16:29:04.0442 3736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:29:04.0458 3736 Wd - ok
16:29:04.0489 3736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:29:04.0520 3736 Wdf01000 - ok
16:29:04.0567 3736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:29:04.0614 3736 WfpLwf - ok
16:29:04.0630 3736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:29:04.0661 3736 WIMMount - ok
16:29:04.0708 3736 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:29:04.0739 3736 WinUsb - ok
16:29:04.0754 3736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:29:04.0786 3736 WmiAcpi - ok
16:29:04.0801 3736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:29:04.0848 3736 ws2ifsl - ok
16:29:04.0879 3736 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:29:04.0942 3736 WudfPf - ok
16:29:04.0957 3736 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:05.0020 3736 WUDFRd - ok
16:29:05.0035 3736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:29:05.0129 3736 \Device\Harddisk0\DR0 - ok
16:29:05.0129 3736 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:29:05.0332 3736 \Device\Harddisk1\DR1 - ok
16:29:05.0332 3736 Boot (0x1200) (6af7725c4b33ddbc7a9bf3ca9a4af47c) \Device\Harddisk0\DR0\Partition0
16:29:05.0332 3736 \Device\Harddisk0\DR0\Partition0 - ok
16:29:05.0363 3736 Boot (0x1200) (bc0fe9f0fb46f29c652430bcc14c1ed2) \Device\Harddisk0\DR0\Partition1
16:29:05.0363 3736 \Device\Harddisk0\DR0\Partition1 - ok
16:29:05.0363 3736 Boot (0x1200) (43fab1e1156bdefc58273e28131deeed) \Device\Harddisk1\DR1\Partition0
16:29:05.0363 3736 \Device\Harddisk1\DR1\Partition0 - ok
16:29:05.0363 3736 ============================================================
16:29:05.0363 3736 Scan finished
16:29:05.0363 3736 ============================================================
16:29:05.0378 2936 Detected object count: 3
16:29:05.0378 2936 Actual detected object count: 3
16:29:09.0278 2936 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:29:09.0278 2936 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:29:09.0278 2936 SRTSPL ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:09.0278 2936 SRTSPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:09.0278 2936 SRTSPX ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:09.0278 2936 SRTSPX ( UnsignedFile.Multi.Generic ) - User select action: Skip

Please let me know what next steps I need to take. Again, I sincerely appreciate your help with this!
Helen
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, you're welcome :)

TDSSKiller has cured the main infection you had, which is good to see. Let's now remove a couple of other items in the new OTL log, then we'll do a scan with MBAM, to see if this picks up any additional items.


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 8E 56 00 3C F9 DB 49 BC 5B F5 63 1D 0D 73 AC [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 8E 56 00 3C F9 DB 49 BC 5B F5 63 1D 0D 73 AC [binary data]
    
    :Services
    
    :Reg
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




3)
Just a quick question... Did you set search.us.com as your homepage, or did it change to it without your knowledge?




In your next reply
Please post the contents of...
OTL log
MBAM log
Whether you set your homepage as search.us.com

  • 0

#5
HelenS

HelenS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi BlackOxide,

My default page is supposed to be Google. I have no idea how the page was changed. The homepage changed to that another time and wouldn't allow me to change it back. I'll go ahead and follow the instructions in your reply now.

Thanks!
  • 0

#6
HelenS

HelenS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, I have completed the processes as instructed. Find two requested logs below. Many thanks!


OTL log:
OTL logfile created on: 11/8/2011 5:42:57 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\a\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 58.72% Memory free
8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 663.08 Gb Total Space | 613.23 Gb Free Space | 92.48% Space Free | Partition Type: NTFS
Drive E: | 120.83 Mb Total Space | 8.19 Mb Free Space | 6.78% Space Free | Partition Type: FAT

Computer Name: A-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 12:37:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\a\Downloads\OTL.exe
PRC - [2011/09/09 09:50:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/08 09:48:48 | 000,825,960 | ---- | M] (Fortinet Inc.) -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/12 15:38:34 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/08/28 11:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/24 17:24:14 | 000,275,840 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/07/24 17:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/09 10:08:10 | 000,023,608 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2009/07/09 10:05:00 | 000,021,560 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/18 14:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2008/06/12 03:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006/12/13 19:02:08 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2006/12/13 19:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/12/13 19:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006/12/07 18:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/09 09:50:55 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 15:10:03 | 002,147,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\7e02ce44d03bc0802d8061678feb3356\ReachFramework.ni.dll
MOD - [2011/08/16 15:09:43 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/16 15:09:35 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/16 15:09:33 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/16 15:09:21 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/16 15:09:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/16 15:09:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/16 15:09:10 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/16 15:09:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/28 11:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/24 17:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/07/24 17:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/07/24 17:24:16 | 000,034,088 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009/07/24 17:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/12 18:15:06 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/15 14:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/02/08 09:48:48 | 000,825,960 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/12 18:13:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/12 15:38:34 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 17:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/24 17:24:14 | 000,275,840 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/07/09 10:05:00 | 000,021,560 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2006/12/13 19:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/12/13 19:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 11:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/29 08:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/01/13 09:49:07 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/12 17:21:33 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/12 15:38:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/01/12 15:38:33 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/01/12 15:38:32 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/01/12 15:38:28 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009/08/04 15:14:00 | 001,019,776 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2009/07/21 15:53:06 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 10:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/22 17:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006/11/22 17:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006/11/22 17:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2011/10/18 05:55:24 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\EX64.SYS -- (NAVEX15)
DRV - [2011/10/18 05:55:24 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\ENG64.SYS -- (NAVENG)
DRV - [2011/08/12 03:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/30 03:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/11/22 17:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006/11/22 17:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006/11/22 17:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.search.us.com?user_id=1969836&guid={D9427AA5-2491-4855-B3EF-11A1A7ABDBBC}&s=11
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 0A E6 8E 36 72 CB 01 [binary data]
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\a\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll (Hulu LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/09 09:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/19 08:16:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{81e90980-2fbb-4c51-8460-347a10c86d40}: C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Firefox\ [2010/11/01 18:35:41 | 000,000,000 | ---D | M]

[2011/08/19 08:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\Mozilla\Extensions
[2011/11/08 16:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1j7m3mzw.default\extensions
[2011/08/19 08:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/28 17:30:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/09 09:50:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/27 00:20:44 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll
[2010/12/28 17:30:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/08 16:06:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (PureDef ToolBar) - {E3A80BA5-D967-4eab-891F-A49CADD92835} - C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Toolbop_3.3.dll (Tightrope Interactive)
O3 - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\..\Toolbar\WebBrowser: (PureDef ToolBar) - {E3A80BA5-D967-4EAB-891F-A49CADD92835} - C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Toolbop_3.3.dll (Tightrope Interactive)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vptray] C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66C5D16-332A-4502-B136-80272027CF18}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\g7ps - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 16:06:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 08:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/08 08:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/26 11:14:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/25 15:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/10/25 15:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/10/25 15:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011/10/25 15:43:21 | 000,000,000 | ---D | C] -- C:\rei
[2011/10/25 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/10/20 10:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
[2011/10/20 10:16:22 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2011/10/20 10:16:08 | 000,931,168 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2011/10/20 10:16:08 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/10/20 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2011/10/20 10:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink
[2011/10/20 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\ParetoLogic
[2011/10/20 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\DriverCure
[2011/10/20 09:59:44 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/10/20 09:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2011/10/20 09:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/10/20 09:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic

========== Files - Modified Within 30 Days ==========

[2011/11/08 17:45:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 17:45:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 17:44:36 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 17:44:36 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 17:44:36 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 17:38:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 17:38:25 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 16:06:19 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/08 13:00:01 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\PureDef Toolbar Updater.job
[2011/11/08 08:40:08 | 000,002,093 | ---- | M] () -- C:\Users\a\Desktop\HijackThis.lnk
[2011/11/06 22:28:21 | 000,002,821 | ---- | M] () -- C:\Users\a\Desktop\Microsoft Office Word 2007.lnk
[2011/11/06 22:28:21 | 000,002,781 | ---- | M] () -- C:\Users\a\Desktop\Microsoft Office Excel 2007.lnk
[2011/11/06 22:28:21 | 000,001,058 | ---- | M] () -- C:\Users\a\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/11/06 22:28:21 | 000,001,054 | ---- | M] () -- C:\Users\a\Desktop\SpywareBlaster.lnk
[2011/11/06 00:20:04 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/11/05 23:56:12 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/10/25 15:43:53 | 000,000,272 | ---- | M] () -- C:\Windows\reimage.ini
[2011/10/25 15:43:21 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/10/20 10:07:54 | 000,000,010 | ---- | M] () -- C:\0.bak

========== Files Created - No Company Name ==========

[2011/11/08 08:40:08 | 000,002,093 | ---- | C] () -- C:\Users\a\Desktop\HijackThis.lnk
[2011/10/25 15:48:29 | 000,001,054 | ---- | C] () -- C:\Users\a\Desktop\SpywareBlaster.lnk
[2011/10/25 15:43:39 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/25 15:43:21 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/10/20 10:16:10 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/10/20 10:16:08 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/10/20 10:07:54 | 000,000,010 | ---- | C] () -- C:\0.bak
[2011/10/20 09:59:59 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/10/20 09:59:44 | 000,001,058 | ---- | C] () -- C:\Users\a\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/10/20 09:59:44 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/08/18 00:00:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\46cf1321
[2011/07/27 00:20:45 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2011/07/27 00:20:45 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2010/11/11 23:49:32 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/11 23:03:47 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2010/11/11 23:02:56 | 000,000,919 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/11/11 23:02:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2010/07/02 18:30:09 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/01/12 15:41:00 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Acronis
[2011/07/28 11:14:18 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\AlbumGV
[2011/10/20 09:59:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\DriverCure
[2011/08/14 15:28:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FIXIO PC Utilities
[2010/07/02 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\G7PS
[2010/11/11 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NetMedia Providers
[2011/10/20 09:59:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ParetoLogic
[2010/11/11 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Publish Providers
[2010/11/01 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Search.us.com
[2010/11/12 09:39:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Singlesnet
[2011/07/10 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\wargaming.net
[2010/11/01 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\WeatherBug
[2010/01/12 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\WinBatch
[2011/11/05 23:56:12 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/11/06 00:20:04 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/11/08 13:00:01 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\PureDef Toolbar Updater.job
[2009/07/14 00:08:49 | 000,012,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

mbam log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8120

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/8/2011 6:00:22 PM
mbam-log-2011-11-08 (18-00-22).txt

Scan type: Quick scan
Objects scanned: 170454
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. We're making good progress :)

Lets now remove the search.us.com items and then run a Full Scan with Kaspersky, to see if any other items are still lurking.


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.search.us.com?user_id=1969836&guid={D9427AA5-2491-4855-B3EF-11A1A7ABDBBC}&s=11
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{81e90980-2fbb-4c51-8460-347a10c86d40}: C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Firefox\ [2010/11/01 18:35:41 | 000,000,000 | ---D | M]
    O3 - HKLM\..\Toolbar: (PureDef ToolBar) - {E3A80BA5-D967-4eab-891F-A49CADD92835} - C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Toolbop_3.3.dll (Tightrope Interactive)
    O3 - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\..\Toolbar\WebBrowser: (PureDef ToolBar) - {E3A80BA5-D967-4EAB-891F-A49CADD92835} - C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Toolbop_3.3.dll (Tightrope Interactive)
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
After you have run the OTL fix above, try changing your homepage back to Google. It should hopefully work now.




3)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


  • Then click on Actions on the left hand side
  • Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
  • Click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




In your next reply
Please post the contents of...
OTL log
Kaspersky log

  • 0

#8
HelenS

HelenS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Below is new OTL log (by the way, OTL was detected/identified as malware by Kaspersky Virus Removal tool).

OTL logfile created on: 11/8/2011 7:58:50 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\a\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.23% Memory free
8.00 Gb Paging File | 6.54 Gb Available in Paging File | 81.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 663.08 Gb Total Space | 613.21 Gb Free Space | 92.48% Space Free | Partition Type: NTFS
Drive E: | 120.83 Mb Total Space | 8.19 Mb Free Space | 6.78% Space Free | Partition Type: FAT

Computer Name: A-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 12:37:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\a\Downloads\OTL.exe
PRC - [2011/09/09 09:50:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/08 09:48:48 | 000,825,960 | ---- | M] (Fortinet Inc.) -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/12 15:38:34 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/08/28 11:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/24 17:24:14 | 000,275,840 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/07/24 17:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/09 10:08:10 | 000,023,608 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2009/07/09 10:05:00 | 000,021,560 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/18 14:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2008/06/12 03:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006/12/13 19:02:08 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2006/12/13 19:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/12/13 19:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006/12/07 18:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/09 09:50:55 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 15:10:03 | 002,147,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\7e02ce44d03bc0802d8061678feb3356\ReachFramework.ni.dll
MOD - [2011/08/16 15:09:43 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/16 15:09:35 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/16 15:09:33 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/16 15:09:21 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/16 15:09:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/16 15:09:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/16 15:09:10 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/16 15:09:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/28 11:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/24 17:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/07/24 17:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/07/24 17:24:16 | 000,034,088 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009/07/24 17:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/12 18:15:06 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/15 14:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/08 09:48:48 | 000,825,960 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/12 18:13:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/12 15:38:34 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 17:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/24 17:24:14 | 000,275,840 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/07/09 10:05:00 | 000,021,560 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2006/12/13 19:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/12/13 19:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/12/07 18:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 11:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/06/29 08:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/01/13 09:49:07 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/12 17:21:33 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/12 15:38:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/01/12 15:38:33 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/01/12 15:38:32 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/01/12 15:38:28 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009/08/04 15:14:00 | 001,019,776 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2009/07/21 15:53:06 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 10:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/22 17:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006/11/22 17:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006/11/22 17:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2011/10/18 05:55:24 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\EX64.SYS -- (NAVEX15)
DRV - [2011/10/18 05:55:24 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\ENG64.SYS -- (NAVENG)
DRV - [2011/08/12 03:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/30 03:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/11/22 17:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006/11/22 17:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006/11/22 17:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 0A E6 8E 36 72 CB 01 [binary data]
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\a\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll (Hulu LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/09 09:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/19 08:16:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{81e90980-2fbb-4c51-8460-347a10c86d40}: C:\Users\a\AppData\Roaming\Search.us.com\PureDef Toolbar\Firefox\ [2010/11/01 18:35:41 | 000,000,000 | ---D | M]

[2011/08/19 08:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\Mozilla\Extensions
[2011/11/08 16:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1j7m3mzw.default\extensions
[2011/08/19 08:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/28 17:30:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/09 09:50:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/27 00:20:44 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll
[2010/12/28 17:30:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/08 19:55:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-2761828439-3317831160-844858389-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vptray] C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66C5D16-332A-4502-B136-80272027CF18}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\g7ps - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 17:56:50 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 17:56:19 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Malwarebytes
[2011/11/08 17:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 17:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 17:56:10 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/08 17:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/08 16:06:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 08:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/08 08:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/26 11:14:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/25 15:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/10/25 15:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/10/25 15:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011/10/25 15:43:21 | 000,000,000 | ---D | C] -- C:\rei
[2011/10/25 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/10/20 10:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
[2011/10/20 10:16:22 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2011/10/20 10:16:08 | 000,931,168 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2011/10/20 10:16:08 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/10/20 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2011/10/20 10:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink
[2011/10/20 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\ParetoLogic
[2011/10/20 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\DriverCure
[2011/10/20 09:59:44 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/10/20 09:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2011/10/20 09:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/10/20 09:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic

========== Files - Modified Within 30 Days ==========

[2011/11/08 20:02:46 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 20:02:46 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 20:02:46 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 19:56:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 19:56:11 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 19:55:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/08 19:47:07 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 19:47:07 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 18:00:01 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/11/08 17:56:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 17:56:14 | 000,001,133 | ---- | M] () -- C:\Users\a\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/08 17:56:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 13:00:01 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\PureDef Toolbar Updater.job
[2011/11/08 08:40:08 | 000,002,093 | ---- | M] () -- C:\Users\a\Desktop\HijackThis.lnk
[2011/11/06 22:28:21 | 000,002,821 | ---- | M] () -- C:\Users\a\Desktop\Microsoft Office Word 2007.lnk
[2011/11/06 22:28:21 | 000,002,781 | ---- | M] () -- C:\Users\a\Desktop\Microsoft Office Excel 2007.lnk
[2011/11/06 22:28:21 | 000,001,058 | ---- | M] () -- C:\Users\a\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/11/06 22:28:21 | 000,001,054 | ---- | M] () -- C:\Users\a\Desktop\SpywareBlaster.lnk
[2011/11/06 00:20:04 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/10/25 15:43:53 | 000,000,272 | ---- | M] () -- C:\Windows\reimage.ini
[2011/10/25 15:43:21 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/10/20 10:07:54 | 000,000,010 | ---- | M] () -- C:\0.bak

========== Files Created - No Company Name ==========

[2011/11/08 17:56:14 | 000,001,133 | ---- | C] () -- C:\Users\a\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/08 17:56:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 08:40:08 | 000,002,093 | ---- | C] () -- C:\Users\a\Desktop\HijackThis.lnk
[2011/10/25 15:48:29 | 000,001,054 | ---- | C] () -- C:\Users\a\Desktop\SpywareBlaster.lnk
[2011/10/25 15:43:39 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/25 15:43:21 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/10/20 10:16:10 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/10/20 10:16:08 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/10/20 10:07:54 | 000,000,010 | ---- | C] () -- C:\0.bak
[2011/10/20 09:59:59 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/10/20 09:59:44 | 000,001,058 | ---- | C] () -- C:\Users\a\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/10/20 09:59:44 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/08/18 00:00:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\46cf1321
[2011/07/27 00:20:45 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2011/07/27 00:20:45 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2010/11/11 23:49:32 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/11 23:03:47 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2010/11/11 23:02:56 | 000,000,919 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/11/11 23:02:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2010/07/02 18:30:09 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/01/12 15:41:00 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Acronis
[2011/07/28 11:14:18 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\AlbumGV
[2011/10/20 09:59:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\DriverCure
[2011/08/14 15:28:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FIXIO PC Utilities
[2010/07/02 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\G7PS
[2010/11/11 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NetMedia Providers
[2011/10/20 09:59:52 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ParetoLogic
[2010/11/11 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Publish Providers
[2010/11/01 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Search.us.com
[2010/11/12 09:39:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Singlesnet
[2011/07/10 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\wargaming.net
[2010/11/01 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\WeatherBug
[2010/01/12 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\WinBatch
[2011/11/08 18:00:01 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/11/06 00:20:04 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/11/08 13:00:01 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\PureDef Toolbar Updater.job
[2009/07/14 00:08:49 | 000,012,894 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Kaspersky Virus removal log:

Status: Deleted (events: 22)
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200001.VBN High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200001.VBN//CryptZ High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200002.VBN High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200002.VBN//CryptZ High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200003.VBN High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200003.VBN//CryptZ High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200004.VBN High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200004.VBN//CryptZ High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200005.VBN High
11/8/2011 8:34:31 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200005.VBN//CryptZ High
11/8/2011 8:34:32 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.ch C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15940003.VBN High
11/8/2011 8:34:32 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.ch C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15940003.VBN//CryptZ High
11/8/2011 8:34:32 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.ch C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15940003.VBN//CryptZ/buildService/MailAgent.class High
11/8/2011 8:34:32 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.szba C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10BC0000\5EFF996F.VBN High
11/8/2011 8:34:32 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.szba C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10BC0000\5EFF996F.VBN//CryptZ High
11/8/2011 8:34:32 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.szba C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10C00000\5EC3F512.VBN High
11/8/2011 8:34:32 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.szba C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10C00000\5EC3F512.VBN//CryptZ High
11/8/2011 8:34:33 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200000\5F61D06B.VBN High
11/8/2011 8:34:33 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11200000\5F61D06B.VBN//CryptZ High
11/8/2011 8:34:34 PM Deleted Trojan program Backdoor.Win64.ZAccess.ah C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00000\5FB969A5.VBN High
11/8/2011 8:34:34 PM Deleted Trojan program Backdoor.Win64.ZAccess.ah C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B00000\5FB969A5.VBN//CryptZ High
11/8/2011 9:40:01 PM Deleted Trojan program Trojan.Win32.Inject.bpox C:\_OTL\MovedFiles\11082011_160609\C_Users\a\AppData\Local\Temp\winupd.exe High
Status: Detected (events: 1)
11/8/2011 9:41:35 PM Detected unknown threat UDS:DangerousObject.Multi.Generic C:\_OTL\MovedFiles\11082011_160609\C_Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-032.dll High
  • 0

#9
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

(by the way, OTL was detected/identified as malware by Kaspersky Virus Removal tool)

Kaspersky had just detected a couple of files that had already been removed and put in the OTL quarantine folder. This folder will be cleared at the end anyway :)


Could you let me know if you are still experiencing any of the 3 problems you initially mentioned in your first post?
  • 0

#10
HelenS

HelenS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi BlackOxide,

The issues have stopped :). My PC is running faster too! I am so very grateful for your help!
  • 0

#11
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem Helen, you're welcome :)

As everything seems back to normal, I'll post the final cleanup steps. If you have any further queries, just let me know, otherwise you should be good to go :)




Good stuff, your logs now appear clean :yes:

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected

Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove TDSSKiller from the Desktop (if present)


2)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

3)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :)
BlackOxide

  • 0

#12
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP