TechSpot

Norton 360 reports tidserv activity and cannot remove

By fractoral
Dec 15, 2011
  1. Hello,

    I am running Windows XP SP3 and using Norton 360 for anti-virus. It recently began informing me that a: "Threat requiring manual removal detected: System Infected: Tidserv Activity" Sometimes it says "Tidserv Activity 2". The tideserv fix norton offers has not worked, nor has the norton power eraser, and where possible I have also tried these fixes in safe mode (NPE needed safe with networking, i couldn't run the tidserv fix in safe.) The recommended logs will follow, thank you in advance for any assistance.

    Chris
     
  2. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8376

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/15/2011 12:15:30 PM
    mbam-log-2011-12-15 (12-15-30).txt

    Scan type: Quick scan
    Objects scanned: 200677
    Time elapsed: 4 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-15 13:10:23
    Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-24 ST3500320AS rev.AD14
    Running: cdyf9vkx.exe; Driver: C:\DOCUME~1\Main\LOCALS~1\Temp\pxtdipow.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-24 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

    AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  4. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    ..
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume3
    Install Date: 7/24/2011 9:37:33 PM
    System Uptime: 12/15/2011 9:33:22 AM (4 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Maximus Formula
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2405/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 57.113 GiB free.
    D: is FIXED (NTFS) - 56 GiB total, 5.665 GiB free.
    E: is FIXED (FAT32) - 112 GiB total, 19.009 GiB free.
    F: is CDROM ()
    G: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&279E7BDF&0&00E2
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&279E7BDF&0&00E2
    Service: yukonwxp
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    32 Bit HP CIO Components Installer
    4 Elements
    7-Zip 4.65
    A.R.E.S.
    AaAaAA!!! - A Reckless Disregard for Gravity
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9
    Age of Wonders
    ƒJƒXƒ^ƒ€ƒƒCƒh3D
    Alien Swarm
    Anomaly Warzone Earth
    Antamedia DHCP
    Apple Application Support
    Apple Software Update
    Armada 2526
    Auto Gordian Knot 2.55
    Avencast
    AviSynth 2.5
    Back to the Future: Ep 2 - Get Tannen!
    Batman: Arkham City™ PC
    Bejeweled 3
    Beyond Good & Evil
    BioShock
    Blur
    Breath of Death VII
    BufferChm
    Bulk Rename Utility 2.7.1.2
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner
    Chantelise
    Combined Community Codec Pack 2008-09-21 16:18
    Comical 0.8
    Command & Conquer 3
    Command & Conquer The First Decade
    Command & Conquer™ 3: Kane's Wrath
    Command & Conquer™ Red Alert™ 3
    Command and Conquer 4: Tiberian Twilight
    Copy
    Crysis(R)
    Crystal Key 2
    Cthulhu Saves the World
    CustomerResearchQFolder
    CutePDF Writer 2.8
    Dead To Rights
    Defense Grid: The Awakening
    Destination Component
    Deus Ex: Game of the Year Edition
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    Download Manager 2.3.10
    Droplitz
    Dual-Core Optimizer
    Dungeon Defenders
    eSupportQFolder
    EVGA Display Driver
    F4200
    F4200_Help
    ffdshow v1.1.3800 [2011-03-28]
    GameSpy Comrade
    GearDrvs
    Ghost Master
    Ghostbusters: Sanctum of Slime
    GPBaseService
    GPGNet
    Grotesque Tactics: Evil Heroes
    Half-Life 2
    Half-Life 2: Lost Coast
    Heroes of Might and Magic III Complete
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Customer Participation Program 11.0
    HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
    HP Imaging Device Functions 11.0
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Smart Web Printing
    HP Solution Center 11.0
    HP Update
    HPProductAssistant
    Japanese Language Support
    Java Auto Updater
    Java(TM) 6 Update 18
    Judge Dredd: Dredd vs Death
    K-Lite Mega Codec Pack 4.3.4
    Kohan II Kings of War
    League of Legends
    Light of Altair
    MagicDisc 2.7.101
    MagicDisc 2.7.105
    MagicDisc 2.7.106
    Magicka
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Marvell Miniport Driver
    Master of Orion II
    Metal Drift
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft AppLocale
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Silverlight
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Windows Application Compatibility Database
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Mr. Robot
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360 Premier Edition
    NVIDIA Control Panel 285.58
    NVIDIA Graphics Driver 285.58
    NVIDIA HD Audio Driver 1.2.24.0
    NVIDIA Install Application
    NVIDIA nView 135.95
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    Oddworld: Abe's Exoddus
    Oddworld: Abe's Oddysee
    On the Rain-Slick Precipice of Darkness, Episode One
    On the Rain-Slick Precipice of Darkness, Episode Two
    OpenAL
    OpenOffice.org 3.2
    Pando Media Booster
    Plants vs. Zombies
    Poker Night at the Inventory
    Portal
    Post Apocalyptic Mayhem
    Project Aftermath
    PSSWCORE
    Puzzle Chronicles
    Puzzle Kingdoms
    QuickTime
    Rags Suite
    Recettear: An Item Shop's Tale
    SanctionedMedia
    Sanctum
    Sansa Updater
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Shatter
    Sid Meier's Civilization V
    Skype·5.5
    SmartWebPrinting
    Sol Survivor
    SolutionCenter
    SoundMAX
    Space Siege
    Spectromancer
    Spiral Knights
    Star Raiders
    Star Trek Online - Beta
    Starcraft
    Status
    Steam
    SUPERAntiSpyware Free Edition
    Team Fortress 2
    The Last Remnant
    The Undergarden Demo
    Thief: Deadly Shadows
    Tidalis
    Titan Quest
    Titan Quest: Immortal Throne
    Tomb Raider: Anniversary
    Toolbox
    TrayApp
    TurboTax 2010
    Universe at War: Earth Assault
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB960763)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Ventrilo Client
    VideoToolkit01
    VisiPics V1.30
    VLC media player 1.0.1
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Wizardry 8
    Worms Reloaded
    XviD MPEG4 Video Codec (remove only)
    Zombie Driver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/9/2011 12:10:50 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    12/8/2011 9:25:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv06 sptd
    12/8/2011 9:25:18 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    12/8/2011 9:23:54 AM, error: Service Control Manager [7000] - The BuddyVM service failed to start due to the following error: The system cannot find the path specified.
    12/8/2011 9:22:56 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
    12/15/2011 9:14:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm ohci1394 prodrv06 SASDIFSV SASKUTIL sptd SRTSP SRTSPX SymIRON SYMTDI
    12/15/2011 9:11:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/15/2011 9:06:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 prodrv06 RasAcd Rdbss SASDIFSV SASKUTIL sptd SRTSP SRTSPX SymIRON SYMTDI Tcpip
    12/15/2011 12:15:30 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR210\0000 disappeared from the system without first being prepared for removal.
    12/14/2011 9:41:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss SASDIFSV SASKUTIL sptd SRTSP SRTSPX SymIRON SYMTDI Tcpip
    12/14/2011 9:41:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    12/14/2011 9:41:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/14/2011 9:41:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/14/2011 9:41:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/14/2011 9:41:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/14/2011 9:41:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/14/2011 7:51:12 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/14/2011 7:29:02 PM, error: Print [6161] - The document Vennerzad owned by Main failed to print on printer HP Deskjet F4200 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine:

    \\HOME. Win32 error code returned by the print processor: 259 (0x103).
    12/12/2011 10:35:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001E8CC94AAA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  5. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    Difficulty posting dds log for some reason, will keep trying however. Apologies.
     
  6. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Main at 13:13:32 on 2011-12-15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.1888 [GMT -5:00]
    .
    AV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 Premier Edition *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    svchost.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\Main\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\System32\ping.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
     
  7. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.thenorthernempire.com/forum/index.php
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.1.0.29\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [SansaDispatch] c:\documents and settings\main\application data\sandisk\sansa updater\SansaDispatch.exe
    uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [hpqSRMon]
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    LSP: mswsock.dll
    Trusted Zone: custhelp.com\wizards
    Trusted Zone: hotmail.com\www
    Trusted Zone: live.com\mail
    Trusted Zone: wizards.com
     
  8. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    ============= SERVICES / DRIVERS ===============
    .
    R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2011-12-15 26872]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-18 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-18 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111210.003\BHDrvx86.sys [2011-12-14 819320]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-18 136312]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-15 366152]
    R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\5.1.0.29\ccSvcHst.exe [2011-5-18 130008]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-27 2253120]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111214.001\IDSXpx86.sys [2011-12-14 356280]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-15 22216]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20111214.034\NAVENG.SYS [2011-12-15 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20111214.034\NAVEX15.SYS [2011-12-15 1576312]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-7-27 119656]
    S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\mst3k\titan\slavemaker15x5\hitomi - my stepsister\hitomi\vmlaunch\buddyvm.sys --> c:\mst3k\titan\slavemaker15x5\hitomi - my stepsister\hitomi\vmlaunch\BuddyVM.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 gtermddo;gtermddo;\??\c:\docume~1\main\locals~1\temp\gtermddo.sys --> c:\docume~1\main\locals~1\temp\gtermddo.sys [?]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-12-15 17:09:55 -------- d-----w- c:\documents and settings\main\application data\Malwarebytes
    2011-12-15 17:09:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-12-15 17:09:37 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-15 17:09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-15 14:03:43 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
    2011-12-14 15:54:07 -------- d-----w- c:\documents and settings\main\local settings\application data\SanctionedMedia
    2011-12-10 22:05:55 14744 ----a-w- c:\documents and settings\main\application data\microsoft\identitycrl\production\ppcrlconfig.dll
    2011-12-09 01:26:15 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
    2011-12-09 01:26:15 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
    2011-12-09 01:26:15 465920 ------w- c:\windows\system32\imapi2fs.dll
    2011-12-09 01:26:15 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
    2011-12-09 01:26:15 317952 ------w- c:\windows\system32\imapi2.dll
    2011-12-02 16:44:05 -------- d-----w- c:\documents and settings\all users\application data\Playrix Entertainment
    2011-11-26 12:44:10 876136 ----a-w- c:\windows\system32\nvhdagenco3220102.dll
    2011-11-26 12:33:06 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
    2011-11-26 12:33:01 -------- d-----w- c:\program files\AMD
    2011-11-26 12:33:00 -------- d-----w- c:\documents and settings\main\local settings\application data\Downloaded Installations
    2011-11-26 12:29:59 -------- d-----w- C:\2f285ebdfb9ed59c8a6875e3ff4699e2
    2011-11-26 12:18:36 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-11-26 12:18:36 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-11-26 12:18:36 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-11-26 12:18:36 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-11-26 12:18:36 -------- d-----w- C:\3a7e93e5a4606a81ac8ad4
    2011-11-20 20:42:27 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2011-11-20 20:42:26 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2011-11-20 17:04:16 -------- d-----w- c:\documents and settings\main\local settings\application data\CutePDF Writer
    2011-11-20 16:55:44 -------- d-----w- c:\program files\GPLGS
    2011-11-20 16:55:21 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
    2011-11-20 16:55:16 -------- d-----w- c:\program files\Acro Software
    2011-11-16 15:34:34 -------- d-----w- c:\documents and settings\main\local settings\application data\NPE
    .
    ==================== Find3M ====================
    .
    2011-11-26 12:44:46 285256 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-11-26 12:44:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-11-26 12:44:43 285256 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-10-24 08:55:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 22:45:42 15453832 ----a-w- c:\windows\system32\xlive.dll
    2011-09-28 22:45:42 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 13:14:24.17 ===============
     
  9. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    Every time I try and post the section of the Pseudo HJT Report in the DDS that comes right after trusted zones Internet Explorer claims to have a connection problem, will keep trying.
     
  10. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
     
  11. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 216.104.96.22 216.104.98.222
    TCP: Interfaces\{75A3587A-D8E6-4ABB-9F44-6C92E0374D7A} : DhcpNameServer = 216.104.96.22 216.104.98.222
    Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
     
  12. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    Dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} -
     
  13. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    I can apparently post anything except the one line that follows the previous post. I apologize for how out of order everything is, and I will continue to try to post the missing line somehow...
     
  14. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    hxxp://update.micros**wsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311560637109
     
  15. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    in the previous post replace ** with oft.com/windo
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the malware. I note several things going on in the system. First>>

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    ======================================
    Comments & Questions:
    1. There is malware running from a temp file in the drivers: it's a rootkit with a Backdoor.
    2. Our scan can't read this: ƒJƒXƒ^ƒ€ƒƒCƒh3D> Maid3D Japanese? So I'd like you to remove it while we're cleaning.
    3. Do you know what these Directories are:
    2011-11-26 12:29:59 -------- d-----w- C:\2f285ebdfb9ed59c8a6875e3ff4699e2
    2011-11-26 12:18:36 -------- d-----w- C:\3a7e93e5a4606a81ac8ad4
    4. Please remove FixTDSS.sys
    5. There is a rogue program that pretends to be a security update for Windows installed via Automatic Updates. This may be what you're seeing in that last entry.
    ======================================
    Let's see if we can appease Norton:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    =====================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ======================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ====================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    ----------------------------------
    You will have malware in the Java cache because of the outdated program:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    =======================================
    Please leave the logs in your next reply> TDSS, Combofix, Eset.. We'll go from there.
     
  17. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    Hello, thank you for all the help.

    The japanese program has been removed.

    I do not know what those folders are for, but i have 6 apparently randomly numbered and lettered folders in the C drive. Those two each countain copies of folders labelled AMD64 and i386; which each contain copies of the same files, a few of those files are .dlls, the first one is filterpipelineprintproc.dll.

    FixTDss.sys has been removed.

    TDSSkiller was run, log will follow.

    Combofix has been run, log will follow. During the operation of combofix the computer restarted several times. After the last time it restarted the computer installed HP Photosmart Essential 3.0, which seemed odd to me so I thought I would mention it.

    I am having problems running the Eset scan, I cannot find an EXE link to save to desktop, and the online scan it self just seems to keep cycling back to the terms of use page every time I click 'start.' I have stopped at this step to await direction.

    *edit* Also the tidserv warning has stopped, but I am of course proceeding with the cleam up through to the end.
     
  18. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    ComboFix 11-12-15.02 - Main 12/15/2011 22:28:34.1.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2881 [GMT -5:00]
    Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
    AV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\SPL9B.tmp
    c:\documents and settings\Main\Application Data\Adobe\plugs
    c:\documents and settings\Main\WINDOWS
    c:\windows\$NtUninstallKB58913$
    c:\windows\$NtUninstallKB58913$\3415127480
    c:\windows\$NtUninstallKB58913$\822859562\@
    c:\windows\$NtUninstallKB58913$\822859562\bckfg.tmp
    c:\windows\$NtUninstallKB58913$\822859562\cfg.ini
    c:\windows\$NtUninstallKB58913$\822859562\Desktop.ini
    c:\windows\$NtUninstallKB58913$\822859562\keywords
    c:\windows\$NtUninstallKB58913$\822859562\kwrd.dll
    c:\windows\$NtUninstallKB58913$\822859562\L\bvuwment
    c:\windows\$NtUninstallKB58913$\822859562\U\00000001.@
    c:\windows\$NtUninstallKB58913$\822859562\U\00000002.@
    c:\windows\$NtUninstallKB58913$\822859562\U\00000004.@
    c:\windows\$NtUninstallKB58913$\822859562\U\80000000.@
    c:\windows\$NtUninstallKB58913$\822859562\U\80000004.@
    c:\windows\$NtUninstallKB58913$\822859562\U\80000032.@
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\system32\xa301178406.exe
    c:\windows\system32\xa301179718.exe
    c:\windows\system32\xa30875375.exe
    c:\windows\system32\xa30877250.exe
    c:\windows\system32\xa30899906.exe
    c:\windows\system32\xa30906578.exe
    c:\windows\system32\xa9186187.exe
    c:\windows\system32\xa9186828.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-15 23:11 . 2011-12-15 23:11 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
    2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-15 17:09 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-14 15:54 . 2011-12-15 02:27 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\SanctionedMedia
    2011-12-09 01:26 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
    2011-12-09 01:26 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
    2011-12-09 01:26 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
    2011-12-09 01:26 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
    2011-12-09 01:26 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
    2011-12-02 16:44 . 2011-12-02 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
    2011-11-26 12:44 . 2011-07-07 23:21 876136 ----a-w- c:\windows\system32\nvhdagenco3220102.dll
    2011-11-26 12:33 . 2007-06-29 19:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
    2011-11-26 12:33 . 2011-11-26 12:33 -------- d-----w- c:\program files\AMD
    2011-11-26 12:33 . 2011-11-26 12:33 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Downloaded Installations
    2011-11-26 12:29 . 2011-11-26 12:30 -------- d-----w- C:\2f285ebdfb9ed59c8a6875e3ff4699e2
    2011-11-26 12:18 . 2011-11-26 12:19 -------- d-----w- C:\3a7e93e5a4606a81ac8ad4
    2011-11-26 12:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-11-26 12:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-11-26 12:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-11-26 12:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-11-20 20:42 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2011-11-20 20:42 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2011-11-20 17:04 . 2011-12-11 18:31 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\CutePDF Writer
    2011-11-20 16:55 . 2011-11-20 16:55 -------- d-----w- c:\program files\GPLGS
    2011-11-20 16:55 . 2009-11-05 13:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
    2011-11-20 16:55 . 2011-11-20 16:55 -------- d-----w- c:\program files\Acro Software
    2011-11-16 15:34 . 2011-12-15 14:23 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\NPE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-16 02:46 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-26 12:57 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
    2011-11-26 12:57 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-24 08:55 . 2011-10-24 08:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2008-12-01 14:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-08 04:50 . 2011-07-27 17:11 298304 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-10-08 04:50 . 2011-07-27 17:11 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-10-08 04:50 . 2011-07-27 17:11 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2011-10-08 04:50 . 2011-07-27 17:11 220992 ----a-w- c:\windows\system32\nvcolor.exe
    2011-10-08 04:50 . 2011-07-27 17:11 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-08 04:50 . 2011-07-27 17:11 16744256 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-08 04:50 . 2010-12-16 19:22 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-10-08 04:50 . 2010-12-16 19:22 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-10-08 04:50 . 2010-12-16 19:22 65536 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-08 04:50 . 2010-12-16 19:22 5595136 ----a-w- c:\windows\system32\nvcuda.dll
    2011-10-08 04:50 . 2010-12-16 19:22 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-10-08 04:50 . 2010-12-16 19:22 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-10-08 04:50 . 2010-12-16 19:22 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-10-08 04:50 . 2010-12-16 19:22 2449408 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-08 04:50 . 2010-12-16 19:22 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-10-08 04:50 . 2004-08-04 07:56 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-10-08 04:50 . 2004-08-04 05:29 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\system32\xlive.dll
    2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
    2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SansaDispatch"="c:\documents and settings\Main\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-15 79872]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
    "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-08-26 15:24 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=
    "c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\deus ex\\System\\DeusEx.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\chantelise\\chantelise.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\chantelise\\custom.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\tidalis\\Tidalis.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\dreddvsdeath\\Dredd.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\titan quest\\Titan Quest.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\titan quest\\help.htm"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\ghost master\\ghost.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\thief deadly shadows\\System\\runme.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\star raiders\\StarRaiders.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\the undergarden\\TheUndergarden.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\ghostbusters sanctum of slime\\Game\\GhostBustersSOS.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\universe at war earth assault\\LaunchUAW.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\space siege\\Space Siege\\SpaceSiege.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\\main.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\oddworld abes oddysee\\AbeWin.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\oddworld abes exoddus\\Exoddus.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\on the rain-slick precipice of darkness - episode one\\RainSlickEp1.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\penny arcade adventures on the rain-slick precipice of darkness episode 2\\RainSlickEp2.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\puzzle chronicles\\PuzzleChronicles.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\mrrobot\\MrRobot.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\shatter\\ShatterSettingsEditor.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\project aftermath\\ProjectAftermath.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\spectromancer\\Spectromancer.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\droplitz\\Cascade.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\the last remnant\\Binaries\\TLR.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\zombie driver\\Release\\ZombieDriver.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\light of altair\\Altair.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\avencast\\Avencast.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\grotesque tactics\\GrotesqueTactics.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\armada 2526\\bin\\Armada2526.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\command and conquer 4 tiberian twilight\\CNC4.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\command and conquer 4 tiberian twilight\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\Launcher.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\AoWSetup.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\Readme.txt"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\QuickStart.pdf"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\AoWEd.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\recettear\\recettear.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\recettear\\custom.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\ares\\ARES.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\breath of death vii\\BoDVIIPC.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\cthulhu saves the world\\CSTW.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\team fortress 2 meet the medic\\smp.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\post apocalyptic mayhem\\PAMMainGame.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\titan quest immortal throne\\Tqit.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\titan quest immortal throne\\help.htm"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\deus ex - human revolution\\dxhr.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\sanctum\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\back to the future ep 2\\BackToTheFuture102.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\tomb raider anniversary\\tra.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\bejeweled 3\\Bejeweled3.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\magicka\\Magicka.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\4 elements\\4 Elements.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\batman2\\Binaries\\Win32\\BatmanAC.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\batman2\\RunLauncher.bat"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020
    "50942:TCP"= 50942:TCP:CharBuilderFull
    "50942:UDP"= 50942:UDP:CharBuilderFull
    "19585:TCP"= 19585:TCP:CharBuilderFull
    "19585:UDP"= 19585:UDP:CharBuilderFull
    "57330:TCP"= 57330:TCP:pando Media Booster
    "57330:UDP"= 57330:UDP:pando Media Booster
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    "8382:TCP"= 8382:TCP:League of Legends Launcher
    "8382:UDP"= 8382:UDP:League of Legends Launcher
    "8383:TCP"= 8383:TCP:League of Legends Launcher
    "8383:UDP"= 8383:UDP:League of Legends Launcher
    "8397:TCP"= 8397:TCP:League of Legends Launcher
    "8397:UDP"= 8397:UDP:League of Legends Launcher
    "6968:TCP"= 6968:TCP:League of Legends Launcher
    "6968:UDP"= 6968:UDP:League of Legends Launcher
    "8398:TCP"= 8398:TCP:League of Legends Launcher
    "8398:UDP"= 8398:UDP:League of Legends Launcher
    "8393:TCP"= 8393:TCP:League of Legends Lobby
    "8393:UDP"= 8393:UDP:League of Legends Lobby
    "8390:TCP"= 8390:TCP:League of Legends Game Client
    "8390:UDP"= 8390:UDP:League of Legends Game Client
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/18/2011 3:23 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/18/2011 3:23 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 6:14 PM 819320]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 1:07 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 1:07 PM 67656]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/18/2011 3:23 PM 136312]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/15/2011 12:09 PM 366152]
    R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [5/18/2011 3:22 PM 130008]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/27/2011 12:11 PM 2253120]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/15/2011 2:08 PM 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSXpx86.sys [12/14/2011 8:41 PM 356280]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/15/2011 12:09 PM 22216]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/27/2011 12:10 PM 119656]
    S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys --> c:\windows\system32\drivers\FixTDSS.sys [?]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 10:10 AM 717296]
    S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\mst3k\Titan\SlaveMaker15x5\Hitomi - My Stepsister\Hitomi\VMLaunch\BuddyVM.sys --> c:\mst3k\Titan\SlaveMaker15x5\Hitomi - My Stepsister\Hitomi\VMLaunch\BuddyVM.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S3 gtermddo;gtermddo;\??\c:\docume~1\Main\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\Main\LOCALS~1\Temp\gtermddo.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 1:07 PM 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.thenorthernempire.com/forum/index.php
    Trusted Zone: custhelp.com\wizards
    Trusted Zone: hotmail.com\www
    Trusted Zone: live.com\mail
    Trusted Zone: wizards.com
    TCP: DhcpNameServer = 216.104.96.22 216.104.98.222
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-hpqSRMon - (no file)
    SafeBoot-80929782.sys
    AddRemove-Antamedia DHCP - c:\documents and settings\Main\Desktop\dhcp-installer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-15 22:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SansaDispatch = c:\documents and settings\Main\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?m%3d%26is-debug%3d%26rom-version%3d%26part-number%3d%26product-n????7?2? ??????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\KISS\«0¹0¿0à0á0¤0É03*D*]
    "InstallPath"="c:\\MST3K\\mtadfk.com\\custom maid\\ƒJƒXƒ^ƒ€ƒƒCƒh3D"
    .
    [HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:ef,5a,5b,bb,d4,75,b2,d7,30,db,71,59,a5,5e,06,34,52,20,cb,06,0a,88,42,
    a5,5b,3a,89,a2,7e,22,c3,5f,9c,91,5e,6d,6d,c5,b8,ca,f8,ce,14,bc,52,33,85,36,\
    "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
    .
    [HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\SecuROM\License information*]
    "datasecu"=hex:ad,36,68,61,f7,20,ac,e5,84,d8,0b,b3,4f,13,8c,d6,c2,97,61,0d,d6,
    5d,d3,d3,af,78,79,cf,86,5b,21,8a,a8,0b,d5,19,b2,27,48,28,37,58,ec,dd,d7,06,\
    "rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(732)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2776)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\RunDLL32.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-15 22:46:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-16 03:45
    .
    Pre-Run: 68,774,584,320 bytes free
    Post-Run: 68,980,191,232 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin /usepmtimer
    .
    - - End Of File - - D1FD44CB1FCAB88E3A9944AA6F693D6E
     
