[Closed] My Sony VAIO laptop runs slows, possibly infected

By Fish hooK
Feb 11, 2012
Topic Status:
Not open for further replies.
  1. I'm no computer genius but I do know the signs if a infected computer. In this case it's my own laptop. My Sony Vaio Laptop takes long than it use to, to start-up or shut-down. Programs, files and folders are extremely sluggish when opening or closing.

    I currently use Norton Security Suite and Spybot to protect my laptop. Though Norton Security Suite does detect some viruses and trojans Spybot detected several questionable rootkits so. . .

    I've followed the 5-step Viruses/Spyware/Malware Preliminary Removal Instructions and post my logs in order starting with Spybot rootkit scan.

    Spybot rootkit scan

    // info: Rootkit removal help file
    // copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
    File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
    File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
    File:"Unknown ADS","C:\Users\Public\DRM:hex:$DATA"
    File:"Unknown ADS","C:\Users\Public\DRM:??????????:$DATA"
    File:"No admin in ACL","C:\Users\Owner\AppData\Local\Protexis\A8BBA62AEA.drv"
    File:"No admin in ACL","C:\Users\Owner\AppData\Local\Protexis\KGyGaAvL.drv"
    File:"No admin in ACL","C:\System Volume Information\SystemRestore\System Volume Information"
    File:"No admin in ACL","C:\System Volume Information\EfaData\sdmys_3570D02EB40A41774BFBFFFE"
    File:"No admin in ACL","C:\System Volume Information\EfaData\sdmys_398DD697FFD65C24CB701BCA"
    File:"No admin in ACL","C:\System Volume Information\EfaData\sdmys_E7230C5605C37C521C547659"
    File:"No admin in ACL","C:\System Volume Information\EfaData\sdmys_E7230C5605C37C5245645DFE"
    File:"No admin in ACL","C:\System Volume Information\EfaData\SYMEFA.DB"
    File:"No admin in ACL","C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.ldf"
    File:"No admin in ACL","C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.mdf"
    File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine"
    File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\perflogs\System\Diagnostics\20100405-0005\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
    Directory:"Hidden directory","Global run entries"
    Directory:"Hidden directory","Winlogon entries"
    Directory:"Hidden directory","Invisible processes (from handles)"
    Directory:"Hidden directory","Invisible processes (from threads)"


    MBAM

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.11.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: HAROLD [administrator]

    Protection: Enabled

    2/11/2012 12:40:25 PM
    mbam-log-2012-02-11 (12-40-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218016
    Time elapsed: 9 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-11 11:08:37
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
    Running: jcd7u3yo.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwldipog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs ComcastSecureBackupShare.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
  3. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 21:17:48 on 2012-02-11
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.753 [GMT -4:00]
    .
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\TUProgSt.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Constant Guard Protection Suite\IDVault.exe
    C:\Users\Owner\Documents\ComcastSecureBackupSharebackup.exe
    C:\Users\Owner\Documents\ComcastSecureBackupSharebackup.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
    uStart Page = hxxp://www.yahoo.com
    uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
    mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3049c3e9-b461-4bc5-8870-4c09146192ca} - RealPlayer Download and Record Plugin for Internet Explorer
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: SDHelper: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    Trusted Zone: netzero.com
    Trusted Zone: netzero.net
    Trusted Zone: trymedia.com\fe
    Trusted Zone: yahoo.com\www
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{BAA22DBF-3AF1-4E9F-896D-C96ACE840C31} : DhcpNameServer = 204.117.214.10 199.2.252.10
    TCP: Interfaces\{D0A11D77-D994-4284-89E4-4A189D2C1670} : DhcpNameServer = 204.117.214.10 199.2.252.10
    TCP: Interfaces\{EEEA5FFE-7699-4D76-8096-5B086B1CA64E} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{F666642D-3F22-4E96-A412-C0F02AA30A46} : DhcpNameServer = 192.168.2.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    Notify: VESWinlogon - VESWinlogon.dll
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
    IFEO: taskmgr.exe - c:\program files\tuneup utilities 2009\PMLauncher.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-8 820344]
    R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2011-7-15 54776]
    R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-7-15 25232]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120210.002\IDSvix86.sys [2012-2-11 368248]
    R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2012-1-3 38504]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-2-7 331384]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\users\owner\documents\ComcastSecureBackupSharebackup.exe [2010-12-14 15592]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-5 21504]
    R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-1-31 65096]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-11 652360]
    R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-5 106104]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-11 20464]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-11 40776]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2011-6-22 4232704]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-1-9 72704]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-1-9 43904]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-1-9 30976]
    R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-1-9 227328]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
    S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2012-1-3 130976]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-1-3 892336]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-1-3 955816]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-1-3 169624]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
    S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
    S3 SampleCollector;Intel(R) Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-4-6 122880]
    S3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [2007-1-9 699264]
    S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\system32\drivers\swnc8u90.sys [2008-8-20 168192]
    S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\drivers\swumx90.sys [2008-8-20 142976]
    S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-1-9 774528]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-1-19 741376]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-1-19 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-1-19 1089536]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-02-12 00:40:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-02-11 08:40:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-11 08:40:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-07 22:44:13 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
    2012-02-07 22:44:13 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
    2012-02-07 22:44:13 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
    2012-02-07 22:44:13 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
    2012-02-07 22:44:13 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
    2012-02-07 22:44:13 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
    2012-02-07 22:44:13 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
    2012-02-07 22:43:29 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
    2012-02-01 16:11:12 -------- dc----w- C:\ProcAlyzer Dumps
    2012-01-26 17:19:36 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2012-01-13 21:12:02 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-13 21:12:01 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-13 21:12:01 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-13 21:12:00 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-13 21:11:59 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-13 21:11:59 72704 ----a-w- c:\windows\system32\secur32.dll
    .
    ==================== Find3M ====================
    .
    2012-01-26 05:46:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-03 19:48:55 14664 ----a-w- c:\windows\stinger.sys
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
    .
    ============= FINISH: 21:19:24.45 ===============
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! Can you tell me where you saw the Spybot Rootkit in our thread? You should only run the scan you are directed to.

    Please uninstall the following:
    UTorrent Toolbar
    Conduit Engine

    Use Add/Remove Programs to uninstall. Then use Windows Explorer to access Computer> Local Drive (C)> Programs> Find the program folder for each and do a right click> Delete.

    Please disable c:\program files\tuneup utilities 2009 while I'm helping you. It's best it's not working in the background.

    There is another log from the DDS scan. Please find Attach.txt on your system and paste it in your next reply. Do not zip it.

    If you look at that logs, unless you have already cleaned them up, you will find a very log list of pre-loads that Sony put on the system. Most people don't use all of them and it's always good to remove the preloads you don't use.

    Please remove all of the following from the Trusted Zone:
    Trusted Zone: netzero.com
    Trusted Zone: netzero.net
    Trusted Zone: trymedia.com\fe
    Trusted Zone: yahoo.com\www
    Nothing needs to be in this zone The security is lower and it's a vulnerability to the system.
    Access Internet Options> Security tab> Click on Trusted Sites> Sites> highlight each Domain above> Remove.

    Please do not use the ProcAlyzer while I'm helping you.

    The things I've mentioned above can interfere with what I have you do. We need the system to be a stable as possible with as little 'other' influence as possible.
    =======================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =============================
    Please include logs from Attach.txt, Combofix and the Eset scan in your next reply.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
  5. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    Thanks for the speedy reply Bobbye. I will get back into it tomorrow:cool:
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay. Post when ready.
  7. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    Attach.txt

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/15/2007 8:29:04 PM
    System Uptime: 2/13/2012 8:35:49 PM (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | N/A | 1667/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 143 GiB total, 69.817 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0009
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #9
    PNP Device ID: ROOT\*ISATAP\0009
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP1792: 2/13/2012 5:18:25 PM - Removed TuneUp Utilities 2009
    .
    ==== Installed Programs ======================
    .
    18 Wheels of Steel: Haulin'
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.1)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advanced RAR Password Recovery (remove only)
    Alps Pointing-device for VAIO
    Apple Application Support
    AppMon Utility
    AV Mode Button Utility
    Bing Maps 3D
    CCleaner
    Connect
    Constant Guard Protection Suite
    D3DX10
    Google Chrome
    Google Update Helper
    GuardedID
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ieSpell
    Intel(R) Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Internet Explorer (Enable DEP)
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    K-Lite Codec Pack 7.1.0 (Basic)
    kuler
    LAN Setting Utility
    Learn2 Player (Uninstall Only)
    LiveUpdate 3.2 (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.60.1.1000
    Map Button (Windows Live Toolbar)
    MCEBrowser
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Norton Security Suite
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenMG Secure Module 4.6.01
    Paint.NET v3.5.8
    PDF Settings CS4
    PhotoScape
    Photoshop Camera Raw
    QuickTime
    RTC Client API v1.2
    Secure Backup and Share
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Segoe UI
    Setting Utility Series
    Skype™ 5.5
    Smart Menus (Windows Live Toolbar)
    Sony Noise Reduction Plug-In 2.0e
    Sony Snymsico for Vista
    Sony Utilities DLL
    Spybot - Search & Destroy 2
    Suite Shared Configuration CS4
    SupportSoft Assisted Service
    System Requirements Lab
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VAIO Camera Capture Utility
    VAIO Camera Utility
    VAIO Care
    VAIO Central
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Help And Support
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.0
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool 6.0
    VAIO OOBE
    VAIO Photo 2007
    VAIO Power Management
    VAIO Security Center
    VAIO Survey
    VAIO Update 3
    VAIO Video & Photo Suite
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    Windows Driver Package - NVIDIA (nvlddmkm) Display (02/20/2007 7.15.10.9813)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Favorites for Windows Live Toolbar
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinDVD for VAIO
    WinRAR archiver
    Wireless Switch Setting Utility
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Yontoo Layers Client 1.10.01
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/8/2012 7:34:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VAIO Event Service service.
    2/13/2012 8:52:01 PM, Error: Service Control Manager [7034] - The Spybot S&D 2 Live Protection Service service terminated unexpectedly. It has done this 1 time(s).
    2/13/2012 8:36:57 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/13/2012 8:36:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:33:56 PM on 2/13/2012 was unexpected.
    2/13/2012 3:06:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
    2/12/2012 5:20:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    2/11/2012 7:38:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0019D25B9B38 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    2/11/2012 7:38:18 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013A98371A1. The following error occurred: Element not found.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    2/10/2012 6:09:09 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    .
    ==== End Of File ===========================




    Question. . . should I perform a back-up before running ComboFix so I won't lose any work, important documents or images?
  8. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    Norton is not allowing me to download ComboFix.exe from either download site. As soon as I elect to save ComboFix.exe. I even tried "save as" to my desktop but once Norton analyzes for threats it detected a Trojan(Trojan.ADH.2) and removed.

    What do I do now:confused:
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Combofix creates a backup

    Regarding Norton and the Trojan.ADH.2 per Symantec:
    If the above does not work for you:

    Boot into Safe Mode with Networking
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networkingoption when the Windows Advanced Options menu appears, and then press ENTER.

    Download and run Combofix. It is not a Trojan.
  10. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    Downloaded and ran ComboFix in Safe Mode with Networking:

    log.txt

    ComboFix 12-02-15.01 - Owner 02/15/2012 12:43:38.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1583 [GMT -4:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\pswi_preloaded.exe
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\users\Mcx1\Favorites\ehthumbs_vista.db
    c:\users\Owner\AppData\Roaming\inst.exe
    c:\users\Owner\Documents\about.html
    c:\windows\system32\GroupPolicy\Machine\Registry.pol
    c:\windows\system32\jgaw400.dll
    c:\windows\system32\nsa2A3E.tmp
    c:\windows\system32\nsq29FF.tmp
    c:\windows\system32\rnaph.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-15 16:52 . 2012-02-15 16:52 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-02-11 08:40 . 2012-02-11 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-11 08:40 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-07 22:43 . 2012-02-08 15:46 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
    2012-02-01 16:11 . 2012-02-01 16:11 -------- dc----w- C:\ProcAlyzer Dumps
    2012-01-26 17:19 . 2012-01-26 17:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 05:46 . 2011-05-17 21:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-03 19:48 . 2012-01-03 19:27 14664 ----a-w- c:\windows\stinger.sys
    2011-11-25 15:59 . 2012-01-11 20:14 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37 . 2011-12-14 13:21 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 20:23 . 2012-01-11 20:14 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-18 17:47 . 2012-01-11 20:14 66560 ----a-w- c:\windows\system32\packager.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2010-10-14 17:56 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
    @="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
    [HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
    2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
    @="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
    [HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
    2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
    @="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
    [HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
    2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-1-31 4720200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-12-14 23:06 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    "NortonUpdateAgent"=c:\programdata\Norton\NUA.exe
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "GIDDesktop"=c:\program files\SFT\GuardedID\gidd.exe /s
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 13:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-01-03 19:46]
    .
    2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
    .
    2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
    .
    2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
    .
    2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
    .
    2012-01-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-01-03 19:46]
    .
    2012-01-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-01-03 19:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-15 12:52
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(260)
    c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    c:\users\Owner\Documents\LIBEAY32.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-02-15 12:58:28
    ComboFix-quarantined-files.txt 2012-02-15 16:58
    .
    Pre-Run: 63,655,182,336 bytes free
    Post-Run: 63,579,848,704 bytes free
    .
    - - End Of File - - 76509CA96EA536974B9DF94F92C48C08



    Note: Ran ESET Online Scanner. Zero threats detected(no log).
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Questions and comments:

    1. Did you follow my suggestions to uninstall uTorrent and the Conduit Engine?
    2. Did you make note excess Vaio programs?
    3. You show NetZero as the home page>> why? Your ISP is Comcast- is that correct?
    4. Comcast provides their subscribers with the Constant Guard™ Protection Suite from xfinity. It Includes Secure Backup & Share, and now IDENTITY GUARD® and Norton™ Security Suite.
    http://xfinity.comcast.net/constantguard/Products/CGPS/
    I note entries for Norton 360. Are you using the security provided free from Comcast or did you install Norton Security or 360 separately?
    ==================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DDS::
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    Trusted Zone: netzero.com
    Trusted Zone: netzero.net
    Trusted Zone: trymedia.com\fe
    Trusted Zone: yahoo.com\www
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Please temporarily disable the following Spybot S&D Scheduled Tasks. I don't want it scanning and updating in the background:
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    • To prevent task from running until you run again>
      [o] right-click the task> Properties> On the General tab>
      [o] clear the Enabled check box>
      c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy)
      c:\windows\Tasks\Scan the system (Spybot - Search & Destroy)
    • Select the check box again when you are ready to run it again.
    ======================================
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Save the log and include in next reply.
      ==================================
      Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
      When scan has finished, you will see this image:
      [​IMG]
      • Click on OK to close box and continue.
      • Click on the Show Results button.
      • Click on the Remove Selected button to remove all the listed malware.
      • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    • A reboot is required after disinfection.
     
  12. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    1. uTorrent and Conduit Engine have been uninstalled since previous post.
    2. I uninstalled Vaio programs I understood or not used.
    3. Not sure why NetZero is my homepage. It's uninstalled, Yahoo is homepage for IE.
    Comcast is my ISP.
    4. Constant Guard™ Protection Suite from xfinity is installed and running. Not sure why
    Norton 360 is still an entry, it's been uninstalled for almost 2yrs.

    ComboFix.txt

    ComboFix 12-02-17.02 - Owner 02/19/2012 4:30.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1585 [GMT -4:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\users\Owner\Desktop\CFScript.txt
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\yontoo layers client\YontooIEClient.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-16 18:43 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 18:43 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-16 18:43 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-02-11 08:40 . 2012-02-11 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-11 08:40 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-07 22:43 . 2012-02-08 15:46 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
    2012-02-01 16:11 . 2012-02-01 16:11 -------- dc----w- C:\ProcAlyzer Dumps
    2012-01-26 17:19 . 2012-01-26 17:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 05:46 . 2011-05-17 21:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-03 19:48 . 2012-01-03 19:27 14664 ----a-w- c:\windows\stinger.sys
    2011-11-25 15:59 . 2012-01-11 20:14 376320 ----a-w- c:\windows\system32\winsrv.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
    @="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
    [HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
    2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
    @="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
    [HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
    2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
    @="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
    [HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
    2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-2-15 4720200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-12-14 23:06 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    "NortonUpdateAgent"=c:\programdata\Norton\NUA.exe
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "GIDDesktop"=c:\program files\SFT\GuardedID\gidd.exe /s
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 13:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
    .
    2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
    .
    2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
    .
    2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    TCP: DhcpNameServer = 192.168.2.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-19 04:39
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1832)
    c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    c:\users\Owner\Documents\LIBEAY32.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-02-19 04:46:52
    ComboFix-quarantined-files.txt 2012-02-19 08:46
    ComboFix2.txt 2012-02-15 16:58
    .
    Pre-Run: 65,878,523,904 bytes free
    Post-Run: 65,840,373,760 bytes free
    .
    - - End Of File - - ED45AAD0E63E70A7939EA12F1CE577C6
  13. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    TDSSKiller.2.7.13.0_19.02.2012_05.00.56_log.txt


    05:00:56.0828 2732 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
    05:00:56.0900 2732 ============================================================
    05:00:56.0900 2732 Current date / time: 2012/02/19 05:00:56.0900
    05:00:56.0900 2732 SystemInfo:
    05:00:56.0901 2732
    05:00:56.0901 2732 OS Version: 6.0.6002 ServicePack: 2.0
    05:00:56.0901 2732 Product type: Workstation
    05:00:56.0901 2732 ComputerName: HAROLD
    05:00:56.0901 2732 UserName: Owner
    05:00:56.0901 2732 Windows directory: C:\Windows
    05:00:56.0901 2732 System windows directory: C:\Windows
    05:00:56.0901 2732 Processor architecture: Intel x86
    05:00:56.0901 2732 Number of processors: 2
    05:00:56.0901 2732 Page size: 0x1000
    05:00:56.0901 2732 Boot type: Normal boot
    05:00:56.0901 2732 ============================================================
    05:00:57.0475 2732 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    05:00:57.0480 2732 \Device\Harddisk0\DR0:
    05:00:57.0481 2732 MBR used
    05:00:57.0481 2732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xCC5800, BlocksNum 0x11D53EB0
    05:00:57.0519 2732 Initialize success
    05:00:57.0519 2732 ============================================================
    05:01:37.0234 0764 ============================================================
    05:01:37.0234 0764 Scan started
    05:01:37.0234 0764 Mode: Manual;
    05:01:37.0234 0764 ============================================================
    05:01:37.0553 0764 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    05:01:37.0556 0764 ACPI - ok
    05:01:37.0630 0764 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
    05:01:37.0633 0764 adfs - ok
    05:01:37.0741 0764 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    05:01:37.0751 0764 adp94xx - ok
    05:01:37.0834 0764 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    05:01:37.0840 0764 adpahci - ok
    05:01:37.0984 0764 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    05:01:37.0986 0764 adpu160m - ok
    05:01:38.0071 0764 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    05:01:38.0075 0764 adpu320 - ok
    05:01:38.0175 0764 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    05:01:38.0181 0764 AFD - ok
    05:01:38.0321 0764 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    05:01:38.0323 0764 agp440 - ok
    05:01:38.0401 0764 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    05:01:38.0404 0764 aic78xx - ok
    05:01:38.0483 0764 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    05:01:38.0485 0764 aliide - ok
    05:01:38.0542 0764 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    05:01:38.0544 0764 amdagp - ok
    05:01:38.0661 0764 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    05:01:38.0662 0764 amdide - ok
    05:01:38.0737 0764 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    05:01:38.0739 0764 AmdK7 - ok
    05:01:38.0812 0764 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    05:01:38.0813 0764 AmdK8 - ok
    05:01:38.0891 0764 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
    05:01:38.0895 0764 ApfiltrService - ok
    05:01:39.0037 0764 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    05:01:39.0040 0764 arc - ok
    05:01:39.0254 0764 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    05:01:39.0257 0764 arcsas - ok
    05:01:39.0358 0764 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    05:01:39.0359 0764 AsyncMac - ok
    05:01:39.0443 0764 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    05:01:39.0444 0764 atapi - ok
    05:01:39.0545 0764 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    05:01:39.0546 0764 Beep - ok
    05:01:39.0808 0764 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
    05:01:39.0851 0764 BHDrvx86 - ok
    05:01:39.0977 0764 blbdrive - ok
    05:01:40.0050 0764 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    05:01:40.0052 0764 bowser - ok
    05:01:40.0120 0764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    05:01:40.0121 0764 BrFiltLo - ok
    05:01:40.0265 0764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    05:01:40.0266 0764 BrFiltUp - ok
    05:01:40.0407 0764 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    05:01:40.0409 0764 Brserid - ok
    05:01:40.0491 0764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    05:01:40.0493 0764 BrSerWdm - ok
    05:01:40.0545 0764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    05:01:40.0546 0764 BrUsbMdm - ok
    05:01:40.0606 0764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    05:01:40.0608 0764 BrUsbSer - ok
    05:01:40.0667 0764 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    05:01:40.0669 0764 BTHMODEM - ok
    05:01:40.0744 0764 catchme - ok
    05:01:40.0920 0764 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    05:01:40.0922 0764 cdfs - ok
    05:01:40.0992 0764 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
    05:01:40.0993 0764 Cdr4_xp - ok
    05:01:41.0032 0764 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
    05:01:41.0033 0764 Cdralw2k - ok
    05:01:41.0111 0764 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    05:01:41.0113 0764 cdrom - ok
    05:01:41.0259 0764 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    05:01:41.0260 0764 circlass - ok
    05:01:41.0349 0764 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    05:01:41.0355 0764 CLFS - ok
    05:01:41.0472 0764 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    05:01:41.0473 0764 CmBatt - ok
    05:01:41.0614 0764 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    05:01:41.0615 0764 cmdide - ok
    05:01:41.0705 0764 ComcastSecureBackupShareFilter (b8e08bfcab2be31804cea983d2094faf) C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys
    05:01:41.0707 0764 ComcastSecureBackupShareFilter - ok
    05:01:41.0788 0764 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    05:01:41.0790 0764 Compbatt - ok
    05:01:41.0832 0764 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    05:01:41.0834 0764 crcdisk - ok
    05:01:41.0982 0764 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    05:01:41.0984 0764 Crusoe - ok
    05:01:42.0079 0764 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    05:01:42.0082 0764 DfsC - ok
    05:01:42.0178 0764 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    05:01:42.0180 0764 disk - ok
    05:01:42.0229 0764 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
    05:01:42.0230 0764 DMICall - ok
    05:01:42.0413 0764 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    05:01:42.0414 0764 drmkaud - ok
    05:01:42.0523 0764 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    05:01:42.0552 0764 DXGKrnl - ok
    05:01:42.0711 0764 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\Windows\system32\DRIVERS\e100b325.sys
    05:01:42.0714 0764 E100B - ok
    05:01:42.0791 0764 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    05:01:42.0795 0764 E1G60 - ok
    05:01:42.0973 0764 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    05:01:42.0976 0764 Ecache - ok
    05:01:43.0266 0764 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    05:01:43.0274 0764 eeCtrl - ok
    05:01:43.0428 0764 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    05:01:43.0436 0764 elxstor - ok
    05:01:43.0538 0764 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    05:01:43.0541 0764 EraserUtilRebootDrv - ok
    05:01:43.0633 0764 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    05:01:43.0637 0764 exfat - ok
    05:01:43.0754 0764 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    05:01:43.0758 0764 fastfat - ok
    05:01:43.0872 0764 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    05:01:43.0875 0764 fdc - ok
    05:01:44.0014 0764 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    05:01:44.0016 0764 FileInfo - ok
    05:01:44.0098 0764 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    05:01:44.0100 0764 Filetrace - ok
    05:01:44.0286 0764 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    05:01:44.0288 0764 flpydisk - ok
    05:01:44.0408 0764 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    05:01:44.0412 0764 FltMgr - ok
    05:01:44.0537 0764 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    05:01:44.0539 0764 fssfltr - ok
    05:01:44.0614 0764 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    05:01:44.0616 0764 Fs_Rec - ok
    05:01:44.0730 0764 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    05:01:44.0732 0764 gagp30kx - ok
    05:01:44.0842 0764 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    05:01:44.0846 0764 GEARAspiWDM - ok
    05:01:44.0982 0764 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
    05:01:44.0983 0764 GIDv2 - ok
    05:01:45.0096 0764 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    05:01:45.0102 0764 HdAudAddService - ok
    05:01:45.0315 0764 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    05:01:45.0343 0764 HDAudBus - ok
    05:01:45.0455 0764 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    05:01:45.0457 0764 HidBth - ok
    05:01:45.0525 0764 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    05:01:45.0527 0764 HidIr - ok
    05:01:45.0642 0764 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    05:01:45.0643 0764 HidUsb - ok
    05:01:45.0744 0764 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    05:01:45.0746 0764 HpCISSs - ok
    05:01:45.0908 0764 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    05:01:45.0914 0764 HSFHWAZL - ok
    05:01:46.0070 0764 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    05:01:46.0113 0764 HSF_DPV - ok
    05:01:46.0227 0764 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    05:01:46.0231 0764 HSXHWAZL - ok
    05:01:46.0337 0764 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    05:01:46.0345 0764 HTTP - ok
    05:01:46.0430 0764 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    05:01:46.0432 0764 i2omp - ok
    05:01:46.0571 0764 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    05:01:46.0572 0764 i8042prt - ok
    05:01:46.0679 0764 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\DRIVERS\iaStor.sys
    05:01:46.0681 0764 iaStor - ok
    05:01:46.0768 0764 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    05:01:46.0773 0764 iaStorV - ok
    05:01:47.0028 0764 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120217.003\IDSvix86.sys
    05:01:47.0036 0764 IDSVix86 - ok
    05:01:47.0217 0764 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    05:01:47.0218 0764 iirsp - ok
    05:01:47.0315 0764 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    05:01:47.0316 0764 intelide - ok
    05:01:47.0361 0764 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    05:01:47.0363 0764 intelppm - ok
    05:01:47.0451 0764 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    05:01:47.0452 0764 IpFilterDriver - ok
    05:01:47.0536 0764 IpInIp - ok
    05:01:47.0679 0764 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    05:01:47.0681 0764 IPMIDRV - ok
    05:01:47.0764 0764 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    05:01:47.0767 0764 IPNAT - ok
    05:01:47.0856 0764 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    05:01:47.0859 0764 IRENUM - ok
    05:01:47.0952 0764 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    05:01:47.0955 0764 isapnp - ok
    05:01:48.0149 0764 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    05:01:48.0153 0764 iScsiPrt - ok
    05:01:48.0218 0764 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    05:01:48.0219 0764 iteatapi - ok
    05:01:48.0332 0764 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    05:01:48.0334 0764 iteraid - ok
    05:01:48.0487 0764 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    05:01:48.0488 0764 kbdclass - ok
    05:01:48.0561 0764 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    05:01:48.0563 0764 kbdhid - ok
    05:01:48.0698 0764 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    05:01:48.0708 0764 KSecDD - ok
    05:01:49.0005 0764 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    05:01:49.0007 0764 lltdio - ok
    05:01:49.0108 0764 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    05:01:49.0110 0764 LSI_FC - ok
    05:01:49.0190 0764 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    05:01:49.0193 0764 LSI_SAS - ok
    05:01:49.0266 0764 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    05:01:49.0269 0764 LSI_SCSI - ok
    05:01:49.0376 0764 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    05:01:49.0378 0764 luafv - ok
    05:01:49.0561 0764 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    05:01:49.0563 0764 MBAMProtector - ok
    05:01:49.0664 0764 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    05:01:49.0665 0764 mdmxsdk - ok
    05:01:49.0737 0764 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    05:01:49.0739 0764 megasas - ok
    05:01:49.0842 0764 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    05:01:49.0843 0764 Modem - ok
    05:01:49.0985 0764 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    05:01:49.0986 0764 monitor - ok
    05:01:50.0095 0764 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    05:01:50.0097 0764 mouclass - ok
    05:01:50.0133 0764 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    05:01:50.0134 0764 mouhid - ok
    05:01:50.0221 0764 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    05:01:50.0223 0764 MountMgr - ok
    05:01:50.0372 0764 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    05:01:50.0375 0764 mpio - ok
    05:01:50.0475 0764 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    05:01:50.0477 0764 mpsdrv - ok
    05:01:50.0548 0764 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    05:01:50.0550 0764 Mraid35x - ok
    05:01:50.0651 0764 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    05:01:50.0654 0764 MRxDAV - ok
    05:01:50.0812 0764 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    05:01:50.0818 0764 mrxsmb - ok
    05:01:50.0941 0764 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    05:01:50.0946 0764 mrxsmb10 - ok
    05:01:51.0271 0764 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    05:01:51.0274 0764 mrxsmb20 - ok
    05:01:51.0358 0764 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    05:01:51.0360 0764 msahci - ok
    05:01:51.0452 0764 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    05:01:51.0454 0764 msdsm - ok
    05:01:51.0618 0764 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    05:01:51.0619 0764 Msfs - ok
    05:01:51.0701 0764 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    05:01:51.0703 0764 msisadrv - ok
    05:01:51.0802 0764 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    05:01:51.0807 0764 MSKSSRV - ok
    05:01:51.0921 0764 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    05:01:51.0923 0764 MSPCLOCK - ok
    05:01:52.0069 0764 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    05:01:52.0199 0764 MSPQM - ok
    05:01:52.0292 0764 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    05:01:52.0297 0764 MsRPC - ok
    05:01:52.0412 0764 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    05:01:52.0414 0764 mssmbios - ok
    05:01:52.0530 0764 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    05:01:52.0531 0764 MSTEE - ok
    05:01:52.0717 0764 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    05:01:52.0719 0764 Mup - ok
    05:01:52.0855 0764 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    05:01:52.0859 0764 NativeWifiP - ok
    05:01:53.0123 0764 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120218.008\NAVENG.SYS
    05:01:53.0127 0764 NAVENG - ok
    05:01:53.0236 0764 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120218.008\NAVEX15.SYS
    05:01:53.0321 0764 NAVEX15 - ok
    05:01:53.0518 0764 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    05:01:53.0546 0764 NDIS - ok
    05:01:53.0604 0764 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    05:01:53.0606 0764 NdisTapi - ok
    05:01:53.0706 0764 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    05:01:53.0707 0764 Ndisuio - ok
    05:01:53.0883 0764 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    05:01:53.0886 0764 NdisWan - ok
    05:01:54.0036 0764 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    05:01:54.0038 0764 NDProxy - ok
    05:01:54.0301 0764 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    05:01:54.0302 0764 NetBIOS - ok
    05:01:54.0421 0764 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    05:01:54.0425 0764 netbt - ok
    05:01:54.0670 0764 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
    05:01:54.0827 0764 NETw3v32 - ok
    05:01:55.0103 0764 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
    05:01:55.0273 0764 NETw5v32 - ok
    05:01:55.0507 0764 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    05:01:55.0509 0764 nfrd960 - ok
    05:01:55.0608 0764 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    05:01:55.0610 0764 Npfs - ok
    05:01:55.0709 0764 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    05:01:55.0710 0764 nsiproxy - ok
    05:01:55.0985 0764 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    05:01:56.0028 0764 Ntfs - ok
    05:01:56.0141 0764 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    05:01:56.0143 0764 ntrigdigi - ok
    05:01:56.0303 0764 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    05:01:56.0304 0764 Null - ok
    05:01:56.0585 0764 nvlddmkm (97144f45e6cc5e11f1465e466c9f6c65) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    05:01:56.0769 0764 nvlddmkm - ok
    05:01:56.0923 0764 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    05:01:56.0926 0764 nvraid - ok
    05:01:57.0177 0764 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    05:01:57.0179 0764 nvstor - ok
    05:01:57.0376 0764 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    05:01:57.0380 0764 nv_agp - ok

    1 of 3
  14. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    05:01:57.0446 0764 NwlnkFlt - ok
    05:01:57.0508 0764 NwlnkFwd - ok
    05:01:57.0639 0764 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    05:01:57.0640 0764 ohci1394 - ok
    05:01:57.0806 0764 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    05:01:57.0811 0764 Parport - ok
    05:01:57.0952 0764 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    05:01:57.0954 0764 partmgr - ok
    05:01:58.0026 0764 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    05:01:58.0027 0764 Parvdm - ok
    05:01:58.0242 0764 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    05:01:58.0246 0764 pci - ok
    05:01:58.0324 0764 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
    05:01:58.0325 0764 pciide - ok
    05:01:58.0419 0764 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    05:01:58.0423 0764 pcmcia - ok
    05:01:58.0648 0764 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    05:01:58.0651 0764 pcouffin - ok
    05:01:58.0785 0764 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    05:01:58.0871 0764 PEAUTH - ok
    05:01:59.0147 0764 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    05:01:59.0149 0764 PptpMiniport - ok
    05:01:59.0246 0764 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    05:01:59.0248 0764 Processor - ok
    05:01:59.0373 0764 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    05:01:59.0375 0764 PSched - ok
    05:01:59.0445 0764 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
    05:01:59.0447 0764 PxHelp20 - ok
    05:01:59.0590 0764 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    05:01:59.0633 0764 ql2300 - ok
    05:01:59.0744 0764 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    05:01:59.0747 0764 ql40xx - ok
    05:01:59.0904 0764 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    05:01:59.0905 0764 QWAVEdrv - ok
    05:01:59.0996 0764 R5U870FLx86 (f2b3e0e54817becdedbc095b25daa248) C:\Windows\system32\Drivers\R5U870FLx86.sys
    05:01:59.0998 0764 R5U870FLx86 - ok
    05:02:00.0053 0764 R5U870FUx86 (5f598e844e7a465932507314444bd97a) C:\Windows\system32\Drivers\R5U870FUx86.sys
    05:02:00.0055 0764 R5U870FUx86 - ok
    05:02:00.0168 0764 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    05:02:00.0169 0764 RasAcd - ok
    05:02:00.0311 0764 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    05:02:00.0313 0764 Rasl2tp - ok
    05:02:00.0432 0764 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    05:02:00.0434 0764 RasPppoe - ok
    05:02:00.0571 0764 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    05:02:00.0573 0764 RasSstp - ok
    05:02:00.0692 0764 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    05:02:00.0698 0764 rdbss - ok
    05:02:00.0862 0764 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    05:02:00.0863 0764 RDPCDD - ok
    05:02:00.0966 0764 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    05:02:00.0972 0764 rdpdr - ok
    05:02:01.0134 0764 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    05:02:01.0135 0764 RDPENCDD - ok
    05:02:01.0298 0764 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    05:02:01.0303 0764 RDPWD - ok
    05:02:01.0686 0764 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    05:02:01.0688 0764 ROOTMODEM - ok
    05:02:01.0789 0764 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    05:02:01.0791 0764 rspndr - ok
    05:02:01.0943 0764 RTL8187 (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
    05:02:01.0950 0764 RTL8187 - ok
    05:02:01.0972 0764 RTLWUSB (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
    05:02:01.0975 0764 RTLWUSB - ok
    05:02:02.0259 0764 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    05:02:02.0262 0764 sbp2port - ok
    05:02:02.0376 0764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    05:02:02.0377 0764 secdrv - ok
    05:02:02.0453 0764 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    05:02:02.0455 0764 Serenum - ok
    05:02:02.0524 0764 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    05:02:02.0527 0764 Serial - ok
    05:02:02.0727 0764 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    05:02:02.0729 0764 sermouse - ok
    05:02:02.0816 0764 Service Host Driver - ok
    05:02:03.0043 0764 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    05:02:03.0045 0764 sffdisk - ok
    05:02:03.0134 0764 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    05:02:03.0135 0764 sffp_mmc - ok
    05:02:03.0207 0764 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    05:02:03.0209 0764 sffp_sd - ok
    05:02:03.0332 0764 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
    05:02:03.0334 0764 sfloppy - ok
    05:02:03.0597 0764 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    05:02:03.0600 0764 sisagp - ok
    05:02:03.0688 0764 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    05:02:03.0690 0764 SiSRaid2 - ok
    05:02:03.0820 0764 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    05:02:03.0823 0764 SiSRaid4 - ok
    05:02:03.0964 0764 slim (ddd538fcff8d0b4f13e7ce7a792c32d6) C:\Windows\system32\drivers\slim.sys
    05:02:04.0008 0764 slim - ok
    05:02:04.0135 0764 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    05:02:04.0138 0764 Smb - ok
    05:02:04.0243 0764 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
    05:02:04.0245 0764 SNC - ok
    05:02:04.0373 0764 SonyImgF (2f30c6ec1904cdb6f32ca69622726eb4) C:\Windows\system32\DRIVERS\SonyImgF.sys
    05:02:04.0375 0764 SonyImgF - ok
    05:02:04.0505 0764 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    05:02:04.0507 0764 spldr - ok
    05:02:04.0648 0764 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
    05:02:04.0677 0764 SRTSP - ok
    05:02:04.0973 0764 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
    05:02:04.0976 0764 SRTSPX - ok
    05:02:05.0076 0764 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    05:02:05.0082 0764 srv - ok
    05:02:05.0242 0764 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    05:02:05.0245 0764 srv2 - ok
    05:02:05.0406 0764 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    05:02:05.0409 0764 srvnet - ok
    05:02:05.0612 0764 STHDA (ab2059ae6d9243c502c86824bc40439e) C:\Windows\system32\drivers\stwrt.sys
    05:02:05.0641 0764 STHDA - ok
    05:02:05.0839 0764 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    05:02:05.0841 0764 swenum - ok
    05:02:05.0910 0764 swivsp (5230aab3a00b0a1b89580d8ed85b5bfa) C:\Windows\system32\DRIVERS\swivspnt.sys
    05:02:05.0912 0764 swivsp - ok
    05:02:05.0988 0764 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
    05:02:05.0990 0764 swmsflt - ok
    05:02:06.0114 0764 SWNC8U90 (7ae593fe3d78195987505da0a7e91542) C:\Windows\system32\DRIVERS\swnc8u90.sys
    05:02:06.0118 0764 SWNC8U90 - ok
    05:02:06.0249 0764 SWUMX20 - ok
    05:02:06.0332 0764 SWUMX90 (3076a3bb7c340bbf851075dd2ebad03f) C:\Windows\system32\DRIVERS\swumx90.sys
    05:02:06.0336 0764 SWUMX90 - ok
    05:02:06.0432 0764 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    05:02:06.0434 0764 Symc8xx - ok
    05:02:06.0673 0764 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
    05:02:06.0681 0764 SymDS - ok
    05:02:06.0874 0764 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
    05:02:06.0917 0764 SymEFA - ok
    05:02:07.0011 0764 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
    05:02:07.0014 0764 SymEvent - ok
    05:02:07.0132 0764 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
    05:02:07.0136 0764 SymIRON - ok
    05:02:07.0333 0764 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
    05:02:07.0341 0764 SYMTDIv - ok
    05:02:07.0422 0764 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    05:02:07.0423 0764 Sym_hi - ok
    05:02:07.0575 0764 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    05:02:07.0577 0764 Sym_u3 - ok
    05:02:07.0853 0764 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    05:02:07.0898 0764 Tcpip - ok
    05:02:08.0068 0764 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    05:02:08.0077 0764 Tcpip6 - ok
    05:02:08.0174 0764 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    05:02:08.0176 0764 tcpipreg - ok
    05:02:08.0267 0764 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    05:02:08.0269 0764 TDPIPE - ok
    05:02:08.0414 0764 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    05:02:08.0416 0764 TDTCP - ok
    05:02:08.0590 0764 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    05:02:08.0593 0764 tdx - ok
    05:02:08.0737 0764 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    05:02:08.0739 0764 TermDD - ok
    05:02:08.0900 0764 ti21sony (7c7445b4c2bd46c56abb3499da52b75c) C:\Windows\system32\drivers\ti21sony.sys
    05:02:08.0905 0764 ti21sony - ok
    05:02:09.0042 0764 tosrfbd (b758fda2e4389dc41688e4b8cee832a0) C:\Windows\system32\DRIVERS\tosrfbd.sys
    05:02:09.0046 0764 tosrfbd - ok
    05:02:09.0143 0764 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys
    05:02:09.0146 0764 Tosrfhid - ok
    05:02:09.0389 0764 tosrfusb (20cc46c5d3326122e1a0a8c9dad00e0d) C:\Windows\system32\DRIVERS\tosrfusb.sys
    05:02:09.0391 0764 tosrfusb - ok
    05:02:09.0522 0764 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    05:02:09.0523 0764 tssecsrv - ok
    05:02:09.0633 0764 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    05:02:09.0635 0764 tunmp - ok
    05:02:09.0774 0764 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    05:02:09.0775 0764 tunnel - ok
    05:02:10.0110 0764 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    05:02:10.0128 0764 uagp35 - ok
    05:02:10.0270 0764 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    05:02:10.0279 0764 udfs - ok
    05:02:10.0370 0764 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    05:02:10.0372 0764 uliagpkx - ok
    05:02:10.0594 0764 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    05:02:10.0600 0764 uliahci - ok
    05:02:10.0720 0764 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    05:02:10.0723 0764 UlSata - ok
    05:02:10.0812 0764 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    05:02:10.0823 0764 ulsata2 - ok
    05:02:11.0007 0764 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    05:02:11.0009 0764 umbus - ok
    05:02:11.0153 0764 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
    05:02:11.0155 0764 UMPass - ok
    05:02:11.0419 0764 USBAVCap (5deb97f34a15952af1b61147c0fa1f96) C:\Windows\system32\drivers\USBAVCap.sys
    05:02:11.0462 0764 USBAVCap - ok
    05:02:11.0577 0764 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    05:02:11.0580 0764 usbccgp - ok
    05:02:11.0684 0764 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    05:02:11.0687 0764 usbcir - ok
    05:02:11.0822 0764 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    05:02:11.0825 0764 usbehci - ok
    05:02:12.0059 0764 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    05:02:12.0064 0764 usbhub - ok
    05:02:12.0155 0764 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    05:02:12.0157 0764 usbohci - ok
    05:02:12.0258 0764 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    05:02:12.0261 0764 usbprint - ok
    05:02:12.0362 0764 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    05:02:12.0365 0764 USBSTOR - ok
    05:02:12.0490 0764 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    05:02:12.0492 0764 usbuhci - ok
    05:02:12.0680 0764 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    05:02:12.0683 0764 usbvideo - ok
    05:02:12.0837 0764 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    05:02:12.0839 0764 vga - ok
    05:02:13.0010 0764 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    05:02:13.0012 0764 VgaSave - ok
    05:02:13.0080 0764 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    05:02:13.0082 0764 viaagp - ok
    05:02:13.0187 0764 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    05:02:13.0189 0764 ViaC7 - ok
    05:02:13.0312 0764 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    05:02:13.0314 0764 viaide - ok
    05:02:13.0409 0764 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    05:02:13.0412 0764 volmgr - ok
    05:02:13.0563 0764 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    05:02:13.0569 0764 volmgrx - ok
    05:02:13.0723 0764 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    05:02:13.0729 0764 volsnap - ok
    05:02:13.0846 0764 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    05:02:13.0850 0764 vsmraid - ok
    05:02:14.0188 0764 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    05:02:14.0190 0764 WacomPen - ok
    05:02:14.0299 0764 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    05:02:14.0301 0764 Wanarp - ok
    05:02:14.0312 0764 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    05:02:14.0314 0764 Wanarpv6 - ok
    05:02:14.0420 0764 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
    05:02:14.0422 0764 wanatw - ok
    05:02:14.0537 0764 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    05:02:14.0539 0764 Wd - ok
    05:02:14.0729 0764 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    05:02:14.0759 0764 Wdf01000 - ok
    05:02:14.0916 0764 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys
    05:02:14.0919 0764 WimFltr - ok
    05:02:15.0047 0764 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    05:02:15.0076 0764 winachsf - ok
    05:02:15.0353 0764 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    05:02:15.0356 0764 WmiAcpi - ok
    05:02:15.0531 0764 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    05:02:15.0533 0764 WpdUsb - ok
    05:02:15.0656 0764 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    05:02:15.0657 0764 ws2ifsl - ok
    05:02:15.0801 0764 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    05:02:15.0806 0764 WUDFRd - ok
    05:02:16.0014 0764 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    05:02:16.0015 0764 XAudio - ok
    05:02:16.0136 0764 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    05:02:16.0188 0764 \Device\Harddisk0\DR0 - ok
    05:02:16.0193 0764 Boot (0x1200) (e295ed6d05504e4da4e08ad555c1b71d) \Device\Harddisk0\DR0\Partition0
    05:02:16.0195 0764 \Device\Harddisk0\DR0\Partition0 - ok
    05:02:16.0196 0764 ============================================================
    05:02:16.0196 0764 Scan finished
    05:02:16.0196 0764 ============================================================
    05:02:16.0214 3764 Detected object count: 0
    05:02:16.0214 3764 Actual detected object count: 0
    05:03:47.0829 2676 ============================================================
    05:03:47.0829 2676 Scan started
    05:03:47.0829 2676 Mode: Manual;
    05:03:47.0829 2676 ============================================================
    05:03:48.0086 2676 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    05:03:48.0089 2676 ACPI - ok
    05:03:48.0163 2676 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
    05:03:48.0164 2676 adfs - ok
    05:03:48.0260 2676 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    05:03:48.0263 2676 adp94xx - ok
    05:03:48.0338 2676 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    05:03:48.0341 2676 adpahci - ok
    05:03:48.0403 2676 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    05:03:48.0404 2676 adpu160m - ok
    05:03:48.0647 2676 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    05:03:48.0648 2676 adpu320 - ok
    05:03:48.0921 2676 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    05:03:48.0923 2676 AFD - ok
    05:03:49.0269 2676 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    05:03:49.0270 2676 agp440 - ok
    05:03:49.0592 2676 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    05:03:49.0593 2676 aic78xx - ok
    05:03:49.0645 2676 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    05:03:49.0645 2676 aliide - ok
    05:03:49.0846 2676 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    05:03:49.0848 2676 amdagp - ok
    05:03:49.0966 2676 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    05:03:49.0966 2676 amdide - ok
    05:03:50.0213 2676 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    05:03:50.0216 2676 AmdK7 - ok
    05:03:50.0359 2676 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    05:03:50.0360 2676 AmdK8 - ok
    05:03:50.0610 2676 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
    05:03:50.0611 2676 ApfiltrService - ok
    05:03:50.0685 2676 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    05:03:50.0686 2676 arc - ok
    05:03:50.0802 2676 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    05:03:50.0803 2676 arcsas - ok
    05:03:51.0077 2676 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    05:03:51.0077 2676 AsyncMac - ok
    05:03:51.0190 2676 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    05:03:51.0191 2676 atapi - ok
    05:03:51.0279 2676 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    05:03:51.0279 2676 Beep - ok
    05:03:51.0570 2676 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
    05:03:51.0577 2676 BHDrvx86 - ok
    05:03:51.0710 2676 blbdrive - ok
    05:03:51.0926 2676 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    05:03:51.0927 2676 bowser - ok
    05:03:51.0996 2676 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    05:03:51.0996 2676 BrFiltLo - ok
    05:03:52.0056 2676 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    05:03:52.0056 2676 BrFiltUp - ok
    05:03:52.0169 2676 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    05:03:52.0170 2676 Brserid - ok
    05:03:52.0239 2676 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    05:03:52.0240 2676 BrSerWdm - ok
    05:03:52.0292 2676 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    05:03:52.0293 2676 BrUsbMdm - ok
    05:03:52.0382 2676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    05:03:52.0383 2676 BrUsbSer - ok
    05:03:52.0443 2676 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    05:03:52.0444 2676 BTHMODEM - ok
    05:03:52.0520 2676 catchme - ok
    05:03:52.0653 2676 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    05:03:52.0654 2676 cdfs - ok
    05:03:52.0740 2676 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
    05:03:52.0740 2676 Cdr4_xp - ok
    05:03:52.0779 2676 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
    05:03:52.0780 2676 Cdralw2k - ok
    05:03:52.0872 2676 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    05:03:52.0873 2676 cdrom - ok
    05:03:53.0006 2676 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    05:03:53.0007 2676 circlass - ok
    05:03:53.0154 2676 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    05:03:53.0156 2676 CLFS - ok
    05:03:53.0262 2676 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    05:03:53.0263 2676 CmBatt - ok
    05:03:53.0319 2676 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    05:03:53.0319 2676 cmdide - ok
    05:03:53.0410 2676 ComcastSecureBackupShareFilter (b8e08bfcab2be31804cea983d2094faf) C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys
    05:03:53.0411 2676 ComcastSecureBackupShareFilter - ok

    2of 3
  15. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    05:03:53.0493 2676 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    05:03:53.0494 2676 Compbatt - ok
    05:03:53.0623 2676 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    05:03:53.0624 2676 crcdisk - ok
    05:03:53.0701 2676 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    05:03:53.0702 2676 Crusoe - ok
    05:03:53.0798 2676 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    05:03:53.0799 2676 DfsC - ok
    05:03:53.0897 2676 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    05:03:53.0898 2676 disk - ok
    05:03:53.0991 2676 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
    05:03:53.0992 2676 DMICall - ok
    05:03:54.0132 2676 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    05:03:54.0132 2676 drmkaud - ok
    05:03:54.0271 2676 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    05:03:54.0277 2676 DXGKrnl - ok
    05:03:54.0359 2676 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\Windows\system32\DRIVERS\e100b325.sys
    05:03:54.0360 2676 E100B - ok
    05:03:54.0453 2676 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    05:03:54.0455 2676 E1G60 - ok
    05:03:54.0592 2676 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    05:03:54.0593 2676 Ecache - ok
    05:03:54.0714 2676 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    05:03:54.0721 2676 eeCtrl - ok
    05:03:54.0833 2676 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    05:03:54.0840 2676 elxstor - ok
    05:03:54.0901 2676 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    05:03:54.0904 2676 EraserUtilRebootDrv - ok
    05:03:55.0052 2676 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    05:03:55.0055 2676 exfat - ok
    05:03:55.0158 2676 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    05:03:55.0162 2676 fastfat - ok
    05:03:55.0234 2676 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    05:03:55.0235 2676 fdc - ok
    05:03:55.0347 2676 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    05:03:55.0349 2676 FileInfo - ok
    05:03:55.0432 2676 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    05:03:55.0432 2676 Filetrace - ok
    05:03:55.0562 2676 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    05:03:55.0562 2676 flpydisk - ok
    05:03:55.0656 2676 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    05:03:55.0658 2676 FltMgr - ok
    05:03:55.0756 2676 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    05:03:55.0757 2676 fssfltr - ok
    05:03:55.0833 2676 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    05:03:55.0835 2676 Fs_Rec - ok
    05:03:55.0920 2676 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    05:03:55.0922 2676 gagp30kx - ok
    05:03:56.0076 2676 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    05:03:56.0076 2676 GEARAspiWDM - ok
    05:03:56.0172 2676 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
    05:03:56.0174 2676 GIDv2 - ok
    05:03:56.0287 2676 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    05:03:56.0289 2676 HdAudAddService - ok
    05:03:56.0391 2676 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    05:03:56.0396 2676 HDAudBus - ok
    05:03:56.0546 2676 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    05:03:56.0547 2676 HidBth - ok
    05:03:56.0615 2676 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    05:03:56.0616 2676 HidIr - ok
    05:03:56.0703 2676 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    05:03:56.0704 2676 HidUsb - ok
    05:03:56.0792 2676 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    05:03:56.0794 2676 HpCISSs - ok
    05:03:56.0870 2676 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    05:03:56.0872 2676 HSFHWAZL - ok
    05:03:57.0046 2676 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    05:03:57.0054 2676 HSF_DPV - ok
    05:03:57.0115 2676 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    05:03:57.0117 2676 HSXHWAZL - ok
    05:03:57.0242 2676 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    05:03:57.0245 2676 HTTP - ok
    05:03:57.0320 2676 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    05:03:57.0322 2676 i2omp - ok
    05:03:57.0475 2676 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    05:03:57.0476 2676 i8042prt - ok
    05:03:57.0555 2676 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\DRIVERS\iaStor.sys
    05:03:57.0557 2676 iaStor - ok
    05:03:57.0644 2676 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    05:03:57.0649 2676 iaStorV - ok
    05:03:57.0904 2676 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120217.003\IDSvix86.sys
    05:03:57.0912 2676 IDSVix86 - ok
    05:03:58.0064 2676 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    05:03:58.0066 2676 iirsp - ok
    05:03:58.0162 2676 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    05:03:58.0163 2676 intelide - ok
    05:03:58.0209 2676 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    05:03:58.0210 2676 intelppm - ok
    05:03:58.0298 2676 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    05:03:58.0299 2676 IpFilterDriver - ok
    05:03:58.0369 2676 IpInIp - ok
    05:03:58.0527 2676 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    05:03:58.0529 2676 IPMIDRV - ok
    05:03:58.0612 2676 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    05:03:58.0613 2676 IPNAT - ok
    05:03:58.0704 2676 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    05:03:58.0705 2676 IRENUM - ok
    05:03:58.0766 2676 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    05:03:58.0768 2676 isapnp - ok
    05:03:58.0897 2676 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    05:03:58.0899 2676 iScsiPrt - ok
    05:03:59.0051 2676 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    05:03:59.0053 2676 iteatapi - ok
    05:03:59.0122 2676 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    05:03:59.0124 2676 iteraid - ok
    05:03:59.0220 2676 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    05:03:59.0221 2676 kbdclass - ok
    05:03:59.0295 2676 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    05:03:59.0296 2676 kbdhid - ok
    05:03:59.0403 2676 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    05:03:59.0407 2676 KSecDD - ok
    05:03:59.0610 2676 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    05:03:59.0611 2676 lltdio - ok
    05:03:59.0727 2676 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    05:03:59.0729 2676 LSI_FC - ok
    05:03:59.0795 2676 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    05:03:59.0798 2676 LSI_SAS - ok
    05:03:59.0871 2676 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    05:03:59.0873 2676 LSI_SCSI - ok
    05:03:59.0995 2676 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    05:03:59.0997 2676 luafv - ok
    05:04:00.0137 2676 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    05:04:00.0139 2676 MBAMProtector - ok
    05:04:00.0240 2676 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    05:04:00.0241 2676 mdmxsdk - ok
    05:04:00.0313 2676 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    05:04:00.0315 2676 megasas - ok
    05:04:00.0489 2676 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    05:04:00.0490 2676 Modem - ok
    05:04:00.0604 2676 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    05:04:00.0605 2676 monitor - ok
    05:04:00.0700 2676 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    05:04:00.0701 2676 mouclass - ok
    05:04:00.0751 2676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    05:04:00.0753 2676 mouhid - ok
    05:04:00.0869 2676 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    05:04:00.0870 2676 MountMgr - ok
    05:04:00.0963 2676 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    05:04:00.0965 2676 mpio - ok
    05:04:01.0137 2676 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    05:04:01.0138 2676 mpsdrv - ok
    05:04:01.0224 2676 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    05:04:01.0226 2676 Mraid35x - ok
    05:04:01.0327 2676 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    05:04:01.0330 2676 MRxDAV - ok
    05:04:01.0417 2676 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    05:04:01.0418 2676 mrxsmb - ok
    05:04:01.0503 2676 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    05:04:01.0505 2676 mrxsmb10 - ok
    05:04:01.0611 2676 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    05:04:01.0612 2676 mrxsmb20 - ok
    05:04:01.0706 2676 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    05:04:01.0707 2676 msahci - ok
    05:04:01.0785 2676 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    05:04:01.0788 2676 msdsm - ok
    05:04:01.0880 2676 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    05:04:01.0881 2676 Msfs - ok
    05:04:01.0963 2676 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    05:04:01.0964 2676 msisadrv - ok
    05:04:02.0121 2676 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    05:04:02.0122 2676 MSKSSRV - ok
    05:04:02.0226 2676 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    05:04:02.0227 2676 MSPCLOCK - ok
    05:04:02.0316 2676 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    05:04:02.0317 2676 MSPQM - ok
    05:04:02.0410 2676 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    05:04:02.0414 2676 MsRPC - ok
    05:04:02.0560 2676 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    05:04:02.0561 2676 mssmbios - ok
    05:04:02.0663 2676 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    05:04:02.0664 2676 MSTEE - ok
    05:04:02.0721 2676 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    05:04:02.0722 2676 Mup - ok
    05:04:02.0845 2676 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    05:04:02.0847 2676 NativeWifiP - ok
    05:04:03.0027 2676 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120218.008\NAVENG.SYS
    05:04:03.0030 2676 NAVENG - ok
    05:04:03.0140 2676 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120218.008\NAVEX15.SYS
    05:04:03.0225 2676 NAVEX15 - ok
    05:04:03.0422 2676 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    05:04:03.0451 2676 NDIS - ok
    05:04:03.0509 2676 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    05:04:03.0510 2676 NdisTapi - ok
    05:04:03.0610 2676 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    05:04:03.0611 2676 Ndisuio - ok
    05:04:03.0688 2676 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    05:04:03.0689 2676 NdisWan - ok
    05:04:03.0783 2676 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    05:04:03.0785 2676 NDProxy - ok
    05:04:03.0919 2676 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    05:04:03.0920 2676 NetBIOS - ok
    05:04:04.0011 2676 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    05:04:04.0012 2676 netbt - ok
    05:04:04.0174 2676 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
    05:04:04.0188 2676 NETw3v32 - ok
    05:04:04.0463 2676 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
    05:04:04.0495 2676 NETw5v32 - ok
    05:04:04.0569 2676 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    05:04:04.0571 2676 nfrd960 - ok
    05:04:04.0740 2676 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    05:04:04.0742 2676 Npfs - ok
    05:04:04.0816 2676 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    05:04:04.0817 2676 nsiproxy - ok
    05:04:04.0975 2676 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    05:04:05.0019 2676 Ntfs - ok
    05:04:05.0089 2676 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    05:04:05.0091 2676 ntrigdigi - ok
    05:04:05.0250 2676 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    05:04:05.0252 2676 Null - ok
    05:04:05.0515 2676 nvlddmkm (97144f45e6cc5e11f1465e466c9f6c65) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    05:04:05.0549 2676 nvlddmkm - ok
    05:04:05.0628 2676 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    05:04:05.0630 2676 nvraid - ok
    05:04:05.0696 2676 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    05:04:05.0698 2676 nvstor - ok
    05:04:05.0795 2676 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    05:04:05.0798 2676 nv_agp - ok
    05:04:05.0939 2676 NwlnkFlt - ok
    05:04:05.0979 2676 NwlnkFwd - ok
    05:04:06.0058 2676 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    05:04:06.0059 2676 ohci1394 - ok
    05:04:06.0139 2676 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    05:04:06.0142 2676 Parport - ok
    05:04:06.0228 2676 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    05:04:06.0229 2676 partmgr - ok
    05:04:06.0316 2676 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    05:04:06.0318 2676 Parvdm - ok
    05:04:06.0518 2676 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    05:04:06.0520 2676 pci - ok
    05:04:06.0586 2676 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
    05:04:06.0587 2676 pciide - ok
    05:04:06.0681 2676 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    05:04:06.0683 2676 pcmcia - ok
    05:04:06.0781 2676 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    05:04:06.0782 2676 pcouffin - ok
    05:04:06.0918 2676 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    05:04:06.0925 2676 PEAUTH - ok
    05:04:07.0109 2676 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    05:04:07.0110 2676 PptpMiniport - ok
    05:04:07.0165 2676 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    05:04:07.0167 2676 Processor - ok
    05:04:07.0263 2676 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    05:04:07.0266 2676 PSched - ok
    05:04:07.0349 2676 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
    05:04:07.0350 2676 PxHelp20 - ok
    05:04:07.0494 2676 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    05:04:07.0538 2676 ql2300 - ok
    05:04:07.0634 2676 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    05:04:07.0637 2676 ql40xx - ok
    05:04:07.0737 2676 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    05:04:07.0738 2676 QWAVEdrv - ok
    05:04:07.0802 2676 R5U870FLx86 (f2b3e0e54817becdedbc095b25daa248) C:\Windows\system32\Drivers\R5U870FLx86.sys
    05:04:07.0803 2676 R5U870FLx86 - ok
    05:04:07.0886 2676 R5U870FUx86 (5f598e844e7a465932507314444bd97a) C:\Windows\system32\Drivers\R5U870FUx86.sys
    05:04:07.0887 2676 R5U870FUx86 - ok
    05:04:07.0973 2676 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    05:04:07.0973 2676 RasAcd - ok
    05:04:08.0129 2676 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    05:04:08.0131 2676 Rasl2tp - ok
    05:04:08.0223 2676 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    05:04:08.0224 2676 RasPppoe - ok
    05:04:08.0304 2676 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    05:04:08.0306 2676 RasSstp - ok
    05:04:08.0425 2676 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    05:04:08.0427 2676 rdbss - ok
    05:04:08.0538 2676 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    05:04:08.0539 2676 RDPCDD - ok
    05:04:08.0628 2676 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    05:04:08.0633 2676 rdpdr - ok
    05:04:08.0680 2676 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    05:04:08.0681 2676 RDPENCDD - ok
    05:04:08.0774 2676 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    05:04:08.0779 2676 RDPWD - ok
    05:04:08.0905 2676 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    05:04:08.0906 2676 ROOTMODEM - ok
    05:04:09.0022 2676 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    05:04:09.0024 2676 rspndr - ok
    05:04:09.0119 2676 RTL8187 (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
    05:04:09.0122 2676 RTL8187 - ok
    05:04:09.0148 2676 RTLWUSB (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
    05:04:09.0151 2676 RTLWUSB - ok
    05:04:09.0235 2676 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    05:04:09.0238 2676 sbp2port - ok
    05:04:09.0380 2676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    05:04:09.0382 2676 secdrv - ok
    05:04:09.0486 2676 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    05:04:09.0487 2676 Serenum - ok
    05:04:09.0557 2676 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    05:04:09.0560 2676 Serial - ok
    05:04:09.0646 2676 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    05:04:09.0647 2676 sermouse - ok
    05:04:09.0735 2676 Service Host Driver - ok
    05:04:09.0891 2676 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    05:04:09.0892 2676 sffdisk - ok
    05:04:09.0981 2676 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    05:04:09.0983 2676 sffp_mmc - ok
    05:04:10.0055 2676 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    05:04:10.0056 2676 sffp_sd - ok
    05:04:10.0122 2676 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
    05:04:10.0123 2676 sfloppy - ok
    05:04:10.0202 2676 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    05:04:10.0204 2676 sisagp - ok
    05:04:10.0291 2676 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    05:04:10.0293 2676 SiSRaid2 - ok
    05:04:10.0468 2676 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    05:04:10.0470 2676 SiSRaid4 - ok
    05:04:10.0583 2676 slim (ddd538fcff8d0b4f13e7ce7a792c32d6) C:\Windows\system32\drivers\slim.sys
    05:04:10.0589 2676 slim - ok
    05:04:10.0697 2676 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    05:04:10.0698 2676 Smb - ok
    05:04:10.0805 2676 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
    05:04:10.0806 2676 SNC - ok
    05:04:10.0949 2676 SonyImgF (2f30c6ec1904cdb6f32ca69622726eb4) C:\Windows\system32\DRIVERS\SonyImgF.sys
    05:04:10.0951 2676 SonyImgF - ok
    05:04:11.0038 2676 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    05:04:11.0039 2676 spldr - ok
    05:04:11.0181 2676 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
    05:04:11.0210 2676 SRTSP - ok
    05:04:11.0292 2676 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
    05:04:11.0294 2676 SRTSPX - ok
    05:04:11.0480 2676 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    05:04:11.0483 2676 srv - ok
    05:04:11.0544 2676 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    05:04:11.0546 2676 srv2 - ok
    05:04:11.0625 2676 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    05:04:11.0626 2676 srvnet - ok
    05:04:11.0759 2676 STHDA (ab2059ae6d9243c502c86824bc40439e) C:\Windows\system32\drivers\stwrt.sys
    05:04:11.0764 2676 STHDA - ok
    05:04:11.0886 2676 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    05:04:11.0887 2676 swenum - ok
    05:04:12.0029 2676 swivsp (5230aab3a00b0a1b89580d8ed85b5bfa) C:\Windows\system32\DRIVERS\swivspnt.sys
    05:04:12.0030 2676 swivsp - ok
    05:04:12.0107 2676 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
    05:04:12.0109 2676 swmsflt - ok
    05:04:12.0204 2676 SWNC8U90 (7ae593fe3d78195987505da0a7e91542) C:\Windows\system32\DRIVERS\swnc8u90.sys
    05:04:12.0206 2676 SWNC8U90 - ok
    05:04:12.0265 2676 SWUMX20 - ok
    05:04:12.0351 2676 SWUMX90 (3076a3bb7c340bbf851075dd2ebad03f) C:\Windows\system32\DRIVERS\swumx90.sys
    05:04:12.0353 2676 SWUMX90 - ok
    05:04:12.0522 2676 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    05:04:12.0524 2676 Symc8xx - ok
    05:04:12.0678 2676 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
    05:04:12.0680 2676 SymDS - ok
    05:04:12.0792 2676 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
    05:04:12.0798 2676 SymEFA - ok
    05:04:12.0901 2676 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
    05:04:12.0904 2676 SymEvent - ok
    05:04:13.0029 2676 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
    05:04:13.0033 2676 SymIRON - ok
    05:04:13.0181 2676 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
    05:04:13.0188 2676 SYMTDIv - ok
    05:04:13.0269 2676 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    05:04:13.0271 2676 Sym_hi - ok
    05:04:13.0337 2676 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    05:04:13.0339 2676 Sym_u3 - ok
    05:04:13.0515 2676 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    05:04:13.0523 2676 Tcpip - ok
    05:04:13.0701 2676 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    05:04:13.0708 2676 Tcpip6 - ok
    05:04:13.0793 2676 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    05:04:13.0794 2676 tcpipreg - ok
    05:04:13.0872 2676 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    05:04:13.0873 2676 TDPIPE - ok
    05:04:13.0962 2676 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    05:04:13.0963 2676 TDTCP - ok
    05:04:14.0051 2676 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    05:04:14.0052 2676 tdx - ok
    05:04:14.0227 2676 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    05:04:14.0229 2676 TermDD - ok
    05:04:14.0333 2676 ti21sony (7c7445b4c2bd46c56abb3499da52b75c) C:\Windows\system32\drivers\ti21sony.sys
    05:04:14.0335 2676 ti21sony - ok
    05:04:14.0404 2676 tosrfbd (b758fda2e4389dc41688e4b8cee832a0) C:\Windows\system32\DRIVERS\tosrfbd.sys
    05:04:14.0405 2676 tosrfbd - ok
    05:04:14.0462 2676 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys
    05:04:14.0463 2676 Tosrfhid - ok
    05:04:14.0622 2676 tosrfusb (20cc46c5d3326122e1a0a8c9dad00e0d) C:\Windows\system32\DRIVERS\tosrfusb.sys
    05:04:14.0624 2676 tosrfusb - ok
    05:04:14.0755 2676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    05:04:14.0756 2676 tssecsrv - ok
    05:04:14.0852 2676 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    05:04:14.0853 2676 tunmp - ok
    05:04:14.0911 2676 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    05:04:14.0913 2676 tunnel - ok
    05:04:15.0029 2676 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    05:04:15.0031 2676 uagp35 - ok
    05:04:15.0175 2676 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    05:04:15.0177 2676 udfs - ok
    05:04:15.0260 2676 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    05:04:15.0263 2676 uliagpkx - ok
    05:04:15.0327 2676 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    05:04:15.0332 2676 uliahci - ok
    05:04:15.0396 2676 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    05:04:15.0398 2676 UlSata - ok
    05:04:15.0502 2676 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    05:04:15.0506 2676 ulsata2 - ok
    05:04:15.0669 2676 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    05:04:15.0670 2676 umbus - ok
    05:04:15.0771 2676 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
    05:04:15.0772 2676 UMPass - ok
    05:04:15.0880 2676 USBAVCap (5deb97f34a15952af1b61147c0fa1f96) C:\Windows\system32\drivers\USBAVCap.sys
    05:04:15.0887 2676 USBAVCap - ok
    05:04:15.0996 2676 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    05:04:15.0997 2676 usbccgp - ok
    05:04:16.0131 2676 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    05:04:16.0134 2676 usbcir - ok
    05:04:16.0241 2676 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    05:04:16.0242 2676 usbehci - ok
    05:04:16.0335 2676 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    05:04:16.0337 2676 usbhub - ok
    05:04:16.0431 2676 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    05:04:16.0432 2676 usbohci - ok
    05:04:16.0577 2676 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    05:04:16.0579 2676 usbprint - ok
    05:04:16.0667 2676 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    05:04:16.0668 2676 USBSTOR - ok
    05:04:16.0747 2676 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    05:04:16.0748 2676 usbuhci - ok
    05:04:16.0855 2676 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    05:04:16.0857 2676 usbvideo - ok
    05:04:16.0970 2676 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    05:04:16.0971 2676 vga - ok
    05:04:17.0105 2676 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    05:04:17.0106 2676 VgaSave - ok
    05:04:17.0213 2676 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    05:04:17.0215 2676 viaagp - ok
    05:04:17.0277 2676 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    05:04:17.0279 2676 ViaC7 - ok
    05:04:17.0359 2676 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    05:04:17.0361 2676 viaide - ok
    05:04:17.0457 2676 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    05:04:17.0458 2676 volmgr - ok
    05:04:17.0610 2676 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    05:04:17.0612 2676 volmgrx - ok
    05:04:17.0698 2676 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    05:04:17.0700 2676 volsnap - ok
    05:04:17.0793 2676 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    05:04:17.0797 2676 vsmraid - ok
    05:04:17.0921 2676 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    05:04:17.0923 2676 WacomPen - ok
    05:04:18.0032 2676 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    05:04:18.0033 2676 Wanarp - ok
    05:04:18.0044 2676 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    05:04:18.0045 2676 Wanarpv6 - ok
    05:04:18.0196 2676 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
    05:04:18.0197 2676 wanatw - ok
    05:04:18.0284 2676 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    05:04:18.0286 2676 Wd - ok
    05:04:18.0419 2676 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    05:04:18.0424 2676 Wdf01000 - ok
    05:04:18.0549 2676 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys
    05:04:18.0550 2676 WimFltr - ok
    05:04:18.0722 2676 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    05:04:18.0728 2676 winachsf - ok
    05:04:18.0886 2676 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    05:04:18.0888 2676 WmiAcpi - ok
    05:04:19.0050 2676 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    05:04:19.0051 2676 WpdUsb - ok
    05:04:19.0146 2676 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    05:04:19.0147 2676 ws2ifsl - ok
    05:04:19.0304 2676 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    05:04:19.0306 2676 WUDFRd - ok
    05:04:19.0447 2676 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    05:04:19.0448 2676 XAudio - ok
    05:04:19.0540 2676 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    05:04:19.0592 2676 \Device\Harddisk0\DR0 - ok
    05:04:19.0599 2676 Boot (0x1200) (e295ed6d05504e4da4e08ad555c1b71d) \Device\Harddisk0\DR0\Partition0
    05:04:19.0601 2676 \Device\Harddisk0\DR0\Partition0 - ok
    05:04:19.0602 2676 ============================================================
    05:04:19.0602 2676 Scan finished
    05:04:19.0602 2676 ============================================================
    05:04:19.0613 3896 Detected object count: 0
    05:04:19.0613 3896 Actual detected object count: 0
    05:13:12.0435 3876 Deinitialize success

    3 of 3
  16. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    mbam-log-2012-02-19 (05-31-36).txt


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.19.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: HAROLD [administrator]

    Protection: Enabled

    2/19/2012 5:31:36 AM
    mbam-log-2012-02-19 (05-31-36).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 422970
    Time elapsed: 2 hour(s), 18 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Sorry for delay- unavoidable.

    I did more checking because there are several Norton entries running. It appears that you also have the option of downloading the top-rated Norton™ Security Suite for free, with or without our Constant Guard Protection Suite. I am not sure I understand how these 2 program,s cohabit, but it appears we can stop worrying about Norton being a 2nd AV- in spite of the fact that the Comcast program is suppose to 'protect you from viruses'. I suggest you contact Comcast about this because multiple AVs can actually make a system more vulnerable and it can slow a system down.
    =========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    Folder::
    c:\users\Owner\AppData\Local\temp
    c:\windows\system32\config\systemprofile\AppData\Local\temp
    c:\users\Mcx1\AppData\Local\temp
    c:\users\Guest\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    DDS::
    uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
    uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
    mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
    mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
    FileLook::
    c:\windows\stinger.sys
    c:\windows\system32\winsrv.dll
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Internet Explorer 9.0.8112.16421> Default Search URL is set to NetZero:
    To change default search:
    • Click Start> Clicking Internet Explorer.
    • Click the arrow to the right of the search box.
    • Click Manage Search Providers/Change Search Defaults. (IE version dependent)
    • Click the search provider you would like to set as the default
    • Click Set Default> click OK.

    Be sure you have removed NetZero from the Trusted Sites. Check Add/Remove Programs in Control Panel and uninstall any NetZero entry. Use Windows Explorer to access Computer> Local Drive (C)> Programs. Look for folder for Net Zero or MyNetZero and do a right click> Delete.

    Check the homepage. If NetZero is still on Homepage, go to the site you want for your homepage. Once there, click on Tools> Internet Options> General tab> Homepage section> Click on Use Current> Click on Apply> OK.
    ==========================
    Last scans: (Short)
    1. Please run the Eset scan per my Reply #

    2. Run Security Check: Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.

    3. Run CK Scanner: Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    4. Run HijackThis: First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    =========================
    Log for new Combofix (after script), Eset online scan, Security Check, CK Scanner, HijackThis in your next reply please.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    There was a glitch on the site that prevented the email feedback for a reply. I left a reply on your thread. If you did not receive the notice, please check the thread and go ahead with any instructions I left
     
  19. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    Ok, A couple of things Bobbye:

    1. I got in touch with Comcast a was instructed to unistall/re-install Norton to rid myself of Norton 360.
    2. I copied the custom CFScript.txt same as before but after several attempts of dragging it to the CF.exe file CF would start, but after a few hours would NOT respond forcing a reboot. I also tried in Safe Mode to no avail. CF ran fine without the custom CFSript. Log below.
    3. ESET scan did not detect and errors on the previous scan therefore no log was produced. I ran ESET scan again, same result.
    4. NetZero files/folders removed. No NetZero homepage, entries or Trusted Sites.

    ComboFix.txt:


    ComboFix 12-02-25.02 - Owner 02/26/2012 1:20.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1223 [GMT -4:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-26 05:32 . 2012-02-26 05:33 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-02-26 05:32 . 2012-02-26 05:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-02-26 05:32 . 2012-02-26 05:32 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2012-02-26 05:32 . 2012-02-26 05:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-02-26 05:32 . 2012-02-26 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-25 22:35 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-02-25 22:35 . 2012-02-25 22:45 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-25 22:34 . 2012-02-26 00:40 -------- d-----w- c:\windows\system32\drivers\N360
    2012-02-25 22:34 . 2012-02-25 22:34 -------- d-----w- c:\program files\Norton Security Suite
    2012-02-25 22:34 . 2012-02-25 22:34 -------- d-----w- c:\program files\NortonInstaller
    2012-02-25 22:15 . 2012-02-25 22:15 -------- dc----w- C:\N360_BACKUP
    2012-02-25 21:26 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-02-24 18:35 . 2012-02-24 18:35 -------- d-----w- c:\program files\VS Revo Group
    2012-02-16 18:43 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 18:43 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-16 18:43 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-02-11 08:40 . 2012-02-11 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-11 08:40 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-01 16:11 . 2012-02-01 16:11 -------- dc----w- C:\ProcAlyzer Dumps
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 17:19 . 2012-01-26 17:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-01-26 05:46 . 2011-05-17 21:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-03 19:48 . 2012-01-03 19:27 14664 ----a-w- c:\windows\stinger.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-20 7770112]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-12-14 23:06 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    "NortonUpdateAgent"=c:\programdata\Norton\NUA.exe
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "GIDDesktop"=c:\program files\SFT\GuardedID\gidd.exe /s
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
    .
    2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
    .
    2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
    .
    2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{72bcb80d-7778-eb4a-ec51-22340ad33e07} - c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    ShellIconOverlayIdentifiers-{b723586e-9ca0-5b27-341a-4990a8c342cf} - c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    ShellIconOverlayIdentifiers-{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0} - c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-26 01:33
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3612)
    c:\program files\Norton Security Suite\Engine\5.1.0.29\ccGEvt.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-02-26 01:41:45
    ComboFix-quarantined-files.txt 2012-02-26 05:41
    ComboFix2.txt 2012-02-19 08:46
    ComboFix3.txt 2012-02-15 16:58
    .
    Pre-Run: 71,487,094,784 bytes free
    Post-Run: 71,463,116,800 bytes free
    .
    - - End Of File - - 4FA23479C9B5EE368AAEBFA34D43C7E7
  20. Fish hooK

    Fish hooK Newcomer, in training Topic Starter

    Security Check

    checkup.txt:

    Results of screen317's Security Check version 0.99.31
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CCleaner
    Java(TM) 6 Update 29
    Java version out of date!
    Adobe Flash Player 11.1.102.55
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````



    ckfiles.txt:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\0downloads\winrar.v3.71.final.complete.with.keygen.and.patch[cracked.3.71]-core_crp_[mybittorrent.com].torrent
    c:\0install\keygen.exe
    c:\0install\sound forge 9a crack\forge90.exe
    c:\0install\sound forge 9a crack\readme.txt
    c:\0install\sound forge 9a crack\serial.txt
    c:\0install\sound forge 9a crack\soundforge90a_enu.exe
    c:\program files\rockstar games\gta san andreas\redme zum crack.txt
    c:\users\owner\documents\18 wos haulin\material\road\cracks.dds
    c:\users\owner\documents\18 wos haulin\material\road\cracks.mat
    c:\users\owner\documents\18 wos haulin\material\road\cracks.tobj
    c:\users\owner\documents\tuneup.utilities.2009.v8.0.3300.1.winxpvista.incl.keygen-fff\tu2009trialen-us.exe
    c:\users\owner\documents\tuneup.utilities.2009.v8.0.3300.1.winxpvista.incl.keygen-fff\fff\fff.nfo
    c:\users\owner\documents\tuneup.utilities.2009.v8.0.3300.1.winxpvista.incl.keygen-fff\fff\file_id.diz
    scanner sequence 3.DI.11.SLAPJR
    ----- EOF -----



    hijackthis.log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:12:41 AM, on 2/27/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Unknown owner - C:\Users\Owner\Documents\ComcastSecureBackupSharebackup.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 8951 bytes
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The system is full of pirated fsoftware.

    TuneUp Utilties has a 15 day free trial. You don't need a license key for that.
    Purchase of the full program is $30-$60.
    "winxpvista.incl. keygen-" Is this your OS?

    c:\0downloads\winrar.v3.71.final.complete.with.keygen.and.patch[cracked.3.71]-core_crp_[mybittorrent.com].torrent
    Pirated: Cost is $30.00

    Sony Sound Forge 9>
    Pirated: Cost conversion> UK£ 239.99 = 383.432023 U.S. dollars

    We do not support piracy. As long as you pirate software and use Torrent site/file sharing, no matter what security you have, you are going to get malware.

    This thread is closed.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.