[Closed] My Sony VAIO laptop runs slows, possibly infected

[Fish hooK]

I'm no computer genius but I do know the signs if a infected computer. In this case it's my own laptop. My Sony Vaio Laptop takes long than it use to, to start-up or shut-down. Programs, files and folders are extremely sluggish when opening or closing.

I currently use Norton Security Suite and Spybot to protect my laptop. Though Norton Security Suite does detect some viruses and trojans Spybot detected several questionable rootkits so. . .

I've followed the 5-step Viruses/Spyware/Malware Preliminary Removal Instructions and post my logs in order starting with Spybot rootkit scan.

Spybot rootkit scan

// info: Rootkit removal help file
// copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Users\Public\DRM:hex:$DATA"
File:"Unknown ADS","C:\Users\Public\DRM:??????????:$DATA"
File:"No admin in ACL","C:\Users\Owner\AppData\Local\Protexis\A8BBA62AEA.drv"
File:"No admin in ACL","C:\Users\Owner\AppData\Local\Protexis\KGyGaAvL.drv"
File:"No admin in ACL","C:\System Volume Information\SystemRestore\System Volume Information"
File:"No admin in ACL","C:\System Volume Information\EfaData\sdmys_3570D02EB40A41774BFBFFFE"
File:"No admin in ACL","C:\System Volume Information\EfaData\sdmys_398DD697FFD65C24CB701BCA"
File:"No admin in ACL","C:\System Volume Information\EfaData\sdmys_E7230C5605C37C521C547659"
File:"No admin in ACL","C:\System Volume Information\EfaData\sdmys_E7230C5605C37C5245645DFE"
File:"No admin in ACL","C:\System Volume Information\EfaData\SYMEFA.DB"
File:"No admin in ACL","C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.ldf"
File:"No admin in ACL","C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.mdf"
File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine"
File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"Unknown ADS","C:\perflogs\System\Diagnostics\20100405-0005\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
Directory:"Hidden directory","Global run entries"
Directory:"Hidden directory","Winlogon entries"
Directory:"Hidden directory","Invisible processes (from handles)"
Directory:"Hidden directory","Invisible processes (from threads)"


MBAM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: HAROLD [administrator]

Protection: Enabled

2/11/2012 12:40:25 PM
mbam-log-2012-02-11 (12-40-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218016
Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Fish hooK]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-11 11:08:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: jcd7u3yo.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwldipog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ComcastSecureBackupShare.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

 

[Fish hooK]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 21:17:48 on 2012-02-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.753 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Users\Owner\Documents\ComcastSecureBackupSharebackup.exe
C:\Users\Owner\Documents\ComcastSecureBackupSharebackup.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\rundll32.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049c3e9-b461-4bc5-8870-4c09146192ca} - RealPlayer Download and Record Plugin for Internet Explorer
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: SDHelper: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: trymedia.com\fe
Trusted Zone: yahoo.com\www
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BAA22DBF-3AF1-4E9F-896D-C96ACE840C31} : DhcpNameServer = 204.117.214.10 199.2.252.10
TCP: Interfaces\{D0A11D77-D994-4284-89E4-4A189D2C1670} : DhcpNameServer = 204.117.214.10 199.2.252.10
TCP: Interfaces\{EEEA5FFE-7699-4D76-8096-5B086B1CA64E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F666642D-3F22-4E96-A412-C0F02AA30A46} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: VESWinlogon - VESWinlogon.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
IFEO: taskmgr.exe - c:\program files\tuneup utilities 2009\PMLauncher.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-8 820344]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2011-7-15 54776]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-7-15 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120210.002\IDSvix86.sys [2012-2-11 368248]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2012-1-3 38504]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-2-7 331384]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\users\owner\documents\ComcastSecureBackupSharebackup.exe [2010-12-14 15592]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-5 21504]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-1-31 65096]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-11 652360]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-5 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-11 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-11 40776]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2011-6-22 4232704]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-1-9 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-1-9 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-1-9 30976]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-1-9 227328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2012-1-3 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-1-3 892336]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-1-3 955816]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-1-3 169624]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
S3 SampleCollector;Intel(R) Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-4-6 122880]
S3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [2007-1-9 699264]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\system32\drivers\swnc8u90.sys [2008-8-20 168192]
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\drivers\swumx90.sys [2008-8-20 142976]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-1-9 774528]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-1-19 741376]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-1-19 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-1-19 1089536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-12 00:40:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-11 08:40:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 08:40:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-07 22:44:13 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-02-07 22:44:13 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-02-07 22:44:13 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-02-07 22:44:13 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-02-07 22:44:13 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-02-07 22:44:13 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-02-07 22:44:13 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-02-07 22:43:29 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-02-01 16:11:12 -------- dc----w- C:\ProcAlyzer Dumps
2012-01-26 17:19:36 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-01-13 21:12:02 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 21:12:01 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 21:12:01 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-13 21:12:00 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-13 21:11:59 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 21:11:59 72704 ----a-w- c:\windows\system32\secur32.dll
.
==================== Find3M ====================
.
2012-01-26 05:46:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-03 19:48:55 14664 ----a-w- c:\windows\stinger.sys
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
.
============= FINISH: 21:19:24.45 ===============

 

[Bobbye]

Welcome to TechSpot! Can you tell me where you saw the Spybot Rootkit in our thread? You should only run the scan you are directed to.

Please uninstall the following:
UTorrent Toolbar
Conduit Engine
Use Add/Remove Programs to uninstall. Then use Windows Explorer to access Computer> Local Drive (C)> Programs> Find the program folder for each and do a right click> Delete.

Please disable c:\program files\tuneup utilities 2009 while I'm helping you. It's best it's not working in the background.

There is another log from the DDS scan. Please find Attach.txt on your system and paste it in your next reply. Do not zip it.

If you look at that logs, unless you have already cleaned them up, you will find a very log list of pre-loads that Sony put on the system. Most people don't use all of them and it's always good to remove the preloads you don't use.

Please remove all of the following from the Trusted Zone:
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: trymedia.com\fe
Trusted Zone: yahoo.com\www
Nothing needs to be in this zone The security is lower and it's a vulnerability to the system.
Access Internet Options> Security tab> Click on Trusted Sites> Sites> highlight each Domain above> Remove.

Please do not use the ProcAlyzer while I'm helping you.

The things I've mentioned above can interfere with what I have you do. We need the system to be a stable as possible with as little 'other' influence as possible.
=======================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=============================
Please include logs from Attach.txt, Combofix and the Eset scan in your next reply.
=====================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

 

[Fish hooK]

Thanks for the speedy reply Bobbye. I will get back into it tomorrow

 

[Bobbye]

Okay. Post when ready.

 

[Fish hooK]

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2007 8:29:04 PM
System Uptime: 2/13/2012 8:35:49 PM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | N/A | 1667/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 69.817 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0009
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #9
PNP Device ID: ROOT\*ISATAP\0009
Service: tunnel
.
==== System Restore Points ===================
.
RP1792: 2/13/2012 5:18:25 PM - Removed TuneUp Utilities 2009
.
==== Installed Programs ======================
.
18 Wheels of Steel: Haulin'
Activation Assistant for the 2007 Microsoft Office suites
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced RAR Password Recovery (remove only)
Alps Pointing-device for VAIO
Apple Application Support
AppMon Utility
AV Mode Button Utility
Bing Maps 3D
CCleaner
Connect
Constant Guard Protection Suite
D3DX10
Google Chrome
Google Update Helper
GuardedID
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ieSpell
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Internet Explorer (Enable DEP)
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
K-Lite Codec Pack 7.1.0 (Basic)
kuler
LAN Setting Utility
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Map Button (Windows Live Toolbar)
MCEBrowser
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Security Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenMG Secure Module 4.6.01
Paint.NET v3.5.8
PDF Settings CS4
PhotoScape
Photoshop Camera Raw
QuickTime
RTC Client API v1.2
Secure Backup and Share
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Segoe UI
Setting Utility Series
Skype™ 5.5
Smart Menus (Windows Live Toolbar)
Sony Noise Reduction Plug-In 2.0e
Sony Snymsico for Vista
Sony Utilities DLL
Spybot - Search & Destroy 2
Suite Shared Configuration CS4
SupportSoft Assisted Service
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Camera Capture Utility
VAIO Camera Utility
VAIO Care
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Help And Support
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Redistribution 6.0
VAIO Media Registration Tool 6.0
VAIO OOBE
VAIO Photo 2007
VAIO Power Management
VAIO Security Center
VAIO Survey
VAIO Update 3
VAIO Video & Photo Suite
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Windows Driver Package - NVIDIA (nvlddmkm) Display (02/20/2007 7.15.10.9813)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinDVD for VAIO
WinRAR archiver
Wireless Switch Setting Utility
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
2/8/2012 7:34:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VAIO Event Service service.
2/13/2012 8:52:01 PM, Error: Service Control Manager [7034] - The Spybot S&D 2 Live Protection Service service terminated unexpectedly. It has done this 1 time(s).
2/13/2012 8:36:57 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/13/2012 8:36:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:33:56 PM on 2/13/2012 was unexpected.
2/13/2012 3:06:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
2/12/2012 5:20:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
2/11/2012 7:38:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0019D25B9B38 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/11/2012 7:38:18 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013A98371A1. The following error occurred: Element not found.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2/10/2012 6:09:09 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================




Question. . . should I perform a back-up before running ComboFix so I won't lose any work, important documents or images?

 

[Fish hooK]

Norton is not allowing me to download ComboFix.exe from either download site. As soon as I elect to save ComboFix.exe. I even tried "save as" to my desktop but once Norton analyzes for threats it detected a Trojan(Trojan.ADH.2) and removed.

What do I do now

 

[Bobbye]

Combofix creates a backup

Regarding Norton and the Trojan.ADH.2 per Symantec:

If one or more files on your computer have been classified as having a Trojan.ADH.2 threat, this indicates that the files have suspicious characteristics and therefore might contain a new or unknown threat. However, given the sensitive nature of this detection technology, it may occasionally identify non-malicious, legitimate software programs that also share these behavioral characteristics. Therefore, it is recommended that users manually check all files detected as Trojan.ADH.2 by Symantec antivirus products for potential misidentification,

n rare cases where a legitimate file has been misidentified and subsequently quarantined, your computer may behave abnormally or you may find that one or more applications no longer function as expected. In such rare situations, you should open the Quarantine in your Symantec antivirus product. From here, you may review the list of all files detected as Trojan.ADH.2 and, if you identify a potential misidentification, restore the file from quarantine and allow it to run normally.

If the above does not work for you:

Boot into Safe Mode with Networking

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode with Networkingoption when the Windows Advanced Options menu appears, and then press ENTER.

Download and run Combofix. It is not a Trojan.

 

[Fish hooK]

Downloaded and ran ComboFix in Safe Mode with Networking:

log.txt

ComboFix 12-02-15.01 - Owner 02/15/2012 12:43:38.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1583 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Mcx1\Favorites\ehthumbs_vista.db
c:\users\Owner\AppData\Roaming\inst.exe
c:\users\Owner\Documents\about.html
c:\windows\system32\GroupPolicy\Machine\Registry.pol
c:\windows\system32\jgaw400.dll
c:\windows\system32\nsa2A3E.tmp
c:\windows\system32\nsq29FF.tmp
c:\windows\system32\rnaph.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-15 16:52 . 2012-02-15 16:52 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-02-11 08:40 . 2012-02-11 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 08:40 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 22:43 . 2012-02-08 15:46 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-02-01 16:11 . 2012-02-01 16:11 -------- dc----w- C:\ProcAlyzer Dumps
2012-01-26 17:19 . 2012-01-26 17:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 05:46 . 2011-05-17 21:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-03 19:48 . 2012-01-03 19:27 14664 ----a-w- c:\windows\stinger.sys
2011-11-25 15:59 . 2012-01-11 20:14 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-14 13:21 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 20:14 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 20:14 66560 ----a-w- c:\windows\system32\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-10-14 17:56 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-1-31 4720200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-12-14 23:06 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
"NortonUpdateAgent"=c:\programdata\Norton\NUA.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GIDDesktop"=c:\program files\SFT\GuardedID\gidd.exe /s
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 13:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-01-03 19:46]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
.
2012-01-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-01-03 19:46]
.
2012-01-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-01-03 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 12:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(260)
c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
c:\users\Owner\Documents\LIBEAY32.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-02-15 12:58:28
ComboFix-quarantined-files.txt 2012-02-15 16:58
.
Pre-Run: 63,655,182,336 bytes free
Post-Run: 63,579,848,704 bytes free
.
- - End Of File - - 76509CA96EA536974B9DF94F92C48C08



Note: Ran ESET Online Scanner. Zero threats detected(no log).

 

[Bobbye]

Questions and comments:

1. Did you follow my suggestions to uninstall uTorrent and the Conduit Engine?
2. Did you make note excess Vaio programs?
3. You show NetZero as the home page>> why? Your ISP is Comcast- is that correct?
4. Comcast provides their subscribers with the Constant Guard™ Protection Suite from xfinity. It Includes Secure Backup & Share, and now IDENTITY GUARD® and Norton™ Security Suite.
http://xfinity.comcast.net/constantguard/Products/CGPS/
I note entries for Norton 360. Are you using the security provided free from Comcast or did you install Norton Security or 360 separately?
==================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::
DDS::
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: trymedia.com\fe
Trusted Zone: yahoo.com\www
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please temporarily disable the following Spybot S&D Scheduled Tasks. I don't want it scanning and updating in the background:
Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.

• To prevent task from running until you run again>
  [o] right-click the task> Properties> On the General tab>
  [o] clear the Enabled check box>
  c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy)
  c:\windows\Tasks\Scan the system (Spybot - Search & Destroy)
• Select the check box again when you are ready to run it again.

======================================

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result. Save the log and include in next reply.
  ==================================
  Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
  When scan has finished, you will see this image:
  
  
  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
• A reboot is required after disinfection.

 

[Fish hooK]

1. uTorrent and Conduit Engine have been uninstalled since previous post.
2. I uninstalled Vaio programs I understood or not used.
3. Not sure why NetZero is my homepage. It's uninstalled, Yahoo is homepage for IE.
Comcast is my ISP.
4. Constant Guard™ Protection Suite from xfinity is installed and running. Not sure why
Norton 360 is still an entry, it's been uninstalled for almost 2yrs.

ComboFix.txt

ComboFix 12-02-17.02 - Owner 02/19/2012 4:30.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1585 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\yontoo layers client\YontooIEClient.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-19 08:39 . 2012-02-19 08:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 18:43 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 18:43 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 18:43 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-11 08:40 . 2012-02-11 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 08:40 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 22:43 . 2012-02-08 15:46 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-02-01 16:11 . 2012-02-01 16:11 -------- dc----w- C:\ProcAlyzer Dumps
2012-01-26 17:19 . 2012-01-26 17:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 05:46 . 2011-05-17 21:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-03 19:48 . 2012-01-03 19:27 14664 ----a-w- c:\windows\stinger.sys
2011-11-25 15:59 . 2012-01-11 20:14 376320 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
2010-12-14 15:06 3424488 -c--a-w- c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-2-15 4720200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-12-14 23:06 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
"NortonUpdateAgent"=c:\programdata\Norton\NUA.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GIDDesktop"=c:\program files\SFT\GuardedID\gidd.exe /s
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 13:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 04:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1832)
c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
c:\users\Owner\Documents\LIBEAY32.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-02-19 04:46:52
ComboFix-quarantined-files.txt 2012-02-19 08:46
ComboFix2.txt 2012-02-15 16:58
.
Pre-Run: 65,878,523,904 bytes free
Post-Run: 65,840,373,760 bytes free
.
- - End Of File - - ED45AAD0E63E70A7939EA12F1CE577C6

 

[Fish hooK]

