Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ordiinal 1109 problems [Solved]


  • This topic is locked This topic is locked

#1
don_qua

don_qua

    Member

  • Member
  • PipPip
  • 18 posts
Hello,

My computer has been fine up until this evening. I'm running Symantec Antivirus at the moment. Not sure how, but a message suddenly popped up whilst I'm in desktop mode. I can't remember exactly what the message said but it has something to do with Ordinal 1109 and vptray.exe. and then all of a sudden, my antivirus just keeps opening and closing on its own. There was even background noise which sounds like an cooking show, all of this when I'm still on my desktop! Strange, like someone else was controlling my computer. I tried running Symantec but the message keeps coming up, preventing me from scanning. I wasn't able to get on Internet Explorer but I've turned off my antivirus so its fine now.

I've attached the OTL log as requested. Thanks for helping!

Jonathan


OTL logfile created on: 19/04/2012 19:51:18 - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jonno\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 33.43% Memory free
4.11 Gb Paging File | 2.79 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.51 Gb Total Space | 56.03 Gb Free Space | 40.74% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 2.03 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Computer Name: JONNO-HOME | User Name: Jonno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jonno\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\Microsoft\Windows\DRM\B9EC.tmp ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\NetMeter\NetMeter.exe ()


========== Win32 Services (SafeList) ==========

SRV - (websenselogserver) -- %systemroot%\system32\UxTuneUp.dll File not found
SRV - (TMBMServer) -- %systemroot%\system32\USBVCD.dll File not found
SRV - (symantecantibotwatcher) -- %systemroot%\system32\sonicstagemonitoring.dll File not found
SRV - (sandboxu) -- %systemroot%\system32\hsxhwazl.dll File not found
SRV - (pmounter) -- %systemroot%\system32\prepdrvr.dll File not found
SRV - (netdevio) -- %systemroot%\system32\ADIDTSFiltService.dll File not found
SRV - (msfwsvc) -- %systemroot%\system32\usr11g.dll File not found
SRV - (k56) -- %systemroot%\system32\WBHWDOCT.dll File not found
SRV - (iftpsvc) -- %systemroot%\system32\symwsc.dll File not found
SRV - (Eplpdx02) -- %systemroot%\system32\aspnet_state.dll File not found
SRV - (eelsservice) -- %systemroot%\system32\nbf.dll File not found
SRV - (bglivesvc) -- %systemroot%\system32\ql1240.dll File not found
SRV - (AlteraByteBlaster) -- %systemroot%\system32\xfilt.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120414.016\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120414.016\NAVENG.SYS (Symantec Corporation)
DRV - (DfsC) -- C:\Windows\System32\drivers\dfsc.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (OA004Vid) -- C:\Windows\System32\drivers\OA004Vid.sys (Creative Technology Ltd.)
DRV - (OA004Ufd) -- C:\Windows\System32\drivers\OA004Ufd.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bd=HP&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bd=HP&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {F88A65C1-01E9-4A87-87A8-EB4D347F576F}
IE - HKLM\..\SearchScopes\{5940A27E-2C28-4B4E-B1D4-BA8DF5E5FFC2}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{7A198281-3142-4E26-9BB8-19DDDB251401}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{F88A65C1-01E9-4A87-87A8-EB4D347F576F}: "URL" = http://slirsredirect...hpcnnbie7-en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {F88A65C1-01E9-4A87-87A8-EB4D347F576F}
IE - HKCU\..\SearchScopes\{5940A27E-2C28-4B4E-B1D4-BA8DF5E5FFC2}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{7A198281-3142-4E26-9BB8-19DDDB251401}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{F88A65C1-01E9-4A87-87A8-EB4D347F576F}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/07 22:07:28 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: AOL Search ()
CHR - default_search_provider: search_url = http://slirsredirect...hpcnnbie7-en-gb
CHR - default_search_provider: suggest_url =

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [{AAC34A46-C58A-4151-AD62-C5627982DBE9}] C:\Users\Jonno\AppData\Roaming\.jbwmdesktop\dev\var\log\nvcplui.exe ()
O4 - HKCU..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [lphcnk8j0e185] C:\Windows\system32\lphcnk8j0e185.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blogspot.com ([tvbdownload] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DDCD98-1120-47C3-B47E-A4E6820A571F} http://www.pbworldne...ts/intranet.CAB (intranet.download)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3EDD74B-CC64-4232-BAC5-052B9F541BF5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F16272DE-17E7-42BB-81CC-2BEA28F3D4A9}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jonno\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jonno\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/21 20:00:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{feb5a1d2-ec14-11e0-9d6d-001e685d200d}\Shell - "" = AutoRun
O33 - MountPoints2\{feb5a1d2-ec14-11e0-9d6d-001e685d200d}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 19:32:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jonno\Desktop\OTL.exe
[2012/04/19 18:30:30 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\1e3u7JF5.exe_
[2012/04/19 18:30:30 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\1e3u7JF5.exe

========== Files - Modified Within 30 Days ==========

[2012/04/19 19:49:19 | 000,027,335 | ---- | M] () -- C:\Users\Jonno\AppData\Roaming\nvModes.001
[2012/04/19 19:37:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 19:32:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jonno\Desktop\OTL.exe
[2012/04/19 19:17:13 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/19 19:15:06 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/19 19:15:06 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/19 19:10:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 19:10:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 19:10:14 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/19 19:10:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 19:09:54 | 2079,129,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 19:03:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/04/19 19:02:07 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/04/19 19:02:06 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/04/19 18:49:14 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/04/19 18:49:14 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/04/19 18:30:28 | 000,130,048 | ---- | M] (Eugene Roshal & FAR Group) -- C:\ProgramData\1e3u7JF5.exe_
[2012/04/19 18:30:28 | 000,130,048 | ---- | M] (Eugene Roshal & FAR Group) -- C:\ProgramData\1e3u7JF5.exe
[2012/04/18 23:30:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{62A772F2-818E-4AA6-8DCC-DD30601E16E7}.job
[2012/04/10 19:51:10 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jonno.job

========== Files Created - No Company Name ==========

[2012/04/19 18:31:05 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At48.job
[2012/04/19 18:31:04 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At47.job
[2012/04/19 18:31:03 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At46.job
[2012/04/19 18:31:03 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At45.job
[2012/04/19 18:31:02 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At44.job
[2012/04/19 18:31:01 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At43.job
[2012/04/19 18:31:00 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At42.job
[2012/04/19 18:31:00 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At41.job
[2012/04/19 18:30:59 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At40.job
[2012/04/19 18:30:59 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At39.job
[2012/04/19 18:30:58 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At38.job
[2012/04/19 18:30:57 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At37.job
[2012/04/19 18:30:56 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At36.job
[2012/04/19 18:30:56 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At35.job
[2012/04/19 18:30:55 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At34.job
[2012/04/19 18:30:54 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At33.job
[2012/04/19 18:30:54 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At32.job
[2012/04/19 18:30:53 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At31.job
[2012/04/19 18:30:52 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At30.job
[2012/04/19 18:30:52 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At29.job
[2012/04/19 18:30:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At28.job
[2012/04/19 18:30:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At27.job
[2012/04/19 18:30:50 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At26.job
[2012/04/19 18:30:49 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At25.job
[2012/04/19 18:30:49 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At24.job
[2012/04/19 18:30:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At23.job
[2012/04/19 18:30:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At22.job
[2012/04/19 18:30:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At21.job
[2012/04/19 18:30:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At20.job
[2012/04/19 18:30:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At19.job
[2012/04/19 18:30:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At18.job
[2012/04/19 18:30:43 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At17.job
[2012/04/19 18:30:42 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At16.job
[2012/04/19 18:30:41 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At15.job
[2012/04/19 18:30:41 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At14.job
[2012/04/19 18:30:40 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At13.job
[2012/04/19 18:30:39 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At12.job
[2012/04/19 18:30:39 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At11.job
[2012/04/19 18:30:38 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/04/19 18:30:37 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/04/19 18:30:36 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/04/19 18:30:36 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/04/19 18:30:35 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/04/19 18:30:35 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/04/19 18:30:34 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/04/19 18:30:33 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/04/19 18:30:32 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/04/19 18:30:30 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/04/19 00:56:00 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 00:55:36 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2011/12/03 01:49:30 | 000,000,680 | ---- | C] () -- C:\Users\Jonno\AppData\Local\d3d9caps.dat
[2011/06/16 22:51:27 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys

========== LOP Check ==========

[2009/07/30 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\.jbwmdesktop
[2011/09/07 23:04:29 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\bwm
[2009/07/28 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Complete Diet Solution
[2009/03/19 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Magic Academy
[2009/05/01 20:27:16 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Megaupload
[2009/05/02 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\NetMeter
[2008/09/19 22:44:08 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\TrojanHunter
[2010/04/29 00:02:42 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\uTorrent
[2008/07/19 17:13:38 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\WildTangent
[2012/04/19 18:49:14 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/04/19 18:49:14 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/04/19 19:02:06 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/04/19 19:02:07 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/04/19 18:49:15 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/04/19 18:49:15 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/04/19 19:03:18 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/18 23:30:27 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{62A772F2-818E-4AA6-8DCC-DD30601E16E7}.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you are infected - it looks like zero access but I will need to confirm that first

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKCU..\Run: [{AAC34A46-C58A-4151-AD62-C5627982DBE9}] C:\Users\Jonno\AppData\Roaming\.jbwmdesktop\dev\var\log\nvcplui.exe ()
    O4 - HKCU..\Run: [lphcnk8j0e185] C:\Windows\system32\lphcnk8j0e185.exe File not found
    [2012/04/19 18:30:30 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\1e3u7JF5.exe_
    [2012/04/19 18:30:30 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\1e3u7JF5.exe
    [2012/04/19 19:10:14 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd

    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
don_qua

don_qua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

Thanks for taking up my case.