  19. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    18:09:50.0828 2632 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    18:09:52.0718 2632 ============================================================
    18:09:52.0718 2632 Current date / time: 2011/12/15 18:09:52.0718
    18:09:52.0718 2632 SystemInfo:
    18:09:52.0718 2632
    18:09:52.0718 2632 OS Version: 5.1.2600 ServicePack: 3.0
    18:09:52.0718 2632 Product type: Workstation
    18:09:52.0718 2632 ComputerName: HOME
    18:09:52.0718 2632 UserName: Main
    18:09:52.0718 2632 Windows directory: C:\WINDOWS
    18:09:52.0718 2632 System windows directory: C:\WINDOWS
    18:09:52.0718 2632 Processor architecture: Intel x86
    18:09:52.0718 2632 Number of processors: 4
    18:09:52.0718 2632 Page size: 0x1000
    18:09:52.0718 2632 Boot type: Normal boot
    18:09:52.0718 2632 ============================================================
    18:09:54.0546 2632 Initialize success
    18:10:01.0796 2156 ============================================================
    18:10:01.0796 2156 Scan started
    18:10:01.0796 2156 Mode: Manual;
    18:10:01.0796 2156 ============================================================
    18:10:02.0578 2156 Abiosdsk - ok
    18:10:02.0625 2156 abp480n5 - ok
    18:10:02.0687 2156 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:10:02.0687 2156 ACPI - ok
    18:10:02.0734 2156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:10:02.0734 2156 ACPIEC - ok
    18:10:02.0781 2156 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    18:10:02.0781 2156 ADIHdAudAddService - ok
    18:10:02.0796 2156 adpu160m - ok
    18:10:02.0812 2156 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
    18:10:02.0812 2156 AEAudio - ok
    18:10:02.0828 2156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:10:02.0843 2156 aec - ok
    18:10:02.0890 2156 AFD (43d300e5fc2e496ac8d7e97c491ece8d) C:\WINDOWS\System32\drivers\afd.sys
    18:10:02.0890 2156 AFD ( Rootkit.Win32.ZAccess.h ) - infected
    18:10:02.0890 2156 AFD - detected Rootkit.Win32.ZAccess.h (0)
    18:10:02.0906 2156 Aha154x - ok
    18:10:02.0921 2156 aic78u2 - ok
    18:10:02.0921 2156 aic78xx - ok
    18:10:02.0937 2156 AliIde - ok
    18:10:02.0984 2156 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
    18:10:02.0984 2156 AmdLLD - ok
    18:10:02.0984 2156 amsint - ok
    18:10:03.0000 2156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:10:03.0015 2156 Arp1394 - ok
    18:10:03.0015 2156 asc - ok
    18:10:03.0031 2156 asc3350p - ok
    18:10:03.0031 2156 asc3550 - ok
    18:10:03.0109 2156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:10:03.0109 2156 AsyncMac - ok
    18:10:03.0109 2156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:10:03.0125 2156 atapi - ok
    18:10:03.0125 2156 Atdisk - ok
    18:10:03.0140 2156 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:10:03.0140 2156 Atmarpc - ok
    18:10:03.0187 2156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:10:03.0203 2156 audstub - ok
    18:10:03.0281 2156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:10:03.0281 2156 Beep - ok
    18:10:03.0406 2156 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
    18:10:03.0421 2156 BHDrvx86 - ok
    18:10:03.0453 2156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:10:03.0453 2156 cbidf2k - ok
    18:10:03.0468 2156 cd20xrnt - ok
    18:10:03.0484 2156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:10:03.0500 2156 Cdaudio - ok
    18:10:03.0515 2156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:10:03.0515 2156 Cdfs - ok
    18:10:03.0562 2156 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:10:03.0562 2156 Cdrom - ok
    18:10:03.0578 2156 Changer - ok
    18:10:03.0593 2156 CmdIde - ok
    18:10:03.0609 2156 Cpqarray - ok
    18:10:03.0625 2156 dac2w2k - ok
    18:10:03.0640 2156 dac960nt - ok
    18:10:03.0687 2156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:10:03.0687 2156 Disk - ok
    18:10:03.0718 2156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:10:03.0750 2156 dmboot - ok
    18:10:03.0781 2156 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:10:03.0781 2156 dmio - ok
    18:10:03.0812 2156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:10:03.0812 2156 dmload - ok
    18:10:03.0843 2156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:10:03.0843 2156 DMusic - ok
    18:10:03.0859 2156 dpti2o - ok
    18:10:03.0906 2156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:10:03.0906 2156 drmkaud - ok
    18:10:03.0968 2156 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    18:10:03.0968 2156 eeCtrl - ok
    18:10:04.0031 2156 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
    18:10:04.0031 2156 enodpl - ok
    18:10:04.0062 2156 EraserUtilDrvI13 (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys
    18:10:04.0062 2156 EraserUtilDrvI13 - ok
    18:10:04.0109 2156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:10:04.0109 2156 Fastfat - ok
    18:10:04.0125 2156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:10:04.0125 2156 Fdc - ok
    18:10:04.0171 2156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:10:04.0171 2156 Fips - ok
    18:10:04.0187 2156 FixTDSS - ok
    18:10:04.0203 2156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    18:10:04.0203 2156 Flpydisk - ok
    18:10:04.0265 2156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:10:04.0265 2156 FltMgr - ok
    18:10:04.0296 2156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:10:04.0296 2156 Fs_Rec - ok
    18:10:04.0312 2156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:10:04.0312 2156 Ftdisk - ok
    18:10:04.0343 2156 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    18:10:04.0343 2156 GEARAspiWDM - ok
    18:10:04.0390 2156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:10:04.0390 2156 Gpc - ok
    18:10:04.0437 2156 gtermddo - ok
    18:10:04.0468 2156 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:10:04.0468 2156 HDAudBus - ok
    18:10:04.0484 2156 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:10:04.0484 2156 hidusb - ok
    18:10:04.0500 2156 hpn - ok
    18:10:04.0562 2156 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    18:10:04.0562 2156 HPZid412 - ok
    18:10:04.0609 2156 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    18:10:04.0609 2156 HPZipr12 - ok
    18:10:04.0625 2156 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    18:10:04.0625 2156 HPZius12 - ok
    18:10:04.0656 2156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:10:04.0656 2156 HTTP - ok
    18:10:04.0671 2156 i2omgmt - ok
    18:10:04.0687 2156 i2omp - ok
    18:10:04.0703 2156 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:10:04.0703 2156 i8042prt - ok
    18:10:04.0750 2156 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSxpx86.sys
    18:10:04.0765 2156 IDSxpx86 - ok
    18:10:04.0765 2156 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:10:04.0765 2156 Imapi - ok
    18:10:04.0781 2156 ini910u - ok
    18:10:04.0796 2156 IntelIde - ok
    18:10:04.0843 2156 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:10:04.0843 2156 intelppm - ok
    18:10:04.0890 2156 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:10:04.0890 2156 ip6fw - ok
    18:10:04.0906 2156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:10:04.0906 2156 IpFilterDriver - ok
    18:10:04.0937 2156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:10:04.0937 2156 IpInIp - ok
    18:10:04.0984 2156 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:10:04.0984 2156 IpNat - ok
    18:10:05.0031 2156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:10:05.0031 2156 IPSec - ok
    18:10:05.0062 2156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:10:05.0062 2156 IRENUM - ok
    18:10:05.0109 2156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:10:05.0109 2156 isapnp - ok
    18:10:05.0125 2156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:10:05.0125 2156 Kbdclass - ok
    18:10:05.0140 2156 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:10:05.0140 2156 kbdhid - ok
    18:10:05.0171 2156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:10:05.0171 2156 kmixer - ok
    18:10:05.0187 2156 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:10:05.0187 2156 KSecDD - ok
    18:10:05.0203 2156 lbrtfdc - ok
    18:10:05.0281 2156 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    18:10:05.0281 2156 MBAMProtector - ok
    18:10:05.0328 2156 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    18:10:05.0343 2156 mcdbus - ok
    18:10:05.0343 2156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:10:05.0343 2156 mnmdd - ok
    18:10:05.0390 2156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:10:05.0390 2156 Modem - ok
    18:10:05.0421 2156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:10:05.0421 2156 Mouclass - ok
    18:10:05.0468 2156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:10:05.0468 2156 mouhid - ok
    18:10:05.0484 2156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:10:05.0484 2156 MountMgr - ok
    18:10:05.0500 2156 mraid35x - ok
    18:10:05.0515 2156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:10:05.0515 2156 MRxDAV - ok
    18:10:05.0562 2156 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:10:05.0593 2156 MRxSmb - ok
    18:10:05.0609 2156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:10:05.0609 2156 Msfs - ok
    18:10:05.0625 2156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:10:05.0625 2156 MSKSSRV - ok
    18:10:05.0656 2156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:10:05.0656 2156 MSPCLOCK - ok
    18:10:05.0671 2156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:10:05.0671 2156 MSPQM - ok
    18:10:05.0687 2156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:10:05.0687 2156 mssmbios - ok
    18:10:05.0703 2156 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    18:10:05.0703 2156 MTsensor - ok
    18:10:05.0734 2156 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:10:05.0734 2156 Mup - ok
    18:10:05.0765 2156 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111215.002\NAVENG.SYS
    18:10:05.0765 2156 NAVENG - ok
    18:10:05.0812 2156 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111215.002\NAVEX15.SYS
    18:10:05.0843 2156 NAVEX15 - ok
    18:10:05.0875 2156 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:10:05.0875 2156 NDIS - ok
    18:10:05.0921 2156 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:10:05.0921 2156 NdisTapi - ok
    18:10:05.0937 2156 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:10:05.0937 2156 Ndisuio - ok
    18:10:05.0953 2156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:10:05.0968 2156 NdisWan - ok
    18:10:06.0000 2156 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:10:06.0000 2156 NDProxy - ok
    18:10:06.0015 2156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:10:06.0015 2156 NetBIOS - ok
    18:10:06.0031 2156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:10:06.0062 2156 NetBT - ok
    18:10:06.0078 2156 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:10:06.0078 2156 NIC1394 - ok
    18:10:06.0109 2156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:10:06.0109 2156 Npfs - ok
    18:10:06.0140 2156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:10:06.0140 2156 Ntfs - ok
    18:10:06.0156 2156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:10:06.0156 2156 Null - ok
    18:10:06.0546 2156 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    18:10:06.0609 2156 nv - ok
    18:10:06.0640 2156 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
    18:10:06.0640 2156 NVHDA - ok
    18:10:06.0671 2156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:10:06.0671 2156 NwlnkFlt - ok
    18:10:06.0703 2156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:10:06.0703 2156 NwlnkFwd - ok
    18:10:06.0703 2156 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:10:06.0718 2156 ohci1394 - ok
    18:10:06.0734 2156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    18:10:06.0750 2156 Parport - ok
    18:10:06.0750 2156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:10:06.0765 2156 PartMgr - ok
    18:10:06.0796 2156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:10:06.0796 2156 ParVdm - ok
    18:10:06.0828 2156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:10:06.0828 2156 PCI - ok
    18:10:06.0828 2156 PCIDump - ok
    18:10:06.0859 2156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:10:06.0859 2156 PCIIde - ok
    18:10:06.0890 2156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:10:06.0890 2156 Pcmcia - ok
    18:10:06.0906 2156 PDCOMP - ok
    18:10:06.0906 2156 PDFRAME - ok
    18:10:06.0921 2156 PDRELI - ok
    18:10:06.0937 2156 PDRFRAME - ok
    18:10:06.0937 2156 perc2 - ok
    18:10:06.0953 2156 perc2hib - ok
    18:10:07.0000 2156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:10:07.0000 2156 PptpMiniport - ok
    18:10:07.0031 2156 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    18:10:07.0031 2156 Processor - ok
    18:10:07.0031 2156 prodrv06 - ok
    18:10:07.0093 2156 prohlp02 (7a78181cc947cdaa0902e113cfd01e93) C:\WINDOWS\system32\drivers\prohlp02.sys
    18:10:07.0109 2156 prohlp02 - ok
    18:10:07.0125 2156 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
    18:10:07.0140 2156 prosync1 - ok
    18:10:07.0140 2156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:10:07.0156 2156 PSched - ok
    18:10:07.0187 2156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:10:07.0187 2156 Ptilink - ok
    18:10:07.0187 2156 ql1080 - ok
    18:10:07.0203 2156 Ql10wnt - ok
    18:10:07.0203 2156 ql12160 - ok
    18:10:07.0218 2156 ql1240 - ok
    18:10:07.0234 2156 ql1280 - ok
    18:10:07.0281 2156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:10:07.0281 2156 RasAcd - ok
    18:10:07.0328 2156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:10:07.0328 2156 Rasl2tp - ok
    18:10:07.0375 2156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:10:07.0375 2156 RasPppoe - ok
    18:10:07.0390 2156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:10:07.0390 2156 Raspti - ok
    18:10:07.0406 2156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:10:07.0406 2156 Rdbss - ok
    18:10:07.0437 2156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:10:07.0437 2156 RDPCDD - ok
    18:10:07.0484 2156 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:10:07.0484 2156 RDPWD - ok
    18:10:07.0515 2156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:10:07.0531 2156 redbook - ok
    18:10:07.0578 2156 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    18:10:07.0578 2156 SASDIFSV - ok
    18:10:07.0593 2156 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    18:10:07.0593 2156 SASENUM - ok
    18:10:07.0609 2156 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    18:10:07.0609 2156 SASKUTIL - ok
    18:10:07.0640 2156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:10:07.0640 2156 Secdrv - ok
    18:10:07.0671 2156 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
    18:10:07.0671 2156 SenFiltService - ok
    18:10:07.0718 2156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    18:10:07.0718 2156 Serial - ok
    18:10:07.0750 2156 sfhlp01 (91f99f3e331e24c438819a38a1ad049c) C:\WINDOWS\system32\drivers\sfhlp01.sys
    18:10:07.0750 2156 sfhlp01 - ok
    18:10:07.0765 2156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:10:07.0765 2156 Sfloppy - ok
    18:10:07.0781 2156 Simbad - ok
    18:10:07.0796 2156 Sparrow - ok
    18:10:07.0843 2156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:10:07.0859 2156 splitter - ok
    18:10:07.0906 2156 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
    18:10:07.0921 2156 sptd - ok
    18:10:07.0953 2156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:10:07.0953 2156 sr - ok
    18:10:08.0015 2156 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
    18:10:08.0031 2156 SRTSP - ok
    18:10:08.0046 2156 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
    18:10:08.0046 2156 SRTSPX - ok
    18:10:08.0093 2156 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:10:08.0093 2156 Srv - ok
    18:10:08.0125 2156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:10:08.0125 2156 swenum - ok
    18:10:08.0156 2156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:10:08.0156 2156 swmidi - ok
    18:10:08.0171 2156 symc810 - ok
    18:10:08.0171 2156 symc8xx - ok
    18:10:08.0218 2156 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
    18:10:08.0218 2156 SymDS - ok
    18:10:08.0328 2156 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
    18:10:08.0343 2156 SymEFA - ok
    18:10:08.0390 2156 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    18:10:08.0390 2156 SymEvent - ok
    18:10:08.0406 2156 SYMFW - ok
    18:10:08.0406 2156 SYMIDS - ok
    18:10:08.0437 2156 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    18:10:08.0453 2156 SymIM - ok
    18:10:08.0453 2156 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    18:10:08.0453 2156 SymIMMP - ok
    18:10:08.0468 2156 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
    18:10:08.0468 2156 SymIRON - ok
    18:10:08.0468 2156 SYMNDIS - ok
    18:10:08.0500 2156 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
    18:10:08.0515 2156 SYMTDI - ok
    18:10:08.0531 2156 sym_hi - ok
    18:10:08.0531 2156 sym_u3 - ok
    18:10:08.0593 2156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:10:08.0593 2156 sysaudio - ok
    18:10:08.0640 2156 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
    18:10:08.0640 2156 tandpl - ok
    18:10:08.0703 2156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:10:08.0703 2156 Tcpip - ok
    18:10:08.0750 2156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:10:08.0750 2156 TDPIPE - ok
    18:10:08.0781 2156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:10:08.0781 2156 TDTCP - ok
    18:10:08.0796 2156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:10:08.0796 2156 TermDD - ok
    18:10:08.0812 2156 TosIde - ok
    18:10:08.0828 2156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:10:08.0828 2156 Udfs - ok
    18:10:08.0843 2156 ultra - ok
    18:10:08.0859 2156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:10:08.0875 2156 Update - ok
    18:10:08.0906 2156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:10:08.0906 2156 usbccgp - ok
    18:10:08.0921 2156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:10:08.0921 2156 usbehci - ok
    18:10:08.0937 2156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:10:08.0937 2156 usbhub - ok
    18:10:08.0953 2156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:10:08.0953 2156 usbprint - ok
    18:10:08.0968 2156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:10:08.0968 2156 usbscan - ok
    18:10:09.0000 2156 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:10:09.0000 2156 usbstor - ok
    18:10:09.0015 2156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:10:09.0015 2156 usbuhci - ok
    18:10:09.0046 2156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:10:09.0046 2156 VgaSave - ok
    18:10:09.0062 2156 ViaIde - ok
    18:10:09.0078 2156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:10:09.0078 2156 VolSnap - ok
    18:10:09.0093 2156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:10:09.0109 2156 Wanarp - ok
    18:10:09.0156 2156 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:10:09.0171 2156 Wdf01000 - ok
    18:10:09.0171 2156 WDICA - ok
    18:10:09.0218 2156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:10:09.0218 2156 wdmaud - ok
    18:10:09.0265 2156 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
    18:10:09.0265 2156 WmBEnum - ok
    18:10:09.0296 2156 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
    18:10:09.0296 2156 WmFilter - ok
    18:10:09.0328 2156 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
    18:10:09.0328 2156 WmVirHid - ok
    18:10:09.0359 2156 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
    18:10:09.0359 2156 WmXlCore - ok
    18:10:09.0390 2156 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    18:10:09.0390 2156 WpdUsb - ok
    18:10:09.0437 2156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:10:09.0437 2156 WudfPf - ok
    18:10:09.0453 2156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:10:09.0453 2156 WudfRd - ok
    18:10:09.0500 2156 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
    18:10:09.0500 2156 xusb21 - ok
    18:10:09.0546 2156 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    18:10:09.0546 2156 yukonwxp - ok
    18:10:09.0562 2156 {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
    18:10:09.0578 2156 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    18:10:09.0718 2156 \Device\Harddisk0\DR0 - ok
    18:10:09.0718 2156 MBR (0x1B8) (c5a77ec66a1552fdc102d2d4dc22f0d4) \Device\Harddisk1\DR1
    18:10:09.0718 2156 \Device\Harddisk1\DR1 - ok
    18:10:09.0734 2156 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    18:10:09.0796 2156 \Device\Harddisk2\DR2 - ok
    18:10:09.0812 2156 Boot (0x1200) (0792fbef5a0adc1dd7074727a12d89c4) \Device\Harddisk0\DR0\Partition0
    18:10:09.0812 2156 \Device\Harddisk0\DR0\Partition0 - ok
    18:10:09.0812 2156 Boot (0x1200) (9790eb65568029ddd77293421c13de65) \Device\Harddisk1\DR1\Partition0
    18:10:09.0812 2156 \Device\Harddisk1\DR1\Partition0 - ok
    18:10:09.0812 2156 Boot (0x1200) (b18f2931b4b26bddd802b38688ba7439) \Device\Harddisk2\DR2\Partition0
    18:10:09.0812 2156 \Device\Harddisk2\DR2\Partition0 - ok
    18:10:09.0828 2156 ============================================================
     
  20. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    18:10:09.0828 2156 Scan finished
    18:10:09.0828 2156 ============================================================
    18:10:09.0843 4044 Detected object count: 1
    18:10:09.0843 4044 Actual detected object count: 1
    18:11:05.0015 4044 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
    18:11:05.0015 4044 AFD ( Rootkit.Win32.ZAccess.h ) - User select action: Quarantine
    18:11:14.0703 2956 ============================================================
    18:11:14.0703 2956 Scan started
    18:11:14.0703 2956 Mode: Manual;
    18:11:14.0703 2956 ============================================================
    18:11:15.0015 2956 Abiosdsk - ok
    18:11:15.0015 2956 abp480n5 - ok
    18:11:15.0093 2956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:11:15.0093 2956 ACPI - ok
    18:11:15.0156 2956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:11:15.0156 2956 ACPIEC - ok
    18:11:15.0203 2956 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    18:11:15.0203 2956 ADIHdAudAddService - ok
    18:11:15.0218 2956 adpu160m - ok
    18:11:15.0281 2956 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
    18:11:15.0281 2956 AEAudio - ok
    18:11:15.0312 2956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:11:15.0312 2956 aec - ok
    18:11:15.0328 2956 AFD (43d300e5fc2e496ac8d7e97c491ece8d) C:\WINDOWS\System32\drivers\afd.sys
    18:11:15.0328 2956 AFD ( Rootkit.Win32.ZAccess.h ) - infected
    18:11:15.0328 2956 AFD - detected Rootkit.Win32.ZAccess.h (0)
    18:11:15.0343 2956 Aha154x - ok
    18:11:15.0343 2956 aic78u2 - ok
    18:11:15.0359 2956 aic78xx - ok
    18:11:15.0375 2956 AliIde - ok
    18:11:15.0406 2956 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
    18:11:15.0406 2956 AmdLLD - ok
    18:11:15.0421 2956 amsint - ok
    18:11:15.0437 2956 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:11:15.0437 2956 Arp1394 - ok
    18:11:15.0453 2956 asc - ok
    18:11:15.0453 2956 asc3350p - ok
    18:11:15.0468 2956 asc3550 - ok
    18:11:15.0515 2956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:11:15.0515 2956 AsyncMac - ok
    18:11:15.0531 2956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:11:15.0546 2956 atapi - ok
    18:11:15.0546 2956 Atdisk - ok
    18:11:15.0578 2956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:11:15.0578 2956 Atmarpc - ok
    18:11:15.0625 2956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:11:15.0625 2956 audstub - ok
    18:11:15.0703 2956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:11:15.0703 2956 Beep - ok
    18:11:15.0843 2956 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
    18:11:15.0843 2956 BHDrvx86 - ok
    18:11:15.0890 2956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:11:15.0890 2956 cbidf2k - ok
    18:11:15.0906 2956 cd20xrnt - ok
    18:11:15.0937 2956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:11:15.0937 2956 Cdaudio - ok
    18:11:15.0968 2956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:11:15.0968 2956 Cdfs - ok
    18:11:15.0984 2956 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:11:15.0984 2956 Cdrom - ok
    18:11:16.0000 2956 Changer - ok
    18:11:16.0015 2956 CmdIde - ok
    18:11:16.0046 2956 Cpqarray - ok
    18:11:16.0062 2956 dac2w2k - ok
    18:11:16.0062 2956 dac960nt - ok
    18:11:16.0093 2956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:11:16.0093 2956 Disk - ok
    18:11:16.0140 2956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:11:16.0156 2956 dmboot - ok
    18:11:16.0187 2956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:11:16.0187 2956 dmio - ok
    18:11:16.0203 2956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:11:16.0203 2956 dmload - ok
    18:11:16.0281 2956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:11:16.0281 2956 DMusic - ok
    18:11:16.0296 2956 dpti2o - ok
    18:11:16.0343 2956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:11:16.0343 2956 drmkaud - ok
    18:11:16.0375 2956 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    18:11:16.0390 2956 eeCtrl - ok
    18:11:16.0406 2956 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
    18:11:16.0421 2956 enodpl - ok
    18:11:16.0437 2956 EraserUtilDrvI13 (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys
    18:11:16.0437 2956 EraserUtilDrvI13 - ok
    18:11:16.0468 2956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:11:16.0468 2956 Fastfat - ok
    18:11:16.0500 2956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:11:16.0500 2956 Fdc - ok
    18:11:16.0546 2956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:11:16.0546 2956 Fips - ok
    18:11:16.0562 2956 FixTDSS - ok
    18:11:16.0562 2956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    18:11:16.0562 2956 Flpydisk - ok
    18:11:16.0625 2956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:11:16.0625 2956 FltMgr - ok
    18:11:16.0656 2956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:11:16.0656 2956 Fs_Rec - ok
    18:11:16.0656 2956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:11:16.0656 2956 Ftdisk - ok
    18:11:16.0687 2956 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    18:11:16.0687 2956 GEARAspiWDM - ok
    18:11:16.0718 2956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:11:16.0718 2956 Gpc - ok
    18:11:16.0765 2956 gtermddo - ok
    18:11:16.0781 2956 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:11:16.0781 2956 HDAudBus - ok
    18:11:16.0796 2956 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:11:16.0796 2956 hidusb - ok
    18:11:16.0812 2956 hpn - ok
    18:11:16.0875 2956 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    18:11:16.0875 2956 HPZid412 - ok
    18:11:16.0921 2956 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    18:11:16.0921 2956 HPZipr12 - ok
    18:11:16.0937 2956 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    18:11:16.0937 2956 HPZius12 - ok
    18:11:16.0953 2956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:11:16.0953 2956 HTTP - ok
    18:11:16.0968 2956 i2omgmt - ok
    18:11:16.0984 2956 i2omp - ok
    18:11:17.0000 2956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:11:17.0000 2956 i8042prt - ok
    18:11:17.0093 2956 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSxpx86.sys
    18:11:17.0093 2956 IDSxpx86 - ok
    18:11:17.0125 2956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:11:17.0125 2956 Imapi - ok
    18:11:17.0140 2956 ini910u - ok
    18:11:17.0156 2956 IntelIde - ok
    18:11:17.0203 2956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:11:17.0203 2956 intelppm - ok
    18:11:17.0296 2956 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:11:17.0296 2956 ip6fw - ok
    18:11:17.0343 2956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:11:17.0343 2956 IpFilterDriver - ok
    18:11:17.0359 2956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:11:17.0359 2956 IpInIp - ok
    18:11:17.0390 2956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:11:17.0390 2956 IpNat - ok
    18:11:17.0437 2956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:11:17.0437 2956 IPSec - ok
    18:11:17.0484 2956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:11:17.0484 2956 IRENUM - ok
    18:11:17.0484 2956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:11:17.0484 2956 isapnp - ok
    18:11:17.0500 2956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:11:17.0500 2956 Kbdclass - ok
    18:11:17.0531 2956 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:11:17.0531 2956 kbdhid - ok
    18:11:17.0546 2956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:11:17.0546 2956 kmixer - ok
    18:11:17.0562 2956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:11:17.0562 2956 KSecDD - ok
    18:11:17.0578 2956 lbrtfdc - ok
    18:11:17.0609 2956 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    18:11:17.0609 2956 MBAMProtector - ok
    18:11:17.0718 2956 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    18:11:17.0718 2956 mcdbus - ok
    18:11:17.0718 2956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:11:17.0718 2956 mnmdd - ok
    18:11:17.0750 2956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:11:17.0750 2956 Modem - ok
    18:11:17.0796 2956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:11:17.0796 2956 Mouclass - ok
    18:11:17.0843 2956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:11:17.0843 2956 mouhid - ok
    18:11:17.0859 2956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:11:17.0859 2956 MountMgr - ok
    18:11:17.0859 2956 mraid35x - ok
    18:11:17.0875 2956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:11:17.0875 2956 MRxDAV - ok
    18:11:17.0937 2956 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:11:17.0937 2956 MRxSmb - ok
    18:11:17.0953 2956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:11:17.0953 2956 Msfs - ok
    18:11:17.0984 2956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:11:17.0984 2956 MSKSSRV - ok
    18:11:18.0000 2956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:11:18.0000 2956 MSPCLOCK - ok
    18:11:18.0015 2956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:11:18.0015 2956 MSPQM - ok
    18:11:18.0031 2956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:11:18.0031 2956 mssmbios - ok
    18:11:18.0046 2956 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    18:11:18.0046 2956 MTsensor - ok
    18:11:18.0093 2956 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:11:18.0093 2956 Mup - ok
    18:11:18.0125 2956 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111215.002\NAVENG.SYS
    18:11:18.0125 2956 NAVENG - ok
    18:11:18.0171 2956 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111215.002\NAVEX15.SYS
    18:11:18.0187 2956 NAVEX15 - ok
    18:11:18.0203 2956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:11:18.0203 2956 NDIS - ok
    18:11:18.0296 2956 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:11:18.0296 2956 NdisTapi - ok
    18:11:18.0312 2956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:11:18.0312 2956 Ndisuio - ok
    18:11:18.0328 2956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:11:18.0328 2956 NdisWan - ok
    18:11:18.0359 2956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:11:18.0359 2956 NDProxy - ok
    18:11:18.0375 2956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:11:18.0375 2956 NetBIOS - ok
    18:11:18.0390 2956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:11:18.0390 2956 NetBT - ok
    18:11:18.0406 2956 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:11:18.0406 2956 NIC1394 - ok
    18:11:18.0453 2956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:11:18.0453 2956 Npfs - ok
    18:11:18.0484 2956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:11:18.0484 2956 Ntfs - ok
    18:11:18.0500 2956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:11:18.0500 2956 Null - ok
    18:11:18.0781 2956 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    18:11:18.0843 2956 nv - ok
    18:11:18.0875 2956 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
    18:11:18.0875 2956 NVHDA - ok
    18:11:18.0906 2956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:11:18.0906 2956 NwlnkFlt - ok
    18:11:18.0937 2956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:11:18.0937 2956 NwlnkFwd - ok
    18:11:18.0953 2956 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:11:18.0953 2956 ohci1394 - ok
    18:11:19.0000 2956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    18:11:19.0000 2956 Parport - ok
    18:11:19.0000 2956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:11:19.0000 2956 PartMgr - ok
    18:11:19.0031 2956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:11:19.0031 2956 ParVdm - ok
    18:11:19.0046 2956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:11:19.0046 2956 PCI - ok
    18:11:19.0046 2956 PCIDump - ok
    18:11:19.0062 2956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:11:19.0078 2956 PCIIde - ok
    18:11:19.0093 2956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:11:19.0093 2956 Pcmcia - ok
    18:11:19.0109 2956 PDCOMP - ok
    18:11:19.0109 2956 PDFRAME - ok
    18:11:19.0125 2956 PDRELI - ok
    18:11:19.0140 2956 PDRFRAME - ok
    18:11:19.0140 2956 perc2 - ok
    18:11:19.0156 2956 perc2hib - ok
    18:11:19.0187 2956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:11:19.0187 2956 PptpMiniport - ok
    18:11:19.0218 2956 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    18:11:19.0218 2956 Processor - ok
    18:11:19.0234 2956 prodrv06 - ok
    18:11:19.0265 2956 prohlp02 (7a78181cc947cdaa0902e113cfd01e93) C:\WINDOWS\system32\drivers\prohlp02.sys
    18:11:19.0265 2956 prohlp02 - ok
    18:11:19.0281 2956 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
    18:11:19.0281 2956 prosync1 - ok
    18:11:19.0296 2956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:11:19.0296 2956 PSched - ok
    18:11:19.0312 2956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:11:19.0312 2956 Ptilink - ok
    18:11:19.0328 2956 ql1080 - ok
    18:11:19.0328 2956 Ql10wnt - ok
    18:11:19.0343 2956 ql12160 - ok
    18:11:19.0359 2956 ql1240 - ok
    18:11:19.0359 2956 ql1280 - ok
    18:11:19.0390 2956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:11:19.0390 2956 RasAcd - ok
    18:11:19.0406 2956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:11:19.0406 2956 Rasl2tp - ok
    18:11:19.0421 2956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:11:19.0421 2956 RasPppoe - ok
    18:11:19.0421 2956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:11:19.0421 2956 Raspti - ok
    18:11:19.0484 2956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:11:19.0484 2956 Rdbss - ok
    18:11:19.0500 2956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:11:19.0500 2956 RDPCDD - ok
    18:11:19.0546 2956 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:11:19.0562 2956 RDPWD - ok
    18:11:19.0593 2956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:11:19.0593 2956 redbook - ok
    18:11:19.0687 2956 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    18:11:19.0687 2956 SASDIFSV - ok
    18:11:19.0703 2956 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    18:11:19.0703 2956 SASENUM - ok
    18:11:19.0703 2956 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    18:11:19.0703 2956 SASKUTIL - ok
    18:11:19.0734 2956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:11:19.0734 2956 Secdrv - ok
    18:11:19.0781 2956 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
    18:11:19.0781 2956 SenFiltService - ok
    18:11:19.0796 2956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    18:11:19.0796 2956 Serial - ok
    18:11:19.0828 2956 sfhlp01 (91f99f3e331e24c438819a38a1ad049c) C:\WINDOWS\system32\drivers\sfhlp01.sys
    18:11:19.0828 2956 sfhlp01 - ok
    18:11:19.0828 2956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:11:19.0828 2956 Sfloppy - ok
    18:11:19.0843 2956 Simbad - ok
    18:11:19.0859 2956 Sparrow - ok
    18:11:19.0906 2956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:11:19.0906 2956 splitter - ok
    18:11:19.0968 2956 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
    18:11:19.0968 2956 sptd - ok
    18:11:19.0984 2956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:11:19.0984 2956 sr - ok
    18:11:20.0031 2956 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
    18:11:20.0031 2956 SRTSP - ok
    18:11:20.0046 2956 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
    18:11:20.0046 2956 SRTSPX - ok
    18:11:20.0062 2956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:11:20.0062 2956 Srv - ok
    18:11:20.0109 2956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:11:20.0109 2956 swenum - ok
    18:11:20.0140 2956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:11:20.0140 2956 swmidi - ok
    18:11:20.0140 2956 symc810 - ok
    18:11:20.0156 2956 symc8xx - ok
    18:11:20.0187 2956 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
    18:11:20.0203 2956 SymDS - ok
    18:11:20.0234 2956 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
    18:11:20.0234 2956 SymEFA - ok
    18:11:20.0281 2956 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    18:11:20.0281 2956 SymEvent - ok
    18:11:20.0281 2956 SYMFW - ok
    18:11:20.0296 2956 SYMIDS - ok
    18:11:20.0312 2956 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    18:11:20.0312 2956 SymIM - ok
    18:11:20.0312 2956 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    18:11:20.0312 2956 SymIMMP - ok
    18:11:20.0328 2956 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
    18:11:20.0328 2956 SymIRON - ok
    18:11:20.0343 2956 SYMNDIS - ok
    18:11:20.0359 2956 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
    18:11:20.0359 2956 SYMTDI - ok
    18:11:20.0375 2956 sym_hi - ok
    18:11:20.0375 2956 sym_u3 - ok
    18:11:20.0406 2956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:11:20.0406 2956 sysaudio - ok
    18:11:20.0453 2956 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
    18:11:20.0453 2956 tandpl - ok
    18:11:20.0468 2956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:11:20.0468 2956 Tcpip - ok
    18:11:20.0531 2956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:11:20.0531 2956 TDPIPE - ok
    18:11:20.0546 2956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:11:20.0562 2956 TDTCP - ok
    18:11:20.0562 2956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:11:20.0562 2956 TermDD - ok
    18:11:20.0578 2956 TosIde - ok
    18:11:20.0593 2956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:11:20.0593 2956 Udfs - ok
    18:11:20.0609 2956 ultra - ok
    18:11:20.0703 2956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:11:20.0703 2956 Update - ok
    18:11:20.0718 2956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:11:20.0718 2956 usbccgp - ok
    18:11:20.0734 2956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:11:20.0734 2956 usbehci - ok
    18:11:20.0750 2956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:11:20.0750 2956 usbhub - ok
    18:11:20.0765 2956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:11:20.0765 2956 usbprint - ok
    18:11:20.0781 2956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:11:20.0781 2956 usbscan - ok
    18:11:20.0796 2956 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:11:20.0796 2956 usbstor - ok
    18:11:20.0812 2956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:11:20.0812 2956 usbuhci - ok
    18:11:20.0843 2956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:11:20.0843 2956 VgaSave - ok
    18:11:20.0843 2956 ViaIde - ok
    18:11:20.0875 2956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:11:20.0875 2956 VolSnap - ok
    18:11:20.0890 2956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:11:20.0890 2956 Wanarp - ok
    18:11:20.0937 2956 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:11:20.0937 2956 Wdf01000 - ok
    18:11:20.0953 2956 WDICA - ok
    18:11:20.0984 2956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:11:20.0984 2956 wdmaud - ok
    18:11:21.0031 2956 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
    18:11:21.0031 2956 WmBEnum - ok
    18:11:21.0062 2956 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
    18:11:21.0062 2956 WmFilter - ok
    18:11:21.0093 2956 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
    18:11:21.0093 2956 WmVirHid - ok
    18:11:21.0093 2956 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
    18:11:21.0093 2956 WmXlCore - ok
    18:11:21.0140 2956 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    18:11:21.0140 2956 WpdUsb - ok
    18:11:21.0171 2956 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:11:21.0187 2956 WudfPf - ok
    18:11:21.0203 2956 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:11:21.0203 2956 WudfRd - ok
    18:11:21.0281 2956 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
    18:11:21.0281 2956 xusb21 - ok
    18:11:21.0296 2956 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    18:11:21.0312 2956 yukonwxp - ok
    18:11:21.0328 2956 {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
    18:11:21.0343 2956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    18:11:21.0468 2956 \Device\Harddisk0\DR0 - ok
    18:11:21.0484 2956 MBR (0x1B8) (c5a77ec66a1552fdc102d2d4dc22f0d4) \Device\Harddisk1\DR1
    18:11:21.0484 2956 \Device\Harddisk1\DR1 - ok
    18:11:21.0500 2956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    18:11:21.0578 2956 \Device\Harddisk2\DR2 - ok
    18:11:21.0578 2956 Boot (0x1200) (0792fbef5a0adc1dd7074727a12d89c4) \Device\Harddisk0\DR0\Partition0
    18:11:21.0578 2956 \Device\Harddisk0\DR0\Partition0 - ok
    18:11:21.0578 2956 Boot (0x1200) (9790eb65568029ddd77293421c13de65) \Device\Harddisk1\DR1\Partition0
    18:11:21.0578 2956 \Device\Harddisk1\DR1\Partition0 - ok
    18:11:21.0578 2956 Boot (0x1200) (b18f2931b4b26bddd802b38688ba7439) \Device\Harddisk2\DR2\Partition0
    18:11:21.0578 2956 \Device\Harddisk2\DR2\Partition0 - ok
    18:11:21.0578 2956 ============================================================
    18:11:21.0578 2956 Scan finished
    18:11:21.0578 2956 ============================================================
    18:11:21.0593 3420 Detected object count: 1
    18:11:21.0593 3420 Actual detected object count: 1
    18:11:24.0718 3420 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
    18:11:25.0140 3420 Backup copy found, using it..
    18:11:25.0281 3420 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
    18:11:27.0718 3420 AFD ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
    18:11:54.0046 0720 Deinitialize success
     
  21. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    Even though I'm having problems with the ESET scan, should I still do the Java update?
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go ahead and update the Java now, then uninstall the old version. As long as the old version is on the system, you are vulnerable to malware.
    ============================================
    Please note: The directions for both Combofix and the Eset scan direct you to disable the security programs before running the scans:
    You have not done this for Combofix. And if you didn't do it for the Eset scan, that could be the reason it won't run: Having the security running during these 2 scans can affect the outcome> False Positives and/or missed entries.
    ---------------------------------------
    To Disable NORTON 360
    • Right-click the Norton 360 Premier Edition icon in the system tray and select Disable Antivirus Automatic-Protect.
    • You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until system restart, Permanently.
    • Choose 5 hours.
    ======================================
    Regarding the Eset Scan: This is already on the system in the Addons:
    DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
    Please open Internet Explorer> Tools> Manage Addons> remove the entry for this above.
    ----------------------------
    There are two different links for the Eset Online scan: You appear to be using Internet Explorer in which case you would click on the #1 Open the ESETOnlineScan link embedded in Reply #15. If you are using any browser other than IE, you would click on the #3 Open Eset Smart Installer embedded link which opens the Windows to the Smart Installer link first.

    Please try this scan again, remembering to disable the Norton Security first.
    =============================================
    I would strongly encourage you to remove all of these domains from the Trusted Zone. Nothing needs to be in this Zone. The security is lower in this zone, leaving the system more vulnerable to anything incoming, and possibly outgoing, from the domains. You do not lose access by removing them from this zone:
    Trusted Zone: custhelp.com\wizards
    Trusted Zone: hotmail.com\www
    Trusted Zone: live.com\mail
    Trusted Zone: wizards.com
    Go to Internet Options, either through Tools in IE or through the Control Panel:
    • From Internet Options> click on the Security tab> Trusted Sites> Sites>
    • Find each of the above domains> Highlight and click on Remove
    • When finished: Click on Apply> OK
    ========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\drivers\FixTDSS.sys
    c:\docume~1\main\locals~1\temp\gtermddo.sys 
    Folders::
    C:\2f285ebdfb9ed59c8a6875e3ff4699e2
    C:\3a7e93e5a4606a81ac8ad4
    
    ClearJavaCache::
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    "c:\\Program Files\\Steam\\SteamApps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\\main.exe"=-
    RegLockDel::
    [HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\KISS\«0¹0¿0à0á0¤0É03*D*]
    "InstallPath"="c:\\MST3K\\mtadfk.com\\custom maid\\ƒJƒXƒ^ƒ€ƒƒCƒh3D"
    RegNull::
    [HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    [HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\SecuROM\License information*]
    Driver::
    FixTDSS
    gtermddo
    Reboot::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Regarding open ports:
    There are several TCP and UDP Ports open for League of Legends. If it is specifically necessary for this game, leave them if you are the one to set them up.

    Additionally, there are other ports open:
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP" through "5020:TCP"

    These ports are all "Globally Open" in the firewall. These means that they are available to all accounts on the system..Did you open them? Why?
     
  23. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    I have updated java and removed the trusted sites.

    Going to the manage addons option of internet explorer and selecting "all add-ons" from the "show" drop box I was not able to locate the entry for eset in order to remove it. But I did find out that what was hapening was that it wanted to download an activeX control, but the window was resetting so quickly I could not instruct it to do so. I fixed the problem and have run the ESET scan, log will follow.

    I did set up the League of Legends ports, but I do not know anything about those other open ports.

    Combofix custom script run, I made sure norton was disabled for both combofix and eset scans, log will follow.
     
  24. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    C:\TDSSKiller_Quarantine\15.12.2011_18.09.52\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.FQ trojan
     
  25. fractoral

    fractoral TS Rookie Topic Starter Posts: 34

    ComboFix 11-12-17.03 - Main 12/17/2011 19:08:10.2.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2491 [GMT -5:00]
    Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt
    AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    FILE ::
    "c:\docume~1\main\locals~1\temp\gtermddo.sys"
    "c:\windows\system32\drivers\FixTDSS.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_FIXTDSS
    -------\Legacy_GTERMDDO
    -------\Service_FixTDSS
    -------\Service_gtermddo
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-17 21:35 . 2011-12-17 21:35 -------- d-----w- c:\windows\LastGood.Tmp
    2011-12-17 21:35 . 2011-12-17 21:35 -------- d-----w- c:\program files\ESET
    2011-12-17 21:14 . 2011-12-17 21:14 -------- d-----w- c:\program files\Common Files\Java
    2011-12-17 21:14 . 2011-12-17 21:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-17 21:14 . 2011-12-17 21:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-17 21:13 . 2011-12-17 21:13 -------- d-----w- c:\program files\Java
    2011-12-15 23:11 . 2011-12-15 23:11 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
    2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-15 17:09 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-14 15:54 . 2011-12-15 02:27 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\SanctionedMedia
    2011-12-09 01:26 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
    2011-12-09 01:26 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
    2011-12-09 01:26 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
    2011-12-09 01:26 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
    2011-12-09 01:26 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
    2011-12-02 16:44 . 2011-12-02 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
    2011-11-26 12:44 . 2011-07-07 23:21 876136 ----a-w- c:\windows\system32\nvhdagenco3220102.dll
    2011-11-26 12:33 . 2007-06-29 19:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
    2011-11-26 12:33 . 2011-11-26 12:33 -------- d-----w- c:\program files\AMD
    2011-11-26 12:33 . 2011-11-26 12:33 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Downloaded Installations
    2011-11-26 12:29 . 2011-11-26 12:30 -------- d-----w- C:\2f285ebdfb9ed59c8a6875e3ff4699e2
    2011-11-26 12:18 . 2011-11-26 12:19 -------- d-----w- C:\3a7e93e5a4606a81ac8ad4
    2011-11-26 12:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-11-26 12:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-11-26 12:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-11-26 12:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-11-20 20:42 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2011-11-20 20:42 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2011-11-20 17:04 . 2011-12-11 18:31 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\CutePDF Writer
    2011-11-20 16:55 . 2011-11-20 16:55 -------- d-----w- c:\program files\GPLGS
    2011-11-20 16:55 . 2009-11-05 13:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
    2011-11-20 16:55 . 2011-11-20 16:55 -------- d-----w- c:\program files\Acro Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-16 02:46 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-26 12:57 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
    2011-11-26 12:57 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 08:55 . 2011-10-24 08:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2008-12-01 14:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-08 04:50 . 2011-07-27 17:11 298304 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-10-08 04:50 . 2011-07-27 17:11 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-10-08 04:50 . 2011-07-27 17:11 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2011-10-08 04:50 . 2011-07-27 17:11 220992 ----a-w- c:\windows\system32\nvcolor.exe
    2011-10-08 04:50 . 2011-07-27 17:11 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-08 04:50 . 2011-07-27 17:11 16744256 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-08 04:50 . 2010-12-16 19:22 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-10-08 04:50 . 2010-12-16 19:22 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-10-08 04:50 . 2010-12-16 19:22 65536 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-08 04:50 . 2010-12-16 19:22 5595136 ----a-w- c:\windows\system32\nvcuda.dll
    2011-10-08 04:50 . 2010-12-16 19:22 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-10-08 04:50 . 2010-12-16 19:22 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-10-08 04:50 . 2010-12-16 19:22 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-10-08 04:50 . 2010-12-16 19:22 2449408 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-08 04:50 . 2010-12-16 19:22 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-10-08 04:50 . 2004-08-04 07:56 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-10-08 04:50 . 2004-08-04 05:29 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\system32\xlive.dll
    2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
    2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-16_03.42.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-18 00:20 . 2011-12-18 00:20 16384 c:\windows\Temp\Perflib_Perfdata_464.dat
    + 2008-07-14 11:09 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    - 2008-07-14 11:09 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    - 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
    - 2007-08-13 23:54 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
    + 2007-08-13 23:54 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
    + 2011-07-25 13:45 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2011-07-25 13:45 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2011-04-25 14:47 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2011-04-25 14:47 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2011-07-25 13:45 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2011-07-25 13:45 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-03-08 08:34 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2009-03-08 08:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2009-03-08 08:33 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-03-08 08:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2011-04-26 11:07 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2011-04-26 11:07 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2009-07-21 14:01 . 2011-12-16 08:59 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\ARPPRODUCTICON.exe
    - 2009-07-21 14:01 . 2009-07-21 14:01 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\ARPPRODUCTICON.exe
    + 2011-12-16 08:03 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
    + 2007-08-13 23:54 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
    - 2007-08-13 23:54 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
    + 2011-12-17 21:14 . 2011-12-17 21:13 157472 c:\windows\system32\javaws.exe
    + 2011-12-17 21:14 . 2011-12-17 21:13 149280 c:\windows\system32\javaw.exe
    + 2011-12-17 21:14 . 2011-12-17 21:13 149280 c:\windows\system32\java.exe
    - 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
    + 2004-08-04 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
    + 2008-12-01 09:38 . 2011-12-16 08:56 127704 c:\windows\system32\FNTCACHE.DAT
    - 2008-12-01 09:38 . 2011-11-26 12:49 127704 c:\windows\system32\FNTCACHE.DAT
    + 2011-04-25 14:47 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
    - 2009-03-08 08:34 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
    + 2009-03-08 08:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
    + 2009-03-08 08:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-03-08 08:34 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
    - 2011-04-25 14:47 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
    + 2011-04-25 14:47 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
    - 2011-07-25 13:45 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2011-07-25 13:45 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2011-07-25 13:45 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2011-07-25 13:45 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2011-04-25 14:47 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2011-04-25 14:47 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2011-07-25 13:45 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2011-07-25 13:45 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2009-03-08 18:09 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2009-03-08 18:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2009-03-08 08:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
    - 2009-03-08 08:32 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
    - 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
    + 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
    + 2011-12-17 21:14 . 2011-12-17 21:14 203776 c:\windows\Installer\7c4946e.msi
    + 2011-12-17 21:13 . 2011-12-17 21:13 901120 c:\windows\Installer\7c49467.msi
    + 2011-12-16 08:03 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
    + 2011-12-16 08:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
    + 2011-12-16 08:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
    + 2011-12-16 08:03 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
    + 2011-12-16 08:03 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
    + 2004-08-04 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
    - 2007-08-13 23:34 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
    + 2007-08-13 23:34 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
    + 2011-06-02 14:02 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
    + 2011-04-25 14:47 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
    - 2011-04-25 14:47 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
    + 2011-07-25 07:04 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2011-07-25 07:04 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2011-07-25 07:04 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2011-07-25 07:04 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2011-07-25 07:04 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2011-07-25 07:04 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2011-07-25 07:04 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2011-07-25 07:04 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2011-04-25 14:47 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
    - 2011-07-25 13:45 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
    + 2011-07-25 13:45 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
    + 2011-12-16 08:03 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
    + 2011-12-16 08:03 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
    - 2011-07-25 07:04 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2011-07-25 07:04 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    - 2011-07-25 07:04 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2011-07-25 07:04 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2011-07-25 07:04 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2011-07-25 07:04 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2011-07-25 07:04 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2011-07-25 07:04 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2008-12-01 16:35 . 2011-12-16 08:01 52988224 c:\windows\system32\MRT.exe
    + 2007-08-13 23:54 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
    - 2007-08-13 23:54 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll
    + 2011-07-25 13:45 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
    - 2011-07-25 13:45 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-12-16 08:03 . 2011-08-23 21:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SansaDispatch"="c:\documents and settings\Main\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-15 79872]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
    "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-08-26 15:24 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=
    "c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\deus ex\\System\\DeusEx.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\chantelise\\chantelise.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\chantelise\\custom.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\tidalis\\Tidalis.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\dreddvsdeath\\Dredd.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\titan quest\\Titan Quest.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\titan quest\\help.htm"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\ghost master\\ghost.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\thief deadly shadows\\System\\runme.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\star raiders\\StarRaiders.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\the undergarden\\TheUndergarden.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\ghostbusters sanctum of slime\\Game\\GhostBustersSOS.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\universe at war earth assault\\LaunchUAW.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\space siege\\Space Siege\\SpaceSiege.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\\main.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\oddworld abes oddysee\\AbeWin.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\oddworld abes exoddus\\Exoddus.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\on the rain-slick precipice of darkness - episode one\\RainSlickEp1.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\penny arcade adventures on the rain-slick precipice of darkness episode 2\\RainSlickEp2.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\puzzle chronicles\\PuzzleChronicles.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\mrrobot\\MrRobot.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\shatter\\ShatterSettingsEditor.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\project aftermath\\ProjectAftermath.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\spectromancer\\Spectromancer.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\droplitz\\Cascade.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\the last remnant\\Binaries\\TLR.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\zombie driver\\Release\\ZombieDriver.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\light of altair\\Altair.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\avencast\\Avencast.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\grotesque tactics\\GrotesqueTactics.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\armada 2526\\bin\\Armada2526.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\command and conquer 4 tiberian twilight\\CNC4.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\command and conquer 4 tiberian twilight\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\Launcher.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\AoWSetup.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\Readme.txt"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\QuickStart.pdf"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\AoWEd.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\recettear\\recettear.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\recettear\\custom.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\ares\\ARES.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\breath of death vii\\BoDVIIPC.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\cthulhu saves the world\\CSTW.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\team fortress 2 meet the medic\\smp.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\post apocalyptic mayhem\\PAMMainGame.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\titan quest immortal throne\\Tqit.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\titan quest immortal throne\\help.htm"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\deus ex - human revolution\\dxhr.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\sanctum\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\back to the future ep 2\\BackToTheFuture102.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\tomb raider anniversary\\tra.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\bejeweled 3\\Bejeweled3.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\magicka\\Magicka.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\4 elements\\4 Elements.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\batman2\\Binaries\\Win32\\BatmanAC.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\batman2\\RunLauncher.bat"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020
    "50942:TCP"= 50942:TCP:CharBuilderFull
    "50942:UDP"= 50942:UDP:CharBuilderFull
    "19585:TCP"= 19585:TCP:CharBuilderFull
    "19585:UDP"= 19585:UDP:CharBuilderFull
    "57330:TCP"= 57330:TCP:pando Media Booster
    "57330:UDP"= 57330:UDP:pando Media Booster
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    "8382:TCP"= 8382:TCP:League of Legends Launcher
    "8382:UDP"= 8382:UDP:League of Legends Launcher
    "8383:TCP"= 8383:TCP:League of Legends Launcher
    "8383:UDP"= 8383:UDP:League of Legends Launcher
    "8397:TCP"= 8397:TCP:League of Legends Launcher
    "8397:UDP"= 8397:UDP:League of Legends Launcher
    "6968:TCP"= 6968:TCP:League of Legends Launcher
    "6968:UDP"= 6968:UDP:League of Legends Launcher
    "8398:TCP"= 8398:TCP:League of Legends Launcher
    "8398:UDP"= 8398:UDP:League of Legends Launcher
    "8393:TCP"= 8393:TCP:League of Legends Lobby
    "8393:UDP"= 8393:UDP:League of Legends Lobby
    "8390:TCP"= 8390:TCP:League of Legends Game Client
    "8390:UDP"= 8390:UDP:League of Legends Game Client
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/18/2011 3:23 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/18/2011 3:23 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 6:14 PM 819320]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 1:07 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 1:07 PM 67656]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/18/2011 3:23 PM 136312]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/15/2011 12:09 PM 366152]
    R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [5/18/2011 3:22 PM 130008]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/27/2011 12:11 PM 2253120]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/15/2011 2:08 PM 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111216.001\IDSXpx86.sys [12/16/2011 7:01 PM 356280]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/15/2011 12:09 PM 22216]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/27/2011 12:10 PM 119656]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 10:10 AM 717296]
    S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\mst3k\Titan\SlaveMaker15x5\Hitomi - My Stepsister\Hitomi\VMLaunch\BuddyVM.sys --> c:\mst3k\Titan\SlaveMaker15x5\Hitomi - My Stepsister\Hitomi\VMLaunch\BuddyVM.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 1:07 PM 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.thenorthernempire.com/forum/index.php
    TCP: DhcpNameServer = 216.104.96.22 216.104.98.222
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-17 19:21
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SansaDispatch = c:\documents and settings\Main\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?m%3d%26is-debug%3d%26rom-version%3d%26part-number%3d%26product-n????7?2? ??????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\KISS\«0¹0¿0à0á0¤0É03*D*]
    "InstallPath"="c:\\MST3K\\mtadfk.com\\custom maid\\ƒJƒXƒ^ƒ€ƒƒCƒh3D"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(732)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(4060)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\RunDLL32.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-17 19:23:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-18 00:23
    ComboFix2.txt 2011-12-16 03:46
    .
    Pre-Run: 68,540,624,896 bytes free
    Post-Run: 68,471,656,448 bytes free
    .
    - - End Of File - - FC35FCA113F097A6D865985978248209
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...