TDSSKiller.2.7.13.0_19.02.2012_05.00.56_log.txt


05:00:56.0828 2732 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
05:00:56.0900 2732 ============================================================
05:00:56.0900 2732 Current date / time: 2012/02/19 05:00:56.0900
05:00:56.0900 2732 SystemInfo:
05:00:56.0901 2732
05:00:56.0901 2732 OS Version: 6.0.6002 ServicePack: 2.0
05:00:56.0901 2732 Product type: Workstation
05:00:56.0901 2732 ComputerName: HAROLD
05:00:56.0901 2732 UserName: Owner
05:00:56.0901 2732 Windows directory: C:\Windows
05:00:56.0901 2732 System windows directory: C:\Windows
05:00:56.0901 2732 Processor architecture: Intel x86
05:00:56.0901 2732 Number of processors: 2
05:00:56.0901 2732 Page size: 0x1000
05:00:56.0901 2732 Boot type: Normal boot
05:00:56.0901 2732 ============================================================
05:00:57.0475 2732 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:00:57.0480 2732 \Device\Harddisk0\DR0:
05:00:57.0481 2732 MBR used
05:00:57.0481 2732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xCC5800, BlocksNum 0x11D53EB0
05:00:57.0519 2732 Initialize success
05:00:57.0519 2732 ============================================================
05:01:37.0234 0764 ============================================================
05:01:37.0234 0764 Scan started
05:01:37.0234 0764 Mode: Manual;
05:01:37.0234 0764 ============================================================
05:01:37.0553 0764 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
05:01:37.0556 0764 ACPI - ok
05:01:37.0630 0764 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
05:01:37.0633 0764 adfs - ok
05:01:37.0741 0764 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
05:01:37.0751 0764 adp94xx - ok
05:01:37.0834 0764 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
05:01:37.0840 0764 adpahci - ok
05:01:37.0984 0764 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
05:01:37.0986 0764 adpu160m - ok
05:01:38.0071 0764 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
05:01:38.0075 0764 adpu320 - ok
05:01:38.0175 0764 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
05:01:38.0181 0764 AFD - ok
05:01:38.0321 0764 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
05:01:38.0323 0764 agp440 - ok
05:01:38.0401 0764 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
05:01:38.0404 0764 aic78xx - ok
05:01:38.0483 0764 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
05:01:38.0485 0764 aliide - ok
05:01:38.0542 0764 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
05:01:38.0544 0764 amdagp - ok
05:01:38.0661 0764 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
05:01:38.0662 0764 amdide - ok
05:01:38.0737 0764 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
05:01:38.0739 0764 AmdK7 - ok
05:01:38.0812 0764 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
05:01:38.0813 0764 AmdK8 - ok
05:01:38.0891 0764 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
05:01:38.0895 0764 ApfiltrService - ok
05:01:39.0037 0764 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
05:01:39.0040 0764 arc - ok
05:01:39.0254 0764 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
05:01:39.0257 0764 arcsas - ok
05:01:39.0358 0764 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
05:01:39.0359 0764 AsyncMac - ok
05:01:39.0443 0764 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
05:01:39.0444 0764 atapi - ok
05:01:39.0545 0764 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
05:01:39.0546 0764 Beep - ok
05:01:39.0808 0764 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
05:01:39.0851 0764 BHDrvx86 - ok
05:01:39.0977 0764 blbdrive - ok
05:01:40.0050 0764 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
05:01:40.0052 0764 bowser - ok
05:01:40.0120 0764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
05:01:40.0121 0764 BrFiltLo - ok
05:01:40.0265 0764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
05:01:40.0266 0764 BrFiltUp - ok
05:01:40.0407 0764 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
05:01:40.0409 0764 Brserid - ok
05:01:40.0491 0764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
05:01:40.0493 0764 BrSerWdm - ok
05:01:40.0545 0764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
05:01:40.0546 0764 BrUsbMdm - ok
05:01:40.0606 0764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
05:01:40.0608 0764 BrUsbSer - ok
05:01:40.0667 0764 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
05:01:40.0669 0764 BTHMODEM - ok
05:01:40.0744 0764 catchme - ok
05:01:40.0920 0764 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
05:01:40.0922 0764 cdfs - ok
05:01:40.0992 0764 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
05:01:40.0993 0764 Cdr4_xp - ok
05:01:41.0032 0764 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
05:01:41.0033 0764 Cdralw2k - ok
05:01:41.0111 0764 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
05:01:41.0113 0764 cdrom - ok
05:01:41.0259 0764 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
05:01:41.0260 0764 circlass - ok
05:01:41.0349 0764 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
05:01:41.0355 0764 CLFS - ok
05:01:41.0472 0764 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
05:01:41.0473 0764 CmBatt - ok
05:01:41.0614 0764 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
05:01:41.0615 0764 cmdide - ok
05:01:41.0705 0764 ComcastSecureBackupShareFilter (b8e08bfcab2be31804cea983d2094faf) C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys
05:01:41.0707 0764 ComcastSecureBackupShareFilter - ok
05:01:41.0788 0764 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
05:01:41.0790 0764 Compbatt - ok
05:01:41.0832 0764 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
05:01:41.0834 0764 crcdisk - ok
05:01:41.0982 0764 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
05:01:41.0984 0764 Crusoe - ok
05:01:42.0079 0764 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
05:01:42.0082 0764 DfsC - ok
05:01:42.0178 0764 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
05:01:42.0180 0764 disk - ok
05:01:42.0229 0764 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
05:01:42.0230 0764 DMICall - ok
05:01:42.0413 0764 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
05:01:42.0414 0764 drmkaud - ok
05:01:42.0523 0764 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
05:01:42.0552 0764 DXGKrnl - ok
05:01:42.0711 0764 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\Windows\system32\DRIVERS\e100b325.sys
05:01:42.0714 0764 E100B - ok
05:01:42.0791 0764 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
05:01:42.0795 0764 E1G60 - ok
05:01:42.0973 0764 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
05:01:42.0976 0764 Ecache - ok
05:01:43.0266 0764 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
05:01:43.0274 0764 eeCtrl - ok
05:01:43.0428 0764 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
05:01:43.0436 0764 elxstor - ok
05:01:43.0538 0764 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
05:01:43.0541 0764 EraserUtilRebootDrv - ok
05:01:43.0633 0764 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
05:01:43.0637 0764 exfat - ok
05:01:43.0754 0764 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
05:01:43.0758 0764 fastfat - ok
05:01:43.0872 0764 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
05:01:43.0875 0764 fdc - ok
05:01:44.0014 0764 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
05:01:44.0016 0764 FileInfo - ok
05:01:44.0098 0764 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
05:01:44.0100 0764 Filetrace - ok
05:01:44.0286 0764 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
05:01:44.0288 0764 flpydisk - ok
05:01:44.0408 0764 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
05:01:44.0412 0764 FltMgr - ok
05:01:44.0537 0764 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
05:01:44.0539 0764 fssfltr - ok
05:01:44.0614 0764 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
05:01:44.0616 0764 Fs_Rec - ok
05:01:44.0730 0764 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
05:01:44.0732 0764 gagp30kx - ok
05:01:44.0842 0764 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
05:01:44.0846 0764 GEARAspiWDM - ok
05:01:44.0982 0764 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
05:01:44.0983 0764 GIDv2 - ok
05:01:45.0096 0764 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
05:01:45.0102 0764 HdAudAddService - ok
05:01:45.0315 0764 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
05:01:45.0343 0764 HDAudBus - ok
05:01:45.0455 0764 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
05:01:45.0457 0764 HidBth - ok
05:01:45.0525 0764 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
05:01:45.0527 0764 HidIr - ok
05:01:45.0642 0764 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
05:01:45.0643 0764 HidUsb - ok
05:01:45.0744 0764 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
05:01:45.0746 0764 HpCISSs - ok
05:01:45.0908 0764 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
05:01:45.0914 0764 HSFHWAZL - ok
05:01:46.0070 0764 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
05:01:46.0113 0764 HSF_DPV - ok
05:01:46.0227 0764 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
05:01:46.0231 0764 HSXHWAZL - ok
05:01:46.0337 0764 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
05:01:46.0345 0764 HTTP - ok
05:01:46.0430 0764 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
05:01:46.0432 0764 i2omp - ok
05:01:46.0571 0764 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
05:01:46.0572 0764 i8042prt - ok
05:01:46.0679 0764 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\DRIVERS\iaStor.sys
05:01:46.0681 0764 iaStor - ok
05:01:46.0768 0764 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
05:01:46.0773 0764 iaStorV - ok
05:01:47.0028 0764 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120217.003\IDSvix86.sys
05:01:47.0036 0764 IDSVix86 - ok
05:01:47.0217 0764 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
05:01:47.0218 0764 iirsp - ok
05:01:47.0315 0764 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
05:01:47.0316 0764 intelide - ok
05:01:47.0361 0764 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
05:01:47.0363 0764 intelppm - ok
05:01:47.0451 0764 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:01:47.0452 0764 IpFilterDriver - ok
05:01:47.0536 0764 IpInIp - ok
05:01:47.0679 0764 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
05:01:47.0681 0764 IPMIDRV - ok
05:01:47.0764 0764 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
05:01:47.0767 0764 IPNAT - ok
05:01:47.0856 0764 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
05:01:47.0859 0764 IRENUM - ok
05:01:47.0952 0764 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
05:01:47.0955 0764 isapnp - ok
05:01:48.0149 0764 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
05:01:48.0153 0764 iScsiPrt - ok
05:01:48.0218 0764 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
05:01:48.0219 0764 iteatapi - ok
05:01:48.0332 0764 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
05:01:48.0334 0764 iteraid - ok
05:01:48.0487 0764 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
05:01:48.0488 0764 kbdclass - ok
05:01:48.0561 0764 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
05:01:48.0563 0764 kbdhid - ok
05:01:48.0698 0764 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
05:01:48.0708 0764 KSecDD - ok
05:01:49.0005 0764 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
05:01:49.0007 0764 lltdio - ok
05:01:49.0108 0764 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
05:01:49.0110 0764 LSI_FC - ok
05:01:49.0190 0764 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
05:01:49.0193 0764 LSI_SAS - ok
05:01:49.0266 0764 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
05:01:49.0269 0764 LSI_SCSI - ok
05:01:49.0376 0764 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
05:01:49.0378 0764 luafv - ok
05:01:49.0561 0764 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
05:01:49.0563 0764 MBAMProtector - ok
05:01:49.0664 0764 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
05:01:49.0665 0764 mdmxsdk - ok
05:01:49.0737 0764 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
05:01:49.0739 0764 megasas - ok
05:01:49.0842 0764 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
05:01:49.0843 0764 Modem - ok
05:01:49.0985 0764 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
05:01:49.0986 0764 monitor - ok
05:01:50.0095 0764 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
05:01:50.0097 0764 mouclass - ok
05:01:50.0133 0764 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
05:01:50.0134 0764 mouhid - ok
05:01:50.0221 0764 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
05:01:50.0223 0764 MountMgr - ok
05:01:50.0372 0764 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
05:01:50.0375 0764 mpio - ok
05:01:50.0475 0764 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
05:01:50.0477 0764 mpsdrv - ok
05:01:50.0548 0764 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
05:01:50.0550 0764 Mraid35x - ok
05:01:50.0651 0764 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
05:01:50.0654 0764 MRxDAV - ok
05:01:50.0812 0764 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:01:50.0818 0764 mrxsmb - ok
05:01:50.0941 0764 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:01:50.0946 0764 mrxsmb10 - ok
05:01:51.0271 0764 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:01:51.0274 0764 mrxsmb20 - ok
05:01:51.0358 0764 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
05:01:51.0360 0764 msahci - ok
05:01:51.0452 0764 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
05:01:51.0454 0764 msdsm - ok
05:01:51.0618 0764 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
05:01:51.0619 0764 Msfs - ok
05:01:51.0701 0764 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
05:01:51.0703 0764 msisadrv - ok
05:01:51.0802 0764 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
05:01:51.0807 0764 MSKSSRV - ok
05:01:51.0921 0764 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
05:01:51.0923 0764 MSPCLOCK - ok
05:01:52.0069 0764 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
05:01:52.0199 0764 MSPQM - ok
05:01:52.0292 0764 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
05:01:52.0297 0764 MsRPC - ok
05:01:52.0412 0764 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
05:01:52.0414 0764 mssmbios - ok
05:01:52.0530 0764 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
05:01:52.0531 0764 MSTEE - ok
05:01:52.0717 0764 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
05:01:52.0719 0764 Mup - ok
05:01:52.0855 0764 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
05:01:52.0859 0764 NativeWifiP - ok
05:01:53.0123 0764 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120218.008\NAVENG.SYS
05:01:53.0127 0764 NAVENG - ok
05:01:53.0236 0764 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120218.008\NAVEX15.SYS
05:01:53.0321 0764 NAVEX15 - ok
05:01:53.0518 0764 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
05:01:53.0546 0764 NDIS - ok
05:01:53.0604 0764 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
05:01:53.0606 0764 NdisTapi - ok
05:01:53.0706 0764 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
05:01:53.0707 0764 Ndisuio - ok
05:01:53.0883 0764 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
05:01:53.0886 0764 NdisWan - ok
05:01:54.0036 0764 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
05:01:54.0038 0764 NDProxy - ok
05:01:54.0301 0764 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
05:01:54.0302 0764 NetBIOS - ok
05:01:54.0421 0764 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
05:01:54.0425 0764 netbt - ok
05:01:54.0670 0764 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
05:01:54.0827 0764 NETw3v32 - ok
05:01:55.0103 0764 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
05:01:55.0273 0764 NETw5v32 - ok
05:01:55.0507 0764 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
05:01:55.0509 0764 nfrd960 - ok
05:01:55.0608 0764 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
05:01:55.0610 0764 Npfs - ok
05:01:55.0709 0764 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
05:01:55.0710 0764 nsiproxy - ok
05:01:55.0985 0764 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
05:01:56.0028 0764 Ntfs - ok
05:01:56.0141 0764 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
05:01:56.0143 0764 ntrigdigi - ok
05:01:56.0303 0764 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
05:01:56.0304 0764 Null - ok
05:01:56.0585 0764 nvlddmkm (97144f45e6cc5e11f1465e466c9f6c65) C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:01:56.0769 0764 nvlddmkm - ok
05:01:56.0923 0764 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
05:01:56.0926 0764 nvraid - ok
05:01:57.0177 0764 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
05:01:57.0179 0764 nvstor - ok
05:01:57.0376 0764 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
05:01:57.0380 0764 nv_agp - ok

1 of 3

 

[Fish hooK]

05:01:57.0446 0764 NwlnkFlt - ok
05:01:57.0508 0764 NwlnkFwd - ok
05:01:57.0639 0764 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
05:01:57.0640 0764 ohci1394 - ok
05:01:57.0806 0764 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
05:01:57.0811 0764 Parport - ok
05:01:57.0952 0764 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
05:01:57.0954 0764 partmgr - ok
05:01:58.0026 0764 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
05:01:58.0027 0764 Parvdm - ok
05:01:58.0242 0764 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
05:01:58.0246 0764 pci - ok
05:01:58.0324 0764 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
05:01:58.0325 0764 pciide - ok
05:01:58.0419 0764 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
05:01:58.0423 0764 pcmcia - ok
05:01:58.0648 0764 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
05:01:58.0651 0764 pcouffin - ok
05:01:58.0785 0764 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
05:01:58.0871 0764 PEAUTH - ok
05:01:59.0147 0764 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
05:01:59.0149 0764 PptpMiniport - ok
05:01:59.0246 0764 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
05:01:59.0248 0764 Processor - ok
05:01:59.0373 0764 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
05:01:59.0375 0764 PSched - ok
05:01:59.0445 0764 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
05:01:59.0447 0764 PxHelp20 - ok
05:01:59.0590 0764 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
05:01:59.0633 0764 ql2300 - ok
05:01:59.0744 0764 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
05:01:59.0747 0764 ql40xx - ok
05:01:59.0904 0764 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
05:01:59.0905 0764 QWAVEdrv - ok
05:01:59.0996 0764 R5U870FLx86 (f2b3e0e54817becdedbc095b25daa248) C:\Windows\system32\Drivers\R5U870FLx86.sys
05:01:59.0998 0764 R5U870FLx86 - ok
05:02:00.0053 0764 R5U870FUx86 (5f598e844e7a465932507314444bd97a) C:\Windows\system32\Drivers\R5U870FUx86.sys
05:02:00.0055 0764 R5U870FUx86 - ok
05:02:00.0168 0764 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
05:02:00.0169 0764 RasAcd - ok
05:02:00.0311 0764 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:02:00.0313 0764 Rasl2tp - ok
05:02:00.0432 0764 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
05:02:00.0434 0764 RasPppoe - ok
05:02:00.0571 0764 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
05:02:00.0573 0764 RasSstp - ok
05:02:00.0692 0764 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
05:02:00.0698 0764 rdbss - ok
05:02:00.0862 0764 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:02:00.0863 0764 RDPCDD - ok
05:02:00.0966 0764 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
05:02:00.0972 0764 rdpdr - ok
05:02:01.0134 0764 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
05:02:01.0135 0764 RDPENCDD - ok
05:02:01.0298 0764 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
05:02:01.0303 0764 RDPWD - ok
05:02:01.0686 0764 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
05:02:01.0688 0764 ROOTMODEM - ok
05:02:01.0789 0764 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
05:02:01.0791 0764 rspndr - ok
05:02:01.0943 0764 RTL8187 (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
05:02:01.0950 0764 RTL8187 - ok
05:02:01.0972 0764 RTLWUSB (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
05:02:01.0975 0764 RTLWUSB - ok
05:02:02.0259 0764 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
05:02:02.0262 0764 sbp2port - ok
05:02:02.0376 0764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
05:02:02.0377 0764 secdrv - ok
05:02:02.0453 0764 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
05:02:02.0455 0764 Serenum - ok
05:02:02.0524 0764 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
05:02:02.0527 0764 Serial - ok
05:02:02.0727 0764 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
05:02:02.0729 0764 sermouse - ok
05:02:02.0816 0764 Service Host Driver - ok
05:02:03.0043 0764 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
05:02:03.0045 0764 sffdisk - ok
05:02:03.0134 0764 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
05:02:03.0135 0764 sffp_mmc - ok
05:02:03.0207 0764 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
05:02:03.0209 0764 sffp_sd - ok
05:02:03.0332 0764 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
05:02:03.0334 0764 sfloppy - ok
05:02:03.0597 0764 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
05:02:03.0600 0764 sisagp - ok
05:02:03.0688 0764 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
05:02:03.0690 0764 SiSRaid2 - ok
05:02:03.0820 0764 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
05:02:03.0823 0764 SiSRaid4 - ok
05:02:03.0964 0764 slim (ddd538fcff8d0b4f13e7ce7a792c32d6) C:\Windows\system32\drivers\slim.sys
05:02:04.0008 0764 slim - ok
05:02:04.0135 0764 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
05:02:04.0138 0764 Smb - ok
05:02:04.0243 0764 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
05:02:04.0245 0764 SNC - ok
05:02:04.0373 0764 SonyImgF (2f30c6ec1904cdb6f32ca69622726eb4) C:\Windows\system32\DRIVERS\SonyImgF.sys
05:02:04.0375 0764 SonyImgF - ok
05:02:04.0505 0764 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
05:02:04.0507 0764 spldr - ok
05:02:04.0648 0764 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
05:02:04.0677 0764 SRTSP - ok
05:02:04.0973 0764 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
05:02:04.0976 0764 SRTSPX - ok
05:02:05.0076 0764 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
05:02:05.0082 0764 srv - ok
05:02:05.0242 0764 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
05:02:05.0245 0764 srv2 - ok
05:02:05.0406 0764 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
05:02:05.0409 0764 srvnet - ok
05:02:05.0612 0764 STHDA (ab2059ae6d9243c502c86824bc40439e) C:\Windows\system32\drivers\stwrt.sys
05:02:05.0641 0764 STHDA - ok
05:02:05.0839 0764 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
05:02:05.0841 0764 swenum - ok
05:02:05.0910 0764 swivsp (5230aab3a00b0a1b89580d8ed85b5bfa) C:\Windows\system32\DRIVERS\swivspnt.sys
05:02:05.0912 0764 swivsp - ok
05:02:05.0988 0764 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
05:02:05.0990 0764 swmsflt - ok
05:02:06.0114 0764 SWNC8U90 (7ae593fe3d78195987505da0a7e91542) C:\Windows\system32\DRIVERS\swnc8u90.sys
05:02:06.0118 0764 SWNC8U90 - ok
05:02:06.0249 0764 SWUMX20 - ok
05:02:06.0332 0764 SWUMX90 (3076a3bb7c340bbf851075dd2ebad03f) C:\Windows\system32\DRIVERS\swumx90.sys
05:02:06.0336 0764 SWUMX90 - ok
05:02:06.0432 0764 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
05:02:06.0434 0764 Symc8xx - ok
05:02:06.0673 0764 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
05:02:06.0681 0764 SymDS - ok
05:02:06.0874 0764 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
05:02:06.0917 0764 SymEFA - ok
05:02:07.0011 0764 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
05:02:07.0014 0764 SymEvent - ok
05:02:07.0132 0764 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
05:02:07.0136 0764 SymIRON - ok
05:02:07.0333 0764 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
05:02:07.0341 0764 SYMTDIv - ok
05:02:07.0422 0764 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
05:02:07.0423 0764 Sym_hi - ok
05:02:07.0575 0764 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
05:02:07.0577 0764 Sym_u3 - ok
05:02:07.0853 0764 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
05:02:07.0898 0764 Tcpip - ok
05:02:08.0068 0764 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
05:02:08.0077 0764 Tcpip6 - ok
05:02:08.0174 0764 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
05:02:08.0176 0764 tcpipreg - ok
05:02:08.0267 0764 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
05:02:08.0269 0764 TDPIPE - ok
05:02:08.0414 0764 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
05:02:08.0416 0764 TDTCP - ok
05:02:08.0590 0764 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
05:02:08.0593 0764 tdx - ok
05:02:08.0737 0764 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
05:02:08.0739 0764 TermDD - ok
05:02:08.0900 0764 ti21sony (7c7445b4c2bd46c56abb3499da52b75c) C:\Windows\system32\drivers\ti21sony.sys
05:02:08.0905 0764 ti21sony - ok
05:02:09.0042 0764 tosrfbd (b758fda2e4389dc41688e4b8cee832a0) C:\Windows\system32\DRIVERS\tosrfbd.sys
05:02:09.0046 0764 tosrfbd - ok
05:02:09.0143 0764 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys
05:02:09.0146 0764 Tosrfhid - ok
05:02:09.0389 0764 tosrfusb (20cc46c5d3326122e1a0a8c9dad00e0d) C:\Windows\system32\DRIVERS\tosrfusb.sys
05:02:09.0391 0764 tosrfusb - ok
05:02:09.0522 0764 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:02:09.0523 0764 tssecsrv - ok
05:02:09.0633 0764 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
05:02:09.0635 0764 tunmp - ok
05:02:09.0774 0764 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
05:02:09.0775 0764 tunnel - ok
05:02:10.0110 0764 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
05:02:10.0128 0764 uagp35 - ok
05:02:10.0270 0764 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
05:02:10.0279 0764 udfs - ok
05:02:10.0370 0764 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
05:02:10.0372 0764 uliagpkx - ok
05:02:10.0594 0764 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
05:02:10.0600 0764 uliahci - ok
05:02:10.0720 0764 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
05:02:10.0723 0764 UlSata - ok
05:02:10.0812 0764 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
05:02:10.0823 0764 ulsata2 - ok
05:02:11.0007 0764 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
05:02:11.0009 0764 umbus - ok
05:02:11.0153 0764 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
05:02:11.0155 0764 UMPass - ok
05:02:11.0419 0764 USBAVCap (5deb97f34a15952af1b61147c0fa1f96) C:\Windows\system32\drivers\USBAVCap.sys
05:02:11.0462 0764 USBAVCap - ok
05:02:11.0577 0764 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
05:02:11.0580 0764 usbccgp - ok
05:02:11.0684 0764 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
05:02:11.0687 0764 usbcir - ok
05:02:11.0822 0764 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
05:02:11.0825 0764 usbehci - ok
05:02:12.0059 0764 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
05:02:12.0064 0764 usbhub - ok
05:02:12.0155 0764 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
05:02:12.0157 0764 usbohci - ok
05:02:12.0258 0764 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
05:02:12.0261 0764 usbprint - ok
05:02:12.0362 0764 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:02:12.0365 0764 USBSTOR - ok
05:02:12.0490 0764 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
05:02:12.0492 0764 usbuhci - ok
05:02:12.0680 0764 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
05:02:12.0683 0764 usbvideo - ok
05:02:12.0837 0764 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
05:02:12.0839 0764 vga - ok
05:02:13.0010 0764 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
05:02:13.0012 0764 VgaSave - ok
05:02:13.0080 0764 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
05:02:13.0082 0764 viaagp - ok
05:02:13.0187 0764 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
05:02:13.0189 0764 ViaC7 - ok
05:02:13.0312 0764 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
05:02:13.0314 0764 viaide - ok
05:02:13.0409 0764 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
05:02:13.0412 0764 volmgr - ok
05:02:13.0563 0764 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
05:02:13.0569 0764 volmgrx - ok
05:02:13.0723 0764 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
05:02:13.0729 0764 volsnap - ok
05:02:13.0846 0764 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
05:02:13.0850 0764 vsmraid - ok
05:02:14.0188 0764 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
05:02:14.0190 0764 WacomPen - ok
05:02:14.0299 0764 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:02:14.0301 0764 Wanarp - ok
05:02:14.0312 0764 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:02:14.0314 0764 Wanarpv6 - ok
05:02:14.0420 0764 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
05:02:14.0422 0764 wanatw - ok
05:02:14.0537 0764 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
05:02:14.0539 0764 Wd - ok
05:02:14.0729 0764 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
05:02:14.0759 0764 Wdf01000 - ok
05:02:14.0916 0764 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys
05:02:14.0919 0764 WimFltr - ok
05:02:15.0047 0764 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
05:02:15.0076 0764 winachsf - ok
05:02:15.0353 0764 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
05:02:15.0356 0764 WmiAcpi - ok
05:02:15.0531 0764 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
05:02:15.0533 0764 WpdUsb - ok
05:02:15.0656 0764 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
05:02:15.0657 0764 ws2ifsl - ok
05:02:15.0801 0764 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
05:02:15.0806 0764 WUDFRd - ok
05:02:16.0014 0764 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
05:02:16.0015 0764 XAudio - ok
05:02:16.0136 0764 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
05:02:16.0188 0764 \Device\Harddisk0\DR0 - ok
05:02:16.0193 0764 Boot (0x1200) (e295ed6d05504e4da4e08ad555c1b71d) \Device\Harddisk0\DR0\Partition0
05:02:16.0195 0764 \Device\Harddisk0\DR0\Partition0 - ok
05:02:16.0196 0764 ============================================================
05:02:16.0196 0764 Scan finished
05:02:16.0196 0764 ============================================================
05:02:16.0214 3764 Detected object count: 0
05:02:16.0214 3764 Actual detected object count: 0
05:03:47.0829 2676 ============================================================
05:03:47.0829 2676 Scan started
05:03:47.0829 2676 Mode: Manual;
05:03:47.0829 2676 ============================================================
05:03:48.0086 2676 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
05:03:48.0089 2676 ACPI - ok
05:03:48.0163 2676 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
05:03:48.0164 2676 adfs - ok
05:03:48.0260 2676 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
05:03:48.0263 2676 adp94xx - ok
05:03:48.0338 2676 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
05:03:48.0341 2676 adpahci - ok
05:03:48.0403 2676 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
05:03:48.0404 2676 adpu160m - ok
05:03:48.0647 2676 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
05:03:48.0648 2676 adpu320 - ok
05:03:48.0921 2676 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
05:03:48.0923 2676 AFD - ok
05:03:49.0269 2676 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
05:03:49.0270 2676 agp440 - ok
05:03:49.0592 2676 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
05:03:49.0593 2676 aic78xx - ok
05:03:49.0645 2676 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
05:03:49.0645 2676 aliide - ok
05:03:49.0846 2676 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
05:03:49.0848 2676 amdagp - ok
05:03:49.0966 2676 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
05:03:49.0966 2676 amdide - ok
05:03:50.0213 2676 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
05:03:50.0216 2676 AmdK7 - ok
05:03:50.0359 2676 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
05:03:50.0360 2676 AmdK8 - ok
05:03:50.0610 2676 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
05:03:50.0611 2676 ApfiltrService - ok
05:03:50.0685 2676 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
05:03:50.0686 2676 arc - ok
05:03:50.0802 2676 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
05:03:50.0803 2676 arcsas - ok
05:03:51.0077 2676 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
05:03:51.0077 2676 AsyncMac - ok
05:03:51.0190 2676 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
05:03:51.0191 2676 atapi - ok
05:03:51.0279 2676 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
05:03:51.0279 2676 Beep - ok
05:03:51.0570 2676 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
05:03:51.0577 2676 BHDrvx86 - ok
05:03:51.0710 2676 blbdrive - ok
05:03:51.0926 2676 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
05:03:51.0927 2676 bowser - ok
05:03:51.0996 2676 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
05:03:51.0996 2676 BrFiltLo - ok
05:03:52.0056 2676 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
05:03:52.0056 2676 BrFiltUp - ok
05:03:52.0169 2676 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
05:03:52.0170 2676 Brserid - ok
05:03:52.0239 2676 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
05:03:52.0240 2676 BrSerWdm - ok
05:03:52.0292 2676 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
05:03:52.0293 2676 BrUsbMdm - ok
05:03:52.0382 2676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
05:03:52.0383 2676 BrUsbSer - ok
05:03:52.0443 2676 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
05:03:52.0444 2676 BTHMODEM - ok
05:03:52.0520 2676 catchme - ok
05:03:52.0653 2676 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
05:03:52.0654 2676 cdfs - ok
05:03:52.0740 2676 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
05:03:52.0740 2676 Cdr4_xp - ok
05:03:52.0779 2676 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
05:03:52.0780 2676 Cdralw2k - ok
05:03:52.0872 2676 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
05:03:52.0873 2676 cdrom - ok
05:03:53.0006 2676 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
05:03:53.0007 2676 circlass - ok
05:03:53.0154 2676 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
05:03:53.0156 2676 CLFS - ok
05:03:53.0262 2676 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
05:03:53.0263 2676 CmBatt - ok
05:03:53.0319 2676 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
05:03:53.0319 2676 cmdide - ok
05:03:53.0410 2676 ComcastSecureBackupShareFilter (b8e08bfcab2be31804cea983d2094faf) C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys
05:03:53.0411 2676 ComcastSecureBackupShareFilter - ok

2of 3

 

[Fish hooK]

05:03:53.0493 2676 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
05:03:53.0494 2676 Compbatt - ok
05:03:53.0623 2676 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
05:03:53.0624 2676 crcdisk - ok
05:03:53.0701 2676 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
05:03:53.0702 2676 Crusoe - ok
05:03:53.0798 2676 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
05:03:53.0799 2676 DfsC - ok
05:03:53.0897 2676 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
05:03:53.0898 2676 disk - ok
05:03:53.0991 2676 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
05:03:53.0992 2676 DMICall - ok
05:03:54.0132 2676 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
05:03:54.0132 2676 drmkaud - ok
05:03:54.0271 2676 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
05:03:54.0277 2676 DXGKrnl - ok
05:03:54.0359 2676 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\Windows\system32\DRIVERS\e100b325.sys
05:03:54.0360 2676 E100B - ok
05:03:54.0453 2676 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
05:03:54.0455 2676 E1G60 - ok
05:03:54.0592 2676 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
05:03:54.0593 2676 Ecache - ok
05:03:54.0714 2676 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
05:03:54.0721 2676 eeCtrl - ok
05:03:54.0833 2676 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
05:03:54.0840 2676 elxstor - ok
05:03:54.0901 2676 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
05:03:54.0904 2676 EraserUtilRebootDrv - ok
05:03:55.0052 2676 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
05:03:55.0055 2676 exfat - ok
05:03:55.0158 2676 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
05:03:55.0162 2676 fastfat - ok
05:03:55.0234 2676 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
05:03:55.0235 2676 fdc - ok
05:03:55.0347 2676 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
05:03:55.0349 2676 FileInfo - ok
05:03:55.0432 2676 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
05:03:55.0432 2676 Filetrace - ok
05:03:55.0562 2676 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
05:03:55.0562 2676 flpydisk - ok
05:03:55.0656 2676 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
05:03:55.0658 2676 FltMgr - ok
05:03:55.0756 2676 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
05:03:55.0757 2676 fssfltr - ok
05:03:55.0833 2676 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
05:03:55.0835 2676 Fs_Rec - ok
05:03:55.0920 2676 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
05:03:55.0922 2676 gagp30kx - ok
05:03:56.0076 2676 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
05:03:56.0076 2676 GEARAspiWDM - ok
05:03:56.0172 2676 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
05:03:56.0174 2676 GIDv2 - ok
05:03:56.0287 2676 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
05:03:56.0289 2676 HdAudAddService - ok
05:03:56.0391 2676 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
05:03:56.0396 2676 HDAudBus - ok
05:03:56.0546 2676 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
05:03:56.0547 2676 HidBth - ok
05:03:56.0615 2676 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
05:03:56.0616 2676 HidIr - ok
05:03:56.0703 2676 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
05:03:56.0704 2676 HidUsb - ok
05:03:56.0792 2676 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
05:03:56.0794 2676 HpCISSs - ok
05:03:56.0870 2676 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
05:03:56.0872 2676 HSFHWAZL - ok
05:03:57.0046 2676 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
05:03:57.0054 2676 HSF_DPV - ok
05:03:57.0115 2676 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
05:03:57.0117 2676 HSXHWAZL - ok
05:03:57.0242 2676 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
05:03:57.0245 2676 HTTP - ok
05:03:57.0320 2676 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
05:03:57.0322 2676 i2omp - ok
05:03:57.0475 2676 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
05:03:57.0476 2676 i8042prt - ok
05:03:57.0555 2676 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\DRIVERS\iaStor.sys
05:03:57.0557 2676 iaStor - ok
05:03:57.0644 2676 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
05:03:57.0649 2676 iaStorV - ok
05:03:57.0904 2676 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120217.003\IDSvix86.sys
05:03:57.0912 2676 IDSVix86 - ok
05:03:58.0064 2676 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
05:03:58.0066 2676 iirsp - ok
05:03:58.0162 2676 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
05:03:58.0163 2676 intelide - ok
05:03:58.0209 2676 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
05:03:58.0210 2676 intelppm - ok
05:03:58.0298 2676 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:03:58.0299 2676 IpFilterDriver - ok
05:03:58.0369 2676 IpInIp - ok
05:03:58.0527 2676 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
05:03:58.0529 2676 IPMIDRV - ok
05:03:58.0612 2676 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
05:03:58.0613 2676 IPNAT - ok
05:03:58.0704 2676 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
05:03:58.0705 2676 IRENUM - ok
05:03:58.0766 2676 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
05:03:58.0768 2676 isapnp - ok
05:03:58.0897 2676 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
05:03:58.0899 2676 iScsiPrt - ok
05:03:59.0051 2676 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
05:03:59.0053 2676 iteatapi - ok
05:03:59.0122 2676 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
05:03:59.0124 2676 iteraid - ok
05:03:59.0220 2676 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
05:03:59.0221 2676 kbdclass - ok
05:03:59.0295 2676 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
05:03:59.0296 2676 kbdhid - ok
05:03:59.0403 2676 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
05:03:59.0407 2676 KSecDD - ok
05:03:59.0610 2676 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
05:03:59.0611 2676 lltdio - ok
05:03:59.0727 2676 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
05:03:59.0729 2676 LSI_FC - ok
05:03:59.0795 2676 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
05:03:59.0798 2676 LSI_SAS - ok
05:03:59.0871 2676 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
05:03:59.0873 2676 LSI_SCSI - ok
05:03:59.0995 2676 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
05:03:59.0997 2676 luafv - ok
05:04:00.0137 2676 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
05:04:00.0139 2676 MBAMProtector - ok
05:04:00.0240 2676 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
05:04:00.0241 2676 mdmxsdk - ok
05:04:00.0313 2676 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
05:04:00.0315 2676 megasas - ok
05:04:00.0489 2676 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
05:04:00.0490 2676 Modem - ok
05:04:00.0604 2676 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
05:04:00.0605 2676 monitor - ok
05:04:00.0700 2676 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
05:04:00.0701 2676 mouclass - ok
05:04:00.0751 2676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
05:04:00.0753 2676 mouhid - ok
05:04:00.0869 2676 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
05:04:00.0870 2676 MountMgr - ok
05:04:00.0963 2676 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
05:04:00.0965 2676 mpio - ok
05:04:01.0137 2676 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
05:04:01.0138 2676 mpsdrv - ok
05:04:01.0224 2676 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
05:04:01.0226 2676 Mraid35x - ok
05:04:01.0327 2676 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
05:04:01.0330 2676 MRxDAV - ok
05:04:01.0417 2676 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:04:01.0418 2676 mrxsmb - ok
05:04:01.0503 2676 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:04:01.0505 2676 mrxsmb10 - ok
05:04:01.0611 2676 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:04:01.0612 2676 mrxsmb20 - ok
05:04:01.0706 2676 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
05:04:01.0707 2676 msahci - ok
05:04:01.0785 2676 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
05:04:01.0788 2676 msdsm - ok
05:04:01.0880 2676 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
05:04:01.0881 2676 Msfs - ok
05:04:01.0963 2676 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
05:04:01.0964 2676 msisadrv - ok
05:04:02.0121 2676 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
05:04:02.0122 2676 MSKSSRV - ok
05:04:02.0226 2676 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
05:04:02.0227 2676 MSPCLOCK - ok
05:04:02.0316 2676 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
05:04:02.0317 2676 MSPQM - ok
05:04:02.0410 2676 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
05:04:02.0414 2676 MsRPC - ok
05:04:02.0560 2676 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
05:04:02.0561 2676 mssmbios - ok
05:04:02.0663 2676 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
05:04:02.0664 2676 MSTEE - ok
05:04:02.0721 2676 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
05:04:02.0722 2676 Mup - ok
05:04:02.0845 2676 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
05:04:02.0847 2676 NativeWifiP - ok
05:04:03.0027 2676 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120218.008\NAVENG.SYS
05:04:03.0030 2676 NAVENG - ok
05:04:03.0140 2676 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120218.008\NAVEX15.SYS
05:04:03.0225 2676 NAVEX15 - ok
05:04:03.0422 2676 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
05:04:03.0451 2676 NDIS - ok
05:04:03.0509 2676 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
05:04:03.0510 2676 NdisTapi - ok
05:04:03.0610 2676 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
05:04:03.0611 2676 Ndisuio - ok
05:04:03.0688 2676 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
05:04:03.0689 2676 NdisWan - ok
05:04:03.0783 2676 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
05:04:03.0785 2676 NDProxy - ok
05:04:03.0919 2676 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
05:04:03.0920 2676 NetBIOS - ok
05:04:04.0011 2676 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
05:04:04.0012 2676 netbt - ok
05:04:04.0174 2676 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
05:04:04.0188 2676 NETw3v32 - ok
05:04:04.0463 2676 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
05:04:04.0495 2676 NETw5v32 - ok
05:04:04.0569 2676 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
05:04:04.0571 2676 nfrd960 - ok
05:04:04.0740 2676 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
05:04:04.0742 2676 Npfs - ok
05:04:04.0816 2676 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
05:04:04.0817 2676 nsiproxy - ok
05:04:04.0975 2676 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
05:04:05.0019 2676 Ntfs - ok
05:04:05.0089 2676 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
05:04:05.0091 2676 ntrigdigi - ok
05:04:05.0250 2676 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
05:04:05.0252 2676 Null - ok
05:04:05.0515 2676 nvlddmkm (97144f45e6cc5e11f1465e466c9f6c65) C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:04:05.0549 2676 nvlddmkm - ok
05:04:05.0628 2676 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
05:04:05.0630 2676 nvraid - ok
05:04:05.0696 2676 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
05:04:05.0698 2676 nvstor - ok
05:04:05.0795 2676 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
05:04:05.0798 2676 nv_agp - ok
05:04:05.0939 2676 NwlnkFlt - ok
05:04:05.0979 2676 NwlnkFwd - ok
05:04:06.0058 2676 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
05:04:06.0059 2676 ohci1394 - ok
05:04:06.0139 2676 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
05:04:06.0142 2676 Parport - ok
05:04:06.0228 2676 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
05:04:06.0229 2676 partmgr - ok
05:04:06.0316 2676 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
05:04:06.0318 2676 Parvdm - ok
05:04:06.0518 2676 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
05:04:06.0520 2676 pci - ok
05:04:06.0586 2676 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
05:04:06.0587 2676 pciide - ok
05:04:06.0681 2676 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
05:04:06.0683 2676 pcmcia - ok
05:04:06.0781 2676 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
05:04:06.0782 2676 pcouffin - ok
05:04:06.0918 2676 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
05:04:06.0925 2676 PEAUTH - ok
05:04:07.0109 2676 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
05:04:07.0110 2676 PptpMiniport - ok
05:04:07.0165 2676 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
05:04:07.0167 2676 Processor - ok
05:04:07.0263 2676 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
05:04:07.0266 2676 PSched - ok
05:04:07.0349 2676 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
05:04:07.0350 2676 PxHelp20 - ok
05:04:07.0494 2676 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
05:04:07.0538 2676 ql2300 - ok
05:04:07.0634 2676 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
05:04:07.0637 2676 ql40xx - ok
05:04:07.0737 2676 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
05:04:07.0738 2676 QWAVEdrv - ok
05:04:07.0802 2676 R5U870FLx86 (f2b3e0e54817becdedbc095b25daa248) C:\Windows\system32\Drivers\R5U870FLx86.sys
05:04:07.0803 2676 R5U870FLx86 - ok
05:04:07.0886 2676 R5U870FUx86 (5f598e844e7a465932507314444bd97a) C:\Windows\system32\Drivers\R5U870FUx86.sys
05:04:07.0887 2676 R5U870FUx86 - ok
05:04:07.0973 2676 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
05:04:07.0973 2676 RasAcd - ok
05:04:08.0129 2676 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:04:08.0131 2676 Rasl2tp - ok
05:04:08.0223 2676 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
05:04:08.0224 2676 RasPppoe - ok
05:04:08.0304 2676 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
05:04:08.0306 2676 RasSstp - ok
05:04:08.0425 2676 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
05:04:08.0427 2676 rdbss - ok
05:04:08.0538 2676 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:04:08.0539 2676 RDPCDD - ok
05:04:08.0628 2676 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
05:04:08.0633 2676 rdpdr - ok
05:04:08.0680 2676 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
05:04:08.0681 2676 RDPENCDD - ok
05:04:08.0774 2676 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
05:04:08.0779 2676 RDPWD - ok
05:04:08.0905 2676 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
05:04:08.0906 2676 ROOTMODEM - ok
05:04:09.0022 2676 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
05:04:09.0024 2676 rspndr - ok
05:04:09.0119 2676 RTL8187 (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
05:04:09.0122 2676 RTL8187 - ok
05:04:09.0148 2676 RTLWUSB (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
05:04:09.0151 2676 RTLWUSB - ok
05:04:09.0235 2676 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
05:04:09.0238 2676 sbp2port - ok
05:04:09.0380 2676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
05:04:09.0382 2676 secdrv - ok
05:04:09.0486 2676 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
05:04:09.0487 2676 Serenum - ok
05:04:09.0557 2676 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
05:04:09.0560 2676 Serial - ok
05:04:09.0646 2676 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
05:04:09.0647 2676 sermouse - ok
05:04:09.0735 2676 Service Host Driver - ok
05:04:09.0891 2676 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
05:04:09.0892 2676 sffdisk - ok
05:04:09.0981 2676 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
05:04:09.0983 2676 sffp_mmc - ok
05:04:10.0055 2676 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
05:04:10.0056 2676 sffp_sd - ok
05:04:10.0122 2676 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
05:04:10.0123 2676 sfloppy - ok
05:04:10.0202 2676 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
05:04:10.0204 2676 sisagp - ok
05:04:10.0291 2676 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
05:04:10.0293 2676 SiSRaid2 - ok
05:04:10.0468 2676 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
05:04:10.0470 2676 SiSRaid4 - ok
05:04:10.0583 2676 slim (ddd538fcff8d0b4f13e7ce7a792c32d6) C:\Windows\system32\drivers\slim.sys
05:04:10.0589 2676 slim - ok
05:04:10.0697 2676 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
05:04:10.0698 2676 Smb - ok
05:04:10.0805 2676 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
05:04:10.0806 2676 SNC - ok
05:04:10.0949 2676 SonyImgF (2f30c6ec1904cdb6f32ca69622726eb4) C:\Windows\system32\DRIVERS\SonyImgF.sys
05:04:10.0951 2676 SonyImgF - ok
05:04:11.0038 2676 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
05:04:11.0039 2676 spldr - ok
05:04:11.0181 2676 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
05:04:11.0210 2676 SRTSP - ok
05:04:11.0292 2676 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
05:04:11.0294 2676 SRTSPX - ok
05:04:11.0480 2676 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
05:04:11.0483 2676 srv - ok
05:04:11.0544 2676 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
05:04:11.0546 2676 srv2 - ok
05:04:11.0625 2676 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
05:04:11.0626 2676 srvnet - ok
05:04:11.0759 2676 STHDA (ab2059ae6d9243c502c86824bc40439e) C:\Windows\system32\drivers\stwrt.sys
05:04:11.0764 2676 STHDA - ok
05:04:11.0886 2676 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
05:04:11.0887 2676 swenum - ok
05:04:12.0029 2676 swivsp (5230aab3a00b0a1b89580d8ed85b5bfa) C:\Windows\system32\DRIVERS\swivspnt.sys
05:04:12.0030 2676 swivsp - ok
05:04:12.0107 2676 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
05:04:12.0109 2676 swmsflt - ok
05:04:12.0204 2676 SWNC8U90 (7ae593fe3d78195987505da0a7e91542) C:\Windows\system32\DRIVERS\swnc8u90.sys
05:04:12.0206 2676 SWNC8U90 - ok
05:04:12.0265 2676 SWUMX20 - ok
05:04:12.0351 2676 SWUMX90 (3076a3bb7c340bbf851075dd2ebad03f) C:\Windows\system32\DRIVERS\swumx90.sys
05:04:12.0353 2676 SWUMX90 - ok
05:04:12.0522 2676 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
05:04:12.0524 2676 Symc8xx - ok
05:04:12.0678 2676 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
05:04:12.0680 2676 SymDS - ok
05:04:12.0792 2676 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
05:04:12.0798 2676 SymEFA - ok
05:04:12.0901 2676 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
05:04:12.0904 2676 SymEvent - ok
05:04:13.0029 2676 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
05:04:13.0033 2676 SymIRON - ok
05:04:13.0181 2676 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
05:04:13.0188 2676 SYMTDIv - ok
05:04:13.0269 2676 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
05:04:13.0271 2676 Sym_hi - ok
05:04:13.0337 2676 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
05:04:13.0339 2676 Sym_u3 - ok
05:04:13.0515 2676 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
05:04:13.0523 2676 Tcpip - ok
05:04:13.0701 2676 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
05:04:13.0708 2676 Tcpip6 - ok
05:04:13.0793 2676 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
05:04:13.0794 2676 tcpipreg - ok
05:04:13.0872 2676 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
05:04:13.0873 2676 TDPIPE - ok
05:04:13.0962 2676 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
05:04:13.0963 2676 TDTCP - ok
05:04:14.0051 2676 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
05:04:14.0052 2676 tdx - ok
05:04:14.0227 2676 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
05:04:14.0229 2676 TermDD - ok
05:04:14.0333 2676 ti21sony (7c7445b4c2bd46c56abb3499da52b75c) C:\Windows\system32\drivers\ti21sony.sys
05:04:14.0335 2676 ti21sony - ok
05:04:14.0404 2676 tosrfbd (b758fda2e4389dc41688e4b8cee832a0) C:\Windows\system32\DRIVERS\tosrfbd.sys
05:04:14.0405 2676 tosrfbd - ok
05:04:14.0462 2676 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys
05:04:14.0463 2676 Tosrfhid - ok
05:04:14.0622 2676 tosrfusb (20cc46c5d3326122e1a0a8c9dad00e0d) C:\Windows\system32\DRIVERS\tosrfusb.sys
05:04:14.0624 2676 tosrfusb - ok
05:04:14.0755 2676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:04:14.0756 2676 tssecsrv - ok
05:04:14.0852 2676 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
05:04:14.0853 2676 tunmp - ok
05:04:14.0911 2676 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
05:04:14.0913 2676 tunnel - ok
05:04:15.0029 2676 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
05:04:15.0031 2676 uagp35 - ok
05:04:15.0175 2676 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
05:04:15.0177 2676 udfs - ok
05:04:15.0260 2676 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
05:04:15.0263 2676 uliagpkx - ok
05:04:15.0327 2676 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
05:04:15.0332 2676 uliahci - ok
05:04:15.0396 2676 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
05:04:15.0398 2676 UlSata - ok
05:04:15.0502 2676 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
05:04:15.0506 2676 ulsata2 - ok
05:04:15.0669 2676 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
05:04:15.0670 2676 umbus - ok
05:04:15.0771 2676 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
05:04:15.0772 2676 UMPass - ok
05:04:15.0880 2676 USBAVCap (5deb97f34a15952af1b61147c0fa1f96) C:\Windows\system32\drivers\USBAVCap.sys
05:04:15.0887 2676 USBAVCap - ok
05:04:15.0996 2676 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
05:04:15.0997 2676 usbccgp - ok
05:04:16.0131 2676 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
05:04:16.0134 2676 usbcir - ok
05:04:16.0241 2676 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
05:04:16.0242 2676 usbehci - ok
05:04:16.0335 2676 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
05:04:16.0337 2676 usbhub - ok
05:04:16.0431 2676 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
05:04:16.0432 2676 usbohci - ok
05:04:16.0577 2676 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
05:04:16.0579 2676 usbprint - ok
05:04:16.0667 2676 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:04:16.0668 2676 USBSTOR - ok
05:04:16.0747 2676 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
05:04:16.0748 2676 usbuhci - ok
05:04:16.0855 2676 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
05:04:16.0857 2676 usbvideo - ok
05:04:16.0970 2676 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
05:04:16.0971 2676 vga - ok
05:04:17.0105 2676 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
05:04:17.0106 2676 VgaSave - ok
05:04:17.0213 2676 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
05:04:17.0215 2676 viaagp - ok
05:04:17.0277 2676 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
05:04:17.0279 2676 ViaC7 - ok
05:04:17.0359 2676 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
05:04:17.0361 2676 viaide - ok
05:04:17.0457 2676 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
05:04:17.0458 2676 volmgr - ok
05:04:17.0610 2676 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
05:04:17.0612 2676 volmgrx - ok
05:04:17.0698 2676 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
05:04:17.0700 2676 volsnap - ok
05:04:17.0793 2676 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
05:04:17.0797 2676 vsmraid - ok
05:04:17.0921 2676 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
05:04:17.0923 2676 WacomPen - ok
05:04:18.0032 2676 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:04:18.0033 2676 Wanarp - ok
05:04:18.0044 2676 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:04:18.0045 2676 Wanarpv6 - ok
05:04:18.0196 2676 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
05:04:18.0197 2676 wanatw - ok
05:04:18.0284 2676 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
05:04:18.0286 2676 Wd - ok
05:04:18.0419 2676 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
05:04:18.0424 2676 Wdf01000 - ok
05:04:18.0549 2676 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys
05:04:18.0550 2676 WimFltr - ok
05:04:18.0722 2676 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
05:04:18.0728 2676 winachsf - ok
05:04:18.0886 2676 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
05:04:18.0888 2676 WmiAcpi - ok
05:04:19.0050 2676 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
05:04:19.0051 2676 WpdUsb - ok
05:04:19.0146 2676 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
05:04:19.0147 2676 ws2ifsl - ok
05:04:19.0304 2676 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
05:04:19.0306 2676 WUDFRd - ok
05:04:19.0447 2676 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
05:04:19.0448 2676 XAudio - ok
05:04:19.0540 2676 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
05:04:19.0592 2676 \Device\Harddisk0\DR0 - ok
05:04:19.0599 2676 Boot (0x1200) (e295ed6d05504e4da4e08ad555c1b71d) \Device\Harddisk0\DR0\Partition0
05:04:19.0601 2676 \Device\Harddisk0\DR0\Partition0 - ok
05:04:19.0602 2676 ============================================================
05:04:19.0602 2676 Scan finished
05:04:19.0602 2676 ============================================================
05:04:19.0613 3896 Detected object count: 0
05:04:19.0613 3896 Actual detected object count: 0
05:13:12.0435 3876 Deinitialize success

3 of 3

 

[Fish hooK]

mbam-log-2012-02-19 (05-31-36).txt


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: HAROLD [administrator]

Protection: Enabled

2/19/2012 5:31:36 AM
mbam-log-2012-02-19 (05-31-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 422970
Time elapsed: 2 hour(s), 18 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Bobbye]

Sorry for delay- unavoidable.

I did more checking because there are several Norton entries running. It appears that you also have the option of downloading the top-rated Norton™ Security Suite for free, with or without our Constant Guard Protection Suite. I am not sure I understand how these 2 program,s cohabit, but it appears we can stop worrying about Norton being a 2nd AV- in spite of the fact that the Comcast program is suppose to 'protect you from viruses'. I suggest you contact Comcast about this because multiple AVs can actually make a system more vulnerable and it can slow a system down.
=========================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

KillAll::
File::
Folder::
c:\users\Owner\AppData\Local\temp
c:\windows\system32\config\systemprofile\AppData\Local\temp
c:\users\Mcx1\AppData\Local\temp
c:\users\Guest\AppData\Local\temp
c:\users\Default\AppData\Local\temp
DDS::
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
FileLook::
c:\windows\stinger.sys
c:\windows\system32\winsrv.dll
Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Internet Explorer 9.0.8112.16421> Default Search URL is set to NetZero:
To change default search:

• Click Start> Clicking Internet Explorer.
• Click the arrow to the right of the search box.
• Click Manage Search Providers/Change Search Defaults. (IE version dependent)
• Click the search provider you would like to set as the default
• Click Set Default> click OK.

Be sure you have removed NetZero from the Trusted Sites. Check Add/Remove Programs in Control Panel and uninstall any NetZero entry. Use Windows Explorer to access Computer> Local Drive (C)> Programs. Look for folder for Net Zero or MyNetZero and do a right click> Delete.

Check the homepage. If NetZero is still on Homepage, go to the site you want for your homepage. Once there, click on Tools> Internet Options> General tab> Homepage section> Click on Use Current> Click on Apply> OK.
==========================
Last scans: (Short)
1. Please run the Eset scan per my Reply #

2. Run Security Check: Download Security Check by screen317 and save to the desktop

• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt please
• Post the contents of that document.

3. Run CK Scanner: Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Run HijackThis: First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
• Extract it to the directory on your hard drive you created C:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
=========================
Log for new Combofix (after script), Eset online scan, Security Check, CK Scanner, HijackThis in your next reply please.

 

[Bobbye]

There was a glitch on the site that prevented the email feedback for a reply. I left a reply on your thread. If you did not receive the notice, please check the thread and go ahead with any instructions I left

 

[Fish hooK]

Ok, A couple of things Bobbye:

1. I got in touch with Comcast a was instructed to unistall/re-install Norton to rid myself of Norton 360.
2. I copied the custom CFScript.txt same as before but after several attempts of dragging it to the CF.exe file CF would start, but after a few hours would NOT respond forcing a reboot. I also tried in Safe Mode to no avail. CF ran fine without the custom CFSript. Log below.
3. ESET scan did not detect and errors on the previous scan therefore no log was produced. I ran ESET scan again, same result.
4. NetZero files/folders removed. No NetZero homepage, entries or Trusted Sites.

ComboFix.txt:


ComboFix 12-02-25.02 - Owner 02/26/2012 1:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1223 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 05:32 . 2012-02-26 05:33 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-02-26 05:32 . 2012-02-26 05:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-02-26 05:32 . 2012-02-26 05:32 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-02-26 05:32 . 2012-02-26 05:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-26 05:32 . 2012-02-26 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 22:35 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-25 22:35 . 2012-02-25 22:45 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-25 22:34 . 2012-02-26 00:40 -------- d-----w- c:\windows\system32\drivers\N360
2012-02-25 22:34 . 2012-02-25 22:34 -------- d-----w- c:\program files\Norton Security Suite
2012-02-25 22:34 . 2012-02-25 22:34 -------- d-----w- c:\program files\NortonInstaller
2012-02-25 22:15 . 2012-02-25 22:15 -------- dc----w- C:\N360_BACKUP
2012-02-25 21:26 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-02-24 18:35 . 2012-02-24 18:35 -------- d-----w- c:\program files\VS Revo Group
2012-02-16 18:43 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 18:43 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 18:43 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-11 08:40 . 2012-02-11 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 08:40 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 16:11 . 2012-02-01 16:11 -------- dc----w- C:\ProcAlyzer Dumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 17:19 . 2012-01-26 17:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-26 05:46 . 2011-05-17 21:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-03 19:48 . 2012-01-03 19:27 14664 ----a-w- c:\windows\stinger.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-20 7770112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-12-14 23:06 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
"NortonUpdateAgent"=c:\programdata\Norton\NUA.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GIDDesktop"=c:\program files\SFT\GuardedID\gidd.exe /s
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 19:22]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735003015-2910738808-3938254761-1005UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 03:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{72bcb80d-7778-eb4a-ec51-22340ad33e07} - c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
ShellIconOverlayIdentifiers-{b723586e-9ca0-5b27-341a-4990a8c342cf} - c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
ShellIconOverlayIdentifiers-{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0} - c:\users\Owner\Documents\ComcastSecureBackupShareshell.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 01:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3612)
c:\program files\Norton Security Suite\Engine\5.1.0.29\ccGEvt.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-02-26 01:41:45
ComboFix-quarantined-files.txt 2012-02-26 05:41
ComboFix2.txt 2012-02-19 08:46
ComboFix3.txt 2012-02-15 16:58
.
Pre-Run: 71,487,094,784 bytes free
Post-Run: 71,463,116,800 bytes free
.
- - End Of File - - 4FA23479C9B5EE368AAEBFA34D43C7E7

 

[Fish hooK]

Security Check

checkup.txt:

Results of screen317's Security Check version 0.99.31
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 29
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````



ckfiles.txt:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\0downloads\winrar.v3.71.final.complete.with.keygen.and.patch[cracked.3.71]-core_crp_[mybittorrent.com].torrent
c:\0install\keygen.exe
c:\0install\sound forge 9a crack\forge90.exe
c:\0install\sound forge 9a crack\readme.txt
c:\0install\sound forge 9a crack\serial.txt
c:\0install\sound forge 9a crack\soundforge90a_enu.exe
c:\program files\rockstar games\gta san andreas\redme zum crack.txt
c:\users\owner\documents\18 wos haulin\material\road\cracks.dds
c:\users\owner\documents\18 wos haulin\material\road\cracks.mat
c:\users\owner\documents\18 wos haulin\material\road\cracks.tobj
c:\users\owner\documents\tuneup.utilities.2009.v8.0.3300.1.winxpvista.incl.keygen-fff\tu2009trialen-us.exe
c:\users\owner\documents\tuneup.utilities.2009.v8.0.3300.1.winxpvista.incl.keygen-fff\fff\fff.nfo
c:\users\owner\documents\tuneup.utilities.2009.v8.0.3300.1.winxpvista.incl.keygen-fff\fff\file_id.diz
scanner sequence 3.DI.11.SLAPJR
----- EOF -----



hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:41 AM, on 2/27/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Unknown owner - C:\Users\Owner\Documents\ComcastSecureBackupSharebackup.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8951 bytes

 

[Bobbye]

The system is full of pirated fsoftware.

TuneUp Utilties has a 15 day free trial. You don't need a license key for that.
Purchase of the full program is $30-$60.
"winxpvista.incl. keygen-" Is this your OS?

c:\0downloads\winrar.v3.71.final.complete.with.keygen.and.patch[cracked.3.71]-core_crp_[mybittorrent.com].torrent
Pirated: Cost is $30.00

Sony Sound Forge 9>
Pirated: Cost conversion> UK£ 239.99 = 383.432023 U.S. dollars

We do not support piracy. As long as you pirate software and use Torrent site/file sharing, no matter what security you have, you are going to get malware.

This thread is closed.