I know you're just assessing the situation at the moment, but I thought I'd keep you updated on the 'visual' side of things at my end as we go along. After rebooting from running OTL, I still have the annoying recurring Ordinal 1109 errors, and the 'invisble' ads are still intermittently running in the background as I can hear them but can't see anything. There are also a couple of missing file popups during startup, but I've had them since a long time ago.




OTL logfile created on: 19/04/2012 23:58:13 - Run 3
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jonno\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.81% Memory free
4.11 Gb Paging File | 3.06 Gb Available in Paging File | 74.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.51 Gb Total Space | 56.66 Gb Free Space | 41.20% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 2.03 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Computer Name: JONNO-HOME | User Name: Jonno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jonno\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\NetMeter\NetMeter.exe ()


========== Win32 Services (SafeList) ==========

SRV - (websenselogserver) -- %systemroot%\system32\UxTuneUp.dll File not found
SRV - (TMBMServer) -- %systemroot%\system32\USBVCD.dll File not found
SRV - (tbaspi) -- %systemroot%\system32\vrservice.dll File not found
SRV - (symantecantibotwatcher) -- %systemroot%\system32\sonicstagemonitoring.dll File not found
SRV - (snareiis) -- %systemroot%\system32\adsexpb.dll File not found
SRV - (sandboxu) -- %systemroot%\system32\hsxhwazl.dll File not found
SRV - (pmounter) -- %systemroot%\system32\prepdrvr.dll File not found
SRV - (pdlndtdl) -- %systemroot%\system32\s616bus.dll File not found
SRV - (netdevio) -- %systemroot%\system32\ADIDTSFiltService.dll File not found
SRV - (MXOFX) -- %systemroot%\system32\cicssfs.scmmc223.dll File not found
SRV - (msfwsvc) -- %systemroot%\system32\usr11g.dll File not found
SRV - (MegaSR) -- %systemroot%\system32\aswtdi.dll File not found
SRV - (mbmiodrvr) -- %systemroot%\system32\NWFILTER.dll File not found
SRV - (KMWDFilter) -- %systemroot%\system32\si3114r.dll File not found
SRV - (k56) -- %systemroot%\system32\WBHWDOCT.dll File not found
SRV - (iftpsvc) -- %systemroot%\system32\symwsc.dll File not found
SRV - (fsks) -- %systemroot%\system32\RTHDMIAzAudService.dll File not found
SRV - (Evian) -- %systemroot%\system32\AtlsAud.dll File not found
SRV - (epsonbidirectionalservice) -- %systemroot%\system32\kwatchsvc.dll File not found
SRV - (Eplpdx02) -- %systemroot%\system32\aspnet_state.dll File not found
SRV - (eelsservice) -- %systemroot%\system32\nbf.dll File not found
SRV - (cwcspud) -- %systemroot%\system32\ftsata2.dll File not found
SRV - (bglivesvc) -- %systemroot%\system32\ql1240.dll File not found
SRV - (AlteraByteBlaster) -- %systemroot%\system32\xfilt.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120414.016\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120414.016\NAVENG.SYS (Symantec Corporation)
DRV - (DfsC) -- C:\Windows\System32\drivers\dfsc.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (OA004Vid) -- C:\Windows\System32\drivers\OA004Vid.sys (Creative Technology Ltd.)
DRV - (OA004Ufd) -- C:\Windows\System32\drivers\OA004Ufd.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bd=HP&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bd=HP&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {F88A65C1-01E9-4A87-87A8-EB4D347F576F}
IE - HKLM\..\SearchScopes\{5940A27E-2C28-4B4E-B1D4-BA8DF5E5FFC2}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{7A198281-3142-4E26-9BB8-19DDDB251401}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{F88A65C1-01E9-4A87-87A8-EB4D347F576F}: "URL" = http://slirsredirect...hpcnnbie7-en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {F88A65C1-01E9-4A87-87A8-EB4D347F576F}
IE - HKCU\..\SearchScopes\{5940A27E-2C28-4B4E-B1D4-BA8DF5E5FFC2}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{7A198281-3142-4E26-9BB8-19DDDB251401}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{F88A65C1-01E9-4A87-87A8-EB4D347F576F}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/07 22:07:28 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: AOL Search ()
CHR - default_search_provider: search_url = http://slirsredirect...hpcnnbie7-en-gb
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2012/04/19 23:48:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blogspot.com ([tvbdownload] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DDCD98-1120-47C3-B47E-A4E6820A571F} http://www.pbworldne...ts/intranet.CAB (intranet.download)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3EDD74B-CC64-4232-BAC5-052B9F541BF5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F16272DE-17E7-42BB-81CC-2BEA28F3D4A9}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jonno\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jonno\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/21 20:00:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{feb5a1d2-ec14-11e0-9d6d-001e685d200d}\Shell - "" = AutoRun
O33 - MountPoints2\{feb5a1d2-ec14-11e0-9d6d-001e685d200d}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 23:48:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/19 19:32:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jonno\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2012/04/19 23:59:38 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/19 23:59:38 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/19 23:53:16 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/19 23:53:00 | 000,027,335 | ---- | M] () -- C:\Users\Jonno\AppData\Roaming\nvModes.001
[2012/04/19 23:52:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 23:52:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 23:52:21 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/19 23:52:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 23:52:02 | 2079,186,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 23:50:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/04/19 23:48:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/19 23:39:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 19:32:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jonno\Desktop\OTL.exe
[2012/04/18 23:30:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{62A772F2-818E-4AA6-8DCC-DD30601E16E7}.job
[2012/04/10 19:51:10 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jonno.job

========== Files Created - No Company Name ==========

[2012/04/19 23:52:21 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/19 00:56:00 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/03 01:49:30 | 000,000,680 | ---- | C] () -- C:\Users\Jonno\AppData\Local\d3d9caps.dat
[2011/06/16 22:51:27 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys

========== LOP Check ==========

[2009/07/30 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\.jbwmdesktop
[2011/09/07 23:04:29 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\bwm
[2009/07/28 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Complete Diet Solution
[2009/03/19 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Magic Academy
[2009/05/01 20:27:16 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Megaupload
[2009/05/02 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\NetMeter
[2008/09/19 22:44:08 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\TrojanHunter
[2010/04/29 00:02:42 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\uTorrent
[2008/07/19 17:13:38 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\WildTangent
[2012/04/19 23:50:53 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/18 23:30:27 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{62A772F2-818E-4AA6-8DCC-DD30601E16E7}.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

< End of report >






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 00:05:40
-----------------------------
00:05:40.981 OS Version: Windows 6.0.6002 Service Pack 2
00:05:40.981 Number of processors: 2 586 0x6802
00:05:40.997 ComputerName: JONNO-HOME UserName: Jonno
00:05:45.193 Initialize success
00:06:37.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
00:06:37.662 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
00:06:37.709 Disk 0 MBR read successfully
00:06:37.725 Disk 0 MBR scan
00:06:37.725 Disk 0 unknown MBR code
00:06:37.725 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140811 MB offset 63
00:06:37.756 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11813 MB offset 288382815
00:06:37.803 Disk 0 scanning sectors +312576705
00:06:37.850 Disk 0 scanning C:\Windows\system32\drivers
00:06:47.646 Service scanning
00:07:10.953 Modules scanning
00:07:16.460 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
00:07:18.768 Disk 0 trace - called modules:
00:07:18.784 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x875e3fd0]<<
00:07:18.800 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851d7ac8]
00:07:18.800 3 CLASSPNP.SYS[87ba88b3] -> nt!IofCallDriver -> [0x87599798]
00:07:18.815 \Driver\00001536[0x87551f38] -> IRP_MJ_CREATE -> 0x875e3fd0
00:07:18.815 Scan finished successfully
00:08:10.529 Disk 0 MBR has been saved successfully to "C:\Users\Jonno\Desktop\MBR.dat"
00:08:10.529 The log file has been saved successfully to "C:\Users\Jonno\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see the culprit now

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
don_qua

don_qua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

I ran the TDSSKiller programme with no problems. Then I tried to turn off the firewalls as instructed, both on Windows and my Symantec Antivirus. Everytime I tried to go into the settings to turn off the firewall on Windows, I get an error message, so I couldn't check whether it was off or not. Same thing with my antivirus, there was a long stall and then it force shuts down. But I managed to get to the settings only by fluke, so I turned it off. After that, I ran the Combofix anyway, and twice, a message which said that they found ZeroAccess popped up. I let it run and it rebooted. Internet explorer wasn't working after that but I rebooted again as advised and it was fine then.

Started up the computer with no Ordinal1109 error message popping up, just the usual two annoying missing link popups that I have been getting since a while ago...do you think there's any chance of geting rid of them as well Essexboy?

Logs requested as below:-

22:48:51.0309 4188 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
22:48:51.0684 4188 ============================================================
22:48:51.0684 4188 Current date / time: 2012/04/20 22:48:51.0684
22:48:51.0684 4188 SystemInfo:
22:48:51.0684 4188
22:48:51.0684 4188 OS Version: 6.0.6002 ServicePack: 2.0
22:48:51.0684 4188 Product type: Workstation
22:48:51.0684 4188 ComputerName: JONNO-HOME
22:48:51.0684 4188 UserName: Jonno
22:48:51.0684 4188 Windows directory: C:\Windows
22:48:51.0684 4188 System windows directory: C:\Windows
22:48:51.0684 4188 Processor architecture: Intel x86
22:48:51.0684 4188 Number of processors: 2
22:48:51.0684 4188 Page size: 0x1000
22:48:51.0684 4188 Boot type: Normal boot
22:48:51.0684 4188 ============================================================
22:48:53.0135 4188 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:48:53.0181 4188 \Device\Harddisk0\DR0:
22:48:53.0181 4188 MBR partitions:
22:48:53.0181 4188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11305F20
22:48:53.0181 4188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11305F5F, BlocksNum 0x1712B62
22:48:53.0197 4188 C: <-> \Device\Harddisk0\DR0\Partition0
22:48:53.0244 4188 D: <-> \Device\Harddisk0\DR0\Partition1
22:48:53.0244 4188 Initialize success
22:48:53.0244 4188 ============================================================
22:49:41.0324 4508 ============================================================
22:49:41.0324 4508 Scan started
22:49:41.0324 4508 Mode: Manual; SigCheck; TDLFS;
22:49:41.0324 4508 ============================================================
22:49:45.0146 4508 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:49:45.0396 4508 ACPI - ok
22:49:46.0191 4508 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:49:46.0488 4508 AdobeFlashPlayerUpdateSvc - ok
22:49:47.0127 4508 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:49:47.0377 4508 adp94xx - ok
22:49:47.0736 4508 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:49:47.0938 4508 adpahci - ok
22:49:48.0110 4508 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:49:48.0328 4508 adpu160m - ok
22:49:48.0609 4508 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:49:48.0765 4508 adpu320 - ok
22:49:49.0062 4508 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:49:49.0748 4508 AeLookupSvc - ok
22:49:50.0107 4508 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:49:50.0356 4508 AFD - ok
22:49:50.0746 4508 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:49:50.0996 4508 agp440 - ok
22:49:51.0339 4508 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:49:51.0526 4508 aic78xx - ok
22:49:51.0792 4508 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:49:52.0634 4508 ALG - ok
22:49:52.0868 4508 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:49:52.0915 4508 aliide - ok
22:49:53.0071 4508 AlteraByteBlaster - ok
22:49:53.0227 4508 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:49:53.0383 4508 amdagp - ok
22:49:53.0648 4508 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:49:53.0882 4508 amdide - ok
22:49:54.0256 4508 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:49:56.0425 4508 AmdK7 - ok
22:49:56.0643 4508 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
22:49:56.0799 4508 AmdK8 - ok
22:49:57.0174 4508 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:49:57.0502 4508 Appinfo - ok
22:49:57.0814 4508 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:49:58.0079 4508 Apple Mobile Device - ok
22:49:58.0438 4508 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:49:58.0563 4508 arc - ok
22:49:58.0984 4508 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:49:59.0125 4508 arcsas - ok
22:49:59.0546 4508 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:49:59.0686 4508 AsyncMac - ok
22:49:59.0936 4508 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:49:59.0967 4508 atapi - ok
22:50:00.0466 4508 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
22:50:01.0137 4508 athr - ok
22:50:01.0527 4508 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:50:01.0714 4508 AudioEndpointBuilder - ok
22:50:01.0886 4508 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:50:01.0964 4508 Audiosrv - ok
22:50:02.0369 4508 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:50:02.0541 4508 BCM43XV - ok
22:50:02.0900 4508 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:50:03.0087 4508 Beep - ok
22:50:03.0368 4508 bglivesvc - ok
22:50:03.0728 4508 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
22:50:04.0086 4508 BITS - ok
22:50:04.0305 4508 blbdrive - ok
22:50:04.0710 4508 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
22:50:04.0851 4508 Bonjour Service - ok
22:50:05.0350 4508 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:50:05.0537 4508 bowser - ok
22:50:05.0865 4508 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:50:06.0130 4508 BrFiltLo - ok
22:50:06.0348 4508 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:50:06.0458 4508 BrFiltUp - ok
22:50:06.0754 4508 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:50:06.0972 4508 Browser - ok
22:50:07.0222 4508 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:50:07.0331 4508 Brserid - ok
22:50:07.0659 4508 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:50:07.0940 4508 BrSerWdm - ok
22:50:08.0252 4508 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:50:08.0470 4508 BrUsbMdm - ok
22:50:08.0704 4508 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:50:08.0907 4508 BrUsbSer - ok
22:50:09.0297 4508 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:50:09.0422 4508 BthEnum - ok
22:50:09.0749 4508 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
22:50:09.0905 4508 BTHMODEM - ok
22:50:10.0264 4508 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:50:10.0607 4508 BthPan - ok
22:50:11.0044 4508 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:50:11.0418 4508 BTHPORT - ok
22:50:11.0715 4508 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
22:50:12.0120 4508 BthServ - ok
22:50:12.0417 4508 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:50:12.0542 4508 BTHUSB - ok
22:50:12.0807 4508 ccEvtMgr (47312a6af7d84f99ea9eb7b0de5440bc) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
22:50:12.0947 4508 ccEvtMgr - ok
22:50:13.0010 4508 ccSetMgr (47312a6af7d84f99ea9eb7b0de5440bc) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
22:50:13.0041 4508 ccSetMgr - ok
22:50:13.0415 4508 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:50:13.0556 4508 cdfs - ok
22:50:13.0992 4508 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:50:14.0211 4508 cdrom - ok
22:50:14.0507 4508 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:50:14.0694 4508 CertPropSvc - ok
22:50:15.0038 4508 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:50:15.0209 4508 circlass - ok
22:50:15.0443 4508 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:50:15.0521 4508 CLFS - ok
22:50:15.0786 4508 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:50:15.0958 4508 clr_optimization_v2.0.50727_32 - ok
22:50:16.0254 4508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:50:16.0317 4508 clr_optimization_v4.0.30319_32 - ok
22:50:16.0473 4508 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:50:16.0566 4508 CmBatt - ok
22:50:16.0800 4508 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:50:16.0878 4508 cmdide - ok
22:50:17.0206 4508 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
22:50:17.0643 4508 CnxtHdAudService - ok
22:50:17.0939 4508 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
22:50:18.0173 4508 Com4Qlb ( UnsignedFile.Multi.Generic ) - warning
22:50:18.0173 4508 Com4Qlb - detected UnsignedFile.Multi.Generic (1)
22:50:18.0470 4508 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:50:18.0594 4508 Compbatt - ok
22:50:18.0828 4508 COMSysApp - ok
22:50:19.0140 4508 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:50:19.0702 4508 crcdisk - ok
22:50:20.0482 4508 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:50:20.0747 4508 Crusoe - ok
22:50:21.0044 4508 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:50:21.0153 4508 CryptSvc - ok
22:50:21.0340 4508 cwcspud - ok
22:50:21.0839 4508 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:50:22.0448 4508 DcomLaunch - ok
22:50:22.0604 4508 DefWatch (fb937277e87f8468603f4e2d8cf9db4a) C:\Program Files\Symantec AntiVirus\DefWatch.exe
22:50:22.0806 4508 DefWatch - ok
22:50:23.0134 4508 DfsC (7f88bf7901edec4813d431e52348eb87) C:\Windows\system32\Drivers\dfsc.sys
22:50:23.0290 4508 DfsC ( UnsignedFile.Multi.Generic ) - warning
22:50:23.0290 4508 DfsC - detected UnsignedFile.Multi.Generic (1)
22:50:23.0727 4508 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:50:25.0224 4508 DFSR - ok
22:50:25.0708 4508 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:50:25.0926 4508 Dhcp - ok
22:50:26.0316 4508 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:50:26.0504 4508 disk - ok
22:50:26.0831 4508 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:50:27.0081 4508 Dnscache - ok
22:50:27.0424 4508 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:50:27.0564 4508 dot3svc - ok
22:50:27.0908 4508 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:50:28.0110 4508 DPS - ok
22:50:28.0391 4508 dptrackerd - ok
22:50:28.0656 4508 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:50:28.0719 4508 drmkaud - ok
22:50:29.0078 4508 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:50:29.0577 4508 DXGKrnl - ok
22:50:30.0014 4508 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
22:50:30.0326 4508 E100B - ok
22:50:30.0591 4508 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:50:30.0809 4508 E1G60 - ok
22:50:31.0059 4508 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:50:31.0215 4508 EapHost - ok
22:50:31.0418 4508 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:50:31.0589 4508 Ecache - ok
22:50:31.0917 4508 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:50:32.0307 4508 eeCtrl - ok
22:50:32.0510 4508 eelsservice - ok
22:50:32.0588 4508 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:50:32.0790 4508 ehRecvr - ok
22:50:32.0978 4508 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:50:33.0290 4508 ehSched - ok
22:50:33.0461 4508 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:50:33.0602 4508 ehstart - ok
22:50:33.0945 4508 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:50:34.0397 4508 elxstor - ok
22:50:34.0740 4508 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:50:35.0037 4508 EMDMgmt - ok
22:50:35.0208 4508 Eplpdx02 - ok
22:50:35.0458 4508 epsonbidirectionalservice - ok
22:50:35.0817 4508 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:50:35.0973 4508 EraserUtilRebootDrv - ok
22:50:36.0410 4508 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:50:36.0690 4508 EventSystem - ok
22:50:36.0893 4508 Evian - ok
22:50:37.0158 4508 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:50:37.0252 4508 exfat - ok
22:50:37.0564 4508 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:50:37.0673 4508 fastfat - ok
22:50:38.0001 4508 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:50:38.0235 4508 fdc - ok
22:50:38.0625 4508 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:50:38.0718 4508 fdPHost - ok
22:50:38.0984 4508 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:50:39.0108 4508 FDResPub - ok
22:50:39.0452 4508 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:50:39.0576 4508 FileInfo - ok
22:50:39.0935 4508 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:50:40.0170 4508 Filetrace - ok
22:50:40.0513 4508 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:50:40.0747 4508 flpydisk - ok
22:50:41.0263 4508 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:50:41.0466 4508 FltMgr - ok
22:50:41.0965 4508 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
22:50:42.0230 4508 FontCache - ok
22:50:42.0527 4508 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:50:42.0636 4508 FontCache3.0.0.0 - ok
22:50:42.0839 4508 fsks - ok
22:50:43.0042 4508 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:50:43.0135 4508 Fs_Rec - ok
22:50:43.0416 4508 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:50:43.0556 4508 gagp30kx - ok
22:50:43.0681 4508 GameConsoleService (44d07e5a444692e9b6a5cdd7401b4402) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
22:50:44.0040 4508 GameConsoleService - ok
22:50:44.0180 4508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:50:44.0336 4508 GEARAspiWDM - ok
22:50:44.0430 4508 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:50:44.0570 4508 gpsvc - ok
22:50:44.0726 4508 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
22:50:44.0836 4508 HBtnKey - ok
22:50:45.0163 4508 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
22:50:45.0350 4508 HdAudAddService - ok
22:50:45.0647 4508 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:50:45.0803 4508 HDAudBus - ok
22:50:46.0130 4508 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:50:46.0240 4508 HidBth - ok
22:50:46.0505 4508 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:50:46.0598 4508 HidIr - ok
22:50:46.0832 4508 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
22:50:46.0895 4508 hidserv - ok
22:50:46.0988 4508 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:50:47.0082 4508 HidUsb - ok
22:50:47.0254 4508 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:50:47.0410 4508 hkmsvc - ok
22:50:47.0534 4508 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
22:50:47.0581 4508 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
22:50:47.0581 4508 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
22:50:47.0815 4508 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:50:47.0878 4508 HpCISSs - ok
22:50:48.0268 4508 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:50:48.0392 4508 HpqKbFiltr - ok
22:50:48.0580 4508 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
22:50:48.0689 4508 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
22:50:48.0689 4508 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
22:50:48.0876 4508 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:50:48.0970 4508 HSFHWAZL - ok
22:50:49.0656 4508 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:50:49.0859 4508 HSF_DPV - ok
22:50:50.0030 4508 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:50:50.0077 4508 HSXHWAZL - ok
22:50:50.0202 4508 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:50:50.0327 4508 HTTP - ok
22:50:50.0717 4508 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:50:50.0842 4508 i2omp - ok
22:50:51.0076 4508 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:50:51.0216 4508 i8042prt - ok
22:50:51.0528 4508 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:50:51.0731 4508 ialm - ok
22:50:51.0965 4508 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:50:52.0074 4508 iaStorV - ok
22:50:52.0200 4508 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:50:52.0293 4508 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:50:52.0293 4508 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:50:52.0434 4508 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:50:52.0605 4508 idsvc - ok
22:50:52.0730 4508 iftpsvc - ok
22:50:52.0855 4508 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:50:52.0995 4508 iirsp - ok
22:50:53.0058 4508 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:50:53.0198 4508 IKEEXT - ok
22:50:53.0292 4508 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
22:50:53.0339 4508 intelide - ok
22:50:53.0510 4508 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
22:50:53.0651 4508 intelppm - ok
22:50:53.0869 4508 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:50:53.0963 4508 IPBusEnum - ok
22:50:54.0306 4508 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:54.0509 4508 IpFilterDriver - ok
22:50:54.0836 4508 IpInIp - ok
22:50:55.0257 4508 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:50:55.0491 4508 IPMIDRV - ok
22:50:55.0819 4508 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:50:55.0928 4508 IPNAT - ok
22:50:56.0256 4508 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
22:50:56.0427 4508 iPod Service - ok
22:50:56.0833 4508 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:50:56.0989 4508 IRENUM - ok
22:50:57.0363 4508 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:50:57.0551 4508 isapnp - ok
22:50:57.0941 4508 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:50:58.0065 4508 iScsiPrt - ok
22:50:58.0440 4508 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:50:58.0736 4508 iteatapi - ok
22:50:59.0111 4508 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:50:59.0298 4508 iteraid - ok
22:50:59.0594 4508 k56 - ok
22:51:00.0047 4508 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:00.0437 4508 kbdclass - ok
22:51:00.0905 4508 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:51:01.0076 4508 kbdhid - ok
22:51:01.0357 4508 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:51:01.0575 4508 KeyIso - ok
22:51:01.0825 4508 KMWDFilter - ok
22:51:02.0262 4508 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:51:02.0480 4508 KSecDD - ok
22:51:02.0839 4508 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:51:02.0979 4508 KtmRm - ok
22:51:03.0213 4508 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
22:51:03.0401 4508 LanmanServer - ok
22:51:03.0557 4508 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:51:03.0666 4508 LanmanWorkstation - ok
22:51:03.0822 4508 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:51:03.0931 4508 LightScribeService - ok
22:51:04.0368 4508 LiveUpdate (3c7fcbbc35e0a52ce9b12e9cc4f5b991) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
22:51:05.0694 4508 LiveUpdate - ok
22:51:06.0224 4508 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:06.0333 4508 lltdio - ok
22:51:06.0630 4508 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:51:06.0801 4508 lltdsvc - ok
22:51:06.0942 4508 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:51:07.0082 4508 lmhosts - ok
22:51:07.0363 4508 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:51:07.0597 4508 LSI_FC - ok
22:51:07.0940 4508 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:51:08.0143 4508 LSI_SAS - ok
22:51:08.0361 4508 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:51:08.0549 4508 LSI_SCSI - ok
22:51:08.0829 4508 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:51:09.0017 4508 luafv - ok
22:51:09.0219 4508 mbmiodrvr - ok
22:51:09.0297 4508 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:51:09.0453 4508 Mcx2Svc - ok
22:51:09.0812 4508 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:51:09.0937 4508 mdmxsdk - ok
22:51:10.0265 4508 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:51:10.0452 4508 megasas - ok
22:51:10.0623 4508 MegaSR - ok
22:51:10.0873 4508 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:51:10.0998 4508 MMCSS - ok
22:51:11.0341 4508 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:51:11.0591 4508 Modem - ok
22:51:12.0215 4508 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:51:12.0308 4508 monitor - ok
22:51:12.0792 4508 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:12.0948 4508 mouclass - ok
22:51:13.0197 4508 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:13.0322 4508 mouhid - ok
22:51:13.0697 4508 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:51:13.0977 4508 MountMgr - ok
22:51:14.0430 4508 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:51:14.0711 4508 mpio - ok
22:51:15.0381 4508 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:51:15.0492 4508 mpsdrv - ok
22:51:15.0835 4508 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:51:15.0960 4508 Mraid35x - ok
22:51:16.0428 4508 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:51:16.0678 4508 MRxDAV - ok
22:51:17.0146 4508 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:17.0255 4508 mrxsmb - ok
22:51:17.0568 4508 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:17.0724 4508 mrxsmb10 - ok
22:51:18.0052 4508 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:18.0224 4508 mrxsmb20 - ok
22:51:18.0832 4508 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:51:19.0191 4508 msahci - ok
22:51:19.0659 4508 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:51:19.0737 4508 msdsm - ok
22:51:20.0033 4508 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:51:20.0267 4508 MSDTC - ok
22:51:20.0766 4508 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:51:20.0891 4508 Msfs - ok
22:51:21.0047 4508 msfwsvc - ok
22:51:21.0468 4508 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:51:21.0702 4508 msisadrv - ok
22:51:22.0170 4508 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:51:22.0358 4508 MSiSCSI - ok
22:51:22.0529 4508 msiserver - ok
22:51:23.0216 4508 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:23.0340 4508 MSKSSRV - ok
22:51:23.0730 4508 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:23.0808 4508 MSPCLOCK - ok
22:51:24.0292 4508 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:51:24.0448 4508 MSPQM - ok
22:51:24.0947 4508 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:51:25.0197 4508 MsRPC - ok
22:51:25.0821 4508 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:51:25.0992 4508 mssmbios - ok
22:51:26.0211 4508 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:51:26.0382 4508 MSTEE - ok
22:51:26.0679 4508 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:51:26.0882 4508 Mup - ok
22:51:27.0100 4508 MXOFX - ok
22:51:27.0318 4508 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:51:27.0552 4508 napagent - ok
22:51:27.0927 4508 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:28.0020 4508 NativeWifiP - ok
22:51:28.0348 4508 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120414.016\NAVENG.SYS
22:51:28.0410 4508 NAVENG - ok
22:51:28.0925 4508 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120414.016\NAVEX15.SYS
22:51:29.0346 4508 NAVEX15 - ok
22:51:29.0752 4508 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:51:29.0924 4508 NDIS - ok
22:51:30.0298 4508 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:30.0516 4508 NdisTapi - ok
22:51:30.0844 4508 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:30.0984 4508 Ndisuio - ok
22:51:31.0250 4508 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:31.0421 4508 NdisWan - ok
22:51:31.0749 4508 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:51:31.0874 4508 NDProxy - ok
22:51:32.0435 4508 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:51:32.0529 4508 NetBIOS - ok
22:51:32.0966 4508 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:51:33.0449 4508 netbt - ok
22:51:33.0668 4508 netdevio - ok
22:51:33.0792 4508 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:51:33.0902 4508 Netlogon - ok
22:51:34.0229 4508 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:51:34.0401 4508 Netman - ok
22:51:34.0650 4508 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:51:34.0806 4508 netprofm - ok
22:51:34.0884 4508 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:51:35.0087 4508 NetTcpPortSharing - ok
22:51:35.0493 4508 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:51:35.0618 4508 nfrd960 - ok
22:51:35.0945 4508 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:51:36.0086 4508 NlaSvc - ok
22:51:36.0366 4508 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:51:36.0507 4508 Npfs - ok
22:51:36.0803 4508 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:51:36.0944 4508 nsi - ok
22:51:37.0193 4508 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:51:37.0287 4508 nsiproxy - ok
22:51:37.0646 4508 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:51:37.0958 4508 Ntfs - ok
22:51:38.0332 4508 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:51:38.0504 4508 ntrigdigi - ok
22:51:38.0909 4508 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:51:38.0987 4508 Null - ok
22:51:39.0471 4508 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:51:39.0986 4508 NVENETFD - ok
22:51:41.0546 4508 nvlddmkm (35c7fe325ca864fa9d0a4794da80f8c8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:51:46.0943 4508 nvlddmkm - ok
22:51:47.0224 4508 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:51:47.0427 4508 nvraid - ok
22:51:47.0739 4508 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
22:51:47.0973 4508 nvsmu - ok
22:51:48.0285 4508 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:51:48.0410 4508 nvstor - ok
22:51:48.0737 4508 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:51:48.0893 4508 nv_agp - ok
22:51:49.0158 4508 NwlnkFlt - ok
22:51:49.0361 4508 NwlnkFwd - ok
22:51:49.0533 4508 OA004Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA004Ufd.sys
22:51:49.0736 4508 OA004Ufd - ok
22:51:50.0016 4508 OA004Vid (a0bbbd3408ada89a6b4a69cef62efbd8) C:\Windows\system32\DRIVERS\OA004Vid.sys
22:51:50.0079 4508 OA004Vid - ok
22:51:50.0391 4508 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:51:50.0781 4508 odserv - ok
22:51:51.0202 4508 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:51:51.0311 4508 ohci1394 - ok
22:51:51.0374 4508 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:51:51.0639 4508 ose - ok
22:51:52.0013 4508 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:51:52.0232 4508 p2pimsvc - ok
22:51:52.0341 4508 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:51:52.0419 4508 p2psvc - ok
22:51:52.0840 4508 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:51:52.0997 4508 Parport - ok
22:51:53.0418 4508 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:51:53.0637 4508 partmgr - ok
22:51:53.0964 4508 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:51:54.0090 4508 Parvdm - ok
22:51:54.0355 4508 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:51:54.0542 4508 PcaSvc - ok
22:51:54.0870 4508 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:51:55.0042 4508 pccsmcfd - ok
22:51:55.0432 4508 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:51:55.0619 4508 pci - ok
22:51:55.0993 4508 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:51:56.0228 4508 pciide - ok
22:51:56.0618 4508 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:51:56.0852 4508 pcmcia - ok
22:51:57.0149 4508 pdiddcci - ok
22:51:57.0414 4508 pdlndtdl - ok
22:51:57.0975 4508 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:51:58.0319 4508 PEAUTH - ok
22:51:58.0849 4508 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:51:59.0395 4508 pla - ok
22:51:59.0645 4508 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:51:59.0894 4508 PlugPlay - ok
22:52:00.0097 4508 pmounter - ok
22:52:00.0503 4508 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:52:00.0815 4508 PNRPAutoReg - ok
22:52:00.0924 4508 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:52:00.0971 4508 PNRPsvc - ok
22:52:01.0439 4508 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:52:01.0829 4508 PolicyAgent - ok
22:52:02.0094 4508 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:52:02.0281 4508 PptpMiniport - ok
22:52:02.0687 4508 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:52:02.0811 4508 Processor - ok
22:52:03.0233 4508 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:52:03.0373 4508 ProfSvc - ok
22:52:03.0732 4508 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:52:03.0857 4508 ProtectedStorage - ok
22:52:04.0262 4508 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:52:04.0481 4508 PSched - ok
22:52:05.0073 4508 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:52:05.0682 4508 ql2300 - ok
22:52:06.0212 4508 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:52:06.0711 4508 ql40xx - ok
22:52:07.0148 4508 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:52:07.0460 4508 QWAVE - ok
22:52:07.0819 4508 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:52:07.0991 4508 QWAVEdrv - ok
22:52:08.0396 4508 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:52:08.0568 4508 RasAcd - ok
22:52:08.0880 4508 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:52:09.0036 4508 RasAuto - ok
22:52:09.0426 4508 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:52:09.0738 4508 Rasl2tp - ok
22:52:10.0206 4508 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:52:10.0455 4508 RasMan - ok
22:52:10.0892 4508 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:52:11.0048 4508 RasPppoe - ok
22:52:11.0376 4508 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:52:11.0579 4508 RasSstp - ok
22:52:12.0015 4508 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:52:12.0140 4508 rdbss - ok
22:52:12.0515 4508 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:52:12.0608 4508 RDPCDD - ok
22:52:12.0858 4508 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:52:13.0170 4508 rdpdr - ok
22:52:13.0404 4508 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:52:13.0638 4508 RDPENCDD - ok
22:52:14.0059 4508 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:52:14.0246 4508 RDPWD - ok
22:52:14.0574 4508 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:52:14.0761 4508 RemoteAccess - ok
22:52:14.0886 4508 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:52:14.0995 4508 RemoteRegistry - ok
22:52:15.0307 4508 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:52:15.0432 4508 RFCOMM - ok
22:52:15.0666 4508 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:52:15.0791 4508 RichVideo - ok
22:52:16.0134 4508 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:52:16.0539 4508 RpcLocator - ok
22:52:16.0836 4508 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:52:17.0054 4508 RpcSs - ok
22:52:17.0366 4508 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:52:17.0413 4508 rspndr - ok
22:52:17.0694 4508 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:52:17.0756 4508 SamSs - ok
22:52:18.0006 4508 sandboxu - ok
22:52:18.0193 4508 SavRoam (3d6ab454353a7834a0919e4cdc77b566) C:\Program Files\Symantec AntiVirus\SavRoam.exe
22:52:18.0427 4508 SavRoam - ok
22:52:18.0630 4508 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:52:18.0739 4508 sbp2port - ok
22:52:19.0035 4508 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:52:19.0113 4508 SCardSvr - ok
22:52:19.0441 4508 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:52:19.0815 4508 Schedule - ok
22:52:20.0096 4508 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:52:20.0190 4508 SCPolicySvc - ok
22:52:20.0533 4508 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
22:52:20.0705 4508 sdbus - ok
22:52:20.0861 4508 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:52:21.0017 4508 SDRSVC - ok
22:52:21.0235 4508 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:52:21.0469 4508 secdrv - ok
22:52:21.0672 4508 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:52:21.0765 4508 seclogon - ok
22:52:22.0077 4508 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
22:52:22.0171 4508 SENS - ok
22:52:22.0577 4508 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:52:22.0701 4508 Serenum - ok
22:52:23.0045 4508 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:52:23.0279 4508 Serial - ok
22:52:23.0653 4508 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:52:23.0747 4508 sermouse - ok
22:52:24.0090 4508 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:52:24.0215 4508 SessionEnv - ok
22:52:24.0495 4508 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:52:24.0714 4508 sffdisk - ok
22:52:25.0166 4508 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:52:25.0338 4508 sffp_mmc - ok
22:52:25.0634 4508 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:52:25.0743 4508 sffp_sd - ok
22:52:26.0133 4508 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:52:26.0336 4508 sfloppy - ok
22:52:26.0664 4508 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:52:26.0773 4508 SharedAccess - ok
22:52:27.0085 4508 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:52:27.0288 4508 ShellHWDetection - ok
22:52:27.0662 4508 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:52:27.0787 4508 sisagp - ok
22:52:28.0146 4508 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:52:28.0239 4508 SiSRaid2 - ok
22:52:28.0551 4508 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:52:28.0707 4508 SiSRaid4 - ok
22:52:29.0269 4508 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:52:30.0611 4508 slsvc - ok
22:52:30.0876 4508 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:52:30.0954 4508 SLUINotify - ok
22:52:31.0219 4508 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:52:31.0359 4508 Smb - ok
22:52:31.0640 4508 snareiis - ok
22:52:31.0952 4508 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:52:32.0077 4508 SNMPTRAP - ok
22:52:32.0280 4508 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
22:52:32.0373 4508 Sony Ericsson PCCompanion - ok
22:52:32.0779 4508 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
22:52:33.0029 4508 SPBBCDrv - ok
22:52:33.0372 4508 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:52:33.0590 4508 spldr - ok
22:52:33.0809 4508 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:52:33.0980 4508 Spooler - ok
22:52:34.0417 4508 SRTSP (1b2a1c6bc76e1ebe8bc2f4a4f3d43e23) C:\Windows\system32\Drivers\SRTSP.SYS
22:52:34.0573 4508 SRTSP - ok
22:52:34.0947 4508 SRTSPL (f01a7f6e60e95fe83345cf92728a32d4) C:\Windows\system32\Drivers\SRTSPL.SYS
22:52:35.0197 4508 SRTSPL ( UnsignedFile.Multi.Generic ) - warning
22:52:35.0197 4508 SRTSPL - detected UnsignedFile.Multi.Generic (1)
22:52:35.0540 4508 SRTSPX (d02812f89e18c6fb32f901be1e10bc17) C:\Windows\system32\Drivers\SRTSPX.SYS
22:52:35.0727 4508 SRTSPX - ok
22:52:36.0258 4508 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:52:36.0414 4508 srv - ok
22:52:36.0695 4508 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:52:36.0929 4508 srv2 - ok
22:52:37.0178 4508 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:52:37.0272 4508 srvnet - ok
22:52:37.0615 4508 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:52:37.0771 4508 SSDPSRV - ok
22:52:38.0083 4508 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:52:38.0161 4508 SstpSvc - ok
22:52:38.0520 4508 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:52:38.0723 4508 stisvc - ok
22:52:39.0035 4508 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:52:39.0144 4508 swenum - ok
22:52:39.0471 4508 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:52:39.0627 4508 swprv - ok
22:52:39.0924 4508 Symantec AntiVirus (a548acf535d81a96e1b38f76a2de658f) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
22:52:40.0376 4508 Symantec AntiVirus - ok
22:52:40.0548 4508 symantecantibotwatcher - ok
22:52:40.0719 4508 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:52:40.0860 4508 Symc8xx - ok
22:52:41.0156 4508 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:52:41.0312 4508 SymEvent - ok
22:52:41.0515 4508 SymIMMP - ok
22:52:41.0952 4508 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
22:52:42.0155 4508 SYMREDRV - ok
22:52:42.0560 4508 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
22:52:42.0669 4508 SYMTDI - ok
22:52:43.0184 4508 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:52:43.0559 4508 Sym_hi - ok
22:52:43.0902 4508 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:52:44.0042 4508 Sym_u3 - ok
22:52:44.0339 4508 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
22:52:44.0448 4508 SynTP - ok
22:52:44.0963 4508 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:52:45.0212 4508 SysMain - ok
22:52:45.0524 4508 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:52:45.0602 4508 TabletInputService - ok
22:52:46.0023 4508 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:52:46.0242 4508 TapiSrv - ok
22:52:46.0491 4508 tbaspi - ok
22:52:46.0585 4508 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:52:46.0663 4508 TBS - ok
22:52:46.0881 4508 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:52:47.0100 4508 Tcpip - ok
22:52:47.0271 4508 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:52:47.0334 4508 Tcpip6 - ok
22:52:47.0459 4508 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:52:47.0568 4508 tcpipreg - ok
22:52:47.0708 4508 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:52:47.0817 4508 TDPIPE - ok
22:52:47.0895 4508 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:52:48.0005 4508 TDTCP - ok
22:52:48.0176 4508 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:52:48.0285 4508 tdx - ok
22:52:48.0410 4508 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:52:48.0504 4508 TermDD - ok
22:52:48.0660 4508 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:52:48.0987 4508 TermService - ok
22:52:49.0081 4508 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:52:49.0159 4508 Themes - ok
22:52:49.0253 4508 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:52:49.0299 4508 THREADORDER - ok
22:52:49.0346 4508 TMBMServer - ok
22:52:49.0471 4508 toscosrv - ok
22:52:49.0643 4508 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:52:49.0767 4508 TrkWks - ok
22:52:50.0111 4508 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:52:50.0298 4508 TrustedInstaller - ok
22:52:50.0766 4508 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:50.0891 4508 tssecsrv - ok
22:52:51.0047 4508 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:52:51.0156 4508 tunmp - ok
22:52:51.0265 4508 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:52:51.0343 4508 tunnel - ok
22:52:51.0577 4508 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:52:51.0717 4508 uagp35 - ok
22:52:52.0217 4508 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:52:52.0326 4508 udfs - ok
22:52:52.0607 4508 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:52:52.0685 4508 UI0Detect - ok
22:52:52.0950 4508 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:52:53.0059 4508 uliagpkx - ok
22:52:53.0340 4508 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:52:53.0465 4508 uliahci - ok
22:52:53.0761 4508 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:52:53.0839 4508 UlSata - ok
22:52:54.0291 4508 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:52:54.0447 4508 ulsata2 - ok
22:52:55.0025 4508 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:52:55.0181 4508 umbus - ok
22:52:55.0352 4508 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:52:55.0415 4508 upnphost - ok
22:52:55.0695 4508 upperdev - ok
22:52:55.0961 4508 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:56.0101 4508 usbccgp - ok
22:52:56.0678 4508 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:52:56.0834 4508 usbcir - ok
22:52:57.0411 4508 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:52:57.0521 4508 usbehci - ok
22:52:58.0020 4508 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:52:58.0129 4508 usbhub - ok
22:52:58.0613 4508 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:52:58.0753 4508 usbohci - ok
22:52:59.0018 4508 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:52:59.0127 4508 usbprint - ok
22:52:59.0268 4508 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:59.0330 4508 USBSTOR - ok
22:52:59.0408 4508 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
22:52:59.0549 4508 usbuhci - ok
22:52:59.0611 4508 usbvideo (46f3a2912ef88cd8e87d4f9b304cd949) C:\Windows\system32\Drivers\usbvideo.sys
22:52:59.0705 4508 usbvideo - ok
22:52:59.0876 4508 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:52:59.0970 4508 UxSms - ok
22:53:00.0079 4508 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:53:00.0188 4508 vds - ok
22:53:00.0516 4508 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:53:00.0656 4508 vga - ok
22:53:01.0296 4508 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:53:01.0483 4508 VgaSave - ok
22:53:02.0060 4508 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:53:02.0107 4508 viaagp - ok
22:53:02.0310 4508 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:53:02.0419 4508 ViaC7 - ok
22:53:02.0637 4508 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:53:02.0778 4508 viaide - ok
22:53:02.0825 4508 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:53:02.0918 4508 volmgr - ok
22:53:03.0168 4508 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:53:03.0293 4508 volmgrx - ok
22:53:03.0558 4508 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:53:03.0698 4508 volsnap - ok
22:53:03.0839 4508 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:53:03.0948 4508 vsmraid - ok
22:53:04.0151 4508 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:53:04.0416 4508 VSS - ok
22:53:04.0587 4508 w22n51 - ok
22:53:04.0993 4508 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:53:05.0165 4508 W32Time - ok
22:53:05.0523 4508 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:53:05.0633 4508 WacomPen - ok
22:53:05.0960 4508 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:53:06.0085 4508 Wanarp - ok
22:53:06.0085 4508 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:53:06.0132 4508 Wanarpv6 - ok
22:53:06.0381 4508 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:53:06.0506 4508 wcncsvc - ok
22:53:06.0725 4508 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:53:06.0787 4508 WcsPlugInService - ok
22:53:07.0115 4508 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:53:07.0255 4508 Wd - ok
22:53:07.0458 4508 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:53:07.0551 4508 Wdf01000 - ok
22:53:07.0739 4508 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:53:07.0957 4508 WdiServiceHost - ok
22:53:07.0957 4508 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:53:08.0051 4508 WdiSystemHost - ok
22:53:08.0347 4508 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:53:08.0487 4508 WebClient - ok
22:53:08.0550 4508 websenselogserver - ok
22:53:08.0924 4508 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
22:53:09.0111 4508 Wecsvc - ok
22:53:09.0455 4508 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:53:09.0595 4508 wercplsupport - ok
22:53:09.0689 4508 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:53:09.0735 4508 WerSvc - ok
22:53:10.0063 4508 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:53:10.0406 4508 winachsf - ok
22:53:10.0422 4508 WinHttpAutoProxySvc - ok
22:53:11.0046 4508 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:53:11.0139 4508 Winmgmt - ok
22:53:11.0670 4508 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
22:53:11.0857 4508 WinRM - ok
22:53:12.0247 4508 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:53:12.0465 4508 Wlansvc - ok
22:53:13.0277 4508 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:53:13.0589 4508 wlidsvc - ok
22:53:13.0994 4508 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:53:14.0088 4508 WmiAcpi - ok
22:53:14.0634 4508 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:53:14.0790 4508 wmiApSrv - ok
22:53:15.0133 4508 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:53:15.0383 4508 WMPNetworkSvc - ok
22:53:15.0648 4508 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:53:15.0835 4508 WPCSvc - ok
22:53:16.0163 4508 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:53:16.0381 4508 WPDBusEnum - ok
22:53:16.0646 4508 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:53:16.0787 4508 WpdUsb - ok
22:53:17.0036 4508 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:53:17.0223 4508 WPFFontCache_v0400 - ok
22:53:17.0457 4508 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:53:17.0551 4508 ws2ifsl - ok
22:53:17.0910 4508 WSearch - ok
22:53:18.0690 4508 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:53:19.0173 4508 wuauserv - ok
22:53:19.0392 4508 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:53:19.0454 4508 WUDFRd - ok
22:53:19.0517 4508 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:53:19.0579 4508 wudfsvc - ok
22:53:19.0719 4508 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
22:53:19.0766 4508 XAudio - ok
22:53:19.0829 4508 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
22:53:20.0016 4508 XAudioService - ok
22:53:20.0063 4508 ZD1211BU(ZyDAS) - ok
22:53:20.0109 4508 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
22:53:21.0217 4508 \Device\Harddisk0\DR0 - ok
22:53:21.0264 4508 Boot (0x1200) (e321d25b4bedc50b2c4fd581072aa6ca) \Device\Harddisk0\DR0\Partition0
22:53:21.0342 4508 \Device\Harddisk0\DR0\Partition0 - ok
22:53:21.0404 4508 Boot (0x1200) (815abd82b839c21cdc040018e0958327) \Device\Harddisk0\DR0\Partition1
22:53:21.0467 4508 \Device\Harddisk0\DR0\Partition1 - ok
22:53:21.0467 4508 ============================================================
22:53:21.0467 4508 Scan finished
22:53:21.0467 4508 ============================================================
22:53:21.0513 4500 Detected object count: 6
22:53:21.0513 4500 Actual detected object count: 6
22:54:07.0767 4500 Com4Qlb ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:07.0767 4500 Com4Qlb ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:07.0783 4500 DfsC ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:07.0783 4500 DfsC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:07.0783 4500 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:07.0783 4500 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:07.0783 4500 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:07.0783 4500 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:07.0783 4500 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:07.0799 4500 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:07.0799 4500 SRTSPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:07.0799 4500 SRTSPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:52.0927 4184 Deinitialize success





ComboFix 12-04-20.03 - Jonno 21/04/2012 21:50:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1982.616 [GMT 1:00]
Running from: c:\users\Jonno\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62280$\1502930935
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB62280$\485945278\oemid
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\version
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\sp.Dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\KBL.LOG
c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 21:01 . 2012-04-21 21:04 -------- d-----w- c:\users\Jonno\AppData\Local\temp
2012-04-21 21:01 . 2012-04-21 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-19 22:48 . 2012-04-19 22:48 -------- d-----w- C:\_OTL
2012-04-19 18:18 . 2012-04-19 18:18 127488 ----a-w- c:\programdata\Microsoft\Windows\DRM\B9EC.tmp
2012-04-18 23:55 . 2012-04-18 23:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 20:54 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 20:54 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 20:54 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 20:54 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 20:51 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 20:51 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 23:55 . 2011-08-25 17:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2012-04-17 20:19 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E76DF49-9A69-4420-9021-B67D1C1A88B5}\mpengine.dll
2012-02-23 09:18 . 2010-03-29 00:21 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-13 20:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 20:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 20:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 20:31 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 20:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16 . 2012-03-13 20:31 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-03 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Jonno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sandboxu
pmounter
websenselogserver
TMBMServer
AlteraByteBlaster
Eplpdx02
bglivesvc
pdlndtdl
MegaSR
epsonbidirectionalservice
MXOFX
fsks
KMWDFilter
w22n51
ZD1211BU(ZyDAS)
upperdev
enxpsvr
VRFIL
cobbmservice
digisptiservice
wltrysvc
dptrackerd
toscosrv
pdiddcci
Evian
cwcspud
snareiis
mbmiodrvr
tbaspi
k56
symantecantibotwatcher
msfwsvc
eelsservice
netdevio
iftpsvc
EUSBMSD
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:55]
.
2012-04-10 c:\windows\Tasks\Norton Security Scan for Jonno.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-28 09:06]
.
2012-04-21 c:\windows\Tasks\User_Feed_Synchronization-{62A772F2-818E-4AA6-8DCC-DD30601E16E7}.job
- c:\windows\system32\msfeedssync.exe [2012-04-11 08:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=HP&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: blogspot.com\tvbdownload
TCP: DhcpNameServer = 192.168.2.1
DPF: {67DDCD98-1120-47C3-B47E-A4E6820A571F} - hxxp://www.pbworldnet.com/components/intranet.CAB
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-MiniStumbler - c:\program files\MiniStumbler\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-21 22:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,18,e5,d1,17,ca,5d,45,a2,51,e4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,18,e5,d1,17,ca,5d,45,a2,51,e4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3900)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-21 22:11:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-21 21:11
.
Pre-Run: 60,518,035,456 bytes free
Post-Run: 60,179,755,008 bytes free
.
- - End Of File - - 769D225F6DA5CCEB5DF57EF6685A1EB9
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep lets try to kill those next, could you either screen shot them or note what the missing files are please

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\windows\$NtUninstallKB62280$

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#7
don_qua

don_qua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

Ok, I re-ran Combofix as instructed, and it picked up one ZeroAccess infection this time. I let it do its thing and on reboot, a quickscan message popped up saying its detected ZeroAccess. I've got a print screen on word document but the website won't let me attach the file so I've listed down the details of the popup for you. The virus name is Trojan.Zeroaccess!kmem, filename is ntos, location is c:\windows\system32\, primary action is clean security risk, secondary action is quarantine, action description is risk was partially removed. Does this mean the virus is still about?

Oh, and the startup message missing link is an AppleSyncNotifier.exe missing link. It states that the application has failed to start because CoreFoundation.dll was not found. Reinstalling may fix the problem.



ComboFix 12-04-20.03 - Jonno 22/04/2012 0:26.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1982.656 [GMT 1:00]
Running from: c:\users\Jonno\Desktop\ComboFix.exe
Command switches used :: c:\users\Jonno\Documents\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 23:37 . 2012-04-21 23:38 -------- d-----w- c:\users\Jonno\AppData\Local\temp
2012-04-21 23:37 . 2012-04-21 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-19 22:48 . 2012-04-19 22:48 -------- d-----w- C:\_OTL
2012-04-19 18:18 . 2012-04-19 18:18 127488 ----a-w- c:\programdata\Microsoft\Windows\DRM\B9EC.tmp
2012-04-18 23:55 . 2012-04-18 23:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-17 20:19 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E76DF49-9A69-4420-9021-B67D1C1A88B5}\mpengine.dll
2012-04-11 20:54 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 20:54 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 20:54 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 20:54 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 20:51 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 20:51 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 23:55 . 2011-08-25 17:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 09:18 . 2010-03-29 00:21 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-13 20:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 20:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 20:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 20:31 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 20:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16 . 2012-03-13 20:31 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-03 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Jonno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sandboxu
pmounter
websenselogserver
TMBMServer
AlteraByteBlaster
Eplpdx02
bglivesvc
pdlndtdl
MegaSR
epsonbidirectionalservice
MXOFX
fsks
KMWDFilter
w22n51
ZD1211BU(ZyDAS)
upperdev
enxpsvr
VRFIL
cobbmservice
digisptiservice
wltrysvc
dptrackerd
toscosrv
pdiddcci
Evian
cwcspud
snareiis
mbmiodrvr
tbaspi
k56
symantecantibotwatcher
msfwsvc
eelsservice
netdevio
iftpsvc
EUSBMSD
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:55]
.
2012-04-10 c:\windows\Tasks\Norton Security Scan for Jonno.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-28 09:06]
.
2012-04-21 c:\windows\Tasks\User_Feed_Synchronization-{62A772F2-818E-4AA6-8DCC-DD30601E16E7}.job
- c:\windows\system32\msfeedssync.exe [2012-04-11 08:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=HP&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: blogspot.com\tvbdownload
TCP: DhcpNameServer = 192.168.2.1
DPF: {67DDCD98-1120-47C3-B47E-A4E6820A571F} - hxxp://www.pbworldnet.com/components/intranet.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 00:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,18,e5,d1,17,ca,5d,45,a2,51,e4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,18,e5,d1,17,ca,5d,45,a2,51,e4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-22 00:44:53
ComboFix-quarantined-files.txt 2012-04-21 23:44
ComboFix2.txt 2012-04-21 21:11
.
Pre-Run: 60,400,816,128 bytes free
Post-Run: 60,060,409,856 bytes free
.
- - End Of File - - 70F360019762FCB60BC58A375F60B397
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove that last annoyance - could you confirm that NTOS is no longer being reported

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [{AAC34A46-C58A-4151-AD62-C5627982DBE9}] C:\Users\Jonno\AppData\Roaming\.jbwmdesktop\dev\var\log\nvcplui.exe ()
    O4 - HKCU..\Run: [lphcnk8j0e185] C:\Windows\system32\lphcnk8j0e185.exe File not found
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
don_qua

don_qua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

I've re-run OTL as instructed. Log is copied below.

But I'm also still getting the quickscan popup message from Symantec Antivirus everytime I log on my computer. The message is the same as before except that this time, the action is 'left alone'. I clicked on the virus properties and it says that it is an internet browser temporary file cache. I also clicked on the option to clean it but its telling me that Symantec antivirus cannot perform that action because of the following reasons:-

i) The files have been moved or deleted
ii) The computer they are located on is turned off
iii) You are trying to clean files located in an email message
iv) You are trying to clean a compressed file in a container

There are also options to move the virus to quarantine, and delete it permanently, but I didn't want to click on any of those before I consulted you.




OTL logfile created on: 22/04/2012 14:20:53 - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jonno\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.69% Memory free
4.11 Gb Paging File | 3.29 Gb Available in Paging File | 80.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.51 Gb Total Space | 55.97 Gb Free Space | 40.70% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 2.03 Gb Free Space | 17.60% Space Free | Partition Type: NTFS

Computer Name: JONNO-HOME | User Name: Jonno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jonno\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\SavUI.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DoScan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\NetMeter\NetMeter.exe ()


========== Win32 Services (SafeList) ==========

SRV - (ZD1211BU(ZyDAS)) -- %systemroot%\system32\KMW_SYS.dll File not found
SRV - (wltrysvc) -- %systemroot%\system32\fastuserswitchingcompatibility.dll File not found
SRV - (websenselogserver) -- %systemroot%\system32\UxTuneUp.dll File not found
SRV - (w22n51) -- %systemroot%\system32\NSSvcMgr.dll File not found
SRV - (VRFIL) -- %systemroot%\system32\alg.dll File not found
SRV - (upperdev) -- %systemroot%\system32\NICSer_WPC300N.dll File not found
SRV - (toscosrv) -- %systemroot%\system32\isapnp.dll File not found
SRV - (TMBMServer) -- %systemroot%\system32\USBVCD.dll File not found
SRV - (tbaspi) -- %systemroot%\system32\vrservice.dll File not found
SRV - (symantecantibotwatcher) -- %systemroot%\system32\sonicstagemonitoring.dll File not found
SRV - (snareiis) -- %systemroot%\system32\adsexpb.dll File not found
SRV - (sandboxu) -- %systemroot%\system32\hsxhwazl.dll File not found
SRV - (pmounter) -- %systemroot%\system32\prepdrvr.dll File not found
SRV - (pdlndtdl) -- %systemroot%\system32\s616bus.dll File not found
SRV - (pdiddcci) -- %systemroot%\system32\RTL8169.dll File not found
SRV - (netdevio) -- %systemroot%\system32\ADIDTSFiltService.dll File not found
SRV - (MXOFX) -- %systemroot%\system32\cicssfs.scmmc223.dll File not found
SRV - (msfwsvc) -- %systemroot%\system32\usr11g.dll File not found
SRV - (MegaSR) -- %systemroot%\system32\aswtdi.dll File not found
SRV - (mbmiodrvr) -- %systemroot%\system32\NWFILTER.dll File not found
SRV - (KMWDFilter) -- %systemroot%\system32\si3114r.dll File not found
SRV - (k56) -- %systemroot%\system32\WBHWDOCT.dll File not found
SRV - (iftpsvc) -- %systemroot%\system32\symwsc.dll File not found
SRV - (fsks) -- %systemroot%\system32\RTHDMIAzAudService.dll File not found
SRV - (Evian) -- %systemroot%\system32\AtlsAud.dll File not found
SRV - (epsonbidirectionalservice) -- %systemroot%\system32\kwatchsvc.dll File not found
SRV - (Eplpdx02) -- %systemroot%\system32\aspnet_state.dll File not found
SRV - (enxpsvr) -- %systemroot%\system32\spmd.dll File not found
SRV - (eelsservice) -- %systemroot%\system32\nbf.dll File not found
SRV - (dptrackerd) -- %systemroot%\system32\3combootp.dll File not found
SRV - (digisptiservice) -- %systemroot%\system32\lusbaudio.dll File not found
SRV - (cwcspud) -- %systemroot%\system32\ftsata2.dll File not found
SRV - (cobbmservice) -- %systemroot%\system32\transcode360.dll File not found
SRV - (bglivesvc) -- %systemroot%\system32\ql1240.dll File not found
SRV - (AlteraByteBlaster) -- %systemroot%\system32\xfilt.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Jonno\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120414.016\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120414.016\NAVENG.SYS (Symantec Corporation)
DRV - (DfsC) -- C:\Windows\System32\drivers\dfsc.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (OA004Vid) -- C:\Windows\System32\drivers\OA004Vid.sys (Creative Technology Ltd.)
DRV - (OA004Ufd) -- C:\Windows\System32\drivers\OA004Ufd.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bd=HP&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {F88A65C1-01E9-4A87-87A8-EB4D347F576F}
IE - HKLM\..\SearchScopes\{5940A27E-2C28-4B4E-B1D4-BA8DF5E5FFC2}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{7A198281-3142-4E26-9BB8-19DDDB251401}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{F88A65C1-01E9-4A87-87A8-EB4D347F576F}: "URL" = http://slirsredirect...hpcnnbie7-en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {F88A65C1-01E9-4A87-87A8-EB4D347F576F}
IE - HKCU\..\SearchScopes\{5940A27E-2C28-4B4E-B1D4-BA8DF5E5FFC2}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{7A198281-3142-4E26-9BB8-19DDDB251401}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{F88A65C1-01E9-4A87-87A8-EB4D347F576F}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/07 22:07:28 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: AOL Search ()
CHR - default_search_provider: search_url = http://slirsredirect...hpcnnbie7-en-gb
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2012/04/22 14:17:49 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blogspot.com ([tvbdownload] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DDCD98-1120-47C3-B47E-A4E6820A571F} http://www.pbworldne...ts/intranet.CAB (intranet.download)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3EDD74B-CC64-4232-BAC5-052B9F541BF5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F16272DE-17E7-42BB-81CC-2BEA28F3D4A9}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jonno\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jonno\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/21 20:00:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 00:45:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/22 00:45:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/22 00:45:02 | 000,000,000 | ---D | C] -- C:\Users\Jonno\AppData\Local\temp
[2012/04/21 21:32:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/21 21:32:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/21 21:32:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/21 21:31:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/21 21:31:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/20 22:57:35 | 004,470,025 | R--- | C] (Swearware) -- C:\Users\Jonno\Desktop\ComboFix.exe
[2012/04/20 22:48:30 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonno\Desktop\tdsskiller.exe
[2012/04/20 00:04:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jonno\Desktop\aswMBR.exe
[2012/04/19 23:48:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/19 19:32:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jonno\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2012/04/22 14:20:19 | 000,027,335 | ---- | M] () -- C:\Users\Jonno\AppData\Roaming\nvModes.001
[2012/04/22 14:20:15 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/22 14:19:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 14:19:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 14:19:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 14:19:21 | 2079,154,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 14:18:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/04/22 14:17:49 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/22 00:37:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/22 00:30:27 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/22 00:30:27 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/21 21:22:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{62A772F2-818E-4AA6-8DCC-DD30601E16E7}.job
[2012/04/20 22:57:40 | 004,470,025 | R--- | M] (Swearware) -- C:\Users\Jonno\Desktop\ComboFix.exe
[2012/04/20 22:48:31 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonno\Desktop\tdsskiller.exe
[2012/04/20 00:08:10 | 000,000,512 | ---- | M] () -- C:\Users\Jonno\Desktop\MBR.dat
[2012/04/20 00:05:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jonno\Desktop\aswMBR.exe
[2012/04/19 19:32:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jonno\Desktop\OTL.exe
[2012/04/10 19:51:10 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jonno.job

========== Files Created - No Company Name ==========

[2012/04/21 21:32:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/21 21:32:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/21 21:32:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/21 21:32:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/21 21:32:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/20 00:08:10 | 000,000,512 | ---- | C] () -- C:\Users\Jonno\Desktop\MBR.dat
[2012/04/19 00:56:00 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/03 01:49:30 | 000,000,680 | ---- | C] () -- C:\Users\Jonno\AppData\Local\d3d9caps.dat
[2011/06/16 22:51:27 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys

========== LOP Check ==========

[2009/07/30 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\.jbwmdesktop
[2011/09/07 23:04:29 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\bwm
[2009/07/28 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Complete Diet Solution
[2009/03/19 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Magic Academy
[2009/05/01 20:27:16 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\Megaupload
[2009/05/02 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\NetMeter
[2008/09/19 22:44:08 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\TrojanHunter
[2010/04/29 00:02:42 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\uTorrent
[2008/07/19 17:13:38 | 000,000,000 | ---D | M] -- C:\Users\Jonno\AppData\Roaming\WildTangent
[2012/04/22 14:18:23 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/21 21:22:27 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{62A772F2-818E-4AA6-8DCC-DD30601E16E7}.job

========== Purity Check ==========



< End of report >
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Allow it to move it to quarantine.. I have emptied your temp files so there should be nothing there, unless it is seeing the catchme file (part of Combofix)

But reboot, move to quarantine, reboot and see if the warning appears again

Also are there any further problems ?
  • 0

#11
don_qua

don_qua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

The same Quickscan message keeps popping up everytime I reboot my computer. I've tried to clean, quarantine, and delete, but it wouldn't let me do either of that. You're probably right, Symantec antivirus could be reading the catchme file which is why it keeps picking up the zeroaccess virus everytime it runs a quickscan during startup. But because the actual virus isn't there anymore, it can't find it, thus not being able to do any of the above.

Two ways I can think which can get rid of this annoyance. Either I change the setting of my antivirus to stop scanning during startup, or I delete the catchme file (is that possible though?).

I'm also finding it impossible to completely update my antivirus. It gets to 99% and then stalls. Not sure if that has something to do with the virus or not.

Apart from that, everything else seems to be running ok. No more ordinal1109 message, and no more annoying missing link popup during start up.

Jon
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What I will do now is remove my tools and then could you download a fresh copy of Norton and install over the top of your current version.

If that fails to stop the stalling then uninstal followed by a re-install of Norton. Let me know how that goes

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - (catchme) -- C:\Users\Jonno\AppData\Local\Temp\catchme.sys File not found

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
don_qua

don_qua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Essexboy,

Thanks for everything, as always! My computer looks clean and works just fine. I'll have to re-download the antivirus as you've suggested, but I'll do that when I have the time. For now, I can live with the quickscan popup.

Thanks again mate.

Jon
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP