Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Daughter needs help with Vista Home Premium SP 2 Malware Help Needed [

Started by beabruin , Jan 16 2012 09:42 AM

  • This topic is locked This topic is locked

#1
beabruin
Posted 16 January 2012 - 09:42 AM

beabruin

    Member

  • Member
  • PipPip
  • 73 posts
I'm working on my daughter's HP Pavilion dv6700 laptop to either repair a virus or trojan or malware, or most likely to be able to backup the necessary files so I can do a clean install. The computer started acting strange a month ago but she just told me about it this weekend.

Problems include, unable to load the valid Antivirus Software Webroot Antivirus with Spysweeper which has a valid license until April 2012. My daughter obviously didn't pay attention to startup dialog boxes and such. My guess is there was some sort of hard drive or memory glitch causing the AV software to stop loading & protecting the laptop. I'm also actively trying to reinstall the AV software but of course she can't find the disks so I may need to pay for a duplicate or get a d/l from the web.

There are many problems including other problems that are unable to load when Windows boots. Attached is the OTL log I ran this morning as a starting point.

I don't have much hope I will be able to repair this installation of Vista and will most likely need to reinstall it or purchase Windows 7. If you need more info, please let me know. Thanks for your help.

OTL Logs below:


OTL logfile created on: 1/16/2012 10:18:45 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\_admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.64% Memory free
6.18 Gb Paging File | 5.73 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 114.25 Gb Free Space | 51.65% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 2.02 Gb Free Space | 17.30% Space Free | Partition Type: NTFS

Computer Name: CARUDA | User Name: _admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\_admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ()
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110929.032\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110929.032\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys ()
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090811.002\IDSvix86.sys (Symantec Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..keyword.URL: "http://supertoolbar....ocale=en_US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/31 19:45:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 19:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 19:22:11 | 000,000,000 | ---D | M]

[2009/12/23 10:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_admin\AppData\Roaming\Mozilla\Extensions
[2012/01/16 06:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions
[2009/12/23 11:02:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 06:52:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/08 04:24:33 | 000,000,000 | ---D | M] ("Webroot Toolbar") -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]
[2011/11/08 04:24:31 | 000,002,426 | ---- | M] () -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\searchplugins\askcom.xml
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/05/06 20:22:31 | 000,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2009/02/09 14:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [w0ucS2ibDp8234A] C:\Windows\System32\YRL9gTXqjCkVz.exe ()
O4 - HKLM..\Run: [WinampAgent] "C:\Users\owner\Desktop\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [\\mac001ff3d8ffdd\EPSON Artisan 800] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Artisan 800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter File not found
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.183.102.115 66.179.168.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C187B1F-FC4B-45FF-8753-2264EA38E7AD}: DhcpNameServer = 216.183.102.115 66.179.168.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE41FC19-29CB-4C60-8950-CADE512413A1}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (y Packages settings...) - File not found
O30 - LSA: Security Packages - (gs...) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 08:18:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\Shell\AutoRun\command - "" = F:\BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\Shell\explore\command - "" = F:\BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\Shell\open\command - "" = F:\.////BOOTEX/thumbcache_131.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 08:38:44 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\lgTXqjYCeIrOtAu
[2012/01/16 08:38:42 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\rhTXwjUCeIrPyAu
[2012/01/16 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\LdEK8gRZ9YwUeIt
[2012/01/16 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\hPNycA1uv2b4m5Q
[2012/01/16 06:56:21 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Local\AskToolbar
[2012/01/16 06:56:14 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Local\Winamp Toolbar
[2012/01/16 06:47:29 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\WsQJ7dEK8R9YwUe
[2012/01/16 06:47:28 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\h7dEL8gRZhXk
[2011/11/05 14:55:13 | 000,821,760 | ---- | C] (JetBrains s.r.o) -- C:\ProgramData\privacy.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 10:17:52 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/16 10:17:52 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/16 10:13:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 10:09:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{06187970-DAC0-4331-8623-EB5BFBB697A6}.job
[2012/01/16 08:49:39 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/16 08:49:39 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/16 08:46:09 | 000,002,678 | ---- | M] () -- C:\Users\_admin\Desktop\Windows Compatibility Report.htm
[2012/01/16 08:32:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 08:32:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 08:32:20 | 314,467,661 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/16 06:50:56 | 000,001,807 | ---- | M] () -- C:\Users\_admin\AppData\Roaming\ldr.ini
[2012/01/02 19:34:27 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2012/01/02 19:33:01 | 000,000,312 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2012/01/02 19:22:19 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/16 08:46:09 | 000,002,678 | ---- | C] () -- C:\Users\_admin\Desktop\Windows Compatibility Report.htm
[2012/01/16 07:17:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/01/16 07:17:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/01/02 19:22:19 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/02 19:22:19 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/08 05:11:18 | 000,001,807 | ---- | C] () -- C:\Users\_admin\AppData\Roaming\ldr.ini
[2011/11/05 15:27:31 | 000,000,680 | ---- | C] () -- C:\Users\_admin\AppData\Local\d3d9caps.dat
[2011/11/04 17:57:04 | 000,000,312 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/04 17:57:04 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/04 17:56:56 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/11/04 17:56:46 | 000,305,120 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/09/30 20:57:20 | 002,413,568 | ---- | C] () -- C:\Windows\System32\YRL9gTXqjCkVz.exe
[2011/05/28 01:04:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/07 15:04:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/24 08:34:00 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/04/24 07:43:07 | 000,004,608 | ---- | C] () -- C:\Users\_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 21:12:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 21:12:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/08 12:13:34 | 000,280,112 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.sys
[2008/12/13 15:58:21 | 000,121,368 | ---- | C] () -- C:\Windows\hpoins15.dat
[2008/12/13 15:58:21 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2008/08/31 20:26:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/31 20:26:32 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2008/08/31 20:26:18 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2008/08/30 21:39:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/19 02:57:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/07/19 02:57:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/07/19 02:56:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/01 08:33:22 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/13 10:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 10:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 10:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 10:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,315,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

< End of report >
  • 0

Advertisements

#2
Nedklaw
Posted 16 January 2012 - 10:02 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, beabruin! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for beabruin only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Whilst I am reviewing your log, could you please do the following:

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Things I want to see in your next reply

  • aswMBR.txt
  • 0

#3
beabruin
Posted 16 January 2012 - 01:14 PM

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Thanks for you assistance. While I was waiting for your reply, I determined I had an issue with Open Cloud Security. Using the Geeks to go instructions, I downloaded Malwarebytes Anti-Malware trial and scanned & cleaned the Open Cloud Security. One problem down, several more to go.

After I read your post, I downloaded aswMBR and ran it. Here's the log below.

aswMBR Log file

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 13:45:57
-----------------------------
13:45:57.366 OS Version: Windows 6.0.6002 Service Pack 2
13:45:57.366 Number of processors: 2 586 0xF0D
13:45:57.382 ComputerName: CARUDA UserName: _admin
13:46:20.907 Initialize success
13:48:07.839 AVAST engine defs: 12011600
13:48:36.840 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:48:36.855 Disk 0 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
13:48:36.949 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
13:48:36.949 Disk 1 Vendor: ( Size: 1950MB BusType: 12
13:48:36.980 Disk 0 MBR read successfully
13:48:36.980 Disk 0 MBR scan
13:48:36.996 Disk 0 unknown MBR code
13:48:36.996 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226502 MB offset 63
13:48:37.027 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11970 MB offset 463876875
13:48:37.058 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 488392065
13:48:37.058 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
13:48:37.074 Disk 0 scanning sectors +488397152
13:48:37.542 Disk 0 scanning C:\Windows\system32\drivers
13:48:52.627 File: C:\Windows\system32\drivers\srtsp.sys **INFECTED** Win32:Alureon-AMW [Rtk]
13:48:58.976 Disk 0 trace - called modules:
13:48:59.007 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x9040aca0]<<
13:48:59.007 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b22ac8]
13:48:59.023 3 CLASSPNP.SYS[8b1a68b3] -> nt!IofCallDriver -> [0x8ab24ae8]
13:48:59.023 \Driver\00001737[0x8ab24030] -> IRP_MJ_CREATE -> 0x9040aca0
13:49:00.411 AVAST engine scan C:\Windows
13:49:05.216 AVAST engine scan C:\Windows\system32
13:53:06.116 AVAST engine scan C:\Windows\system32\drivers
13:53:23.792 File: C:\Windows\system32\drivers\srtsp.sys **INFECTED** Win32:Alureon-AMW [Rtk]
13:53:31.015 AVAST engine scan C:\Users\_admin
13:55:17.878 AVAST engine scan C:\ProgramData
13:59:21.845 Scan finished successfully
14:10:13.083 Disk 0 MBR has been saved successfully to "C:\Users\_admin\Desktop\MBR.dat"
14:10:13.099 The log file has been saved successfully to "C:\Users\_admin\Desktop\aswMBR.txt"
  • 0

#4
Nedklaw
Posted 16 January 2012 - 05:12 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer 3 options.
  • Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.

    Posted Image

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Things I want to see in your next reply

  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • 0

#5
beabruin
Posted 17 January 2012 - 08:33 AM

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
TDSSKiller Log

09:19:46.0094 4212 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
09:19:46.0375 4212 ============================================================
09:19:46.0375 4212 Current date / time: 2012/01/17 09:19:46.0375
09:19:46.0375 4212 SystemInfo:
09:19:46.0375 4212
09:19:46.0500 4212 OS Version: 6.0.6002 ServicePack: 2.0
09:19:46.0500 4212 Product type: Workstation
09:19:46.0500 4212 ComputerName: CARUDA
09:19:46.0500 4212 UserName: _admin
09:19:46.0500 4212 Windows directory: C:\Windows
09:19:46.0500 4212 System windows directory: C:\Windows
09:19:46.0500 4212 Processor architecture: Intel x86
09:19:46.0500 4212 Number of processors: 2
09:19:46.0500 4212 Page size: 0x1000
09:19:46.0500 4212 Boot type: Normal boot
09:19:46.0500 4212 ============================================================
09:19:47.0732 4212 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:19:47.0857 4212 Initialize success
09:20:08.0636 2764 ============================================================
09:20:08.0636 2764 Scan started
09:20:08.0636 2764 Mode: Manual; SigCheck; TDLFS;
09:20:08.0636 2764 ============================================================
09:20:09.0432 2764 1cf6efbe ( Rootkit.Win32.PMax.gen ) - infected
09:20:09.0432 2764 1cf6efbe - detected Rootkit.Win32.PMax.gen (0)
09:20:09.0900 2764 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:20:10.0071 2764 ACPI - ok
09:20:10.0159 2764 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
09:20:10.0204 2764 adp94xx - ok
09:20:10.0339 2764 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
09:20:10.0389 2764 adpahci - ok
09:20:10.0469 2764 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
09:20:10.0514 2764 adpu160m - ok
09:20:10.0674 2764 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
09:20:10.0709 2764 adpu320 - ok
09:20:10.0864 2764 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:20:10.0973 2764 AFD - ok
09:20:11.0066 2764 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
09:20:11.0098 2764 agp440 - ok
09:20:11.0207 2764 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:20:11.0238 2764 aic78xx - ok
09:20:11.0425 2764 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
09:20:11.0456 2764 aliide - ok
09:20:11.0519 2764 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
09:20:11.0550 2764 amdagp - ok
09:20:11.0597 2764 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
09:20:11.0628 2764 amdide - ok
09:20:11.0690 2764 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
09:20:11.0878 2764 AmdK7 - ok
09:20:11.0987 2764 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
09:20:12.0080 2764 AmdK8 - ok
09:20:12.0174 2764 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
09:20:12.0221 2764 arc - ok
09:20:12.0283 2764 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
09:20:12.0346 2764 arcsas - ok
09:20:12.0408 2764 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:20:12.0502 2764 AsyncMac - ok
09:20:12.0704 2764 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:20:12.0736 2764 atapi - ok
09:20:12.0892 2764 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:20:13.0189 2764 BCM43XV - ok
09:20:13.0392 2764 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:20:13.0485 2764 Beep - ok
09:20:13.0579 2764 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
09:20:13.0673 2764 blbdrive - ok
09:20:13.0766 2764 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:20:13.0844 2764 bowser - ok
09:20:13.0907 2764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:20:14.0016 2764 BrFiltLo - ok
09:20:14.0094 2764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:20:14.0187 2764 BrFiltUp - ok
09:20:14.0266 2764 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:20:14.0422 2764 Brserid - ok
09:20:14.0532 2764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:20:14.0703 2764 BrSerWdm - ok
09:20:14.0828 2764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:20:14.0984 2764 BrUsbMdm - ok
09:20:15.0062 2764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:20:15.0140 2764 BrUsbSer - ok
09:20:15.0234 2764 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
09:20:15.0280 2764 BTCFilterService - ok
09:20:15.0343 2764 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:20:15.0421 2764 BTHMODEM - ok
09:20:15.0561 2764 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
09:20:15.0608 2764 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
09:20:15.0608 2764 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
09:20:15.0670 2764 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:20:15.0717 2764 cdfs - ok
09:20:15.0795 2764 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:20:15.0873 2764 cdrom - ok
09:20:15.0951 2764 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
09:20:16.0029 2764 circlass - ok
09:20:16.0107 2764 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:20:16.0138 2764 CLFS - ok
09:20:16.0248 2764 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:20:16.0310 2764 CmBatt - ok
09:20:16.0357 2764 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
09:20:16.0388 2764 cmdide - ok
09:20:16.0450 2764 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:20:16.0466 2764 Compbatt - ok
09:20:16.0575 2764 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
09:20:16.0591 2764 crcdisk - ok
09:20:16.0700 2764 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
09:20:16.0778 2764 Crusoe - ok
09:20:16.0887 2764 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:20:16.0950 2764 DfsC - ok
09:20:17.0090 2764 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:20:17.0152 2764 disk - ok
09:20:17.0246 2764 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:20:17.0355 2764 drmkaud - ok
09:20:17.0636 2764 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:20:17.0730 2764 DXGKrnl - ok
09:20:17.0839 2764 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:20:17.0948 2764 E1G60 - ok
09:20:18.0057 2764 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:20:18.0104 2764 Ecache - ok
09:20:18.0213 2764 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:20:18.0307 2764 eeCtrl - ok
09:20:18.0463 2764 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
09:20:18.0541 2764 elxstor - ok
09:20:18.0619 2764 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:20:18.0650 2764 EraserUtilRebootDrv - ok
09:20:18.0759 2764 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
09:20:18.0806 2764 ErrDev - ok
09:20:18.0931 2764 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:20:19.0024 2764 exfat - ok
09:20:19.0149 2764 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:20:19.0196 2764 fastfat - ok
09:20:19.0258 2764 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:20:19.0368 2764 fdc - ok
09:20:19.0524 2764 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:20:19.0555 2764 FileInfo - ok
09:20:19.0648 2764 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:20:19.0726 2764 Filetrace - ok
09:20:19.0758 2764 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:20:19.0836 2764 flpydisk - ok
09:20:19.0976 2764 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:20:20.0023 2764 FltMgr - ok
09:20:20.0101 2764 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:20:20.0163 2764 Fs_Rec - ok
09:20:20.0257 2764 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
09:20:20.0319 2764 gagp30kx - ok
09:20:20.0413 2764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:20:20.0444 2764 GEARAspiWDM - ok
09:20:20.0569 2764 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:20:20.0740 2764 HdAudAddService - ok
09:20:20.0974 2764 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:20:21.0037 2764 HDAudBus - ok
09:20:21.0240 2764 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:20:21.0333 2764 HidBth - ok
09:20:21.0396 2764 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:20:21.0505 2764 HidIr - ok
09:20:21.0598 2764 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:20:21.0676 2764 HidUsb - ok
09:20:21.0754 2764 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:20:21.0786 2764 HpCISSs - ok
09:20:21.0848 2764 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:20:21.0895 2764 HpqKbFiltr - ok
09:20:22.0644 2764 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
09:20:22.0737 2764 HpqRemHid - ok
09:20:22.0878 2764 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:20:22.0940 2764 HSFHWAZL - ok
09:20:23.0049 2764 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:20:23.0236 2764 HSF_DPV - ok
09:20:23.0455 2764 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:20:23.0580 2764 HTTP - ok
09:20:23.0689 2764 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:20:23.0736 2764 i2omp - ok
09:20:23.0860 2764 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:20:23.0938 2764 i8042prt - ok
09:20:24.0032 2764 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
09:20:24.0063 2764 iaStor - ok
09:20:24.0250 2764 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:20:24.0297 2764 iaStorV - ok
09:20:24.0469 2764 IDSvix86 (74f2b7d99b8613eac36edf22a2ab3b08) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
09:20:24.0484 2764 IDSvix86 - ok
09:20:24.0750 2764 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:20:24.0984 2764 igfx - ok
09:20:25.0093 2764 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:20:25.0140 2764 iirsp - ok
09:20:25.0342 2764 IntcAzAudAddService (2967e9c168cb5e0108a8a243ae179bad) C:\Windows\system32\drivers\RTKVHDA.sys
09:20:25.0530 2764 IntcAzAudAddService - ok
09:20:25.0732 2764 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:20:25.0764 2764 intelide - ok
09:20:25.0857 2764 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:20:25.0920 2764 intelppm - ok
09:20:26.0013 2764 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:20:26.0138 2764 IpFilterDriver - ok
09:20:26.0185 2764 IpInIp - ok
09:20:26.0247 2764 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:20:26.0356 2764 IPMIDRV - ok
09:20:26.0450 2764 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:20:26.0481 2764 IPNAT - ok
09:20:26.0559 2764 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:20:26.0606 2764 IRENUM - ok
09:20:26.0700 2764 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:20:26.0746 2764 isapnp - ok
09:20:26.0856 2764 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:20:26.0871 2764 iScsiPrt - ok
09:20:27.0043 2764 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:20:27.0074 2764 iteatapi - ok
09:20:27.0183 2764 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:20:27.0230 2764 iteraid - ok
09:20:27.0339 2764 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:20:27.0370 2764 kbdclass - ok
09:20:27.0526 2764 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:20:27.0620 2764 kbdhid - ok
09:20:27.0807 2764 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:20:27.0916 2764 KSecDD - ok
09:20:28.0057 2764 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:20:28.0166 2764 lltdio - ok
09:20:28.0260 2764 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:20:28.0291 2764 LSI_FC - ok
09:20:28.0431 2764 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:20:28.0462 2764 LSI_SAS - ok
09:20:28.0509 2764 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:20:28.0540 2764 LSI_SCSI - ok
09:20:28.0634 2764 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:20:28.0696 2764 luafv - ok
09:20:28.0774 2764 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
09:20:28.0790 2764 MBAMProtector - ok
09:20:28.0852 2764 MCSTRM - ok
09:20:28.0915 2764 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:20:28.0962 2764 megasas - ok
09:20:29.0102 2764 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:20:29.0196 2764 MegaSR - ok
09:20:29.0383 2764 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:20:29.0476 2764 Modem - ok
09:20:29.0508 2764 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:20:29.0586 2764 monitor - ok
09:20:29.0773 2764 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\Windows\system32\DRIVERS\motccgp.sys
09:20:29.0882 2764 motccgp - ok
09:20:29.0913 2764 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
09:20:30.0007 2764 motccgpfl - ok
09:20:30.0132 2764 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\Windows\system32\DRIVERS\motmodem.sys
09:20:30.0225 2764 motmodem - ok
09:20:30.0350 2764 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
09:20:30.0412 2764 MotoSwitchService - ok
09:20:30.0523 2764 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
09:20:30.0585 2764 Motousbnet - ok
09:20:30.0710 2764 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys
09:20:30.0819 2764 motusbdevice - ok
09:20:30.0913 2764 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:20:30.0959 2764 mouclass - ok
09:20:31.0037 2764 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:20:31.0131 2764 mouhid - ok
09:20:31.0193 2764 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:20:31.0209 2764 MountMgr - ok
09:20:31.0287 2764 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:20:31.0334 2764 mpio - ok
09:20:31.0412 2764 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:20:31.0474 2764 mpsdrv - ok
09:20:31.0568 2764 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:20:31.0615 2764 Mraid35x - ok
09:20:31.0739 2764 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:20:31.0849 2764 MRxDAV - ok
09:20:31.0989 2764 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:20:32.0067 2764 mrxsmb - ok
09:20:32.0239 2764 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:20:32.0363 2764 mrxsmb10 - ok
09:20:32.0691 2764 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:20:32.0769 2764 mrxsmb20 - ok
09:20:32.0863 2764 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
09:20:32.0894 2764 msahci - ok
09:20:33.0050 2764 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:20:33.0097 2764 msdsm - ok
09:20:33.0159 2764 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:20:33.0206 2764 Msfs - ok
09:20:33.0284 2764 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:20:33.0299 2764 msisadrv - ok
09:20:33.0362 2764 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:20:33.0424 2764 MSKSSRV - ok
09:20:33.0471 2764 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:20:33.0518 2764 MSPCLOCK - ok
09:20:33.0565 2764 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:20:33.0611 2764 MSPQM - ok
09:20:33.0814 2764 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:20:33.0845 2764 MsRPC - ok
09:20:33.0908 2764 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:20:33.0923 2764 mssmbios - ok
09:20:33.0955 2764 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:20:34.0033 2764 MSTEE - ok
09:20:34.0235 2764 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:20:34.0267 2764 Mup - ok
09:20:34.0407 2764 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:20:34.0501 2764 NativeWifiP - ok
09:20:34.0625 2764 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110929.032\NAVENG.SYS
09:20:34.0672 2764 NAVENG - ok
09:20:34.0797 2764 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110929.032\NAVEX15.SYS
09:20:34.0906 2764 NAVEX15 - ok
09:20:35.0093 2764 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:20:35.0312 2764 NDIS - ok
09:20:35.0468 2764 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:20:35.0577 2764 NdisTapi - ok
09:20:35.0624 2764 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:20:35.0686 2764 Ndisuio - ok
09:20:35.0811 2764 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:20:35.0936 2764 NdisWan - ok
09:20:36.0061 2764 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:20:36.0170 2764 NDProxy - ok
09:20:36.0279 2764 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:20:36.0357 2764 NetBIOS - ok
09:20:36.0419 2764 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:20:36.0482 2764 netbt - ok
09:20:36.0731 2764 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
09:20:36.0981 2764 NETw4v32 - ok
09:20:37.0121 2764 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:20:37.0153 2764 nfrd960 - ok
09:20:37.0231 2764 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:20:37.0277 2764 Npfs - ok
09:20:37.0387 2764 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:20:37.0449 2764 nsiproxy - ok
09:20:37.0683 2764 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:20:37.0808 2764 Ntfs - ok
09:20:37.0901 2764 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:20:37.0964 2764 ntrigdigi - ok
09:20:37.0995 2764 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:20:38.0026 2764 Null - ok
09:20:38.0104 2764 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
09:20:38.0245 2764 NVENETFD - ok
09:20:38.0463 2764 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:20:38.0510 2764 nvraid - ok
09:20:38.0557 2764 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:20:38.0619 2764 nvstor - ok
09:20:38.0775 2764 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:20:38.0822 2764 nv_agp - ok
09:20:38.0869 2764 NwlnkFlt - ok
09:20:38.0978 2764 NwlnkFwd - ok
09:20:39.0056 2764 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:20:39.0118 2764 ohci1394 - ok
09:20:39.0181 2764 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:20:39.0290 2764 Parport - ok
09:20:39.0415 2764 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:20:39.0430 2764 partmgr - ok
09:20:39.0508 2764 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:20:39.0571 2764 Parvdm - ok
09:20:39.0711 2764 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:20:39.0742 2764 pci - ok
09:20:39.0789 2764 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
09:20:39.0836 2764 pciide - ok
09:20:39.0914 2764 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:20:39.0961 2764 pcmcia - ok
09:20:40.0039 2764 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:20:40.0195 2764 PEAUTH - ok
09:20:40.0366 2764 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:20:40.0429 2764 PptpMiniport - ok
09:20:40.0647 2764 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:20:40.0725 2764 Processor - ok
09:20:40.0865 2764 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:20:40.0943 2764 PSched - ok
09:20:41.0255 2764 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:20:41.0396 2764 ql2300 - ok
09:20:41.0552 2764 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:20:41.0614 2764 ql40xx - ok
09:20:41.0661 2764 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:20:41.0723 2764 QWAVEdrv - ok
09:20:41.0801 2764 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:20:41.0879 2764 RasAcd - ok
09:20:41.0957 2764 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:20:42.0035 2764 Rasl2tp - ok
09:20:42.0113 2764 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:20:42.0191 2764 RasPppoe - ok
09:20:42.0316 2764 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:20:42.0332 2764 RasSstp - ok
09:20:42.0410 2764 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:20:42.0441 2764 rdbss - ok
09:20:42.0488 2764 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:20:42.0519 2764 RDPCDD - ok
09:20:42.0597 2764 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
09:20:42.0659 2764 rdpdr - ok
09:20:42.0784 2764 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:20:42.0862 2764 RDPENCDD - ok
09:20:42.0956 2764 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:20:43.0018 2764 RDPWD - ok
09:20:43.0143 2764 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:20:43.0205 2764 rimmptsk - ok
09:20:43.0221 2764 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:20:43.0283 2764 rimsptsk - ok
09:20:43.0299 2764 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
09:20:43.0361 2764 rismxdp - ok
09:20:43.0549 2764 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:20:43.0595 2764 rspndr - ok
09:20:43.0673 2764 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:20:43.0751 2764 RTL8169 - ok
09:20:43.0876 2764 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:20:43.0939 2764 sbp2port - ok
09:20:44.0048 2764 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
09:20:44.0141 2764 sdbus - ok
09:20:44.0219 2764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:20:44.0329 2764 secdrv - ok
09:20:44.0547 2764 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:20:44.0609 2764 Serenum - ok
09:20:44.0656 2764 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:20:44.0734 2764 Serial - ok
09:20:44.0953 2764 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:20:45.0015 2764 sermouse - ok
09:20:45.0077 2764 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
09:20:45.0124 2764 sffdisk - ok
09:20:45.0171 2764 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:20:45.0249 2764 sffp_mmc - ok
09:20:45.0311 2764 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:20:45.0389 2764 sffp_sd - ok
09:20:45.0452 2764 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:20:45.0592 2764 sfloppy - ok
09:20:45.0717 2764 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:20:45.0733 2764 sisagp - ok
09:20:45.0811 2764 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:20:45.0842 2764 SiSRaid2 - ok
09:20:45.0889 2764 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:20:45.0935 2764 SiSRaid4 - ok
09:20:46.0076 2764 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:20:46.0107 2764 Smb - ok
09:20:46.0201 2764 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
09:20:46.0435 2764 smserial - ok
09:20:46.0591 2764 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:20:46.0653 2764 SPBBCDrv - ok
09:20:46.0762 2764 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:20:46.0793 2764 spldr - ok
09:20:46.0903 2764 SRTSP (481e6043982980524ea723dc42a845da) C:\Windows\system32\Drivers\SRTSP.SYS
09:20:46.0903 2764 Suspicious file (Forged): C:\Windows\system32\Drivers\SRTSP.SYS. Real md5: 481e6043982980524ea723dc42a845da, Fake md5: 522651a0e7dc6415e083317370b609cc
09:20:46.0903 2764 SRTSP ( Rootkit.Win32.ZAccess.e ) - infected
09:20:46.0903 2764 SRTSP - detected Rootkit.Win32.ZAccess.e (0)
09:20:47.0074 2764 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\Windows\system32\Drivers\SRTSPL.SYS
09:20:47.0168 2764 SRTSPL - ok
09:20:47.0277 2764 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\Windows\system32\Drivers\SRTSPX.SYS
09:20:47.0324 2764 SRTSPX - ok
09:20:47.0433 2764 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:20:47.0542 2764 srv - ok
09:20:47.0651 2764 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:20:47.0714 2764 srv2 - ok
09:20:47.0823 2764 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:20:47.0839 2764 srvnet - ok
09:20:47.0917 2764 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
09:20:47.0932 2764 ssfs0bbc - ok
09:20:48.0010 2764 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\Windows\system32\DRIVERS\sshrmd.sys
09:20:48.0026 2764 sshrmd - ok
09:20:48.0135 2764 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\DRIVERS\ssidrv.sys
09:20:48.0151 2764 ssidrv - ok
09:20:48.0275 2764 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:20:48.0322 2764 swenum - ok
09:20:48.0369 2764 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:20:48.0416 2764 Symc8xx - ok
09:20:48.0478 2764 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:20:48.0525 2764 SymEvent - ok
09:20:48.0634 2764 SymIMMP - ok
09:20:48.0743 2764 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\Windows\System32\Drivers\SYMREDRV.SYS
09:20:48.0790 2764 SYMREDRV - ok
09:20:48.0868 2764 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\Windows\System32\Drivers\SYMTDI.SYS
09:20:48.0899 2764 SYMTDI - ok
09:20:49.0040 2764 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:20:49.0118 2764 Sym_hi - ok
09:20:49.0211 2764 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:20:49.0274 2764 Sym_u3 - ok
09:20:49.0352 2764 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
09:20:49.0414 2764 SynTP - ok
09:20:49.0586 2764 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
09:20:49.0679 2764 Tcpip - ok
09:20:49.0898 2764 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
09:20:50.0069 2764 Tcpip6 - ok
09:20:50.0210 2764 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:20:50.0241 2764 tcpipreg - ok
09:20:50.0335 2764 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:20:50.0381 2764 TDPIPE - ok
09:20:50.0444 2764 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:20:50.0553 2764 TDTCP - ok
09:20:50.0662 2764 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:20:50.0740 2764 tdx - ok
09:20:50.0818 2764 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:20:50.0865 2764 TermDD - ok
09:20:50.0974 2764 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:20:51.0052 2764 tssecsrv - ok
09:20:51.0473 2764 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:20:51.0583 2764 tunmp - ok
09:20:52.0144 2764 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:20:52.0253 2764 tunnel - ok
09:20:52.0487 2764 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:20:52.0534 2764 uagp35 - ok
09:20:53.0018 2764 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:20:53.0111 2764 udfs - ok
09:20:53.0470 2764 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:20:53.0533 2764 uliagpkx - ok
09:20:53.0673 2764 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:20:53.0720 2764 uliahci - ok
09:20:53.0876 2764 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:20:53.0923 2764 UlSata - ok
09:20:54.0016 2764 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:20:54.0063 2764 ulsata2 - ok
09:20:54.0110 2764 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:20:54.0219 2764 umbus - ok
09:20:54.0437 2764 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
09:20:54.0515 2764 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
09:20:54.0515 2764 USBAAPL - detected UnsignedFile.Multi.Generic (1)
09:20:54.0859 2764 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:20:54.0921 2764 usbccgp - ok
09:20:55.0327 2764 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:20:55.0467 2764 usbcir - ok
09:20:55.0951 2764 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:20:56.0107 2764 usbehci - ok
09:20:56.0543 2764 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:20:56.0637 2764 usbhub - ok
09:20:56.0824 2764 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
09:20:56.0949 2764 usbohci - ok
09:20:57.0573 2764 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:20:57.0682 2764 usbprint - ok
09:20:58.0213 2764 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:20:58.0244 2764 USBSTOR - ok
09:20:58.0556 2764 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:20:58.0665 2764 usbuhci - ok
09:20:58.0852 2764 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:20:58.0946 2764 usbvideo - ok
09:20:59.0570 2764 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:20:59.0663 2764 vga - ok
09:21:00.0287 2764 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:21:00.0428 2764 VgaSave - ok
09:21:00.0724 2764 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:21:00.0818 2764 viaagp - ok
09:21:00.0989 2764 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:21:01.0067 2764 ViaC7 - ok
09:21:01.0613 2764 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
09:21:01.0660 2764 viaide - ok
09:21:02.0019 2764 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:21:02.0050 2764 volmgr - ok
09:21:02.0612 2764 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:21:02.0659 2764 volmgrx - ok
09:21:03.0002 2764 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:21:03.0049 2764 volsnap - ok
09:21:03.0345 2764 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:21:03.0439 2764 vsmraid - ok
09:21:03.0829 2764 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:21:04.0016 2764 WacomPen - ok
09:21:04.0624 2764 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:21:04.0687 2764 Wanarp - ok
09:21:04.0749 2764 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:21:04.0780 2764 Wanarpv6 - ok
09:21:04.0921 2764 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:21:04.0952 2764 Wd - ok
09:21:05.0373 2764 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:21:05.0467 2764 Wdf01000 - ok
09:21:05.0779 2764 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:21:05.0935 2764 winachsf - ok
09:21:06.0637 2764 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:21:06.0699 2764 WmiAcpi - ok
09:21:07.0183 2764 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:21:07.0307 2764 WpdUsb - ok
09:21:07.0713 2764 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:21:07.0822 2764 ws2ifsl - ok
09:21:07.0931 2764 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:21:08.0025 2764 WUDFRd - ok
09:21:08.0056 2764 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
09:21:09.0055 2764 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:21:09.0055 2764 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:21:09.0101 2764 Boot (0x1200) (0298555a6eea010cd3c199e30391c393) \Device\Harddisk0\DR0\Partition0
09:21:09.0211 2764 \Device\Harddisk0\DR0\Partition0 - ok
09:21:09.0257 2764 Boot (0x1200) (486b6d319a106d46b6871fbb06ea3800) \Device\Harddisk0\DR0\Partition1
09:21:09.0351 2764 \Device\Harddisk0\DR0\Partition1 - ok
09:21:09.0351 2764 ============================================================
09:21:09.0351 2764 Scan finished
09:21:09.0351 2764 ============================================================
09:21:09.0367 5008 Detected object count: 5
09:21:09.0367 5008 Actual detected object count: 5
09:23:06.0881 5008 1cf6efbe ( Rootkit.Win32.PMax.gen ) - skipped by user
09:23:06.0881 5008 1cf6efbe ( Rootkit.Win32.PMax.gen ) - User select action: Skip
09:23:06.0881 5008 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:06.0881 5008 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:07.0100 5008 Backup copy found, using it..
09:23:07.0178 5008 C:\Windows\system32\Drivers\SRTSP.SYS - will be cured on reboot
09:23:23.0402 5008 SRTSP ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
09:23:23.0402 5008 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:23.0402 5008 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:23.0402 5008 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:23:23.0402 5008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:23:29.0455 4136 Deinitialize success
  • 0

#6
Nedklaw
Posted 17 January 2012 - 04:35 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Run TDSSKiller using the same instructions as before and when you get to the following screen, 1cf6efbe and the TDSS File System needs to be changed from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove 1cf6efbe and the TDSS File System.

Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 2

  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
  • Right-click the 2MB partition and then click Delete Volume.
  • Click Yes to delete the volume.
  • Reboot your computer.

Step 3

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

Step 4

Re-run aswMBR.exe.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Things I want to see in your next reply

  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • MBRCheck Report
  • aswMBR.txt
  • 0

#7
beabruin
Posted 18 January 2012 - 07:08 AM

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Contents of TDSSkiller log from this morning.

07:25:45.0331 4576 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
07:25:48.0545 4576 ============================================================
07:25:48.0545 4576 Current date / time: 2012/01/18 07:25:48.0545
07:25:48.0545 4576 SystemInfo:
07:25:48.0545 4576
07:25:48.0545 4576 OS Version: 6.0.6002 ServicePack: 2.0
07:25:48.0545 4576 Product type: Workstation
07:25:48.0545 4576 ComputerName: CARUDA
07:25:48.0545 4576 UserName: _admin
07:25:48.0545 4576 Windows directory: C:\Windows
07:25:48.0545 4576 System windows directory: C:\Windows
07:25:48.0545 4576 Processor architecture: Intel x86
07:25:48.0545 4576 Number of processors: 2
07:25:48.0545 4576 Page size: 0x1000
07:25:48.0545 4576 Boot type: Normal boot
07:25:48.0545 4576 ============================================================
07:25:49.0200 4576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:25:49.0247 4576 Initialize success
07:25:57.0967 4300 ============================================================
07:25:57.0967 4300 Scan started
07:25:57.0967 4300 Mode: Manual; SigCheck; TDLFS;
07:25:57.0967 4300 ============================================================
07:25:58.0856 4300 1cf6efbe ( Rootkit.Win32.PMax.gen ) - infected
07:25:58.0856 4300 1cf6efbe - detected Rootkit.Win32.PMax.gen (0)
07:25:59.0012 4300 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
07:25:59.0121 4300 ACPI - ok
07:25:59.0215 4300 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
07:25:59.0262 4300 adp94xx - ok
07:25:59.0324 4300 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
07:25:59.0355 4300 adpahci - ok
07:25:59.0433 4300 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
07:25:59.0465 4300 adpu160m - ok
07:25:59.0511 4300 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
07:25:59.0543 4300 adpu320 - ok
07:25:59.0652 4300 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
07:25:59.0714 4300 AFD - ok
07:25:59.0808 4300 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
07:25:59.0839 4300 agp440 - ok
07:25:59.0901 4300 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:25:59.0933 4300 aic78xx - ok
07:25:59.0979 4300 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:26:00.0011 4300 aliide - ok
07:26:00.0057 4300 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
07:26:00.0089 4300 amdagp - ok
07:26:00.0135 4300 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
07:26:00.0151 4300 amdide - ok
07:26:00.0229 4300 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
07:26:00.0385 4300 AmdK7 - ok
07:26:00.0432 4300 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
07:26:00.0479 4300 AmdK8 - ok
07:26:00.0588 4300 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
07:26:00.0619 4300 arc - ok
07:26:00.0681 4300 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
07:26:00.0713 4300 arcsas - ok
07:26:00.0775 4300 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:26:00.0837 4300 AsyncMac - ok
07:26:00.0915 4300 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
07:26:00.0931 4300 atapi - ok
07:26:01.0071 4300 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
07:26:01.0290 4300 BCM43XV - ok
07:26:01.0352 4300 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:26:01.0383 4300 Beep - ok
07:26:01.0446 4300 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
07:26:01.0508 4300 blbdrive - ok
07:26:01.0602 4300 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
07:26:01.0664 4300 bowser - ok
07:26:01.0727 4300 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:26:01.0836 4300 BrFiltLo - ok
07:26:01.0898 4300 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:26:01.0961 4300 BrFiltUp - ok
07:26:02.0039 4300 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:26:02.0163 4300 Brserid - ok
07:26:02.0210 4300 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:26:02.0304 4300 BrSerWdm - ok
07:26:02.0382 4300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:26:02.0460 4300 BrUsbMdm - ok
07:26:02.0507 4300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:26:02.0569 4300 BrUsbSer - ok
07:26:02.0663 4300 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
07:26:02.0725 4300 BTCFilterService - ok
07:26:02.0787 4300 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:26:02.0881 4300 BTHMODEM - ok
07:26:03.0006 4300 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
07:26:03.0053 4300 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
07:26:03.0053 4300 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
07:26:03.0115 4300 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:26:03.0162 4300 cdfs - ok
07:26:03.0255 4300 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
07:26:03.0302 4300 cdrom - ok
07:26:03.0349 4300 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
07:26:03.0411 4300 circlass - ok
07:26:03.0489 4300 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
07:26:03.0521 4300 CLFS - ok
07:26:03.0614 4300 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:26:03.0661 4300 CmBatt - ok
07:26:03.0708 4300 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
07:26:03.0723 4300 cmdide - ok
07:26:03.0770 4300 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:26:03.0801 4300 Compbatt - ok
07:26:03.0833 4300 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
07:26:03.0848 4300 crcdisk - ok
07:26:03.0911 4300 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
07:26:03.0973 4300 Crusoe - ok
07:26:04.0082 4300 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
07:26:04.0145 4300 DfsC - ok
07:26:04.0269 4300 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
07:26:04.0285 4300 disk - ok
07:26:04.0379 4300 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:26:04.0410 4300 drmkaud - ok
07:26:04.0503 4300 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
07:26:04.0535 4300 DXGKrnl - ok
07:26:04.0597 4300 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:26:04.0659 4300 E1G60 - ok
07:26:04.0784 4300 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
07:26:04.0815 4300 Ecache - ok
07:26:04.0909 4300 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:26:04.0971 4300 eeCtrl - ok
07:26:05.0065 4300 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
07:26:05.0096 4300 elxstor - ok
07:26:05.0174 4300 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:26:05.0205 4300 EraserUtilRebootDrv - ok
07:26:05.0268 4300 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
07:26:05.0315 4300 ErrDev - ok
07:26:05.0393 4300 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
07:26:05.0471 4300 exfat - ok
07:26:05.0549 4300 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
07:26:05.0580 4300 fastfat - ok
07:26:05.0658 4300 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
07:26:05.0705 4300 fdc - ok
07:26:05.0751 4300 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:26:05.0783 4300 FileInfo - ok
07:26:05.0814 4300 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:26:05.0861 4300 Filetrace - ok
07:26:05.0939 4300 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
07:26:06.0001 4300 flpydisk - ok
07:26:06.0079 4300 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
07:26:06.0110 4300 FltMgr - ok
07:26:06.0188 4300 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
07:26:06.0235 4300 Fs_Rec - ok
07:26:06.0282 4300 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
07:26:06.0297 4300 gagp30kx - ok
07:26:06.0407 4300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:26:06.0422 4300 GEARAspiWDM - ok
07:26:06.0500 4300 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
07:26:06.0594 4300 HdAudAddService - ok
07:26:06.0672 4300 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:26:06.0719 4300 HDAudBus - ok
07:26:06.0797 4300 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:26:06.0890 4300 HidBth - ok
07:26:06.0953 4300 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
07:26:07.0062 4300 HidIr - ok
07:26:07.0124 4300 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
07:26:07.0171 4300 HidUsb - ok
07:26:07.0233 4300 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
07:26:07.0265 4300 HpCISSs - ok
07:26:07.0327 4300 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
07:26:07.0374 4300 HpqKbFiltr - ok
07:26:07.0436 4300 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
07:26:07.0467 4300 HpqRemHid - ok
07:26:07.0561 4300 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:26:07.0623 4300 HSFHWAZL - ok
07:26:07.0701 4300 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
07:26:07.0826 4300 HSF_DPV - ok
07:26:07.0904 4300 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
07:26:07.0998 4300 HTTP - ok
07:26:08.0091 4300 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
07:26:08.0123 4300 i2omp - ok
07:26:08.0169 4300 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:26:08.0232 4300 i8042prt - ok
07:26:08.0325 4300 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
07:26:08.0341 4300 iaStor - ok
07:26:08.0435 4300 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
07:26:08.0466 4300 iaStorV - ok
07:26:08.0575 4300 IDSvix86 (74f2b7d99b8613eac36edf22a2ab3b08) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
07:26:08.0606 4300 IDSvix86 - ok
07:26:08.0700 4300 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:26:08.0887 4300 igfx - ok
07:26:08.0981 4300 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:26:08.0996 4300 iirsp - ok
07:26:09.0137 4300 IntcAzAudAddService (2967e9c168cb5e0108a8a243ae179bad) C:\Windows\system32\drivers\RTKVHDA.sys
07:26:09.0293 4300 IntcAzAudAddService - ok
07:26:09.0339 4300 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:26:09.0371 4300 intelide - ok
07:26:09.0433 4300 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:26:09.0480 4300 intelppm - ok
07:26:09.0527 4300 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:26:09.0589 4300 IpFilterDriver - ok
07:26:09.0620 4300 IpInIp - ok
07:26:09.0651 4300 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
07:26:09.0698 4300 IPMIDRV - ok
07:26:09.0761 4300 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:26:09.0807 4300 IPNAT - ok
07:26:09.0854 4300 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:26:09.0917 4300 IRENUM - ok
07:26:09.0963 4300 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
07:26:09.0995 4300 isapnp - ok
07:26:10.0057 4300 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:26:10.0088 4300 iScsiPrt - ok
07:26:10.0151 4300 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:26:10.0182 4300 iteatapi - ok
07:26:10.0244 4300 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:26:10.0275 4300 iteraid - ok
07:26:10.0307 4300 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:26:10.0338 4300 kbdclass - ok
07:26:10.0400 4300 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
07:26:10.0463 4300 kbdhid - ok
07:26:10.0541 4300 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
07:26:10.0572 4300 KSecDD - ok
07:26:10.0665 4300 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:26:10.0712 4300 lltdio - ok
07:26:10.0775 4300 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
07:26:10.0806 4300 LSI_FC - ok
07:26:10.0853 4300 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
07:26:10.0884 4300 LSI_SAS - ok
07:26:10.0946 4300 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
07:26:10.0977 4300 LSI_SCSI - ok
07:26:11.0024 4300 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:26:11.0071 4300 luafv - ok
07:26:11.0165 4300 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
07:26:11.0196 4300 MBAMProtector - ok
07:26:11.0243 4300 MCSTRM - ok
07:26:11.0321 4300 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
07:26:11.0336 4300 megasas - ok
07:26:11.0399 4300 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
07:26:11.0430 4300 MegaSR - ok
07:26:11.0477 4300 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:26:11.0539 4300 Modem - ok
07:26:11.0601 4300 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:26:11.0633 4300 monitor - ok
07:26:11.0711 4300 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\Windows\system32\DRIVERS\motccgp.sys
07:26:11.0789 4300 motccgp - ok
07:26:11.0820 4300 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
07:26:11.0882 4300 motccgpfl - ok
07:26:11.0976 4300 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\Windows\system32\DRIVERS\motmodem.sys
07:26:12.0054 4300 motmodem - ok
07:26:12.0163 4300 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
07:26:12.0194 4300 MotoSwitchService - ok
07:26:12.0272 4300 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
07:26:12.0319 4300 Motousbnet - ok
07:26:12.0397 4300 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys
07:26:12.0459 4300 motusbdevice - ok
07:26:12.0506 4300 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:26:12.0522 4300 mouclass - ok
07:26:12.0569 4300 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:26:12.0631 4300 mouhid - ok
07:26:12.0693 4300 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:26:12.0709 4300 MountMgr - ok
07:26:12.0771 4300 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
07:26:12.0803 4300 mpio - ok
07:26:12.0849 4300 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:26:12.0896 4300 mpsdrv - ok
07:26:12.0959 4300 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:26:12.0990 4300 Mraid35x - ok
07:26:13.0052 4300 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:26:13.0115 4300 MRxDAV - ok
07:26:13.0208 4300 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:26:13.0255 4300 mrxsmb - ok
07:26:13.0333 4300 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:26:13.0364 4300 mrxsmb10 - ok
07:26:13.0395 4300 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:26:13.0427 4300 mrxsmb20 - ok
07:26:13.0505 4300 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
07:26:13.0520 4300 msahci - ok
07:26:13.0567 4300 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
07:26:13.0598 4300 msdsm - ok
07:26:13.0645 4300 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:26:13.0692 4300 Msfs - ok
07:26:13.0739 4300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:26:13.0754 4300 msisadrv - ok
07:26:13.0832 4300 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:26:13.0895 4300 MSKSSRV - ok
07:26:13.0941 4300 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:26:13.0988 4300 MSPCLOCK - ok
07:26:14.0019 4300 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:26:14.0066 4300 MSPQM - ok
07:26:14.0144 4300 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:26:14.0175 4300 MsRPC - ok
07:26:14.0238 4300 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:26:14.0253 4300 mssmbios - ok
07:26:14.0316 4300 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:26:14.0363 4300 MSTEE - ok
07:26:14.0394 4300 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:26:14.0425 4300 Mup - ok
07:26:14.0519 4300 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:26:14.0565 4300 NativeWifiP - ok
07:26:14.0675 4300 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110929.032\NAVENG.SYS
07:26:14.0706 4300 NAVENG - ok
07:26:14.0799 4300 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110929.032\NAVEX15.SYS
07:26:14.0909 4300 NAVEX15 - ok
07:26:15.0049 4300 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:26:15.0080 4300 NDIS - ok
07:26:15.0158 4300 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:26:15.0252 4300 NdisTapi - ok
07:26:15.0299 4300 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:26:15.0330 4300 Ndisuio - ok
07:26:15.0408 4300 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:26:15.0470 4300 NdisWan - ok
07:26:15.0517 4300 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:26:15.0579 4300 NDProxy - ok
07:26:15.0626 4300 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:26:15.0673 4300 NetBIOS - ok
07:26:15.0735 4300 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:26:15.0767 4300 netbt - ok
07:26:15.0891 4300 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
07:26:16.0079 4300 NETw4v32 - ok
07:26:16.0172 4300 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:26:16.0203 4300 nfrd960 - ok
07:26:16.0281 4300 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:26:16.0328 4300 Npfs - ok
07:26:16.0359 4300 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:26:16.0422 4300 nsiproxy - ok
07:26:16.0515 4300 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:26:16.0593 4300 Ntfs - ok
07:26:16.0687 4300 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:26:16.0749 4300 ntrigdigi - ok
07:26:16.0781 4300 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:26:16.0827 4300 Null - ok
07:26:16.0890 4300 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
07:26:17.0015 4300 NVENETFD - ok
07:26:17.0093 4300 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
07:26:17.0124 4300 nvraid - ok
07:26:17.0186 4300 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
07:26:17.0217 4300 nvstor - ok
07:26:17.0264 4300 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
07:26:17.0295 4300 nv_agp - ok
07:26:17.0327 4300 NwlnkFlt - ok
07:26:17.0342 4300 NwlnkFwd - ok
07:26:17.0420 4300 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
07:26:17.0451 4300 ohci1394 - ok
07:26:17.0545 4300 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:26:17.0607 4300 Parport - ok
07:26:17.0670 4300 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
07:26:17.0685 4300 partmgr - ok
07:26:17.0732 4300 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:26:17.0810 4300 Parvdm - ok
07:26:17.0873 4300 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:26:17.0904 4300 pci - ok
07:26:17.0982 4300 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
07:26:18.0013 4300 pciide - ok
07:26:18.0060 4300 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:26:18.0091 4300 pcmcia - ok
07:26:18.0169 4300 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:26:18.0263 4300 PEAUTH - ok
07:26:18.0341 4300 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:26:18.0403 4300 PptpMiniport - ok
07:26:18.0481 4300 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
07:26:18.0528 4300 Processor - ok
07:26:18.0621 4300 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:26:18.0668 4300 PSched - ok
07:26:18.0762 4300 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
07:26:18.0871 4300 ql2300 - ok
07:26:18.0980 4300 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:26:19.0011 4300 ql40xx - ok
07:26:19.0074 4300 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:26:19.0105 4300 QWAVEdrv - ok
07:26:19.0167 4300 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:26:19.0214 4300 RasAcd - ok
07:26:19.0261 4300 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:26:19.0308 4300 Rasl2tp - ok
07:26:19.0417 4300 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:26:19.0479 4300 RasPppoe - ok
07:26:19.0526 4300 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:26:19.0557 4300 RasSstp - ok
07:26:19.0635 4300 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:26:19.0667 4300 rdbss - ok
07:26:19.0713 4300 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:26:19.0745 4300 RDPCDD - ok
07:26:19.0838 4300 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
07:26:19.0885 4300 rdpdr - ok
07:26:19.0916 4300 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:26:19.0963 4300 RDPENCDD - ok
07:26:20.0025 4300 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
07:26:20.0072 4300 RDPWD - ok
07:26:20.0135 4300 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
07:26:20.0181 4300 rimmptsk - ok
07:26:20.0259 4300 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
07:26:20.0306 4300 rimsptsk - ok
07:26:20.0353 4300 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
07:26:20.0400 4300 rismxdp - ok
07:26:20.0462 4300 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:26:20.0493 4300 rspndr - ok
07:26:20.0556 4300 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
07:26:20.0634 4300 RTL8169 - ok
07:26:20.0712 4300 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:26:20.0759 4300 sbp2port - ok
07:26:20.0837 4300 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
07:26:20.0883 4300 sdbus - ok
07:26:20.0930 4300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:26:20.0993 4300 secdrv - ok
07:26:21.0039 4300 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:26:21.0102 4300 Serenum - ok
07:26:21.0149 4300 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:26:21.0227 4300 Serial - ok
07:26:21.0305 4300 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:26:21.0336 4300 sermouse - ok
07:26:21.0398 4300 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
07:26:21.0429 4300 sffdisk - ok
07:26:21.0476 4300 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
07:26:21.0523 4300 sffp_mmc - ok
07:26:21.0585 4300 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:26:21.0632 4300 sffp_sd - ok
07:26:21.0679 4300 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:26:21.0757 4300 sfloppy - ok
07:26:21.0851 4300 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
07:26:21.0866 4300 sisagp - ok
07:26:21.0913 4300 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
07:26:21.0944 4300 SiSRaid2 - ok
07:26:21.0991 4300 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
07:26:22.0022 4300 SiSRaid4 - ok
07:26:22.0100 4300 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:26:22.0131 4300 Smb - ok
07:26:22.0241 4300 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
07:26:22.0412 4300 smserial - ok
07:26:22.0553 4300 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
07:26:22.0615 4300 SPBBCDrv - ok
07:26:22.0662 4300 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:26:22.0693 4300 spldr - ok
07:26:22.0724 4300 SRTSP (522651a0e7dc6415e083317370b609cc) C:\Windows\system32\Drivers\SRTSP.SYS
07:26:22.0755 4300 SRTSP - ok
07:26:22.0802 4300 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\Windows\system32\Drivers\SRTSPL.SYS
07:26:22.0833 4300 SRTSPL - ok
07:26:22.0880 4300 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\Windows\system32\Drivers\SRTSPX.SYS
07:26:22.0911 4300 SRTSPX - ok
07:26:22.0974 4300 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
07:26:23.0021 4300 srv - ok
07:26:23.0145 4300 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
07:26:23.0208 4300 srv2 - ok
07:26:23.0270 4300 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
07:26:23.0286 4300 srvnet - ok
07:26:23.0379 4300 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
07:26:23.0395 4300 ssfs0bbc - ok
07:26:23.0426 4300 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\Windows\system32\DRIVERS\sshrmd.sys
07:26:23.0442 4300 sshrmd - ok
07:26:23.0473 4300 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\DRIVERS\ssidrv.sys
07:26:23.0504 4300 ssidrv - ok
07:26:23.0582 4300 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:26:23.0613 4300 swenum - ok
07:26:23.0660 4300 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:26:23.0691 4300 Symc8xx - ok
07:26:23.0769 4300 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
07:26:23.0801 4300 SymEvent - ok
07:26:23.0832 4300 SymIMMP - ok
07:26:23.0910 4300 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\Windows\System32\Drivers\SYMREDRV.SYS
07:26:23.0925 4300 SYMREDRV - ok
07:26:23.0988 4300 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\Windows\System32\Drivers\SYMTDI.SYS
07:26:24.0019 4300 SYMTDI - ok
07:26:24.0066 4300 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:26:24.0097 4300 Sym_hi - ok
07:26:24.0159 4300 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:26:24.0191 4300 Sym_u3 - ok
07:26:24.0237 4300 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
07:26:24.0269 4300 SynTP - ok
07:26:24.0393 4300 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
07:26:24.0471 4300 Tcpip - ok
07:26:24.0549 4300 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
07:26:24.0596 4300 Tcpip6 - ok
07:26:24.0690 4300 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
07:26:24.0721 4300 tcpipreg - ok
07:26:24.0799 4300 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:26:24.0846 4300 TDPIPE - ok
07:26:24.0908 4300 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:26:24.0971 4300 TDTCP - ok
07:26:25.0049 4300 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:26:25.0080 4300 tdx - ok
07:26:25.0158 4300 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:26:25.0189 4300 TermDD - ok
07:26:25.0267 4300 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:26:25.0314 4300 tssecsrv - ok
07:26:25.0392 4300 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:26:25.0439 4300 tunmp - ok
07:26:25.0517 4300 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:26:25.0548 4300 tunnel - ok
07:26:25.0610 4300 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
07:26:25.0641 4300 uagp35 - ok
07:26:25.0704 4300 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:26:25.0751 4300 udfs - ok
07:26:25.0844 4300 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
07:26:25.0875 4300 uliagpkx - ok
07:26:25.0938 4300 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
07:26:25.0985 4300 uliahci - ok
07:26:26.0047 4300 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:26:26.0078 4300 UlSata - ok
07:26:26.0141 4300 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:26:26.0172 4300 ulsata2 - ok
07:26:26.0219 4300 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:26:26.0281 4300 umbus - ok
07:26:26.0406 4300 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
07:26:26.0437 4300 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
07:26:26.0437 4300 USBAAPL - detected UnsignedFile.Multi.Generic (1)
07:26:26.0484 4300 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:26:26.0531 4300 usbccgp - ok
07:26:26.0577 4300 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:26:26.0655 4300 usbcir - ok
07:26:26.0765 4300 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
07:26:26.0827 4300 usbehci - ok
07:26:26.0874 4300 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
07:26:26.0936 4300 usbhub - ok
07:26:26.0999 4300 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
07:26:27.0045 4300 usbohci - ok
07:26:27.0123 4300 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
07:26:27.0170 4300 usbprint - ok
07:26:27.0264 4300 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:26:27.0295 4300 USBSTOR - ok
07:26:27.0342 4300 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:26:27.0404 4300 usbuhci - ok
07:26:27.0467 4300 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
07:26:27.0513 4300 usbvideo - ok
07:26:27.0607 4300 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
07:26:27.0669 4300 vga - ok
07:26:27.0716 4300 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:26:27.0763 4300 VgaSave - ok
07:26:27.0825 4300 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
07:26:27.0857 4300 viaagp - ok
07:26:27.0919 4300 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
07:26:27.0966 4300 ViaC7 - ok
07:26:28.0044 4300 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
07:26:28.0059 4300 viaide - ok
07:26:28.0106 4300 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:26:28.0122 4300 volmgr - ok
07:26:28.0215 4300 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
07:26:28.0231 4300 volmgrx - ok
07:26:28.0309 4300 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
07:26:28.0340 4300 volsnap - ok
07:26:28.0403 4300 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
07:26:28.0434 4300 vsmraid - ok
07:26:28.0512 4300 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:26:28.0605 4300 WacomPen - ok
07:26:28.0652 4300 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:26:28.0683 4300 Wanarp - ok
07:26:28.0699 4300 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:26:28.0730 4300 Wanarpv6 - ok
07:26:28.0761 4300 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
07:26:28.0793 4300 Wd - ok
07:26:28.0855 4300 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:26:28.0902 4300 Wdf01000 - ok
07:26:29.0011 4300 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
07:26:29.0120 4300 winachsf - ok
07:26:29.0214 4300 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:26:29.0229 4300 WmiAcpi - ok
07:26:29.0339 4300 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
07:26:29.0401 4300 WpdUsb - ok
07:26:29.0463 4300 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:26:29.0526 4300 ws2ifsl - ok
07:26:29.0604 4300 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:26:29.0666 4300 WUDFRd - ok
07:26:29.0697 4300 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
07:26:29.0791 4300 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:26:29.0791 4300 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:26:29.0807 4300 Boot (0x1200) (0298555a6eea010cd3c199e30391c393) \Device\Harddisk0\DR0\Partition0
07:26:29.0807 4300 \Device\Harddisk0\DR0\Partition0 - ok
07:26:29.0807 4300 Boot (0x1200) (486b6d319a106d46b6871fbb06ea3800) \Device\Harddisk0\DR0\Partition1
07:26:29.0807 4300 \Device\Harddisk0\DR0\Partition1 - ok
07:26:29.0807 4300 ============================================================
07:26:29.0807 4300 Scan finished
07:26:29.0807 4300 ============================================================
07:26:29.0822 4956 Detected object count: 4
07:26:29.0822 4956 Actual detected object count: 4
07:26:44.0907 4956 HKLM\SYSTEM\ControlSet001\services\1cf6efbe - will be deleted on reboot
07:26:44.0939 4956 HKLM\SYSTEM\ControlSet003\services\1cf6efbe - will be deleted on reboot
07:26:44.0954 4956 C:\Windows\3203397148:3809022017.exe - will be deleted on reboot
07:26:44.0954 4956 1cf6efbe ( Rootkit.Win32.PMax.gen ) - User select action: Delete
07:26:44.0954 4956 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
07:26:44.0954 4956 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:26:44.0970 4956 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
07:26:44.0970 4956 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:26:44.0970 4956 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:26:44.0970 4956 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:26:56.0155 4340 Deinitialize success

aswMBR log from this morning.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-18 07:58:05
-----------------------------
07:58:05.005 OS Version: Windows 6.0.6002 Service Pack 2
07:58:05.005 Number of processors: 2 586 0xF0D
07:58:05.005 ComputerName: CARUDA UserName: _admin
07:58:06.160 Initialize success
07:58:14.350 AVAST engine defs: 12011800
07:58:22.992 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:58:23.008 Disk 0 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
07:58:23.086 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
07:58:23.086 Disk 1 Vendor: ( Size: 1950MB BusType: 12
07:58:23.117 Disk 0 MBR read successfully
07:58:23.117 Disk 0 MBR scan
07:58:23.133 Disk 0 unknown MBR code
07:58:23.133 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226502 MB offset 63
07:58:23.164 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11970 MB offset 463876875
07:58:23.179 Disk 0 scanning sectors +488392065
07:58:23.226 Disk 0 scanning C:\Windows\system32\drivers
07:58:38.171 Service scanning
07:58:39.981 Modules scanning
07:58:47.188 Disk 0 trace - called modules:
07:58:47.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
07:58:47.219 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bbeac8]
07:58:47.219 3 CLASSPNP.SYS[8af9f8b3] -> nt!IofCallDriver -> [0x85774900]
07:58:47.235 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85773028]
07:58:48.186 AVAST engine scan C:\Windows
07:58:51.961 AVAST engine scan C:\Windows\system32
08:01:43.933 AVAST engine scan C:\Windows\system32\drivers
08:01:58.624 AVAST engine scan C:\Users\_admin
08:03:51.094 AVAST engine scan C:\ProgramData
08:05:34.200 Disk 0 MBR has been saved successfully to "C:\Users\_admin\Desktop\MBR.dat"
08:05:34.216 The log file has been saved successfully to "C:\Users\_admin\Desktop\aswMBR.18012012.txt"


Also is the attached file from the MBRCheck program.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 165):
0x82843000 \SystemRoot\system32\ntkrnlpa.exe
0x82810000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\system32\drivers\acpi.sys
0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E7000 \SystemRoot\system32\drivers\pci.sys
0x8070E000 \SystemRoot\System32\drivers\partmgr.sys
0x8071D000 \SystemRoot\system32\DRIVERS\sshrmd.sys
0x80726000 \SystemRoot\system32\DRIVERS\ssfs0bbc.sys
0x80731000 \SystemRoot\system32\DRIVERS\ssidrv.sys
0x8075F000 \SystemRoot\system32\DRIVERS\msrpc.sys
0x8078A000 \SystemRoot\system32\DRIVERS\NETIO.SYS
0x82E0E000 \SystemRoot\system32\DRIVERS\NDIS.SYS
0x82F19000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x82F24000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F27000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F31000 \SystemRoot\system32\drivers\volmgr.sys
0x82F40000 \SystemRoot\System32\drivers\volmgrx.sys
0x82F8A000 \SystemRoot\system32\drivers\intelide.sys
0x82F91000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82F9F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8340D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x834D5000 \SystemRoot\system32\drivers\atapi.sys
0x834DD000 \SystemRoot\system32\drivers\ataport.SYS
0x834FB000 \SystemRoot\system32\drivers\msahci.sys
0x83505000 \SystemRoot\system32\drivers\fltmgr.sys
0x83537000 \SystemRoot\system32\drivers\fileinfo.sys
0x83547000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83606000 \SystemRoot\System32\drivers\tcpip.sys
0x836F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AE02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF12000 \SystemRoot\system32\drivers\volsnap.sys
0x8AF4B000 \SystemRoot\System32\Drivers\spldr.sys
0x8AF53000 \SystemRoot\System32\Drivers\mup.sys
0x8AF62000 \SystemRoot\System32\drivers\ecache.sys
0x8AF89000 \SystemRoot\system32\drivers\disk.sys
0x8AF9A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AFBB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AFD1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AFDC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AFE5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AFE9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x837D3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E806000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EE3D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EEDD000 \SystemRoot\System32\drivers\watchdog.sys
0x8EEE9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EEF4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EF32000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EF41000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F206000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8F42E000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F44A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F45A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F468000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8F482000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8F491000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8F4A5000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8F4F6000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8F4F8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F508000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F50F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F522000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F527000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F532000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F562000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F564000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F56F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F587000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F58D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F5BC000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EFCE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EFE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x835B8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EFF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x837E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x835DB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x835F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F5FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x82FAF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AFF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x83400000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x837F6000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
0x82FD9000 \SystemRoot\system32\DRIVERS\sffdisk.sys
0x82FE2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x82FEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F603000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x805C0000 \SystemRoot\system32\drivers\portcls.sys
0x8F80D000 \SystemRoot\system32\drivers\drmk.sys
0x8F832000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8F923000 \SystemRoot\system32\drivers\modem.sys
0x8F930000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F947000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F968000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x9000B000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110929.032\NAVEX15.SYS
0x9018B000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x901B0000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110929.032\NAVENG.SYS
0x901C4000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x901CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x901D7000 \SystemRoot\System32\Drivers\Null.SYS
0x901DE000 \SystemRoot\System32\Drivers\Beep.SYS
0x901E5000 \SystemRoot\System32\drivers\vga.sys
0x8F9B2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x901F1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90000000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F9D3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F9DE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F9EC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F7E3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93809000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x93837000 \SystemRoot\system32\DRIVERS\smb.sys
0x9384B000 \SystemRoot\system32\drivers\afd.sys
0x93893000 \SystemRoot\System32\DRIVERS\netbt.sys
0x938C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x938DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x938E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x938FC000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x93966000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x939A2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x939AC000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
0x9720C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9726A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x97288000 \SystemRoot\System32\Drivers\dfsc.sys
0x9729F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x972C7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x972D4000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9FA50000 \SystemRoot\System32\win32k.sys
0x9739C000 \SystemRoot\System32\drivers\Dxapi.sys
0x973A6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9FC70000 \SystemRoot\System32\TSDDD.dll
0x9FC90000 \SystemRoot\System32\cdd.dll
0x973B5000 \SystemRoot\system32\drivers\luafv.sys
0x8370B000 \SystemRoot\system32\drivers\spsys.sys
0x973D0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xB6E09000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xB6E33000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB6E3D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB6E50000 \SystemRoot\system32\drivers\HTTP.sys
0xB6EBD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB6EDA000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB6EF3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB6F08000 \SystemRoot\system32\drivers\mrxdav.sys
0xB6F29000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB6F48000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB6F81000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB6F99000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB9A0E000 \SystemRoot\System32\DRIVERS\srv.sys
0xB9A75000 \SystemRoot\system32\drivers\peauth.sys
0xB9B53000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB9B5D000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB9B69000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xB9B7E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xB9B92000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB9B98000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB9BAE000 \??\C:\Windows\system32\drivers\mbam.sys
0x774B0000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
628 csrss.exe
672 C:\Windows\System32\wininit.exe
680 csrss.exe
716 C:\Windows\System32\services.exe
732 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\winlogon.exe
912 C:\Windows\System32\svchost.exe
960 C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
992 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\SLsvc.exe
1280 C:\Windows\System32\svchost.exe
1412 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1452 C:\Windows\System32\svchost.exe
1640 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1904 C:\Windows\System32\spoolsv.exe
1932 C:\Windows\System32\svchost.exe
904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1036 C:\Program Files\Bonjour\mDNSResponder.exe
1376 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
988 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
12 C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2056 C:\Windows\System32\svchost.exe
2080 C:\Windows\System32\svchost.exe
2092 C:\Windows\System32\svchost.exe
2108 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2392 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2424 C:\Windows\System32\svchost.exe
2460 C:\Windows\System32\svchost.exe
2500 C:\Windows\System32\SearchIndexer.exe
2584 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2756 WUDFHost.exe
2828 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
3344 C:\Windows\System32\dwm.exe
3368 C:\Windows\explorer.exe
3380 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
3460 C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
3480 C:\Windows\System32\taskeng.exe
3528 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3572 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3596 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3612 C:\Windows\RtHDVCpl.exe
3644 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3684 C:\Program Files\iTunes\iTunesHelper.exe
3700 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
3708 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3736 C:\Program Files\Ask.com\Updater\Updater.exe
3752 C:\Program Files\Windows Sidebar\sidebar.exe
3780 C:\Windows\System32\mobsync.exe
4036 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEMA.EXE
4044 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEMA.EXE
1080 C:\Windows\System32\wbem\unsecapp.exe
3012 WmiPrvSE.exe
2724 C:\Windows\System32\taskeng.exe
4000 C:\Program Files\iPod\bin\iPodService.exe
764 C:\Windows\System32\svchost.exe
2124 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4132 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4360 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
4448 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4500 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4320 C:\Windows\System32\wuauclt.exe
2844 C:\Windows\System32\taskeng.exe
5804 C:\Program Files\Internet Explorer\iexplore.exe
3036 C:\Program Files\Internet Explorer\iexplore.exe
3252 C:\Program Files\Winamp Toolbar\winampTbServer.exe
1572 C:\Program Files\Internet Explorer\iexplore.exe
4212 C:\Windows\System32\SearchProtocolHost.exe
5600 C:\Windows\System32\SearchFilterHost.exe
6032 dllhost.exe
3204 dllhost.exe
5432 C:\Users\_admin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`4c661600 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#8
Nedklaw
Posted 19 January 2012 - 01:47 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Run TDSSKiller using the same instructions as before and when you get to the following screen, the TDSS File System needs to be changed from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 2

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.
    • Double-click on the file USBVaccine.zip located on your desktop.
    • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
    • Follow the steps on screen to install the program on your computer.
  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

Step 3

Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):

  • Viewpoint (Media Player, Manager, etc)

Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.


Step 4

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q="
[2011/11/08 04:24:33 | 000,000,000 | ---D | M] ("Webroot Toolbar") -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]
[2011/11/08 04:24:31 | 000,002,426 | ---- | M] () -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\searchplugins\askcom.xml
[2009/02/09 14:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [w0ucS2ibDp8234A] C:\Windows\System32\YRL9gTXqjCkVz.exe ()
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O33 - MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\Shell\AutoRun\command - "" = F:\BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\Shell\explore\command - "" = F:\BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\Shell\open\command - "" = F:\.////BOOTEX/thumbcache_131.exe
[2012/01/16 08:38:44 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\lgTXqjYCeIrOtAu
[2012/01/16 08:38:42 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\rhTXwjUCeIrPyAu
[2012/01/16 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\LdEK8gRZ9YwUeIt
[2012/01/16 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\hPNycA1uv2b4m5Q
[2012/01/16 06:56:21 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Local\AskToolbar
[2012/01/16 06:47:29 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\WsQJ7dEK8R9YwUe
[2012/01/16 06:47:28 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\h7dEL8gRZhXk
[2011/11/05 14:55:13 | 000,821,760 | ---- | C] (JetBrains s.r.o) -- C:\ProgramData\privacy.exe
[2012/01/16 06:50:56 | 000,001,807 | ---- | M] () -- C:\Users\_admin\AppData\Roaming\ldr.ini
[2012/01/02 19:34:27 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2012/01/02 19:33:01 | 000,000,312 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/04 17:57:04 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/04 17:56:46 | 000,305,120 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 5

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Step 6

You have both Webroot and Symantec (Norton) on your computer - which one do you use?


Things I want to see in your next reply

  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • OTL Fix Log
  • OTL.txt
  • ComboFix.txt
  • Answer to my question
  • 0

#9
beabruin
Posted 19 January 2012 - 09:26 PM

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
*****************************************************
*****************************************************
TDSSKiller Log
*****************************************************
19:56:53.0916 4360 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
19:57:04.0868 4360 ============================================================
19:57:04.0868 4360 Current date / time: 2012/01/19 19:57:04.0868
19:57:04.0868 4360 SystemInfo:
19:57:04.0868 4360
19:57:04.0868 4360 OS Version: 6.0.6002 ServicePack: 2.0
19:57:04.0868 4360 Product type: Workstation
19:57:04.0868 4360 ComputerName: CARUDA
19:57:04.0868 4360 UserName: _admin
19:57:04.0868 4360 Windows directory: C:\Windows
19:57:04.0868 4360 System windows directory: C:\Windows
19:57:04.0868 4360 Processor architecture: Intel x86
19:57:04.0868 4360 Number of processors: 2
19:57:04.0868 4360 Page size: 0x1000
19:57:04.0868 4360 Boot type: Normal boot
19:57:04.0868 4360 ============================================================
19:57:05.0367 4360 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:57:05.0414 4360 Initialize success
19:57:16.0256 5832 ============================================================
19:57:16.0256 5832 Scan started
19:57:16.0256 5832 Mode: Manual; SigCheck; TDLFS;
19:57:16.0256 5832 ============================================================
19:57:16.0739 5832 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:57:16.0848 5832 ACPI - ok
19:57:16.0926 5832 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:57:16.0958 5832 adp94xx - ok
19:57:17.0020 5832 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:57:17.0036 5832 adpahci - ok
19:57:17.0098 5832 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:57:17.0114 5832 adpu160m - ok
19:57:17.0192 5832 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:57:17.0207 5832 adpu320 - ok
19:57:17.0316 5832 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:57:17.0348 5832 AFD - ok
19:57:17.0410 5832 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:57:17.0426 5832 agp440 - ok
19:57:17.0535 5832 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:57:17.0566 5832 aic78xx - ok
19:57:17.0628 5832 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:57:17.0644 5832 aliide - ok
19:57:17.0691 5832 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:57:17.0706 5832 amdagp - ok
19:57:17.0753 5832 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:57:17.0769 5832 amdide - ok
19:57:17.0831 5832 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:57:17.0862 5832 AmdK7 - ok
19:57:17.0925 5832 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
19:57:17.0956 5832 AmdK8 - ok
19:57:18.0065 5832 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:57:18.0081 5832 arc - ok
19:57:18.0159 5832 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:57:18.0174 5832 arcsas - ok
19:57:18.0237 5832 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:18.0284 5832 AsyncMac - ok
19:57:18.0346 5832 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:57:18.0377 5832 atapi - ok
19:57:18.0502 5832 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:57:18.0564 5832 BCM43XV - ok
19:57:18.0611 5832 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:57:18.0642 5832 Beep - ok
19:57:18.0689 5832 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:57:18.0736 5832 blbdrive - ok
19:57:18.0830 5832 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:57:18.0845 5832 bowser - ok
19:57:18.0908 5832 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:57:18.0939 5832 BrFiltLo - ok
19:57:19.0001 5832 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:57:19.0017 5832 BrFiltUp - ok
19:57:19.0079 5832 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:57:19.0142 5832 Brserid - ok
19:57:19.0173 5832 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:57:19.0220 5832 BrSerWdm - ok
19:57:19.0282 5832 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:57:19.0344 5832 BrUsbMdm - ok
19:57:19.0407 5832 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:57:19.0454 5832 BrUsbSer - ok
19:57:19.0547 5832 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
19:57:19.0578 5832 BTCFilterService - ok
19:57:19.0625 5832 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:57:19.0688 5832 BTHMODEM - ok
19:57:19.0781 5832 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
19:57:19.0797 5832 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
19:57:19.0797 5832 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
19:57:19.0875 5832 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:57:19.0906 5832 cdfs - ok
19:57:19.0984 5832 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:57:20.0015 5832 cdrom - ok
19:57:20.0046 5832 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:57:20.0093 5832 circlass - ok
19:57:20.0171 5832 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:57:20.0202 5832 CLFS - ok
19:57:20.0280 5832 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:20.0312 5832 CmBatt - ok
19:57:20.0358 5832 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:57:20.0374 5832 cmdide - ok
19:57:20.0452 5832 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:57:20.0468 5832 Compbatt - ok
19:57:20.0546 5832 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:57:20.0561 5832 crcdisk - ok
19:57:20.0608 5832 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:57:20.0639 5832 Crusoe - ok
19:57:20.0733 5832 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:57:20.0748 5832 DfsC - ok
19:57:20.0873 5832 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:57:20.0889 5832 disk - ok
19:57:20.0951 5832 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:57:20.0982 5832 drmkaud - ok
19:57:21.0076 5832 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:57:21.0107 5832 DXGKrnl - ok
19:57:21.0170 5832 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:57:21.0201 5832 E1G60 - ok
19:57:21.0326 5832 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:57:21.0357 5832 Ecache - ok
19:57:21.0419 5832 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:57:21.0482 5832 eeCtrl - ok
19:57:21.0575 5832 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:57:21.0606 5832 elxstor - ok
19:57:21.0684 5832 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:57:21.0700 5832 EraserUtilRebootDrv - ok
19:57:21.0762 5832 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:57:21.0794 5832 ErrDev - ok
19:57:21.0887 5832 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:57:21.0918 5832 exfat - ok
19:57:21.0996 5832 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:57:22.0028 5832 fastfat - ok
19:57:22.0090 5832 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:57:22.0121 5832 fdc - ok
19:57:22.0199 5832 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:57:22.0215 5832 FileInfo - ok
19:57:22.0262 5832 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:57:22.0293 5832 Filetrace - ok
19:57:22.0324 5832 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:22.0371 5832 flpydisk - ok
19:57:22.0433 5832 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:57:22.0464 5832 FltMgr - ok
19:57:22.0527 5832 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:57:22.0558 5832 Fs_Rec - ok
19:57:22.0605 5832 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:57:22.0636 5832 gagp30kx - ok
19:57:22.0730 5832 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:57:22.0745 5832 GEARAspiWDM - ok
19:57:22.0792 5832 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:57:22.0854 5832 HdAudAddService - ok
19:57:22.0948 5832 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:57:22.0995 5832 HDAudBus - ok
19:57:23.0057 5832 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:57:23.0120 5832 HidBth - ok
19:57:23.0166 5832 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:57:23.0229 5832 HidIr - ok
19:57:23.0291 5832 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:57:23.0322 5832 HidUsb - ok
19:57:23.0385 5832 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:57:23.0400 5832 HpCISSs - ok
19:57:23.0478 5832 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:57:23.0494 5832 HpqKbFiltr - ok
19:57:23.0541 5832 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
19:57:23.0556 5832 HpqRemHid - ok
19:57:23.0650 5832 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:57:23.0681 5832 HSFHWAZL - ok
19:57:23.0759 5832 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:57:23.0837 5832 HSF_DPV - ok
19:57:23.0947 5832 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:57:23.0979 5832 HTTP - ok
19:57:24.0025 5832 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:57:24.0041 5832 i2omp - ok
19:57:24.0088 5832 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:57:24.0119 5832 i8042prt - ok
19:57:24.0197 5832 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
19:57:24.0213 5832 iaStor - ok
19:57:24.0306 5832 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:57:24.0337 5832 iaStorV - ok
19:57:24.0447 5832 IDSvix86 (74f2b7d99b8613eac36edf22a2ab3b08) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
19:57:24.0478 5832 IDSvix86 - ok
19:57:24.0571 5832 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:57:24.0712 5832 igfx - ok
19:57:24.0790 5832 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:57:24.0805 5832 iirsp - ok
19:57:24.0930 5832 IntcAzAudAddService (2967e9c168cb5e0108a8a243ae179bad) C:\Windows\system32\drivers\RTKVHDA.sys
19:57:25.0055 5832 IntcAzAudAddService - ok
19:57:25.0102 5832 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:57:25.0117 5832 intelide - ok
19:57:25.0180 5832 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:57:25.0211 5832 intelppm - ok
19:57:25.0258 5832 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:25.0289 5832 IpFilterDriver - ok
19:57:25.0336 5832 IpInIp - ok
19:57:25.0367 5832 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:57:25.0414 5832 IPMIDRV - ok
19:57:25.0461 5832 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:57:25.0507 5832 IPNAT - ok
19:57:25.0601 5832 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:57:25.0648 5832 IRENUM - ok
19:57:25.0695 5832 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:57:25.0726 5832 isapnp - ok
19:57:25.0804 5832 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:57:25.0819 5832 iScsiPrt - ok
19:57:25.0866 5832 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:57:25.0897 5832 iteatapi - ok
19:57:25.0944 5832 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:57:25.0975 5832 iteraid - ok
19:57:26.0022 5832 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:57:26.0038 5832 kbdclass - ok
19:57:26.0116 5832 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:57:26.0147 5832 kbdhid - ok
19:57:26.0225 5832 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:57:26.0256 5832 KSecDD - ok
19:57:26.0350 5832 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:57:26.0381 5832 lltdio - ok
19:57:26.0443 5832 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:57:26.0459 5832 LSI_FC - ok
19:57:26.0506 5832 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:57:26.0537 5832 LSI_SAS - ok
19:57:26.0599 5832 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:57:26.0631 5832 LSI_SCSI - ok
19:57:26.0662 5832 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:57:26.0693 5832 luafv - ok
19:57:26.0818 5832 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:57:26.0833 5832 MBAMProtector - ok
19:57:26.0880 5832 MCSTRM - ok
19:57:26.0943 5832 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:57:26.0974 5832 megasas - ok
19:57:27.0052 5832 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:57:27.0083 5832 MegaSR - ok
19:57:27.0145 5832 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:57:27.0177 5832 Modem - ok
19:57:27.0223 5832 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:57:27.0255 5832 monitor - ok
19:57:27.0317 5832 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\Windows\system32\DRIVERS\motccgp.sys
19:57:27.0348 5832 motccgp - ok
19:57:27.0379 5832 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
19:57:27.0411 5832 motccgpfl - ok
19:57:27.0504 5832 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\Windows\system32\DRIVERS\motmodem.sys
19:57:27.0520 5832 motmodem - ok
19:57:27.0598 5832 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
19:57:27.0613 5832 MotoSwitchService - ok
19:57:27.0676 5832 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
19:57:27.0707 5832 Motousbnet - ok
19:57:27.0769 5832 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys
19:57:27.0801 5832 motusbdevice - ok
19:57:27.0879 5832 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:57:27.0894 5832 mouclass - ok
19:57:27.0941 5832 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:57:27.0972 5832 mouhid - ok
19:57:28.0019 5832 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:57:28.0035 5832 MountMgr - ok
19:57:28.0081 5832 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:57:28.0097 5832 mpio - ok
19:57:28.0175 5832 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:57:28.0206 5832 mpsdrv - ok
19:57:28.0253 5832 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:57:28.0269 5832 Mraid35x - ok
19:57:28.0331 5832 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:57:28.0362 5832 MRxDAV - ok
19:57:28.0440 5832 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:28.0456 5832 mrxsmb - ok
19:57:28.0549 5832 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:28.0581 5832 mrxsmb10 - ok
19:57:28.0627 5832 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:28.0643 5832 mrxsmb20 - ok
19:57:28.0705 5832 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:57:28.0721 5832 msahci - ok
19:57:28.0768 5832 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:57:28.0799 5832 msdsm - ok
19:57:28.0846 5832 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:57:28.0877 5832 Msfs - ok
19:57:28.0924 5832 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:57:28.0939 5832 msisadrv - ok
19:57:29.0002 5832 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:57:29.0033 5832 MSKSSRV - ok
19:57:29.0095 5832 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:57:29.0127 5832 MSPCLOCK - ok
19:57:29.0158 5832 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:57:29.0189 5832 MSPQM - ok
19:57:29.0283 5832 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:57:29.0298 5832 MsRPC - ok
19:57:29.0345 5832 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:57:29.0361 5832 mssmbios - ok
19:57:29.0392 5832 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:57:29.0439 5832 MSTEE - ok
19:57:29.0485 5832 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:57:29.0501 5832 Mup - ok
19:57:29.0610 5832 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:57:29.0626 5832 NativeWifiP - ok
19:57:29.0751 5832 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110929.032\NAVENG.SYS
19:57:29.0766 5832 NAVENG - ok
19:57:29.0829 5832 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110929.032\NAVEX15.SYS
19:57:29.0907 5832 NAVEX15 - ok
19:57:30.0031 5832 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:57:30.0063 5832 NDIS - ok
19:57:30.0109 5832 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:57:30.0141 5832 NdisTapi - ok
19:57:30.0172 5832 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:57:30.0203 5832 Ndisuio - ok
19:57:30.0281 5832 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:57:30.0312 5832 NdisWan - ok
19:57:30.0359 5832 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:57:30.0390 5832 NDProxy - ok
19:57:30.0468 5832 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:57:30.0499 5832 NetBIOS - ok
19:57:30.0593 5832 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:57:30.0624 5832 netbt - ok
19:57:30.0765 5832 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
19:57:30.0858 5832 NETw4v32 - ok
19:57:30.0936 5832 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:57:30.0952 5832 nfrd960 - ok
19:57:31.0045 5832 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:57:31.0077 5832 Npfs - ok
19:57:31.0123 5832 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:57:31.0155 5832 nsiproxy - ok
19:57:31.0248 5832 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:57:31.0311 5832 Ntfs - ok
19:57:31.0389 5832 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:57:31.0435 5832 ntrigdigi - ok
19:57:31.0482 5832 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:57:31.0513 5832 Null - ok
19:57:31.0576 5832 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
19:57:31.0638 5832 NVENETFD - ok
19:57:31.0685 5832 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:57:31.0701 5832 nvraid - ok
19:57:31.0779 5832 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:57:31.0794 5832 nvstor - ok
19:57:31.0841 5832 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:57:31.0857 5832 nv_agp - ok
19:57:31.0888 5832 NwlnkFlt - ok
19:57:31.0903 5832 NwlnkFwd - ok
19:57:31.0981 5832 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:57:32.0013 5832 ohci1394 - ok
19:57:32.0075 5832 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:57:32.0122 5832 Parport - ok
19:57:32.0200 5832 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:57:32.0231 5832 partmgr - ok
19:57:32.0278 5832 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:57:32.0325 5832 Parvdm - ok
19:57:32.0403 5832 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:57:32.0434 5832 pci - ok
19:57:32.0481 5832 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:57:32.0496 5832 pciide - ok
19:57:32.0527 5832 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:57:32.0559 5832 pcmcia - ok
19:57:32.0637 5832 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:57:32.0715 5832 PEAUTH - ok
19:57:32.0808 5832 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:57:32.0839 5832 PptpMiniport - ok
19:57:32.0902 5832 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:57:32.0933 5832 Processor - ok
19:57:33.0027 5832 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:57:33.0058 5832 PSched - ok
19:57:33.0167 5832 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:57:33.0214 5832 ql2300 - ok
19:57:33.0292 5832 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:57:33.0323 5832 ql40xx - ok
19:57:33.0385 5832 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:57:33.0401 5832 QWAVEdrv - ok
19:57:33.0432 5832 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:57:33.0463 5832 RasAcd - ok
19:57:33.0510 5832 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:57:33.0541 5832 Rasl2tp - ok
19:57:33.0635 5832 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:57:33.0666 5832 RasPppoe - ok
19:57:33.0729 5832 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:57:33.0744 5832 RasSstp - ok
19:57:33.0822 5832 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:57:33.0853 5832 rdbss - ok
19:57:33.0900 5832 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:57:33.0947 5832 RDPCDD - ok
19:57:33.0994 5832 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:57:34.0025 5832 rdpdr - ok
19:57:34.0072 5832 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:57:34.0103 5832 RDPENCDD - ok
19:57:34.0181 5832 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:57:34.0212 5832 RDPWD - ok
19:57:34.0290 5832 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:57:34.0306 5832 rimmptsk - ok
19:57:34.0353 5832 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:57:34.0368 5832 rimsptsk - ok
19:57:34.0399 5832 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:57:34.0431 5832 rismxdp - ok
19:57:34.0477 5832 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:57:34.0524 5832 rspndr - ok
19:57:34.0587 5832 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:57:34.0618 5832 RTL8169 - ok
19:57:34.0649 5832 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:57:34.0665 5832 sbp2port - ok
19:57:34.0758 5832 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:57:34.0789 5832 sdbus - ok
19:57:34.0852 5832 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:57:34.0899 5832 secdrv - ok
19:57:34.0977 5832 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:57:35.0023 5832 Serenum - ok
19:57:35.0086 5832 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:57:35.0133 5832 Serial - ok
19:57:35.0195 5832 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:57:35.0226 5832 sermouse - ok
19:57:35.0273 5832 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
19:57:35.0304 5832 sffdisk - ok
19:57:35.0351 5832 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:57:35.0398 5832 sffp_mmc - ok
19:57:35.0476 5832 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:57:35.0507 5832 sffp_sd - ok
19:57:35.0538 5832 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:57:35.0585 5832 sfloppy - ok
19:57:35.0632 5832 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:57:35.0647 5832 sisagp - ok
19:57:35.0694 5832 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:57:35.0710 5832 SiSRaid2 - ok
19:57:35.0757 5832 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:57:35.0788 5832 SiSRaid4 - ok
19:57:35.0881 5832 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:57:35.0913 5832 Smb - ok
19:57:35.0991 5832 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
19:57:36.0069 5832 smserial - ok
19:57:36.0209 5832 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
19:57:36.0225 5832 SPBBCDrv - ok
19:57:36.0287 5832 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:57:36.0303 5832 spldr - ok
19:57:36.0365 5832 SRTSP (522651a0e7dc6415e083317370b609cc) C:\Windows\system32\Drivers\SRTSP.SYS
19:57:36.0381 5832 SRTSP - ok
19:57:36.0443 5832 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\Windows\system32\Drivers\SRTSPL.SYS
19:57:36.0459 5832 SRTSPL - ok
19:57:36.0490 5832 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\Windows\system32\Drivers\SRTSPX.SYS
19:57:36.0521 5832 SRTSPX - ok
19:57:36.0599 5832 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:57:36.0630 5832 srv - ok
19:57:36.0755 5832 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:57:36.0786 5832 srv2 - ok
19:57:36.0833 5832 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:57:36.0864 5832 srvnet - ok
19:57:36.0942 5832 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
19:57:36.0958 5832 ssfs0bbc - ok
19:57:36.0989 5832 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\Windows\system32\DRIVERS\sshrmd.sys
19:57:37.0005 5832 sshrmd - ok
19:57:37.0051 5832 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\DRIVERS\ssidrv.sys
19:57:37.0067 5832 ssidrv - ok
19:57:37.0114 5832 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:57:37.0129 5832 swenum - ok
19:57:37.0192 5832 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:57:37.0207 5832 Symc8xx - ok
19:57:37.0285 5832 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
19:57:37.0301 5832 SymEvent - ok
19:57:37.0348 5832 SymIMMP - ok
19:57:37.0410 5832 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\Windows\System32\Drivers\SYMREDRV.SYS
19:57:37.0441 5832 SYMREDRV - ok
19:57:37.0488 5832 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\Windows\System32\Drivers\SYMTDI.SYS
19:57:37.0504 5832 SYMTDI - ok
19:57:37.0566 5832 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:57:37.0597 5832 Sym_hi - ok
19:57:37.0644 5832 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:57:37.0660 5832 Sym_u3 - ok
19:57:37.0722 5832 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
19:57:37.0738 5832 SynTP - ok
19:57:37.0847 5832 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
19:57:37.0909 5832 Tcpip - ok
19:57:38.0034 5832 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
19:57:38.0081 5832 Tcpip6 - ok
19:57:38.0175 5832 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:57:38.0206 5832 tcpipreg - ok
19:57:38.0253 5832 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:57:38.0284 5832 TDPIPE - ok
19:57:38.0331 5832 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:57:38.0362 5832 TDTCP - ok
19:57:38.0455 5832 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:57:38.0487 5832 tdx - ok
19:57:38.0565 5832 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:57:38.0580 5832 TermDD - ok
19:57:38.0643 5832 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:57:38.0674 5832 tssecsrv - ok
19:57:38.0736 5832 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:57:38.0767 5832 tunmp - ok
19:57:38.0830 5832 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:57:38.0861 5832 tunnel - ok
19:57:38.0908 5832 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:57:38.0923 5832 uagp35 - ok
19:57:39.0001 5832 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:57:39.0033 5832 udfs - ok
19:57:39.0095 5832 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:57:39.0111 5832 uliagpkx - ok
19:57:39.0173 5832 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:57:39.0204 5832 uliahci - ok
19:57:39.0267 5832 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:57:39.0282 5832 UlSata - ok
19:57:39.0345 5832 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:57:39.0376 5832 ulsata2 - ok
19:57:39.0407 5832 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:57:39.0438 5832 umbus - ok
19:57:39.0532 5832 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
19:57:39.0547 5832 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
19:57:39.0547 5832 USBAAPL - detected UnsignedFile.Multi.Generic (1)
19:57:39.0594 5832 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:57:39.0625 5832 usbccgp - ok
19:57:39.0688 5832 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:57:39.0750 5832 usbcir - ok
19:57:39.0828 5832 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:57:39.0859 5832 usbehci - ok
19:57:39.0891 5832 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:57:39.0922 5832 usbhub - ok
19:57:39.0969 5832 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
19:57:40.0015 5832 usbohci - ok
19:57:40.0078 5832 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:57:40.0126 5832 usbprint - ok
19:57:40.0172 5832 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:57:40.0204 5832 USBSTOR - ok
19:57:40.0266 5832 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:57:40.0297 5832 usbuhci - ok
19:57:40.0360 5832 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:57:40.0391 5832 usbvideo - ok
19:57:40.0453 5832 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:57:40.0484 5832 vga - ok
19:57:40.0516 5832 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:57:40.0547 5832 VgaSave - ok
19:57:40.0609 5832 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:57:40.0625 5832 viaagp - ok
19:57:40.0687 5832 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:57:40.0718 5832 ViaC7 - ok
19:57:40.0781 5832 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:57:40.0796 5832 viaide - ok
19:57:40.0843 5832 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:57:40.0874 5832 volmgr - ok
19:57:40.0968 5832 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:57:40.0999 5832 volmgrx - ok
19:57:41.0077 5832 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:57:41.0093 5832 volsnap - ok
19:57:41.0156 5832 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:57:41.0172 5832 vsmraid - ok
19:57:41.0234 5832 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:57:41.0297 5832 WacomPen - ok
19:57:41.0343 5832 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:57:41.0375 5832 Wanarp - ok
19:57:41.0390 5832 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:57:41.0421 5832 Wanarpv6 - ok
19:57:41.0468 5832 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:57:41.0484 5832 Wd - ok
19:57:41.0531 5832 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:57:41.0577 5832 Wdf01000 - ok
19:57:41.0687 5832 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:57:41.0749 5832 winachsf - ok
19:57:41.0811 5832 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:57:41.0843 5832 WmiAcpi - ok
19:57:41.0921 5832 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:57:41.0936 5832 WpdUsb - ok
19:57:41.0983 5832 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:57:42.0030 5832 ws2ifsl - ok
19:57:42.0123 5832 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:42.0171 5832 WUDFRd - ok
19:57:42.0202 5832 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
19:57:42.0312 5832 \Device\Harddisk0\DR0 - ok
19:57:42.0327 5832 Boot (0x1200) (0298555a6eea010cd3c199e30391c393) \Device\Harddisk0\DR0\Partition0
19:57:42.0327 5832 \Device\Harddisk0\DR0\Partition0 - ok
19:57:42.0327 5832 Boot (0x1200) (486b6d319a106d46b6871fbb06ea3800) \Device\Harddisk0\DR0\Partition1
19:57:42.0327 5832 \Device\Harddisk0\DR0\Partition1 - ok
19:57:42.0327 5832 ============================================================
19:57:42.0327 5832 Scan finished
19:57:42.0327 5832 ============================================================
19:57:42.0343 5804 Detected object count: 2
19:57:42.0343 5804 Actual detected object count: 2
19:57:48.0677 5804 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:48.0677 5804 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:48.0677 5804 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:48.0677 5804 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:51.0361 4120 Deinitialize success

*****************************************************
*****************************************************
Below is OTL custom scan/run fix log
*****************************************************
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: [email protected]:3.6.6.117 removed from extensions.enabledItems
Prefs.js: "http://supertoolbar....ocale=en_US&q=" removed from keyword.URL
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\searchplugins folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\logs folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\datastore folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\chrome\temp\skin.Sat-24-Apr-2010-13-54-12-GMT folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\chrome\temp\ff-config.Tue-08-Nov-2011-09-24-30-GMT folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\chrome\temp folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\[email protected] folder moved successfully.
C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\searchplugins\askcom.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\w0ucS2ibDp8234A not found.
File C:\Windows\System32\YRL9gTXqjCkVz.exe not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\ not found.
File F:\BOOTEX\thumbcache_131.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\ not found.
File F:\BOOTEX/thumbcache_131.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c672ad40-7dba-11dd-a4ed-001e68b4a676}\ not found.
File F:\.////BOOTEX/thumbcache_131.exe not found.
C:\Users\_admin\AppData\Roaming\lgTXqjYCeIrOtAu folder moved successfully.
C:\Users\_admin\AppData\Roaming\rhTXwjUCeIrPyAu folder moved successfully.
C:\Users\_admin\AppData\Roaming\LdEK8gRZ9YwUeIt folder moved successfully.
C:\Users\_admin\AppData\Roaming\hPNycA1uv2b4m5Q folder moved successfully.
C:\Users\_admin\AppData\Local\AskToolbar\Downloaded Program Files\temp folder moved successfully.
C:\Users\_admin\AppData\Local\AskToolbar\Downloaded Program Files folder moved successfully.
C:\Users\_admin\AppData\Local\AskToolbar folder moved successfully.
C:\Users\_admin\AppData\Roaming\WsQJ7dEK8R9YwUe folder moved successfully.
C:\Users\_admin\AppData\Roaming\h7dEL8gRZhXk folder moved successfully.
File C:\ProgramData\privacy.exe not found.
File C:\Users\_admin\AppData\Roaming\ldr.ini not found.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
File C:\ProgramData\6DSS92c31Apgjk.exe not found.
C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\_admin\Desktop\cmd.bat deleted successfully.
C:\Users\_admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: owner
->Temp folder emptied: 268928657 bytes
->Temporary Internet Files folder emptied: 10256034 bytes
->Java cache emptied: 1156012 bytes
->FireFox cache emptied: 60534554 bytes
->Apple Safari cache emptied: 127254528 bytes
->Flash cache emptied: 169867 bytes

User: Public

User: _admin
->Temp folder emptied: 58549602 bytes
->Temporary Internet Files folder emptied: 85140182 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6748028 bytes
->Apple Safari cache emptied: 1459200 bytes
->Flash cache emptied: 1562 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1147019749 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,685.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01192012_201015

Files\Folders moved on Reboot...
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LBTWAZV4\1066301710[1].htm moved successfully.
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LBTWAZV4\fastbutton[3].htm moved successfully.
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5056IGBS\confirm[1].htm moved successfully.
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Windows\temp\895B.tmp moved successfully.

Registry entries deleted on Reboot...

*****************************************************
*****************************************************
Rerun OTL with "Scan All Users" option
*****************************************************
OTL logfile created on: 1/19/2012 8:23:13 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\_admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.58% Memory free
6.18 Gb Paging File | 5.07 Gb Available in Paging File | 81.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 107.43 Gb Free Space | 48.57% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 2.02 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: CARUDA | User Name: _admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\_admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ()
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110929.032\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110929.032\NAVENG.SYS (Symantec Corporation)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090811.002\IDSvix86.sys (Symantec Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems:

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/31 19:45:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 19:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 19:22:11 | 000,000,000 | ---D | M]

[2009/12/23 10:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_admin\AppData\Roaming\Mozilla\Extensions
[2012/01/19 20:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions
[2009/12/23 11:02:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 06:52:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/05/06 20:22:31 | 000,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/19 20:10:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Users\owner\Desktop\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001..\Run: [\\mac001ff3d8ffdd\EPSON Artisan 800] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001..\Run: [EPSON Artisan 800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter File not found
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome Center.lnk = C:\Windows\System32\control.exe (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C187B1F-FC4B-45FF-8753-2264EA38E7AD}: DhcpNameServer = 216.183.102.115 66.179.168.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE41FC19-29CB-4C60-8950-CADE512413A1}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 08:18:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 20:10:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/19 20:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/01/19 20:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2012/01/19 20:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/17 09:19:35 | 001,976,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\_admin\Desktop\tdsskiller.exe
[2012/01/17 09:06:17 | 000,000,000 | ---D | C] -- C:\e6767b004533ac8a30eb3661c92de8
[2012/01/16 13:45:49 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\_admin\Desktop\aswMBR.exe
[2012/01/16 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\Malwarebytes
[2012/01/16 12:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 12:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 12:51:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/16 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/16 11:08:30 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\XjYCekIVrOtAu
[2012/01/16 11:08:30 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\n3pnG5aQHdKfLgX
[2012/01/16 06:56:14 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Local\Winamp Toolbar

========== Files - Modified Within 30 Days ==========

[2012/01/19 20:22:17 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/19 20:22:17 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/19 20:16:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 20:16:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 20:16:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 20:16:33 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 20:10:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/19 20:01:09 | 000,823,346 | ---- | M] () -- C:\Users\_admin\Desktop\USBVaccine.zip
[2012/01/18 08:05:34 | 000,000,512 | ---- | M] () -- C:\Users\_admin\Desktop\MBR.dat
[2012/01/18 07:53:11 | 000,080,384 | ---- | M] () -- C:\Users\_admin\Desktop\MBRCheck.exe
[2012/01/17 09:58:32 | 000,000,903 | ---- | M] () -- C:\Users\_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/17 09:48:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/01/17 09:48:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/01/17 09:48:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/17 09:25:41 | 000,280,112 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys
[2012/01/17 09:01:42 | 001,922,249 | ---- | M] () -- C:\Users\_admin\Desktop\Windows6.0-KB968389-x86.msu
[2012/01/17 08:47:26 | 001,976,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\_admin\Desktop\tdsskiller.exe
[2012/01/16 13:44:34 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\_admin\Desktop\aswMBR.exe
[2012/01/16 12:51:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 08:49:39 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/16 08:49:39 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/16 08:46:09 | 000,002,678 | ---- | M] () -- C:\Users\_admin\Desktop\Windows Compatibility Report.htm
[2012/01/16 08:32:20 | 314,467,661 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/02 19:22:19 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/01/19 20:01:05 | 000,823,346 | ---- | C] () -- C:\Users\_admin\Desktop\USBVaccine.zip
[2012/01/18 07:53:11 | 000,080,384 | ---- | C] () -- C:\Users\_admin\Desktop\MBRCheck.exe
[2012/01/17 09:58:32 | 000,000,903 | ---- | C] () -- C:\Users\_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/17 09:48:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/17 09:28:40 | 001,922,249 | ---- | C] () -- C:\Users\_admin\Desktop\Windows6.0-KB968389-x86.msu
[2012/01/16 14:10:13 | 000,000,512 | ---- | C] () -- C:\Users\_admin\Desktop\MBR.dat
[2012/01/16 13:23:46 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/16 12:51:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 08:46:09 | 000,002,678 | ---- | C] () -- C:\Users\_admin\Desktop\Windows Compatibility Report.htm
[2012/01/16 07:17:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/01/16 07:17:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/01/02 19:22:19 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/02 19:22:19 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/05 15:27:31 | 000,000,680 | ---- | C] () -- C:\Users\_admin\AppData\Local\d3d9caps.dat
[2011/05/28 01:04:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/07 15:04:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/24 08:34:00 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/04/24 07:43:07 | 000,004,608 | ---- | C] () -- C:\Users\_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 21:12:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 21:12:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/13 15:58:21 | 000,121,368 | ---- | C] () -- C:\Windows\hpoins15.dat
[2008/12/13 15:58:21 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2008/08/31 20:26:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/31 20:26:32 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2008/08/31 20:26:18 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2008/08/30 21:39:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/19 02:57:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/07/19 02:57:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/07/19 02:56:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/01 08:33:22 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/13 10:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 10:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 10:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 10:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,315,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/09/01 08:06:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\acccore
[2011/10/01 12:10:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\arlONtxP0c1b3
[2012/01/16 06:40:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\d2ibF3pnGaHdKfL
[2011/10/02 08:08:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\dwkIVrlONx0c1b3
[2011/09/30 10:48:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EZZZqhhYXw
[2011/11/08 04:18:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\f9hTXwjUClBzNx1
[2010/06/21 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Facebook
[2011/11/04 18:03:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FCelIBrzPyAuSoF
[2011/10/01 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FH6sWK7fE9TqYwI
[2012/01/02 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GtzP0ycA1v2n4
[2012/01/02 19:15:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\hF4pmG5sQ6E8R9T
[2011/11/05 13:44:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\IOBtzP0yc1v2
[2011/10/02 08:08:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\JG4aQH6sW7E9TqY
[2011/11/04 18:10:06 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\jsQQQJ6dEK8fTXj
[2011/11/05 13:49:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\K4pmH5sQJdLgZhX
[2011/09/30 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\KxA0uvS2iFpGaHd
[2012/01/16 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\lAAA1iivD2on4pH
[2011/11/04 17:56:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LrlOBtxP0c1v3n
[2012/01/16 06:40:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\lWK8fRL9hXjCkBz
[2011/10/01 01:34:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NBrzONyxAuS
[2012/01/02 18:51:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NmH5sQJ7dKgZhXj
[2011/09/30 10:48:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\nmmGG5ssQJ6EKfR
[2010/11/02 19:18:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ooVoo Details
[2012/01/16 06:33:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\P4amH5sWJgZ
[2011/09/30 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\R7fRL9gTXjCkVzN
[2011/09/30 10:51:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\rhhTTXwwj
[2012/01/02 19:10:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\RjUVelIBtPyAuDo
[2011/09/30 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\sZ9hTXwjUeIrPyA
[2011/11/05 11:06:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ueeelIIBrzPNxAu
[2011/09/30 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\UuvS2obF3m5Q6W8
[2011/11/04 18:03:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\vF4pm5sQJdfZhXj
[2011/11/04 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\vH6sWJ7fE8TqYwU
[2011/10/01 01:34:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\VibF3pnG5Q6W7R9
[2011/09/30 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\wYXXwwkUVe
[2011/09/30 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\XnFF44amH5sW7
[2011/11/08 04:18:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\z5QJ6dEK8R
[2012/01/16 06:33:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ZhYXwkUVeOtPyAi
[2011/11/08 05:11:18 | 000,000,000 | ---D | M] -- C:\Users\_admin\AppData\Roaming\maQJ6dWK8R9TqUe
[2012/01/16 11:08:30 | 000,000,000 | ---D | M] -- C:\Users\_admin\AppData\Roaming\n3pnG5aQHdKfLgX
[2011/11/08 05:11:17 | 000,000,000 | ---D | M] -- C:\Users\_admin\AppData\Roaming\sA1uvS2ob3m
[2012/01/16 11:08:30 | 000,000,000 | ---D | M] -- C:\Users\_admin\AppData\Roaming\XjYCekIVrOtAu
[2012/01/19 20:15:13 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/23 10:35:53 | 000,001,478 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeperFullSweep.job
[2011/10/02 08:03:14 | 000,001,630 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L3A520F780CE4472BA4C2EBD76CD7484E.job

========== Purity Check ==========



< End of report >

*****************************************************************
ComboFix Log below
*****************************************************************
ComboFix 12-01-19.02 - _admin 01/19/2012 21:56:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1827 [GMT -5:00]
Running from: c:\users\_admin\Downloads\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\_admin\AppData\Roaming\hPNycA1uv2b4m5QOpenCloud Security.ico
c:\users\_admin\AppData\Roaming\lgTXqjYCeIrOtAuOpenCloud Security.ico
c:\users\_admin\AppData\Roaming\maQJ6dWK8R9TqUeOpenCloud Security.ico
c:\users\_admin\AppData\Roaming\WsQJ7dEK8R9YwUeOpenCloud Security.ico
c:\users\_admin\AppData\Roaming\XjYCekIVrOtAuOpenCloud Security.ico
c:\users\owner\AppData\Roaming\arlONtxP0c1b3OpenCloud Security.ico
c:\users\owner\AppData\Roaming\d2ibF3pnGaHdKfLOpenCloud Security.ico
c:\users\owner\AppData\Roaming\dwkIVrlONx0c1b3OpenCloud Security.ico
c:\users\owner\AppData\Roaming\f9hTXwjUClBzNx1OpenCloud Security.ico
c:\users\owner\AppData\Roaming\FCelIBrzPyAuSoFOpenCloud Security.ico
c:\users\owner\AppData\Roaming\hF4pmG5sQ6E8R9TOpenCloud Security.ico
c:\users\owner\AppData\Roaming\K4pmH5sQJdLgZhXOpenCloud Security.ico
c:\users\owner\AppData\Roaming\LrlOBtxP0c1v3nOpenCloud Security.ico
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\owner\AppData\Roaming\NmH5sQJ7dKgZhXjOpenCloud Security.ico
c:\users\owner\AppData\Roaming\R7fRL9gTXjCkVzNOpenCloud Security.ico
c:\users\owner\AppData\Roaming\rhhTTXwwjOpenCloud Security.ico
c:\users\owner\AppData\Roaming\ueeelIIBrzPNxAuOpenCloud Security.ico
c:\users\owner\AppData\Roaming\UuvS2obF3m5Q6W8OpenCloud Security.ico
c:\users\owner\AppData\Roaming\VibF3pnG5Q6W7R9OpenCloud Security.ico
c:\users\owner\AppData\Roaming\wYXXwwkUVeOpenCloud Security.ico
c:\users\owner\AppData\Roaming\ZhYXwkUVeOtPyAiOpenCloud Security.ico
c:\windows\$NtUninstallKB3255$
c:\windows\$NtUninstallKB3255$\2216314045
c:\windows\$NtUninstallKB3255$\485945278\@
c:\windows\$NtUninstallKB3255$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB3255$\485945278\cfg.ini
c:\windows\$NtUninstallKB3255$\485945278\Desktop.ini
c:\windows\$NtUninstallKB3255$\485945278\keywords
c:\windows\$NtUninstallKB3255$\485945278\kwrd.dll
c:\windows\$NtUninstallKB3255$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB3255$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB3255$\485945278\U\00000001.@
c:\windows\$NtUninstallKB3255$\485945278\U\00000002.@
c:\windows\$NtUninstallKB3255$\485945278\U\00000004.@
c:\windows\$NtUninstallKB3255$\485945278\U\80000000.@
c:\windows\$NtUninstallKB3255$\485945278\U\80000004.@
c:\windows\$NtUninstallKB3255$\485945278\U\80000032.@
c:\windows\system32\AutoRun.inf
c:\windows\system32\KBL.LOG
c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 03:10 . 2012-01-20 03:10 -------- d-----w- c:\users\_admin\AppData\Local\temp
2012-01-20 01:10 . 2012-01-20 01:10 -------- d-----w- C:\_OTL
2012-01-20 01:03 . 2012-01-20 01:03 -------- d-----w- c:\programdata\Panda Security
2012-01-20 01:03 . 2012-01-20 01:03 -------- d-----w- c:\program files\Panda USB Vaccine
2012-01-17 14:31 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-01-17 14:06 . 2012-01-17 14:06 -------- d-----w- C:\e6767b004533ac8a30eb3661c92de8
2012-01-16 17:51 . 2012-01-16 17:51 -------- d-----w- c:\users\_admin\AppData\Roaming\Malwarebytes
2012-01-16 17:51 . 2012-01-16 17:51 -------- d-----w- c:\programdata\Malwarebytes
2012-01-16 17:51 . 2012-01-16 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-16 17:51 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 16:08 . 2012-01-16 16:08 -------- d-----w- c:\users\_admin\AppData\Roaming\XjYCekIVrOtAu
2012-01-16 16:08 . 2012-01-16 16:08 -------- d-----w- c:\users\_admin\AppData\Roaming\n3pnG5aQHdKfLgX
2012-01-16 11:56 . 2012-01-16 11:56 -------- d-----w- c:\users\_admin\AppData\Local\Winamp Toolbar
2012-01-16 11:40 . 2012-01-16 11:40 -------- d-----w- c:\users\owner\AppData\Roaming\lWK8fRL9hXjCkBz
2012-01-16 11:40 . 2012-01-16 11:40 -------- d-----w- c:\users\owner\AppData\Roaming\d2ibF3pnGaHdKfL
2012-01-16 11:33 . 2012-01-16 11:33 -------- d-----w- c:\users\owner\AppData\Roaming\ZhYXwkUVeOtPyAi
2012-01-16 11:33 . 2012-01-16 11:33 -------- d-----w- c:\users\owner\AppData\Roaming\P4amH5sWJgZ
2012-01-03 00:22 . 2011-11-21 04:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-03 00:22 . 2011-10-17 07:37 65536 ----a-w- c:\program files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
2012-01-03 00:22 . 2011-11-21 04:04 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-01-03 00:22 . 2011-11-21 04:04 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-01-03 00:22 . 2011-11-21 04:04 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2012-01-03 00:22 . 2011-11-21 04:04 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-01-03 00:22 . 2011-11-21 04:04 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-01-03 00:22 . 2011-11-21 04:04 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-01-03 00:22 . 2011-11-21 04:04 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-01-03 00:22 . 2011-11-21 01:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-03 00:22 . 2011-11-21 01:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-03 00:10 . 2012-01-03 00:15 -------- d-----w- c:\users\owner\AppData\Roaming\hF4pmG5sQ6E8R9T
2012-01-03 00:10 . 2012-01-03 00:10 -------- d-----w- c:\users\owner\AppData\Roaming\RjUVelIBtPyAuDo
2012-01-02 23:46 . 2012-01-02 23:51 -------- d-----w- c:\users\owner\AppData\Roaming\NmH5sQJ7dKgZhXj
2012-01-02 23:46 . 2012-01-02 23:46 -------- d-----w- c:\users\owner\AppData\Roaming\GtzP0ycA1v2n4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 14:25 . 2009-07-08 17:13 280112 ----a-w- c:\windows\system32\drivers\srtsp.sys
2011-11-21 04:04 . 2012-01-03 00:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-10-09 4702208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2009-9-10 1233920]
Welcome Center.lnk - c:\windows\System32\control.exe [2006-11-2 211968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2009-07-08 17:13 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-19 15:38 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 15:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-24 10:02 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-19 15:39 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-19 15:39 129560 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-10-09 16:59 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 13:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 11:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 06:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 22:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1643871695-1882474329-1398546539-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-23 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-31 19:19]
.
2011-09-23 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-31 19:19]
.
2011-10-02 c:\windows\Tasks\wrSpySweeper_L3A520F780CE4472BA4C2EBD76CD7484E.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-31 19:19]
.
2011-10-02 c:\windows\Tasks\wrSpySweeper_L3A520F780CE4472BA4C2EBD76CD7484E.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-31 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-\\mac001ff3d8ffdd\EPSON Artisan 800 - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE
HKLM-Run-WinampAgent - c:\users\owner\Desktop\Winamp\winampa.exe
SafeBoot-93854943.sys
SafeBoot-96348536.sys
SafeBoot-Symantec Antvirus
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-isCfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 22:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-19 22:13:02
ComboFix-quarantined-files.txt 2012-01-20 03:12
.
Pre-Run: 115,028,881,408 bytes free
Post-Run: 114,930,802,688 bytes free
.
- - End Of File - - 628440BC280FC7420C527506014F9AA8

*****************************************************
*****************************************************
I am supposed to be using Webroot A/V which is licensed until April 2012.
Unfortunately it will not load & run right now.
I'm trying to work with Webroot to get it reinstalled.
Symantec is no longer licensed and should probably be uninstalled.
*****************************************************
  • 0

#10
Nedklaw
Posted 21 January 2012 - 03:05 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection.

Uninstall Norton (Symantec) via:
  • Control Panel
  • Add/Remove Programs

Please also uninstall Ask Toolbar (if present).


Step 2

Download the Nortan Removal Tool and save it to your desktop.
Run the tool and then restart your computer.


Step 3

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2011/10/01 12:10:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\arlONtxP0c1b3
[2012/01/16 06:40:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\d2ibF3pnGaHdKfL
[2011/10/02 08:08:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\dwkIVrlONx0c1b3
[2011/09/30 10:48:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EZZZqhhYXw
[2011/11/08 04:18:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\f9hTXwjUClBzNx1
[2011/11/04 18:03:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FCelIBrzPyAuSoF
[2011/10/01 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FH6sWK7fE9TqYwI
[2012/01/02 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GtzP0ycA1v2n4
[2012/01/02 19:15:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\hF4pmG5sQ6E8R9T
[2011/11/05 13:44:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\IOBtzP0yc1v2
[2011/10/02 08:08:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\JG4aQH6sW7E9TqY
[2011/11/04 18:10:06 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\jsQQQJ6dEK8fTXj
[2011/11/05 13:49:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\K4pmH5sQJdLgZhX
[2011/09/30 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\KxA0uvS2iFpGaHd
[2012/01/16 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\lAAA1iivD2on4pH
[2011/11/04 17:56:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LrlOBtxP0c1v3n
[2012/01/16 06:40:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\lWK8fRL9hXjCkBz
[2011/10/01 01:34:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NBrzONyxAuS
[2012/01/02 18:51:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NmH5sQJ7dKgZhXj
[2011/09/30 10:48:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\nmmGG5ssQJ6EKfR
[2012/01/16 06:33:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\P4amH5sWJgZ
[2011/09/30 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\R7fRL9gTXjCkVzN
[2011/09/30 10:51:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\rhhTTXwwj
[2012/01/02 19:10:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\RjUVelIBtPyAuDo
[2011/09/30 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\sZ9hTXwjUeIrPyA
[2011/11/05 11:06:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ueeelIIBrzPNxAu
[2011/09/30 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\UuvS2obF3m5Q6W8
[2011/11/04 18:03:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\vF4pm5sQJdfZhXj
[2011/11/04 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\vH6sWJ7fE8TqYwU
[2011/10/01 01:34:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\VibF3pnG5Q6W7R9
[2011/09/30 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\wYXXwwkUVe
[2011/09/30 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\XnFF44amH5sW7
[2011/11/08 04:18:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\z5QJ6dEK8R
[2012/01/16 06:33:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ZhYXwkUVeOtPyAi
[2011/11/08 05:11:18 | 000,000,000 | ---D | M] -- C:\Users\_admin\AppData\Roaming\maQJ6dWK8R9TqUe
[2012/01/16 11:08:30 | 000,000,000 | ---D | M] -- C:\Users\_admin\AppData\Roaming\n3pnG5aQHdKfLgX
[2011/11/08 05:11:17 | 000,000,000 | ---D | M] -- C:\Users\_admin\AppData\Roaming\sA1uvS2ob3m
[2012/01/16 11:08:30 | 000,000,000 | ---D | M] -- C:\Users\_admin\AppData\Roaming\XjYCekIVrOtAu
 
:Reg 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

:Files
C:\Program Files\Ask.com
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • 0

Advertisements

#11
beabruin
Posted 22 January 2012 - 09:22 AM

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I removed Symantec via Control Panel.
I downloaded the Norton Removal Tool & ran this as well.
I think I might have the Ask Toolbar but Im not sure how to uninstall it.
*************************************************************************
Here's the OTL RunFix Log & Quick Scan Log.
*************************************************************************
OTL Run Fix Scan Logs 1-22-2012

**********************************
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
C:\Users\owner\AppData\Roaming\arlONtxP0c1b3 folder moved successfully.
C:\Users\owner\AppData\Roaming\d2ibF3pnGaHdKfL folder moved successfully.
C:\Users\owner\AppData\Roaming\dwkIVrlONx0c1b3 folder moved successfully.
C:\Users\owner\AppData\Roaming\EZZZqhhYXw folder moved successfully.
C:\Users\owner\AppData\Roaming\f9hTXwjUClBzNx1 folder moved successfully.
C:\Users\owner\AppData\Roaming\FCelIBrzPyAuSoF folder moved successfully.
C:\Users\owner\AppData\Roaming\FH6sWK7fE9TqYwI folder moved successfully.
C:\Users\owner\AppData\Roaming\GtzP0ycA1v2n4 folder moved successfully.
C:\Users\owner\AppData\Roaming\hF4pmG5sQ6E8R9T folder moved successfully.
C:\Users\owner\AppData\Roaming\IOBtzP0yc1v2 folder moved successfully.
C:\Users\owner\AppData\Roaming\JG4aQH6sW7E9TqY folder moved successfully.
C:\Users\owner\AppData\Roaming\jsQQQJ6dEK8fTXj folder moved successfully.
C:\Users\owner\AppData\Roaming\K4pmH5sQJdLgZhX folder moved successfully.
C:\Users\owner\AppData\Roaming\KxA0uvS2iFpGaHd folder moved successfully.
C:\Users\owner\AppData\Roaming\lAAA1iivD2on4pH folder moved successfully.
C:\Users\owner\AppData\Roaming\LrlOBtxP0c1v3n folder moved successfully.
C:\Users\owner\AppData\Roaming\lWK8fRL9hXjCkBz folder moved successfully.
C:\Users\owner\AppData\Roaming\NBrzONyxAuS folder moved successfully.
C:\Users\owner\AppData\Roaming\NmH5sQJ7dKgZhXj folder moved successfully.
C:\Users\owner\AppData\Roaming\nmmGG5ssQJ6EKfR folder moved successfully.
C:\Users\owner\AppData\Roaming\P4amH5sWJgZ folder moved successfully.
C:\Users\owner\AppData\Roaming\R7fRL9gTXjCkVzN folder moved successfully.
C:\Users\owner\AppData\Roaming\rhhTTXwwj folder moved successfully.
C:\Users\owner\AppData\Roaming\RjUVelIBtPyAuDo folder moved successfully.
C:\Users\owner\AppData\Roaming\sZ9hTXwjUeIrPyA folder moved successfully.
C:\Users\owner\AppData\Roaming\ueeelIIBrzPNxAu folder moved successfully.
C:\Users\owner\AppData\Roaming\UuvS2obF3m5Q6W8 folder moved successfully.
C:\Users\owner\AppData\Roaming\vF4pm5sQJdfZhXj folder moved successfully.
C:\Users\owner\AppData\Roaming\vH6sWJ7fE8TqYwU folder moved successfully.
C:\Users\owner\AppData\Roaming\VibF3pnG5Q6W7R9 folder moved successfully.
C:\Users\owner\AppData\Roaming\wYXXwwkUVe folder moved successfully.
C:\Users\owner\AppData\Roaming\XnFF44amH5sW7 folder moved successfully.
C:\Users\owner\AppData\Roaming\z5QJ6dEK8R folder moved successfully.
C:\Users\owner\AppData\Roaming\ZhYXwkUVeOtPyAi folder moved successfully.
C:\Users\_admin\AppData\Roaming\maQJ6dWK8R9TqUe folder moved successfully.
C:\Users\_admin\AppData\Roaming\n3pnG5aQHdKfLgX folder moved successfully.
C:\Users\_admin\AppData\Roaming\sA1uvS2ob3m folder moved successfully.
C:\Users\_admin\AppData\Roaming\XjYCekIVrOtAu folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\\DisableMonitoring deleted successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\_admin\Desktop\cmd.bat deleted successfully.
C:\Users\_admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: owner
->Temp folder emptied: 31913 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: _admin
->Temp folder emptied: 25733993 bytes
->Temporary Internet Files folder emptied: 12830043 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 507 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01222012_094808

Files\Folders moved on Reboot...
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIO0OEI6\fastbutton[1].htm moved successfully.

Registry entries deleted on Reboot...

****************************************
OTL Quick Scan Log
****************************************
OTL logfile created on: 1/22/2012 10:10:49 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\_admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 59.62% Memory free
6.18 Gb Paging File | 4.98 Gb Available in Paging File | 80.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 110.47 Gb Free Space | 49.94% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: CARUDA | User Name: _admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\_admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems:

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/31 19:45:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 19:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 19:22:11 | 000,000,000 | ---D | M]

[2009/12/23 10:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_admin\AppData\Roaming\Mozilla\Extensions
[2012/01/19 20:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions
[2009/12/23 11:02:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 06:52:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/05/06 20:22:31 | 000,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/22 09:48:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter File not found
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome Center.lnk = C:\Windows\System32\control.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.78.96.14 66.174.92.14 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C187B1F-FC4B-45FF-8753-2264EA38E7AD}: DhcpNameServer = 216.183.102.115 66.179.168.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE41FC19-29CB-4C60-8950-CADE512413A1}: DhcpNameServer = 69.78.96.14 66.174.92.14 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 08:18:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 22:13:33 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012/01/19 22:13:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/19 22:13:04 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Local\temp
[2012/01/19 20:40:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 20:40:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 20:40:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 20:40:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 20:40:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/19 20:40:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 20:10:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/19 20:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/01/19 20:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2012/01/19 20:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/17 09:19:35 | 001,976,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\_admin\Desktop\tdsskiller.exe
[2012/01/17 09:06:17 | 000,000,000 | ---D | C] -- C:\e6767b004533ac8a30eb3661c92de8
[2012/01/16 13:45:49 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\_admin\Desktop\aswMBR.exe
[2012/01/16 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\Malwarebytes
[2012/01/16 12:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 12:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 12:51:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/16 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/16 06:56:14 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Local\Winamp Toolbar

========== Files - Modified Within 30 Days ==========

[2012/01/22 09:56:38 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/22 09:56:37 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/22 09:50:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 09:50:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 09:50:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 09:50:06 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 09:48:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/19 20:01:09 | 000,823,346 | ---- | M] () -- C:\Users\_admin\Desktop\USBVaccine.zip
[2012/01/18 08:05:34 | 000,000,512 | ---- | M] () -- C:\Users\_admin\Desktop\MBR.dat
[2012/01/18 07:53:11 | 000,080,384 | ---- | M] () -- C:\Users\_admin\Desktop\MBRCheck.exe
[2012/01/17 09:58:32 | 000,000,903 | ---- | M] () -- C:\Users\_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/17 09:48:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/01/17 09:48:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/01/17 09:48:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/17 09:01:42 | 001,922,249 | ---- | M] () -- C:\Users\_admin\Desktop\Windows6.0-KB968389-x86.msu
[2012/01/17 08:47:26 | 001,976,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\_admin\Desktop\tdsskiller.exe
[2012/01/16 13:44:34 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\_admin\Desktop\aswMBR.exe
[2012/01/16 12:51:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 08:49:39 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/16 08:49:39 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/16 08:46:09 | 000,002,678 | ---- | M] () -- C:\Users\_admin\Desktop\Windows Compatibility Report.htm
[2012/01/16 08:32:20 | 314,467,661 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/02 19:22:19 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/01/19 20:40:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 20:40:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 20:40:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 20:40:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 20:40:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 20:01:05 | 000,823,346 | ---- | C] () -- C:\Users\_admin\Desktop\USBVaccine.zip
[2012/01/18 07:53:11 | 000,080,384 | ---- | C] () -- C:\Users\_admin\Desktop\MBRCheck.exe
[2012/01/17 09:58:32 | 000,000,903 | ---- | C] () -- C:\Users\_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/17 09:48:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/17 09:28:40 | 001,922,249 | ---- | C] () -- C:\Users\_admin\Desktop\Windows6.0-KB968389-x86.msu
[2012/01/16 14:10:13 | 000,000,512 | ---- | C] () -- C:\Users\_admin\Desktop\MBR.dat
[2012/01/16 13:23:46 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/16 12:51:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 08:46:09 | 000,002,678 | ---- | C] () -- C:\Users\_admin\Desktop\Windows Compatibility Report.htm
[2012/01/16 07:17:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/01/16 07:17:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/01/02 19:22:19 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/02 19:22:19 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/05 15:27:31 | 000,000,680 | ---- | C] () -- C:\Users\_admin\AppData\Local\d3d9caps.dat
[2011/05/28 01:04:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/07 15:04:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/24 08:34:00 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/04/24 07:43:07 | 000,004,608 | ---- | C] () -- C:\Users\_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 21:12:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 21:12:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/13 15:58:21 | 000,121,368 | ---- | C] () -- C:\Windows\hpoins15.dat
[2008/12/13 15:58:21 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2008/08/31 20:26:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/31 20:26:32 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2008/08/31 20:26:18 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2008/08/30 21:39:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/19 02:57:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/07/19 02:57:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/07/19 02:56:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/01 08:33:22 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/13 10:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 10:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 10:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 10:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,315,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/09/01 08:06:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\acccore
[2010/06/21 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Facebook
[2010/11/02 19:18:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ooVoo Details
[2012/01/22 09:49:09 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#12
Nedklaw
Posted 23 January 2012 - 03:01 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Can you confirm that you are working with Webroot to get Webroot AV reinstalled?
How is your system running? Are you experiencing any other problems?


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 
:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt
  • 0

#13
beabruin
Posted 24 January 2012 - 12:04 PM

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Webroot is finally working with me to reinstall the software.
They are in fact finding mode and haven't asked me to do anything except start a scan in Safe Mode.
When I finally told them, I cannot run Webroot in ANY mode, they began an inquiry for more details.
Obviously Webroot still will not load during Windows startup.
I'm not sure if I have Ask.com Toolbar or if I do how to remove it.
When logging into Windows as CARUDA, Windows Security Alerts (Windows Defender/Software Explorer?) reports some programs were blocked from starting.
The three programs I think being called out are:

VCastBackupScheduler.exe [I don't think she uses this program anyway.]
AgVQVkFpNfmITWf.exe [I have no idea what this is.]
SupportSoftContainer (bcont.exe) [I have no idea what this is.]

**************************
OTL RunFix Scan 24-01-2012
**************************

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\_admin\Desktop\cmd.bat deleted successfully.
C:\Users\_admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: owner
->Temp folder emptied: 35154 bytes
->Temporary Internet Files folder emptied: 11341559 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28217598 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 756 bytes

User: Public
->Temp folder emptied: 0 bytes

User: _admin
->Temp folder emptied: 56428 bytes
->Temporary Internet Files folder emptied: 17409808 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7010036 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 648 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01242012_091932

Files\Folders moved on Reboot...
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\_admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1J8YDFPA\fastbutton[1].htm moved successfully.

Registry entries deleted on Reboot...

******************************
OTL Scan All Users Quick Scan
******************************

OTL logfile created on: 1/24/2012 9:25:26 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\_admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.74% Memory free
6.18 Gb Paging File | 4.93 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 110.37 Gb Free Space | 49.90% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: CARUDA | User Name: _admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\_admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/31 19:45:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 19:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 19:22:11 | 000,000,000 | ---D | M]

[2009/12/23 10:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_admin\AppData\Roaming\Mozilla\Extensions
[2012/01/19 20:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions
[2009/12/23 11:02:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 06:52:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\_admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlk4iq79.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/01/02 19:22:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/05/06 20:22:31 | 000,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/24 09:19:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter File not found
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome Center.lnk = C:\Windows\System32\control.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1643871695-1882474329-1398546539-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.78.96.14 66.174.92.14 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C187B1F-FC4B-45FF-8753-2264EA38E7AD}: DhcpNameServer = 216.183.102.115 66.179.168.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE41FC19-29CB-4C60-8950-CADE512413A1}: DhcpNameServer = 69.78.96.14 66.174.92.14 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 08:18:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 22:13:33 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012/01/19 22:13:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/19 22:13:04 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Local\temp
[2012/01/19 20:40:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 20:40:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 20:40:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 20:40:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 20:40:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/19 20:40:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 20:10:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/19 20:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/01/19 20:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2012/01/19 20:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/17 09:19:35 | 001,976,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\_admin\Desktop\tdsskiller.exe
[2012/01/17 09:06:17 | 000,000,000 | ---D | C] -- C:\e6767b004533ac8a30eb3661c92de8
[2012/01/16 13:45:49 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\_admin\Desktop\aswMBR.exe
[2012/01/16 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Roaming\Malwarebytes
[2012/01/16 12:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 12:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 12:51:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/16 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/16 06:56:14 | 000,000,000 | ---D | C] -- C:\Users\_admin\AppData\Local\Winamp Toolbar

========== Files - Modified Within 30 Days ==========

[2012/01/24 09:21:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 09:21:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 09:21:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 09:21:04 | 3209,129,984 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 09:19:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/24 09:15:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/24 09:15:21 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/19 20:01:09 | 000,823,346 | ---- | M] () -- C:\Users\_admin\Desktop\USBVaccine.zip
[2012/01/18 08:05:34 | 000,000,512 | ---- | M] () -- C:\Users\_admin\Desktop\MBR.dat
[2012/01/18 07:53:11 | 000,080,384 | ---- | M] () -- C:\Users\_admin\Desktop\MBRCheck.exe
[2012/01/17 09:58:32 | 000,000,903 | ---- | M] () -- C:\Users\_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/17 09:48:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/01/17 09:48:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/01/17 09:48:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/17 09:01:42 | 001,922,249 | ---- | M] () -- C:\Users\_admin\Desktop\Windows6.0-KB968389-x86.msu
[2012/01/17 08:47:26 | 001,976,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\_admin\Desktop\tdsskiller.exe
[2012/01/16 13:44:34 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\_admin\Desktop\aswMBR.exe
[2012/01/16 12:51:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 08:49:39 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/16 08:49:39 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/16 08:46:09 | 000,002,678 | ---- | M] () -- C:\Users\_admin\Desktop\Windows Compatibility Report.htm
[2012/01/16 08:32:20 | 314,467,661 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/02 19:22:19 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/01/23 13:01:54 | 3209,129,984 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/19 20:40:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 20:40:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 20:40:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 20:40:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 20:40:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 20:01:05 | 000,823,346 | ---- | C] () -- C:\Users\_admin\Desktop\USBVaccine.zip
[2012/01/18 07:53:11 | 000,080,384 | ---- | C] () -- C:\Users\_admin\Desktop\MBRCheck.exe
[2012/01/17 09:58:32 | 000,000,903 | ---- | C] () -- C:\Users\_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/17 09:48:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/17 09:28:40 | 001,922,249 | ---- | C] () -- C:\Users\_admin\Desktop\Windows6.0-KB968389-x86.msu
[2012/01/16 14:10:13 | 000,000,512 | ---- | C] () -- C:\Users\_admin\Desktop\MBR.dat
[2012/01/16 12:51:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 08:46:09 | 000,002,678 | ---- | C] () -- C:\Users\_admin\Desktop\Windows Compatibility Report.htm
[2012/01/16 07:17:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/01/16 07:17:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/01/02 19:22:19 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/02 19:22:19 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/05 15:27:31 | 000,000,680 | ---- | C] () -- C:\Users\_admin\AppData\Local\d3d9caps.dat
[2011/05/28 01:04:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/07 15:04:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/24 08:34:00 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/04/24 07:43:07 | 000,004,608 | ---- | C] () -- C:\Users\_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 21:12:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 21:12:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/13 15:58:21 | 000,121,368 | ---- | C] () -- C:\Windows\hpoins15.dat
[2008/12/13 15:58:21 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2008/08/31 20:26:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/31 20:26:32 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2008/08/31 20:26:18 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2008/08/30 21:39:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/19 02:57:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/07/19 02:57:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/07/19 02:56:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/01 08:33:22 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/13 10:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 10:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 10:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 10:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,315,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/09/01 08:06:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\acccore
[2010/06/21 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Facebook
[2010/11/02 19:18:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ooVoo Details
[2012/01/24 09:20:09 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


********************************
Malwarebytes Quick Scan Log
********************************

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
_admin :: CARUDA [administrator]

Protection: Enabled

1/24/2012 9:32:57 AM
mbam-log-2012-01-24 (09-32-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202196
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


*****************************
Malwarebytes Protection Log
*****************************

2012/01/24 08:58:03 -0500 CARUDA owner MESSAGE Starting protection
2012/01/24 08:58:05 -0500 CARUDA owner MESSAGE Protection started successfully
2012/01/24 08:58:08 -0500 CARUDA owner MESSAGE Starting IP protection
2012/01/24 08:58:10 -0500 CARUDA owner MESSAGE IP Protection started successfully
2012/01/24 09:11:59 -0500 CARUDA _admin MESSAGE Starting protection
2012/01/24 09:12:01 -0500 CARUDA _admin MESSAGE Executing scheduled update: Daily
2012/01/24 09:12:02 -0500 CARUDA _admin MESSAGE Protection started successfully
2012/01/24 09:12:05 -0500 CARUDA _admin MESSAGE Starting IP protection
2012/01/24 09:12:06 -0500 CARUDA _admin MESSAGE IP Protection started successfully
2012/01/24 09:12:14 -0500 CARUDA _admin MESSAGE Starting database refresh
2012/01/24 09:12:14 -0500 CARUDA _admin MESSAGE Scheduled update executed successfully: database updated from version v2012.01.23.04 to version v2012.01.24.03
2012/01/24 09:12:14 -0500 CARUDA _admin MESSAGE Stopping IP protection
2012/01/24 09:12:16 -0500 CARUDA _admin MESSAGE IP Protection stopped
2012/01/24 09:12:18 -0500 CARUDA _admin MESSAGE Database refreshed successfully
2012/01/24 09:12:18 -0500 CARUDA _admin MESSAGE Starting IP protection
2012/01/24 09:12:20 -0500 CARUDA _admin MESSAGE IP Protection started successfully
2012/01/24 09:23:53 -0500 CARUDA _admin MESSAGE Starting protection
2012/01/24 09:23:56 -0500 CARUDA _admin MESSAGE Protection started successfully
2012/01/24 09:23:59 -0500 CARUDA _admin MESSAGE Starting IP protection
2012/01/24 09:24:00 -0500 CARUDA _admin MESSAGE IP Protection started successfully
2012/01/24 09:32:29 -0500 CARUDA _admin MESSAGE Starting database refresh
2012/01/24 09:32:29 -0500 CARUDA _admin MESSAGE Stopping IP protection
2012/01/24 09:32:30 -0500 CARUDA _admin MESSAGE IP Protection stopped
2012/01/24 09:32:33 -0500 CARUDA _admin MESSAGE Database refreshed successfully
2012/01/24 09:32:33 -0500 CARUDA _admin MESSAGE Starting IP protection
2012/01/24 09:32:34 -0500 CARUDA _admin MESSAGE IP Protection started successfully

***********************
ESET Online Scanner Log
***********************

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

C:\_OTL\MovedFiles\01192012_201015\C_Windows\temp\895B.tmp a variant of Win32/Kryptik.UXX trojan cleaned by deleting - quarantined
  • 0

#14
Nedklaw
Posted 26 January 2012 - 02:00 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Files
AgVQVkFpNfmITWf.exe /s /alldrives
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • 0

#15
Nedklaw
Posted 26 January 2012 - 02:07 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Also, have you tried uninstalling and reinstalling Webroot?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP