Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Packed.Generic.307 or Trojan.Usuge!gen3 infection?


  • Please log in to reply

#1
assetmgr

assetmgr

    Member

  • Member
  • PipPip
  • 12 posts
I have malware that redirects my browser. The only site it seems to affect is my google apps account. It happens right after I log in. It does it in both chrome and internet explorer. I tried to remove it with Spybot as well as what was recommended here prior to posting for help. I think I got this from a USB drive that I let someone borrow because when I plugged in the USB Symantec Antivirus popped up. The Symantec log shows Packed.Generic.307 was deleted and Trojan.Usuge!gen3 was deleted. Shortly after using the USB is when I noticed the problem. Below is the OTL log, thanks for taking time to look at this.


OTL logfile created on: 1/16/2012 11:08:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jsiragusa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 49.43% Memory free
2.34 Gb Paging File | 1.89 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.67 Gb Total Space | 40.09 Gb Free Space | 52.29% Space Free | Partition Type: FAT32
Drive E: | 298.09 Gb Total Space | 33.96 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive G: | 115.66 Gb Total Space | 26.03 Gb Free Space | 22.51% Space Free | Partition Type: NTFS
Drive H: | 1831.15 Gb Total Space | 1747.17 Gb Free Space | 95.41% Space Free | Partition Type: NTFS
Drive K: | 1831.15 Gb Total Space | 1747.17 Gb Free Space | 95.41% Space Free | Partition Type: NTFS
Drive M: | 115.66 Gb Total Space | 26.03 Gb Free Space | 22.51% Space Free | Partition Type: NTFS

Computer Name: BRE-CMCINT | User Name: jsiragusa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 11:07:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jsiragusa\Desktop\OTL.exe
PRC - [2012/01/11 04:35:36 | 001,048,560 | ---- | M] (Google Inc.) -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/16 07:21:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/16 07:21:08 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/10/15 21:26:12 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/05/28 22:03:12 | 001,093,632 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/02/05 13:34:10 | 009,807,512 | ---- | M] (NEC Corporation) -- C:\Program Files\Sphere\phone.exe
PRC - [2010/02/05 13:33:50 | 000,793,752 | ---- | M] (NEC Corporation) -- C:\Program Files\Sphere\Clientupdater.exe
PRC - [2009/07/07 10:51:20 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\AccessL.exe
PRC - [2008/05/01 23:15:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/03 15:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2002/10/16 18:24:52 | 000,047,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2012/01/11 04:35:36 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\ppgooglenaclpluginchrome.dll
MOD - [2012/01/11 04:35:34 | 003,772,400 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\pdf.dll
MOD - [2012/01/11 04:34:10 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\avutil-51.dll
MOD - [2012/01/11 04:34:08 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\avformat-53.dll
MOD - [2012/01/11 04:34:06 | 001,746,432 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\avcodec-53.dll
MOD - [2012/01/11 01:13:36 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\gcswf32.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/05/28 22:03:12 | 001,093,632 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
MOD - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/05/14 12:49:36 | 002,519,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/05/14 12:41:42 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/05/14 12:38:30 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/05/14 12:38:30 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/14 12:38:30 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/05/14 12:38:30 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/08/09 22:58:44 | 004,877,176 | ---- | M] () -- C:\Program Files\Sphere\avcodec.dll
MOD - [2009/02/27 12:56:34 | 000,016,768 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2008/10/07 12:38:32 | 000,025,632 | ---- | M] () -- C:\WINDOWS\system32\PlantronicsDeviceEventSink.dll
MOD - [2008/05/01 23:15:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/01 23:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/13 19:12:04 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 19:12:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/04/26 22:32:28 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/16 07:21:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/16 07:21:08 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/10/03 12:45:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 15:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/10/06 08:20:46 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak -- (LMIRfsClientNP)
DRV - [2011/05/12 16:40:56 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110703.003\navex15.sys -- (NAVEX15)
DRV - [2011/05/12 16:40:50 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110703.003\naveng.sys -- (NAVENG)
DRV - [2011/05/10 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/10/17 09:36:12 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2002/10/16 17:27:02 | 000,947,884 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/10/04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.2009p
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/05/19 15:12:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/03/29 12:23:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/29 11:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/03/29 08:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jsiragusa\Application Data\Mozilla\Extensions
[2011/03/29 08:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jsiragusa\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/29 12:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jsiragusa\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011/03/29 12:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jsiragusa\Application Data\Mozilla\Sunbird\Profiles\1hp1hed1.default\extensions
[2011/03/29 12:23:06 | 000,000,000 | ---D | M] (Lightning stub extension for Sunbird) -- C:\PROGRAM FILES\MOZILLA SUNBIRD\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2011/03/29 12:23:06 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\MOZILLA SUNBIRD\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\Application\17.0.963.33\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Greyscale = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0\
CHR - Extension: Gmail = C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/16 10:36:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AIBMTOOLS] File not found
O4 - HKLM..\Run: [ALTOOLS] C:\WINDOWS\AccessL.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\jsiragusa\Start Menu\Programs\Startup\Shortcut to phone.exe.lnk = C:\Program Files\Sphere\phone.exe (NEC Corporation)
O4 - Startup: C:\Documents and Settings\jsiragusa\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Sphericall &Dial - C:\Program Files\Sphere\dial.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sur...ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://10.32.1.210/VatDec.cab (VatCtrl Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1124133823477 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://10.32.0.106:.../util/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://extendtherea...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = brauvin.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02C62EDD-51BD-44A2-B8A6-80F09C4D6347}: NameServer = 10.32.0.110,4.2.2.2
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jsiragusa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/03 12:50:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{af84f9a6-011c-11df-95c2-00016c239647}\Shell\AutoRun\command - "" = D:\Setup_FlipShare.exe
O33 - MountPoints2\{af84f9a6-011c-11df-95c2-00016c239647}\Shell\Setup FlipShare\command - "" = D:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 11:06:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jsiragusa\Desktop\OTL.exe
[2012/01/16 10:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsiragusa\Desktop\tdsskiller
[2012/01/16 10:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsiragusa\Desktop\GooredFix Backups
[2012/01/16 10:55:57 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\jsiragusa\Desktop\GooredFix.exe
[2012/01/16 10:36:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/16 10:35:40 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jsiragusa\Desktop\OTM.exe
[2012/01/16 10:35:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/16 10:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/16 10:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/16 10:34:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\jsiragusa\Desktop\erunt-setup.exe
[2011/10/14 09:43:39 | 018,590,304 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_2_3_setup.exe
[2011/08/26 08:25:56 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Program Files\cnet_wrar401_exe.exe
[2011/05/17 09:58:36 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup306.exe
[2011/03/04 17:19:13 | 017,679,520 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_2_0_setup.exe
[2011/02/25 12:35:28 | 000,884,512 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\chromeinstall-6u24.exe
[2009/09/21 12:50:33 | 017,695,920 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-0_9_8_setup.exe
[2009/02/05 08:26:31 | 003,970,448 | ---- | C] (Acro Software Inc. ) -- C:\Program Files\CutePDFEvl.exe
[2009/01/06 08:31:57 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe
[2008/11/11 14:40:05 | 003,130,625 | ---- | C] (Autodesk) -- C:\Program Files\MGControl.exe
[2008/05/06 15:12:06 | 007,063,008 | ---- | C] (VSee Lab) -- C:\Program Files\vsee.exe
[2007/10/03 12:32:12 | 299,294,000 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\ADBEDRWVCS3_WWE.exe
[2007/05/23 10:36:37 | 015,714,552 | ---- | C] (Google ) -- C:\Program Files\Google_Earth_BZXD.exe

========== Files - Modified Within 30 Days ==========

[2012/01/16 11:07:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jsiragusa\Desktop\OTL.exe
[2012/01/16 10:58:12 | 001,954,684 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Desktop\tdsskiller.zip
[2012/01/16 10:55:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\jsiragusa\Desktop\GooredFix.exe
[2012/01/16 10:44:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 10:42:54 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 10:41:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 10:41:46 | 1333,317,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 10:35:44 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jsiragusa\Desktop\OTM.exe
[2012/01/16 10:35:02 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/16 10:34:52 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Desktop\NTREGOPT.lnk
[2012/01/16 10:34:52 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Desktop\ERUNT.lnk
[2012/01/16 10:34:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\jsiragusa\Desktop\erunt-setup.exe
[2012/01/16 10:31:10 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 10:19:02 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/16 08:32:02 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3941023027-1856051850-1926175653-1164Core1cc8ff5365bce0f.job
[2012/01/13 23:30:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\daily.job
[2012/01/12 13:14:26 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Desktop\Microsoft Excel.lnk
[2012/01/12 08:21:56 | 000,002,220 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Desktop\Google Chrome.lnk
[2012/01/12 08:21:56 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/12 03:04:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/04 12:36:16 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Desktop\Microsoft Word.lnk
[2012/01/03 12:52:42 | 001,989,176 | ---- | M] () -- C:\Documents and Settings\jsiragusa\My Documents\Jan2011_RTA_System_web.pdf
[2011/12/30 08:40:12 | 000,442,574 | ---- | M] () -- C:\Documents and Settings\jsiragusa\My Documents\imagesWhy-you-got-no-gift-this-year.gif
[2011/12/23 08:59:50 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 13:00:46 | 000,015,648 | ---- | M] () -- C:\Documents and Settings\jsiragusa\Desktop\MJG inv 2011-23.odt

========== Files Created - No Company Name ==========

[2012/01/16 10:56:57 | 001,954,684 | ---- | C] () -- C:\Documents and Settings\jsiragusa\Desktop\tdsskiller.zip
[2012/01/16 10:35:01 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\jsiragusa\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/16 10:34:50 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\jsiragusa\Desktop\NTREGOPT.lnk
[2012/01/16 10:34:50 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\jsiragusa\Desktop\ERUNT.lnk
[2012/01/03 12:52:46 | 001,989,176 | ---- | C] () -- C:\Documents and Settings\jsiragusa\My Documents\Jan2011_RTA_System_web.pdf
[2011/12/30 08:40:16 | 000,442,574 | ---- | C] () -- C:\Documents and Settings\jsiragusa\My Documents\imagesWhy-you-got-no-gift-this-year.gif
[2011/12/19 13:00:52 | 000,015,648 | ---- | C] () -- C:\Documents and Settings\jsiragusa\Desktop\MJG inv 2011-23.odt
[2011/10/14 09:47:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/07 16:58:38 | 000,035,184 | ---- | C] () -- C:\Program Files\lookout-1.2.11-tb+sm.xpi
[2011/03/29 08:36:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/28 08:32:49 | 000,245,248 | ---- | C] () -- C:\WINDOWS\DelOemFile.exe
[2011/01/28 08:32:49 | 000,001,774 | ---- | C] () -- C:\WINDOWS\KUFSN.INI
[2011/01/28 08:32:49 | 000,001,774 | ---- | C] () -- C:\WINDOWS\KUF0452N.INI
[2011/01/28 08:32:49 | 000,001,764 | ---- | C] () -- C:\WINDOWS\KUFSNRN.INI
[2011/01/28 08:32:49 | 000,000,408 | ---- | C] () -- C:\WINDOWS\452Warning.ini
[2010/11/23 16:48:55 | 013,640,684 | ---- | C] () -- C:\Program Files\PDFCreator-0_9_1_AFPLGhostscript_32bit.msi
[2010/03/24 16:52:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\Idleui.dll
[2010/03/24 16:50:53 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\PlantronicsDeviceEventSink.dll
[2009/12/29 10:11:57 | 000,026,849 | ---- | C] () -- C:\Program Files\extension_0_6_1.crx
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/20 14:59:19 | 149,286,272 | ---- | C] () -- C:\Program Files\OOo_3.0.0_Win32Intel_install_wJRE_en-US.exe
[2008/10/20 11:00:01 | 005,045,633 | ---- | C] () -- C:\Program Files\dcs_InstallationWizard_111.zip
[2008/10/20 10:55:47 | 002,440,817 | ---- | C] () -- C:\Program Files\dcs3220_firmware_104.pkg
[2008/08/27 10:22:47 | 019,733,021 | ---- | C] () -- C:\Program Files\BTM200B_USB_Bluetooth_Adapter_Installer.exe
[2008/08/27 10:01:50 | 040,647,264 | ---- | C] () -- C:\Program Files\CD_0410-0088-001_BTM200B.iso
[2008/07/10 16:19:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/03 12:40:10 | 000,010,857 | ---- | C] () -- C:\Program Files\Dreamweaver CS3 Read Me.html
[2007/08/09 12:08:04 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/27 12:25:22 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\Upgrade.dll
[2007/01/16 15:53:57 | 001,037,312 | ---- | C] () -- C:\Program Files\iview399.exe
[2006/12/13 10:57:34 | 015,913,664 | ---- | C] () -- C:\Program Files\zPDFCreator-0_9_3-AD_DeploymentPackage-WithoutToolbar.msi
[2006/11/01 10:41:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2006/11/01 10:39:16 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2006/11/01 10:39:14 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/11/01 10:39:14 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/11/01 10:39:11 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/09/26 17:05:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/09/26 17:05:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2006/09/26 17:01:46 | 005,254,656 | ---- | C] () -- C:\Program Files\converter.exe
[2006/09/26 17:01:05 | 002,064,136 | ---- | C] () -- C:\Program Files\CuteWriter.exe
[2006/08/10 12:12:47 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/12 09:28:49 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/12/28 16:03:39 | 000,000,307 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/10/14 10:05:48 | 008,715,352 | ---- | C] () -- C:\Program Files\Install_AIM.exe
[2005/10/06 14:42:28 | 004,077,184 | ---- | C] () -- C:\Program Files\winzip90.exe
[2005/08/03 09:04:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/15 12:28:57 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\jsiragusa\Local Settings\Application Data\fusioncache.dat
[2004/11/05 10:49:11 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004/08/05 12:42:38 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2004/08/05 12:42:38 | 000,029,315 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2004/05/18 13:46:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/04/22 11:08:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.ACER USER.ini
[2004/01/30 16:03:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2003/10/24 18:33:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/08 10:06:54 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/07/03 13:03:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/03 12:54:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/07/03 12:50:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/03 12:48:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/07/03 12:43:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/03 12:42:13 | 000,160,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/03/12 11:20:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2001/10/04 14:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2001/09/21 01:35:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,417,994 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,062,190 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,007,944 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2005/10/14 10:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/26 13:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sphere
[2008/05/06 15:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSee
[2008/06/18 16:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/01/14 08:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/10/02 12:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2003/07/03 12:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\InterTrust
[2005/10/14 10:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\Aim
[2006/11/03 10:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\GlobalSCAPE
[2007/11/26 13:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\Sphere
[2008/03/25 10:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\webex
[2008/05/06 15:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\VSee
[2008/11/20 15:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\OpenOffice.org
[2009/01/09 17:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\ooVoo Details
[2009/04/13 14:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/29 08:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\Thunderbird
[2011/10/14 09:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsiragusa\Application Data\pdfforge
[2012/01/13 23:30:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\Tasks\daily.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Ron
  • 0

#3
assetmgr

assetmgr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for your help.

Combofix froze and I had to reboot.

Following are the TDSSKiller, aswMBR, and Malwarebytes logs. For aswMBR the Fix button was not enabled.

12:52:52.0140 1800 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
12:52:53.0925 1800 ============================================================
12:52:53.0925 1800 Current date / time: 2012/01/17 12:52:53.0925
12:52:53.0925 1800 SystemInfo:
12:52:53.0925 1800
12:52:53.0925 1800 OS Version: 5.1.2600 ServicePack: 3.0
12:52:53.0925 1800 Product type: Workstation
12:52:53.0925 1800 ComputerName: BRE-CMCINT
12:52:53.0925 1800 UserName: jsiragusa
12:52:53.0925 1800 Windows directory: C:\WINDOWS
12:52:53.0925 1800 System windows directory: C:\WINDOWS
12:52:53.0925 1800 Processor architecture: Intel x86
12:52:53.0925 1800 Number of processors: 1
12:52:53.0925 1800 Page size: 0x1000
12:52:53.0925 1800 Boot type: Normal boot
12:52:53.0925 1800 ============================================================
12:52:55.0381 1800 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:52:55.0396 1800 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:52:55.0396 1800 Initialize success
12:53:08.0124 3184 ============================================================
12:53:08.0124 3184 Scan started
12:53:08.0124 3184 Mode: Manual;
12:53:08.0124 3184 ============================================================
12:53:08.0531 3184 Abiosdsk - ok
12:53:08.0734 3184 abp480n5 - ok
12:53:08.0891 3184 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:53:08.0906 3184 ACPI - ok
12:53:08.0985 3184 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:53:09.0000 3184 ACPIEC - ok
12:53:09.0266 3184 adpu160m - ok
12:53:09.0329 3184 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:53:09.0345 3184 aec - ok
12:53:09.0501 3184 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:53:09.0517 3184 AFD - ok
12:53:09.0767 3184 Aha154x - ok
12:53:09.0986 3184 aic78u2 - ok
12:53:10.0174 3184 aic78xx - ok
12:53:10.0440 3184 ALCXWDM (65200a479381b5aa80b527f962574d92) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:53:10.0472 3184 ALCXWDM - ok
12:53:10.0738 3184 AliIde - ok
12:53:10.0941 3184 amsint - ok
12:53:11.0145 3184 asc - ok
12:53:11.0380 3184 asc3350p - ok
12:53:11.0568 3184 asc3550 - ok
12:53:11.0661 3184 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:53:11.0677 3184 AsyncMac - ok
12:53:11.0740 3184 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:53:11.0740 3184 atapi - ok
12:53:11.0975 3184 Atdisk - ok
12:53:12.0194 3184 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:53:12.0209 3184 Atmarpc - ok
12:53:12.0413 3184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:53:12.0429 3184 audstub - ok
12:53:12.0522 3184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:53:12.0538 3184 Beep - ok
12:53:12.0789 3184 BtAudio - ok
12:53:12.0992 3184 BTDriver - ok
12:53:13.0196 3184 BTWDNDIS - ok
12:53:13.0274 3184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:53:13.0274 3184 cbidf2k - ok
12:53:13.0509 3184 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:53:13.0509 3184 CCDECODE - ok
12:53:13.0759 3184 cd20xrnt - ok
12:53:13.0837 3184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:53:13.0853 3184 Cdaudio - ok
12:53:14.0041 3184 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:53:14.0057 3184 Cdfs - ok
12:53:14.0307 3184 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:53:14.0307 3184 Cdrom - ok
12:53:14.0526 3184 Changer - ok
12:53:14.0745 3184 CmdIde - ok
12:53:14.0980 3184 Cpqarray - ok
12:53:15.0184 3184 dac2w2k - ok
12:53:15.0403 3184 dac960nt - ok
12:53:15.0653 3184 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:53:15.0669 3184 Disk - ok
12:53:15.0935 3184 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:53:15.0951 3184 dmboot - ok
12:53:16.0217 3184 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:53:16.0233 3184 dmio - ok
12:53:16.0264 3184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:53:16.0264 3184 dmload - ok
12:53:16.0514 3184 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:53:16.0530 3184 DMusic - ok
12:53:16.0796 3184 dpti2o - ok
12:53:16.0984 3184 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:53:16.0984 3184 drmkaud - ok
12:53:17.0188 3184 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:53:17.0203 3184 eeCtrl - ok
12:53:17.0516 3184 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:53:17.0516 3184 Fastfat - ok
12:53:17.0579 3184 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:53:17.0595 3184 Fdc - ok
12:53:17.0861 3184 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:53:17.0876 3184 Fips - ok
12:53:18.0111 3184 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:53:18.0111 3184 Flpydisk - ok
12:53:18.0268 3184 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:53:18.0283 3184 FltMgr - ok
12:53:18.0377 3184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:53:18.0377 3184 Fs_Rec - ok
12:53:18.0503 3184 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:53:18.0518 3184 Ftdisk - ok
12:53:18.0722 3184 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:53:18.0737 3184 gameenum - ok
12:53:18.0988 3184 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:53:18.0988 3184 Gpc - ok
12:53:19.0238 3184 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:53:19.0238 3184 HidUsb - ok
12:53:19.0504 3184 hpn - ok
12:53:19.0724 3184 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:53:19.0739 3184 HTTP - ok
12:53:19.0943 3184 i2omgmt - ok
12:53:20.0146 3184 i2omp - ok
12:53:20.0365 3184 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:53:20.0381 3184 i8042prt - ok
12:53:20.0585 3184 ialm (ba8a1050e0df758b02cdfbd11f6b4464) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:53:20.0616 3184 ialm - ok
12:53:20.0835 3184 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:53:20.0851 3184 Imapi - ok
12:53:21.0132 3184 ini910u - ok
12:53:21.0336 3184 IntelIde - ok
12:53:21.0430 3184 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:53:21.0430 3184 intelppm - ok
12:53:21.0540 3184 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:53:21.0586 3184 ip6fw - ok
12:53:21.0680 3184 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:53:21.0696 3184 IpFilterDriver - ok
12:53:21.0853 3184 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:53:21.0868 3184 IpInIp - ok
12:53:22.0103 3184 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:53:22.0103 3184 IpNat - ok
12:53:22.0322 3184 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:53:22.0338 3184 IPSec - ok
12:53:22.0447 3184 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:53:22.0463 3184 IRENUM - ok
12:53:22.0729 3184 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:53:22.0745 3184 isapnp - ok
12:53:22.0933 3184 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:53:22.0948 3184 Kbdclass - ok
12:53:23.0152 3184 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:53:23.0168 3184 kbdhid - ok
12:53:23.0434 3184 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:53:23.0449 3184 kmixer - ok
12:53:23.0684 3184 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:53:23.0684 3184 KSecDD - ok
12:53:23.0950 3184 lbrtfdc - ok
12:53:24.0169 3184 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
12:53:24.0169 3184 LMIInfo - ok
12:53:24.0295 3184 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:53:24.0295 3184 lmimirr - ok
12:53:24.0498 3184 LMIRfsClientNP - ok
12:53:24.0639 3184 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:53:24.0686 3184 LMIRfsDriver - ok
12:53:24.0843 3184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:53:24.0843 3184 mnmdd - ok
12:53:25.0062 3184 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:53:25.0062 3184 Modem - ok
12:53:25.0312 3184 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:53:25.0328 3184 Mouclass - ok
12:53:25.0547 3184 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:53:25.0563 3184 mouhid - ok
12:53:25.0829 3184 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:53:25.0845 3184 MountMgr - ok
12:53:26.0079 3184 mraid35x - ok
12:53:26.0205 3184 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:53:26.0220 3184 MRxDAV - ok
12:53:26.0392 3184 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:53:26.0408 3184 MRxSmb - ok
12:53:26.0627 3184 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:53:26.0659 3184 Msfs - ok
12:53:26.0878 3184 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:53:26.0893 3184 MSKSSRV - ok
12:53:27.0113 3184 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:53:27.0113 3184 MSPCLOCK - ok
12:53:27.0300 3184 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:53:27.0316 3184 MSPQM - ok
12:53:27.0410 3184 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:53:27.0410 3184 mssmbios - ok
12:53:27.0629 3184 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:53:27.0645 3184 MSTEE - ok
12:53:27.0864 3184 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
12:53:27.0864 3184 ms_mpu401 - ok
12:53:28.0083 3184 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:53:28.0083 3184 Mup - ok
12:53:28.0271 3184 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:53:28.0287 3184 NABTSFEC - ok
12:53:28.0490 3184 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110703.003\naveng.sys
12:53:28.0490 3184 NAVENG - ok
12:53:28.0756 3184 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110703.003\navex15.sys
12:53:28.0835 3184 NAVEX15 - ok
12:53:29.0085 3184 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:53:29.0163 3184 NDIS - ok
12:53:29.0257 3184 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:53:29.0273 3184 NdisIP - ok
12:53:29.0461 3184 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:53:29.0461 3184 NdisTapi - ok
12:53:29.0696 3184 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:53:29.0696 3184 Ndisuio - ok
12:53:29.0789 3184 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:53:29.0868 3184 NdisWan - ok
12:53:30.0024 3184 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:53:30.0024 3184 NDProxy - ok
12:53:30.0228 3184 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:53:30.0228 3184 NetBIOS - ok
12:53:30.0478 3184 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:53:30.0494 3184 NetBT - ok
12:53:30.0604 3184 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:53:30.0619 3184 Npfs - ok
12:53:30.0854 3184 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:53:30.0885 3184 Ntfs - ok
12:53:31.0011 3184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:53:31.0026 3184 Null - ok
12:53:31.0120 3184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:53:31.0136 3184 NwlnkFlt - ok
12:53:31.0214 3184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:53:31.0230 3184 NwlnkFwd - ok
12:53:31.0324 3184 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:53:31.0339 3184 Parport - ok
12:53:31.0558 3184 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:53:31.0574 3184 PartMgr - ok
12:53:31.0668 3184 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:53:31.0668 3184 ParVdm - ok
12:53:31.0919 3184 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:53:31.0919 3184 PCI - ok
12:53:32.0138 3184 PCIDump - ok
12:53:32.0294 3184 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:53:32.0310 3184 PCIIde - ok
12:53:32.0482 3184 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:53:32.0482 3184 Pcmcia - ok
12:53:32.0733 3184 PDCOMP - ok
12:53:32.0952 3184 PDFRAME - ok
12:53:33.0155 3184 PDRELI - ok
12:53:33.0359 3184 PDRFRAME - ok
12:53:33.0562 3184 perc2 - ok
12:53:33.0766 3184 perc2hib - ok
12:53:33.0891 3184 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:53:33.0891 3184 PptpMiniport - ok
12:53:34.0110 3184 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:53:34.0126 3184 Processor - ok
12:53:34.0345 3184 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:53:34.0345 3184 PSched - ok
12:53:34.0423 3184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:53:34.0439 3184 Ptilink - ok
12:53:34.0642 3184 ql1080 - ok
12:53:34.0862 3184 Ql10wnt - ok
12:53:35.0065 3184 ql12160 - ok
12:53:35.0284 3184 ql1240 - ok
12:53:35.0488 3184 ql1280 - ok
12:53:35.0550 3184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:53:35.0550 3184 RasAcd - ok
12:53:35.0723 3184 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:53:35.0738 3184 Rasl2tp - ok
12:53:35.0942 3184 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:53:35.0957 3184 RasPppoe - ok
12:53:36.0036 3184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:53:36.0051 3184 Raspti - ok
12:53:36.0662 3184 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:53:37.0053 3184 Rdbss - ok
12:53:37.0288 3184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:53:37.0617 3184 RDPCDD - ok
12:53:38.0400 3184 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:53:38.0791 3184 rdpdr - ok
12:53:39.0574 3184 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:53:39.0574 3184 RDPWD - ok
12:53:39.0871 3184 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:53:39.0887 3184 redbook - ok
12:53:39.0996 3184 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:53:40.0012 3184 ROOTMODEM - ok
12:53:40.0294 3184 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
12:53:40.0294 3184 rtl8139 - ok
12:53:40.0497 3184 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
12:53:40.0513 3184 SAVRT - ok
12:53:40.0669 3184 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
12:53:40.0669 3184 SAVRTPEL - ok
12:53:40.0935 3184 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:53:40.0935 3184 Secdrv - ok
12:53:41.0186 3184 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:53:41.0186 3184 serenum - ok
12:53:41.0342 3184 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:53:41.0358 3184 Serial - ok
12:53:41.0514 3184 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:53:41.0545 3184 Sfloppy - ok
12:53:41.0811 3184 Simbad - ok
12:53:41.0983 3184 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:53:41.0999 3184 SLIP - ok
12:53:42.0202 3184 Sparrow - ok
12:53:42.0358 3184 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:53:42.0374 3184 SPBBCDrv - ok
12:53:42.0608 3184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:53:42.0608 3184 splitter - ok
12:53:42.0796 3184 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:53:42.0796 3184 sr - ok
12:53:42.0984 3184 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:53:43.0015 3184 Srv - ok
12:53:43.0296 3184 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:53:43.0296 3184 StillCam - ok
12:53:43.0484 3184 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:53:43.0484 3184 streamip - ok
12:53:43.0703 3184 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:53:43.0719 3184 swenum - ok
12:53:43.0922 3184 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:53:43.0922 3184 swmidi - ok
12:53:44.0172 3184 symc810 - ok
12:53:44.0375 3184 symc8xx - ok
12:53:44.0516 3184 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
12:53:44.0532 3184 SymEvent - ok
12:53:44.0719 3184 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
12:53:44.0719 3184 SYMREDRV - ok
12:53:44.0891 3184 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
12:53:44.0923 3184 SYMTDI - ok
12:53:45.0188 3184 sym_hi - ok
12:53:45.0392 3184 sym_u3 - ok
12:53:45.0564 3184 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:53:45.0579 3184 sysaudio - ok
12:53:45.0783 3184 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:53:45.0798 3184 Tcpip - ok
12:53:46.0001 3184 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:53:46.0001 3184 TDPIPE - ok
12:53:46.0173 3184 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:53:46.0189 3184 TDTCP - ok
12:53:46.0392 3184 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:53:46.0392 3184 TermDD - ok
12:53:46.0642 3184 TosIde - ok
12:53:46.0846 3184 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:53:46.0846 3184 Udfs - ok
12:53:47.0065 3184 ultra - ok
12:53:47.0221 3184 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
12:53:47.0221 3184 UnlockerDriver5 - ok
12:53:47.0393 3184 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:53:47.0409 3184 Update - ok
12:53:47.0706 3184 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:53:47.0721 3184 usbccgp - ok
12:53:47.0800 3184 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:53:47.0815 3184 usbehci - ok
12:53:48.0003 3184 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:53:48.0065 3184 usbhub - ok
12:53:48.0300 3184 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:53:48.0316 3184 usbscan - ok
12:53:48.0472 3184 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:53:48.0488 3184 USBSTOR - ok
12:53:48.0675 3184 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:53:48.0691 3184 usbuhci - ok
12:53:48.0863 3184 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:53:48.0878 3184 VgaSave - ok
12:53:49.0113 3184 ViaIde - ok
12:53:49.0285 3184 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:53:49.0301 3184 VolSnap - ok
12:53:49.0426 3184 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:53:49.0441 3184 Wanarp - ok
12:53:49.0676 3184 WDICA - ok
12:53:49.0848 3184 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:53:49.0863 3184 wdmaud - ok
12:53:50.0035 3184 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:53:50.0051 3184 WS2IFSL - ok
12:53:50.0223 3184 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:53:50.0239 3184 WSTCODEC - ok
12:53:50.0442 3184 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:53:50.0458 3184 WudfPf - ok
12:53:50.0708 3184 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:53:50.0708 3184 WudfRd - ok
12:53:50.0942 3184 {6080A529-897E-4629-A488-ABA0C29B635E} (7829319b296adc8a3bd99f4824effda9) C:\WINDOWS\system32\drivers\ialmsbw.sys
12:53:50.0958 3184 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
12:53:51.0146 3184 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (b8c99f314372be1425468d844ce45cee) C:\WINDOWS\system32\drivers\ialmkchw.sys
12:53:51.0161 3184 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
12:53:51.0192 3184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:53:51.0255 3184 \Device\Harddisk0\DR0 - ok
12:53:51.0286 3184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:53:51.0286 3184 \Device\Harddisk1\DR1 - ok
12:53:51.0302 3184 Boot (0x1200) (114f6cb8746eb0775734a5e7911ceefd) \Device\Harddisk0\DR0\Partition0
12:53:51.0302 3184 \Device\Harddisk0\DR0\Partition0 - ok
12:53:51.0302 3184 ============================================================
12:53:51.0302 3184 Scan finished
12:53:51.0302 3184 ============================================================
12:53:51.0333 3204 Detected object count: 0
12:53:51.0333 3204 Actual detected object count: 0
12:54:38.0412 0120 ============================================================
12:54:38.0412 0120 Scan started
12:54:38.0412 0120 Mode: Manual; SigCheck; TDLFS;
12:54:38.0412 0120 ============================================================
12:54:38.0834 0120 Abiosdsk - ok
12:54:39.0038 0120 abp480n5 - ok
12:54:39.0210 0120 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:54:41.0383 0120 ACPI - ok
12:54:41.0508 0120 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:54:41.0727 0120 ACPIEC - ok
12:54:41.0977 0120 adpu160m - ok
12:54:42.0055 0120 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:54:42.0243 0120 aec - ok
12:54:42.0446 0120 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:54:42.0509 0120 AFD - ok
12:54:42.0743 0120 Aha154x - ok
12:54:42.0947 0120 aic78u2 - ok
12:54:43.0166 0120 aic78xx - ok
12:54:43.0416 0120 ALCXWDM (65200a479381b5aa80b527f962574d92) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:54:43.0541 0120 ALCXWDM - ok
12:54:43.0807 0120 AliIde - ok
12:54:44.0026 0120 amsint - ok
12:54:44.0244 0120 asc - ok
12:54:44.0448 0120 asc3350p - ok
12:54:44.0635 0120 asc3550 - ok
12:54:44.0729 0120 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:54:44.0917 0120 AsyncMac - ok
12:54:45.0026 0120 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:54:45.0245 0120 atapi - ok
12:54:45.0495 0120 Atdisk - ok
12:54:45.0699 0120 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:54:45.0902 0120 Atmarpc - ok
12:54:46.0152 0120 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:54:46.0371 0120 audstub - ok
12:54:46.0449 0120 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:54:46.0652 0120 Beep - ok
12:54:46.0918 0120 BtAudio - ok
12:54:47.0137 0120 BTDriver - ok
12:54:47.0340 0120 BTWDNDIS - ok
12:54:47.0403 0120 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:54:47.0637 0120 cbidf2k - ok
12:54:47.0888 0120 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:54:48.0122 0120 CCDECODE - ok
12:54:48.0388 0120 cd20xrnt - ok
12:54:48.0466 0120 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:54:48.0794 0120 Cdaudio - ok
12:54:49.0045 0120 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:54:49.0295 0120 Cdfs - ok
12:54:49.0561 0120 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:54:49.0779 0120 Cdrom - ok
12:54:49.0983 0120 Changer - ok
12:54:50.0202 0120 CmdIde - ok
12:54:50.0436 0120 Cpqarray - ok
12:54:50.0655 0120 dac2w2k - ok
12:54:50.0858 0120 dac960nt - ok
12:54:51.0093 0120 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:54:51.0312 0120 Disk - ok
12:54:51.0593 0120 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:54:51.0843 0120 dmboot - ok
12:54:52.0094 0120 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:54:52.0312 0120 dmio - ok
12:54:52.0422 0120 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:54:52.0625 0120 dmload - ok
12:54:52.0844 0120 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:54:53.0063 0120 DMusic - ok
12:54:53.0313 0120 dpti2o - ok
12:54:53.0548 0120 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:54:53.0751 0120 drmkaud - ok
12:54:53.0923 0120 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:54:54.0611 0120 eeCtrl - ok
12:54:54.0892 0120 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:54:55.0127 0120 Fastfat - ok
12:54:55.0236 0120 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:54:55.0471 0120 Fdc - ok
12:54:55.0690 0120 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:54:55.0924 0120 Fips - ok
12:54:56.0190 0120 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:54:56.0409 0120 Flpydisk - ok
12:54:56.0534 0120 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:54:56.0769 0120 FltMgr - ok
12:54:56.0894 0120 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:54:57.0113 0120 Fs_Rec - ok
12:54:57.0175 0120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:54:57.0410 0120 Ftdisk - ok
12:54:57.0675 0120 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:54:57.0910 0120 gameenum - ok
12:54:58.0082 0120 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:54:58.0270 0120 Gpc - ok
12:54:58.0567 0120 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:54:58.0801 0120 HidUsb - ok
12:54:59.0036 0120 hpn - ok
12:54:59.0458 0120 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:54:59.0505 0120 HTTP - ok
12:54:59.0771 0120 i2omgmt - ok
12:54:59.0974 0120 i2omp - ok
12:55:00.0177 0120 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:55:00.0396 0120 i8042prt - ok
12:55:00.0584 0120 ialm (ba8a1050e0df758b02cdfbd11f6b4464) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:55:00.0787 0120 ialm - ok
12:55:01.0037 0120 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:55:01.0240 0120 Imapi - ok
12:55:01.0475 0120 ini910u - ok
12:55:01.0678 0120 IntelIde - ok
12:55:01.0819 0120 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:55:02.0022 0120 intelppm - ok
12:55:02.0163 0120 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:55:02.0382 0120 ip6fw - ok
12:55:02.0491 0120 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:55:02.0710 0120 IpFilterDriver - ok
12:55:02.0898 0120 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:55:03.0117 0120 IpInIp - ok
12:55:03.0320 0120 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:55:03.0539 0120 IpNat - ok
12:55:03.0789 0120 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:55:04.0008 0120 IPSec - ok
12:55:04.0336 0120 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:55:04.0430 0120 IRENUM - ok
12:55:04.0680 0120 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:55:04.0915 0120 isapnp - ok
12:55:05.0056 0120 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:55:05.0274 0120 Kbdclass - ok
12:55:05.0540 0120 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:55:05.0759 0120 kbdhid - ok
12:55:06.0041 0120 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:55:06.0259 0120 kmixer - ok
12:55:06.0510 0120 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:55:06.0572 0120 KSecDD - ok
12:55:06.0822 0120 lbrtfdc - ok
12:55:07.0026 0120 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
12:55:07.0057 0120 LMIInfo - ok
12:55:07.0166 0120 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:55:07.0166 0120 lmimirr - ok
12:55:07.0370 0120 LMIRfsClientNP - ok
12:55:07.0510 0120 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:55:07.0526 0120 LMIRfsDriver - ok
12:55:07.0682 0120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:55:07.0901 0120 mnmdd - ok
12:55:08.0151 0120 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:55:08.0370 0120 Modem - ok
12:55:08.0605 0120 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:55:08.0824 0120 Mouclass - ok
12:55:09.0058 0120 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:55:09.0293 0120 mouhid - ok
12:55:09.0512 0120 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:55:09.0746 0120 MountMgr - ok
12:55:09.0996 0120 mraid35x - ok
12:55:10.0153 0120 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:55:10.0387 0120 MRxDAV - ok
12:55:10.0622 0120 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:55:10.0731 0120 MRxSmb - ok
12:55:10.0966 0120 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:55:11.0185 0120 Msfs - ok
12:55:11.0451 0120 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:55:11.0669 0120 MSKSSRV - ok
12:55:11.0888 0120 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:55:12.0107 0120 MSPCLOCK - ok
12:55:12.0310 0120 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:55:12.0529 0120 MSPQM - ok
12:55:12.0639 0120 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:55:12.0858 0120 mssmbios - ok
12:55:13.0077 0120 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:55:13.0280 0120 MSTEE - ok
12:55:13.0468 0120 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
12:55:13.0702 0120 ms_mpu401 - ok
12:55:13.0921 0120 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:55:13.0968 0120 Mup - ok
12:55:14.0187 0120 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:55:14.0406 0120 NABTSFEC - ok
12:55:14.0609 0120 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110703.003\naveng.sys
12:55:14.0609 0120 NAVENG - ok
12:55:14.0875 0120 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110703.003\navex15.sys
12:55:14.0937 0120 NAVEX15 - ok
12:55:15.0187 0120 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:55:15.0406 0120 NDIS - ok
12:55:15.0500 0120 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:55:15.0719 0120 NdisIP - ok
12:55:15.0954 0120 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:55:15.0985 0120 NdisTapi - ok
12:55:16.0173 0120 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:55:16.0391 0120 Ndisuio - ok
12:55:16.0501 0120 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:55:16.0720 0120 NdisWan - ok
12:55:16.0860 0120 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:55:16.0923 0120 NDProxy - ok
12:55:17.0142 0120 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:55:17.0345 0120 NetBIOS - ok
12:55:17.0533 0120 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:55:17.0767 0120 NetBT - ok
12:55:17.0924 0120 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:55:18.0127 0120 Npfs - ok
12:55:18.0377 0120 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:55:18.0612 0120 Ntfs - ok
12:55:18.0737 0120 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:55:18.0956 0120 Null - ok
12:55:19.0034 0120 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:55:19.0253 0120 NwlnkFlt - ok
12:55:19.0378 0120 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:55:19.0581 0120 NwlnkFwd - ok
12:55:19.0706 0120 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:55:19.0925 0120 Parport - ok
12:55:20.0160 0120 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:55:20.0363 0120 PartMgr - ok
12:55:20.0441 0120 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:55:20.0644 0120 ParVdm - ok
12:55:20.0879 0120 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:55:21.0113 0120 PCI - ok
12:55:21.0364 0120 PCIDump - ok
12:55:21.0536 0120 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:55:21.0739 0120 PCIIde - ok
12:55:21.0926 0120 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:55:22.0161 0120 Pcmcia - ok
12:55:22.0396 0120 PDCOMP - ok
12:55:22.0599 0120 PDFRAME - ok
12:55:22.0802 0120 PDRELI - ok
12:55:22.0990 0120 PDRFRAME - ok
12:55:23.0209 0120 perc2 - ok
12:55:23.0412 0120 perc2hib - ok
12:55:23.0537 0120 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:55:23.0740 0120 PptpMiniport - ok
12:55:23.0959 0120 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:55:24.0178 0120 Processor - ok
12:55:24.0381 0120 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:55:24.0600 0120 PSched - ok
12:55:24.0710 0120 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:55:24.0913 0120 Ptilink - ok
12:55:25.0116 0120 ql1080 - ok
12:55:25.0319 0120 Ql10wnt - ok
12:55:25.0538 0120 ql12160 - ok
12:55:25.0742 0120 ql1240 - ok
12:55:25.0945 0120 ql1280 - ok
12:55:26.0007 0120 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:55:26.0226 0120 RasAcd - ok
12:55:26.0461 0120 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:55:26.0680 0120 Rasl2tp - ok
12:55:26.0899 0120 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:55:27.0102 0120 RasPppoe - ok
12:55:27.0211 0120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:55:27.0446 0120 Raspti - ok
12:55:27.0665 0120 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:55:27.0868 0120 Rdbss - ok
12:55:27.0977 0120 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:55:28.0181 0120 RDPCDD - ok
12:55:28.0353 0120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:55:28.0572 0120 rdpdr - ok
12:55:28.0822 0120 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:55:28.0869 0120 RDPWD - ok
12:55:29.0088 0120 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:55:29.0322 0120 redbook - ok
12:55:29.0463 0120 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:55:29.0666 0120 ROOTMODEM - ok
12:55:29.0948 0120 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
12:55:29.0994 0120 rtl8139 - ok
12:55:30.0166 0120 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
12:55:30.0182 0120 SAVRT - ok
12:55:30.0338 0120 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
12:55:30.0354 0120 SAVRTPEL - ok
12:55:30.0573 0120 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:55:30.0667 0120 Secdrv - ok
12:55:30.0886 0120 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:55:31.0105 0120 serenum - ok
12:55:31.0277 0120 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:55:31.0495 0120 Serial - ok
12:55:31.0683 0120 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:55:31.0902 0120 Sfloppy - ok
12:55:32.0152 0120 Simbad - ok
12:55:32.0340 0120 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:55:32.0543 0120 SLIP - ok
12:55:32.0762 0120 Sparrow - ok
12:55:32.0918 0120 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:55:32.0934 0120 SPBBCDrv - ok
12:55:33.0169 0120 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:55:33.0356 0120 splitter - ok
12:55:33.0559 0120 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:55:33.0653 0120 sr - ok
12:55:33.0841 0120 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:55:33.0888 0120 Srv - ok
12:55:34.0169 0120 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:55:34.0357 0120 StillCam - ok
12:55:34.0544 0120 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:55:34.0748 0120 streamip - ok
12:55:34.0982 0120 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:55:35.0170 0120 swenum - ok
12:55:35.0389 0120 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:55:35.0592 0120 swmidi - ok
12:55:36.0061 0120 symc810 - ok
12:55:36.0264 0120 symc8xx - ok
12:55:36.0389 0120 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
12:55:36.0405 0120 SymEvent - ok
12:55:36.0593 0120 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
12:55:36.0593 0120 SYMREDRV - ok
12:55:36.0749 0120 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
12:55:36.0765 0120 SYMTDI - ok
12:55:37.0015 0120 sym_hi - ok
12:55:37.0218 0120 sym_u3 - ok
12:55:37.0390 0120 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:55:37.0609 0120 sysaudio - ok
12:55:37.0844 0120 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:55:37.0922 0120 Tcpip - ok
12:55:38.0125 0120 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:55:38.0344 0120 TDPIPE - ok
12:55:38.0531 0120 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:55:38.0719 0120 TDTCP - ok
12:55:38.0907 0120 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:55:39.0141 0120 TermDD - ok
12:55:39.0407 0120 TosIde - ok
12:55:39.0563 0120 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:55:39.0766 0120 Udfs - ok
12:55:39.0969 0120 ultra - ok
12:55:40.0126 0120 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
12:55:40.0157 0120 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
12:55:40.0157 0120 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
12:55:40.0313 0120 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:55:40.0548 0120 Update - ok
12:55:40.0829 0120 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:55:41.0048 0120 usbccgp - ok
12:55:41.0157 0120 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:55:41.0376 0120 usbehci - ok
12:55:41.0533 0120 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:55:41.0751 0120 usbhub - ok
12:55:41.0986 0120 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:55:42.0158 0120 usbscan - ok
12:55:42.0314 0120 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:55:42.0533 0120 USBSTOR - ok
12:55:42.0720 0120 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:55:42.0924 0120 usbuhci - ok
12:55:43.0096 0120 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:55:43.0299 0120 VgaSave - ok
12:55:43.0518 0120 ViaIde - ok
12:55:43.0705 0120 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:55:43.0893 0120 VolSnap - ok
12:55:44.0065 0120 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:55:44.0299 0120 Wanarp - ok
12:55:44.0534 0120 WDICA - ok
12:55:44.0721 0120 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:55:44.0909 0120 wdmaud - ok
12:55:45.0081 0120 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:55:45.0284 0120 WS2IFSL - ok
12:55:45.0440 0120 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:55:45.0659 0120 WSTCODEC - ok
12:55:45.0862 0120 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:55:45.0925 0120 WudfPf - ok
12:55:46.0175 0120 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:55:46.0206 0120 WudfRd - ok
12:55:46.0456 0120 {6080A529-897E-4629-A488-ABA0C29B635E} (7829319b296adc8a3bd99f4824effda9) C:\WINDOWS\system32\drivers\ialmsbw.sys
12:55:46.0503 0120 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
12:55:46.0722 0120 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (b8c99f314372be1425468d844ce45cee) C:\WINDOWS\system32\drivers\ialmkchw.sys
12:55:46.0769 0120 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
12:55:46.0784 0120 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:55:46.0941 0120 \Device\Harddisk0\DR0 - ok
12:55:46.0972 0120 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:55:47.0050 0120 \Device\Harddisk1\DR1 - ok
12:55:47.0081 0120 Boot (0x1200) (13d1e3f14e6d68bceb85726ecc31a779) \Device\Harddisk0\DR0\Partition0
12:55:47.0081 0120 \Device\Harddisk0\DR0\Partition0 - ok
12:55:47.0081 0120 ============================================================
12:55:47.0081 0120 Scan finished
12:55:47.0081 0120 ============================================================
12:55:47.0222 0256 Detected object count: 1
12:55:47.0222 0256 Actual detected object count: 1
12:56:46.0305 0256 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:46.0305 0256 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:56.0683 2000 Deinitialize success

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-17 13:04:02
-----------------------------
13:04:02.535 OS Version: Windows 5.1.2600 Service Pack 3
13:04:02.535 Number of processors: 1 586 0x207
13:04:02.535 ComputerName: BRE-CMCINT UserName: jsiragusa
13:04:03.394 Initialize success
13:04:43.915 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:04:43.931 Disk 0 Vendor: IC35L090AVV207-0 V23OA63A Size: 78533MB BusType: 3
13:04:43.931 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
13:04:43.931 Disk 1 Vendor: ST3320620A 3.AAC Size: 305245MB BusType: 3
13:04:43.946 Disk 0 MBR read successfully
13:04:43.946 Disk 0 MBR scan
13:04:43.946 Disk 0 Windows XP default MBR code
13:04:43.946 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 78533 MB offset 63
13:04:43.946 Disk 0 scanning sectors +160836480
13:04:43.946 Disk 0 scanning C:\WINDOWS\system32\drivers
13:04:50.525 Service scanning
13:04:51.510 Modules scanning
13:04:57.198 Scan finished successfully
13:05:40.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jsiragusa\Desktop\MBR.dat"
13:05:40.062 The log file has been saved successfully to "C:\Documents and Settings\jsiragusa\Desktop\aswMBR.txt"


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.17.04

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
jsiragusa :: BRE-CMCINT [administrator]

1/17/2012 1:31:50 PM
mbam-log-2012-01-17 (13-31-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315768
Time elapsed: 14 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
You might have better luck with Combofix in Safe Mode with Networking
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

If that doesn't work then try:

Start, Run, cmd, OK and type with an enter after the line:

"%userprofile%\Desktop\combofix.exe" /killall

(Make sure you put a space before the /killall)
  • 0

#5
assetmgr

assetmgr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix will start in safe mode and it will also start from the command line and it creates a backup or restore point then it starts the scan and the drive light flashes for about a minutes then it freezes up. I totally uninstalled Symantec Antivirus to make sure it was not conflicting with it. I noticed it created a computer icon in my C:\ drive with the name ComboFix.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Since you have uninstalled Norton.

Download and save the Norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run the Norton Removal tool.

Then let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It will take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
  • 0

#7
assetmgr

assetmgr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It found three and a whole bunch of Word, Excel and JPG's infected with mydoom. I clicked "delete log" thinking it was a log of items that were deleted and then I realized it deleted the log of the scan.

It's still trying to redirect but Avast is stopping it.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
I just had one that had a hidden proxy. See if this helps with the redirects:

Start, Run, cmd, OK then type with an Enter after the line:

proxycfg  -d

Let's try Combofix again. First:

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Redownload Combofix as before but this time rename combofix.exe to george.exe.

Now Start, Run, msconfig, OK

Click on Diagnostic Boot then Apply OK and restart. Try George.exe now.

Ron
  • 0

#9
assetmgr

assetmgr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
When I type the command it says "Direct Access No Proxy Server" this did not help with the redirect.

MSCONFIG will not let me choose Diagnostic Start Up I get an Access Denied message, I logged in as administrator and I still get the Access Denied message.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Let's see if DDS will run.

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
  • 0

Advertisements


#11
assetmgr

assetmgr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
What opens is dds.com and it will start to scan but freezes after a minute.

Edited by assetmgr, 20 January 2012 - 01:45 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Go into msconfig again and see if you can:

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot.
  • 0

#13
assetmgr

assetmgr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I can uncheck all of them except Avast which gives Access Denied when I try to uncheck it. I'll figure out how to stop Avast so I can uncheck it then run DDS correct?
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
To stop Avast you can right click on the Avast Ball and select


Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Sometimes you need to

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
  • 0

#15
assetmgr

assetmgr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
DDS Still freezes up
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP