Solved Boot malware?

K

kenobi575

Posts: 55   +0
For days now, I have only been able to get into my computer via the Administrator profile in safe mode. Any attempts to get into normal mode only gives me a few minutes before whatever this is kicks in and says there is a potential hdd failure.

Once a profile is affected - its useless - even safe mode reflects that.
I managed to create one and run Hijack This! (renamed as Dabo) before the infection stopped me and then returned to safe mode to retrieve the log.

I couldn't attach the log so I copy / pasted:

[HJT log removed by Broni]



I hope someone can help me, otherwise I face a format and lengthy reinstall.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Can't access normal mode except for a few minutes

As I posted earlier, I can only get into normal mode for a few minutes under a new profile until the infection damages it. I then have to create a new one. That is how I managed to get the Hijack This log.

Thank you for the clear rules - I will follow them.
 
Safe mode is ok but limited

I can accesss Administrator and any undamaged profile in safe mode. The infection is only active in normal mode. I log in with networking but my nic card is disabled.

This one has me stumped - all the protection software I run and it still got in.
 
Do you have another working computer and USB flash drive?
If so, download necessary tools on good computer, transfer them to bad computer and run them from SAFE MODE, for now.
 
Safe mode is fine

I can do anything in safe mode - the infection appears only to be active in normal mode.

However, safe mode with networking doesn't give me internet access - so I can't update anything..
 
Sorry about the duplicate reply - for some reason, the first wasn't showing.

I am on my laptop and have several jump drives. What do you want me to do first?
 
Download DDS, GMER, MBAM (plus MBAM manual updates - see my previous message), transfer them to bad computer and run them from safe mode.
 
2 out of 3 ran fine

Malwarebytes and dds ran without incident - Gmer ran for 5 hours and when finally done- there was no save button so I am letting it run overnight again.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: ALBERT [administrator]

12/30/2011 5:51:06 PM
mbam-log-2011-12-30 (17-51-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280434
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jdiNQqhyasYS.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\4muVHThpnI2nz3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)



.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 1:47:22 on 2011-12-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1550 [GMT -5:00]
.
AV: Norton AntiVirus 2005 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.emachines.com/
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\documents and settings\owner\my documents\norton antivirus\NAVShExt.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BhoMisc Class: {e3578b37-6346-4ec1-a82b-38273a100dcf} - c:\program files\trend micro\trendprotect\msie\wrs.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\documents and settings\owner\my documents\norton antivirus\NAVShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: TrendProtect: {f83be649-1cc3-48ee-b2e2-0826cef3822a} - c:\program files\trend micro\trendprotect\msie\wrs.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [NeroHomeFirstStart] "c:\program files\common files\ahead\lib\NMFirstStart.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DISABLETASKMGR = 1 (0x1)
IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm
IE: {09EA1F80-F40A-11D1-B792-444553540001}\SOFTWARE
IE: {09EA1F80-F40A-11D1-B792-444553540001}\SOFTWARE\Classes
IE: {09EA1F80-F40A-11D1-B792-444553540001}\SOFTWARE\Classes\CLSID
IE: {09EA1F80-F40A-11D1-B792-444553540001}
IE: {09EA1F80-F40A-11D1-B792-444553540001}\ProgID
IE: {722FE9B2-6895-42D9-9984-F4CB26616023}\SOFTWARE
IE: {722FE9B2-6895-42D9-9984-F4CB26616023}\SOFTWARE\Classes
IE: {722FE9B2-6895-42D9-9984-F4CB26616023}\SOFTWARE\Classes\CLSID
IE: {722FE9B2-6895-42D9-9984-F4CB26616023}
IE: {722FE9B2-6895-42D9-9984-F4CB26616023}\ProgID
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes\CLSID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes\CLSID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\ProgID
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - c:\program files\cosmi\perfect pdf creator essentials\pdfshell.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325033240453
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8A48CAB4-5DA2-4C89-98E5-C2D712B952E7} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\trend micro\trendprotect\msie\WRS.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-18 116608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67664]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-13 197752]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-13 164984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2010-1-24 193192]
S2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-10-29 9296]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton antivirus\navapsvc.exe" --> c:\program files\norton antivirus\navapsvc.exe [?]
S2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-10-29 466944]
S2 SAVRTPEL;SAVRTPEL;\??\c:\program files\norton antivirus\savrtpel.sys --> c:\program files\norton antivirus\SAVRTPEL.SYS [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-18 66688]
S2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [1998-2-23 31104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
S2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-8-3 177696]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-5-6 191752]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-13 78968]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
S3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-10-29 178304]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVENG.sys [2010-10-15 86064]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVEX15.sys [2010-10-15 1371184]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-26 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
S3 SAVRT;SAVRT;\??\c:\program files\norton antivirus\savrt.sys --> c:\program files\norton antivirus\SAVRT.SYS [?]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\common files\wpe\wpeserv.exe [2010-11-17 323584]
S4 SAVScan;SAVScan;"c:\program files\norton antivirus\savscan.exe" --> c:\program files\norton antivirus\SAVScan.exe [?]
.
=============== File Associations ===============
.
inffile=c:\windows\system32\NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2011-12-30 18:06:47 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-29 00:41:23 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-29 00:41:22 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2011-12-29 00:41:22 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2011-12-29 00:41:22 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2011-12-29 00:41:22 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2011-12-29 00:41:16 -------- d-----w- c:\program files\Linksys
2011-12-29 00:04:52 -------- d-----w- C:\Wallpaper Master
2011-12-28 19:40:20 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Temp
2011-12-28 19:40:20 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Adobe
2011-12-28 18:54:12 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Symantec
2011-12-28 08:22:15 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Identities
2011-12-28 08:20:46 -------- d--h--w- c:\documents and settings\administrator\application data\Windows Search
2011-12-28 07:32:56 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-12-28 07:31:57 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Opera
2011-12-27 23:10:44 3038 ----a-w- C:\fix_svchost.bat
2011-12-27 23:08:26 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2011-12-27 23:06:37 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2011-12-27 20:01:54 -------- d-----w- c:\windows\system32\GroupPolicy
2011-12-27 20:01:54 -------- d-----w- c:\program files\Windows Desktop Search
2011-12-27 20:00:34 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-12-27 20:00:34 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 22:58:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2007-03-09 07:12:32 27648 -csha-w- c:\windows\system32\AVSredirect.dll
.
============= FINISH: 1:47:47.17 ===============
 
attach txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2005 6:22:08 PM
System Uptime: 12/30/2011 6:07:04 PM (7 hours ago)
.
Motherboard: First International Computer, Inc. | | K7MNF-64
Processor: AMD Sempron(tm) 3000+ | Socket A | 1991/166mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 108 GiB total, 64.458 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.673 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
100 Happy Money Screen Saver 3.0
7-Zip 4.57
ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0 Sprint
Absolute Uninstaller 2.5
Access Drivers
Acrobat.com
Active Disk
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player
AM-DeadLink 3.1
Amazon Add to Wish List IE Extension 1.1
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Collage Creator
ArcSoft PhotoImpression 5
Asteroids
Atomic Clock Sync
Autorun Eater v2.3
Belarc Advisor 7.2
BigFix
Bing Bar
BOINC
Bonjour
Camera Driver
ccCommon
CCleaner
Checkmate
ClassMaster 4.0
CleanUp!
Clock Screen Saver
Clue
Combat
Compact Wireless-G USB Network Adapter with SpeedBooster
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D-Fend v2
Dancing Pagans Screensaver
Destiny of the Doctors
Digital Media Reader
DirectX Media Runtime 5.1
doPDF 6.2 printer
Drivers Install For Linksys Easylink Advisor
DVD Audio Ripper 4
Easy Video Downloader v. 2.1
EnGraph QuickTimeKiller
ESET Online Scanner v3
ETCR
FaxTools
Flash Capture 1.20
Flash saver
getPlus(R) for Adobe
GetRight
Ghoul's Delight Screen Saver
GIF Construction Set Professional
Glarysoft Registry Repair 2.7
Gliding Balls Screensaver
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Graphic Converter 2003
Halloween Haunting 2003 Screen Saver
Hampster Dance
Hieroglyphs Screen Saver
HijackThis 2.0.2
HostsMan 3.2.70 Beta6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 3600 series
Icon Snatcher Version 3.6.1
Icon Viewer 3.5
Image Eye v7.1
Innovatools Add/Remove Plus! 5.0
Internet Worm Protection
IomegaWare 4.0.2
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java 3D 1.5.2
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 26
Java(TM) 6 Update 7
JMV Sorbet
KC Softwares KCleaner
Kidware.Net Photo Color
Kodak EasyShare software
Korean Language Support
Lexmark Printable Web
Lexmark Pro700 Series
Lexmark Toolbar
Lexmark X1100 Series
Linksys EasyLink Advisor 1.6 (0044)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Make-Your-Own-Opoly
Malwarebytes Anti-Malware version 1.60.0.1800
Mavericks Casino
McDougal Littell Test Generator
MediaFACE II
Microangelo 98
Micrografx Picture Publisher 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Global IME for Office XP (Korean)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Publisher 2003
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Microsoft XML Parser
Missile Command
Mozilla Firefox 8.0 (x86 en-US)
Mozilla Thunderbird (2.0.0.17)
MSConfig CleanUp 1.2
MyDSC2
NCR Label Formats for MS Word Setup
Nero 7 Essentials
Nero BurnRights
neroxml
Netscape Navigator (9.0.0.5)
Norton AntiVirus Corporate Edition
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton WMI Update
OE-Mail Recovery 1.7.6
OpenOffice.org 3.1
Opera 11.51
Pagan Daybook II
Pagan Heart Balls Screensaver Screensaver
Pagan Heart Balls2 Screensaver
Pagan Heart Faces Screensaver
PaqRat
Perfect PDF Creator Essentials
Picasa 2
PL-2303 USB-to-Serial
PlanetDextersLab Screen Saver
Pop-Up Stopper
PowerDVD
Project1 Screensaver
Quick StartUp 2.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Runes the Ancient Oracle
Safari
sd_gs_saver1 Screen Saver
SeaMonkey (1.1.11)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serandom Screensaver v2
SereneScreen Aquarium
She Screen Saver
SinkSub Pro
Skype web features
Skype™ 4.1
Snappy Video Snapshot 4.0
SoftV92 Data Fax Modem with SmartCP
Space Invaders
SPBBC
Speccy
Spellbound
Spybot - Search & Destroy
SpywareBlaster 4.5
SpywareGuard v2.2
Star Trek: The Game Show
SUPERAntiSpyware Free Edition
Symantec
Symantec Script Blocking Installer
SymNet
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Trend Micro TrendProtect for Firefox
Trend Micro TrendProtect for Internet Explorer
Tweak UI
Undersea Screensaver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USA Flag
USB-Flash Disk
VBGold TurboSplit V.1.2
VDMSound 2.0.4
Viewpoint Media Player
Wallpaper Master Pro v1.51
WebFldrs XP
WetLook
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
www.UselessCreations.com - Doctor Who 3D Screensaver v1.5
www.UselessCreations.com - Enterprise 3D Screensaver v1.0
XP Icon Wars Screensaver
Xtreme Sound PCI
Yahoo! Install Manager
Yahoo! Toolbar
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
12/30/2011 6:16:19 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/30/2011 6:09:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp AmdK7 amsint asc asc3350p asc3550 BANTExt cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o Fips hpn i2omp ini910u IntelIde mraid35x NetworkX perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 SASDIFSV SASKUTIL sisagp Sparrow symc810 symc8xx SYMTDI sym_hi sym_u3 TosIde ultra viaagp ViaIde
12/28/2011 7:45:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/28/2011 3:29:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/28/2011 1:58:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/27/2011 9:57:12 PM, error: System Error [1003] - Error code 100000d1, parameter1 00006d5b, parameter2 00000002, parameter3 00000000, parameter4 f74ae447.
12/27/2011 9:11:46 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
12/27/2011 7:42:50 PM, error: SideBySide [36] - The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a has missing or invalid files; recovery of this assembly failed.
12/27/2011 7:42:22 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/27/2011 7:23:08 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/27/2011 6:27:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ql12160
12/27/2011 6:27:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService service to connect.
12/27/2011 6:27:02 PM, error: Service Control Manager [7000] - The SAVRTPEL service failed to start due to the following error: The system cannot find the path specified.
12/27/2011 6:27:02 PM, error: Service Control Manager [7000] - The Norton AntiVirus Auto-Protect Service service failed to start due to the following error: The system cannot find the path specified.
12/27/2011 6:27:02 PM, error: Service Control Manager [7000] - The lxeeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2011 6:24:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/27/2011 6:18:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/27/2011 6:17:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 BANTExt Fips IPSec MRxSmb NetBIOS NetBT NetworkX ql12160 RasAcd Rdbss SASDIFSV SASKUTIL SYMTDI Tcpip WS2IFSL
12/27/2011 6:17:33 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2011 6:17:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2011 6:17:33 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2011 6:17:33 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2011 6:17:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/27/2011 2:59:16 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
12/27/2011 2:54:40 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
12/27/2011 2:54:40 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
12/27/2011 2:54:40 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/27/2011 12:53:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
12/27/2011 12:03:41 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
12/27/2011 11:36:33 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
12/27/2011 11:06:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 BANTExt Fips NetworkX ql12160 SASDIFSV SASKUTIL SYMTDI
.
==== End Of File ===========================
 
Played a hunch - paid off

I must have run this program six times and somehow got it to run in normal mode - the infection didn't interfere with it, The only thing different is that I wasn't connected to the internet.

The results were always the same:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-31 02:39:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BB-00GUA0 rev.08.02D08
Running: 033ziusx.exe; Driver: C:\DOCUME~1\Admiral\LOCALS~1\Temp\kgtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT 8A3E2700 ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF780F300]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1328] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device \Driver\AFD \Device\Afd vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhxt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhxt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhxt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhxt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfxmp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ C:\Program Files\Common Files\System\ado\msadox.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\ProgID@ ADOX.Catalog.2.8
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\VersionIndependentProgID@ ADOX.Catalog.2.8
Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\MiscStatus@ 512
Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\MiscStatus\1@ 513
Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\Ole1Class@ WordArt
Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\ProgID@ WordArt
Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\InprocServer32@ C:\WINDOWS\system32\OGACheckControl.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\ProgID@ OGACheckControl.LegitCheck.1
Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\TypeLib@ {3F97F3B0-20C4-4fa9-B081-D5A57718CD42}
Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\VersionIndependentProgID@ OGACheckControl.LegitCheck
Reg HKLM\SOFTWARE\Classes\CLSID\{B18C4474-3FE3-17F2-B9D7-4BF0A509DA9C}\AutoConvertTo@ {64818D10-4F9B-11CF-86EA-00AA00B929E8}
Reg HKLM\SOFTWARE\Classes\CLSID\{B18C4474-3FE3-17F2-B9D7-4BF0A509DA9C}\NotInsertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{B18C4474-3FE3-17F2-B9D7-4BF0A509DA9C}\Ole1Class@ MSPowerPoint
Reg HKLM\SOFTWARE\Classes\CLSID\{B18C4474-3FE3-17F2-B9D7-4BF0A509DA9C}\ProgID@ MSPowerPoint

---- EOF - GMER 1.0.15 ----
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Ran in normal mode

13:58:20.0984 3444 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:58:21.0015 3444 ============================================================
13:58:21.0015 3444 Current date / time: 2011/12/31 13:58:21.0015
13:58:21.0015 3444 SystemInfo:
13:58:21.0015 3444
13:58:21.0015 3444 OS Version: 5.1.2600 ServicePack: 3.0
13:58:21.0015 3444 Product type: Workstation
13:58:21.0015 3444 ComputerName: ALBERT
13:58:21.0015 3444 UserName: Admiral
13:58:21.0015 3444 Windows directory: C:\WINDOWS
13:58:21.0015 3444 System windows directory: C:\WINDOWS
13:58:21.0015 3444 Processor architecture: Intel x86
13:58:21.0015 3444 Number of processors: 1
13:58:21.0015 3444 Page size: 0x1000
13:58:21.0015 3444 Boot type: Normal boot
13:58:21.0015 3444 ============================================================
13:58:39.0171 3444 Initialize success
13:58:43.0453 3748 ============================================================
13:58:43.0453 3748 Scan started
13:58:43.0453 3748 Mode: Manual;
13:58:43.0453 3748 ============================================================
13:58:45.0562 3748 Abiosdsk - ok
13:58:46.0328 3748 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:58:46.0531 3748 abp480n5 - ok
13:58:47.0343 3748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:58:47.0484 3748 ACPI - ok
13:58:48.0281 3748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:58:48.0328 3748 ACPIEC - ok
13:58:49.0015 3748 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:58:49.0140 3748 adpu160m - ok
13:58:49.0968 3748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:58:50.0093 3748 aec - ok
13:58:50.0734 3748 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:58:50.0781 3748 AegisP - ok
13:58:51.0468 3748 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
13:58:51.0484 3748 Afc - ok
13:58:52.0296 3748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:58:52.0546 3748 AFD - ok
13:58:53.0421 3748 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:58:53.0921 3748 agp440 - ok
13:58:54.0968 3748 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:58:55.0031 3748 agpCPQ - ok
13:58:55.0718 3748 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:58:55.0796 3748 Aha154x - ok
13:58:56.0375 3748 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:58:56.0609 3748 aic78u2 - ok
13:58:57.0421 3748 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:58:57.0656 3748 aic78xx - ok
13:58:58.0468 3748 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:58:58.0515 3748 AliIde - ok
13:58:59.0187 3748 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:58:59.0234 3748 alim1541 - ok
13:58:59.0828 3748 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:58:59.0906 3748 amdagp - ok
13:59:00.0609 3748 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
13:59:00.0734 3748 AmdK7 - ok
13:59:01.0531 3748 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:59:01.0578 3748 amsint - ok
13:59:02.0218 3748 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:59:02.0390 3748 asc - ok
13:59:03.0593 3748 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:59:03.0859 3748 asc3350p - ok
13:59:05.0171 3748 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:59:05.0625 3748 asc3550 - ok
13:59:08.0968 3748 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
13:59:09.0328 3748 Aspi32 - ok
13:59:10.0125 3748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:59:10.0203 3748 AsyncMac - ok
13:59:12.0171 3748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:59:12.0171 3748 atapi - ok
13:59:12.0812 3748 Atdisk - ok
13:59:13.0578 3748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:59:13.0640 3748 Atmarpc - ok
13:59:14.0437 3748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:59:14.0453 3748 audstub - ok
13:59:15.0140 3748 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
13:59:15.0187 3748 BANTExt - ok
13:59:15.0875 3748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:59:15.0968 3748 Beep - ok
13:59:16.0734 3748 BW2NDIS5 - ok
13:59:17.0375 3748 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:59:17.0468 3748 cbidf - ok
13:59:18.0125 3748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:59:18.0125 3748 cbidf2k - ok
13:59:18.0781 3748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:59:18.0828 3748 CCDECODE - ok
13:59:19.0468 3748 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:59:19.0531 3748 cd20xrnt - ok
13:59:20.0328 3748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:59:20.0390 3748 Cdaudio - ok
13:59:21.0312 3748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:59:21.0406 3748 Cdfs - ok
13:59:22.0125 3748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:59:22.0203 3748 Cdrom - ok
13:59:22.0671 3748 Changer - ok
13:59:23.0687 3748 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:59:23.0703 3748 CmdIde - ok
13:59:24.0968 3748 cmuda3 (e02e0ebbed23d6efbf1300d08d57d7aa) C:\WINDOWS\system32\drivers\cmuda3.sys
13:59:25.0859 3748 cmuda3 - ok
13:59:27.0109 3748 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:59:27.0140 3748 Cpqarray - ok
13:59:27.0812 3748 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:59:28.0109 3748 dac2w2k - ok
13:59:28.0750 3748 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:59:28.0828 3748 dac960nt - ok
13:59:30.0078 3748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:59:30.0468 3748 Disk - ok
13:59:31.0765 3748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:59:32.0093 3748 dmboot - ok
13:59:32.0781 3748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:59:32.0859 3748 dmio - ok
13:59:33.0343 3748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:59:33.0375 3748 dmload - ok
13:59:33.0968 3748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:59:34.0000 3748 DMusic - ok
13:59:34.0515 3748 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:59:34.0578 3748 dpti2o - ok
13:59:35.0062 3748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:59:35.0078 3748 drmkaud - ok
13:59:35.0562 3748 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
13:59:35.0593 3748 elagopro - ok
13:59:36.0046 3748 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
13:59:36.0078 3748 elaunidr - ok
13:59:36.0640 3748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:59:36.0718 3748 Fastfat - ok
13:59:37.0218 3748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:59:37.0265 3748 Fdc - ok
13:59:37.0812 3748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:59:37.0828 3748 Fips - ok
13:59:38.0296 3748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:59:38.0328 3748 Flpydisk - ok
13:59:38.0921 3748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:59:38.0984 3748 FltMgr - ok
13:59:39.0437 3748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:59:39.0468 3748 Fs_Rec - ok
13:59:39.0968 3748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:59:40.0343 3748 Ftdisk - ok
13:59:40.0937 3748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:59:40.0953 3748 GEARAspiWDM - ok
13:59:41.0500 3748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:59:41.0531 3748 Gpc - ok
13:59:42.0031 3748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:59:42.0062 3748 HidUsb - ok
13:59:42.0500 3748 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:59:42.0562 3748 hpn - ok
13:59:43.0093 3748 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:59:43.0171 3748 HSFHWBS2 - ok
13:59:44.0000 3748 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:59:44.0343 3748 HSF_DP - ok
13:59:44.0890 3748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:59:45.0000 3748 HTTP - ok
13:59:45.0484 3748 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:59:45.0500 3748 i2omgmt - ok
13:59:45.0968 3748 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:59:45.0984 3748 i2omp - ok
13:59:46.0484 3748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:59:46.0531 3748 i8042prt - ok
13:59:47.0000 3748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:59:47.0031 3748 Imapi - ok
13:59:47.0468 3748 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:59:47.0515 3748 ini910u - ok
13:59:48.0000 3748 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:59:48.0031 3748 IntelIde - ok
13:59:48.0500 3748 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
13:59:48.0593 3748 iomdisk - ok
13:59:49.0093 3748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:59:49.0125 3748 Ip6Fw - ok
13:59:49.0562 3748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:59:49.0656 3748 IpFilterDriver - ok
13:59:50.0109 3748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:59:50.0140 3748 IpInIp - ok
13:59:50.0656 3748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:59:50.0671 3748 IpNat - ok
13:59:51.0171 3748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:59:51.0203 3748 IPSec - ok
13:59:51.0671 3748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:59:51.0687 3748 IRENUM - ok
13:59:52.0171 3748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:59:52.0203 3748 isapnp - ok
13:59:52.0687 3748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:59:52.0718 3748 Kbdclass - ok
13:59:53.0234 3748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:59:53.0312 3748 kmixer - ok
13:59:53.0796 3748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:59:53.0843 3748 KSecDD - ok
13:59:54.0281 3748 lbrtfdc - ok
13:59:54.0796 3748 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:59:54.0812 3748 mdmxsdk - ok
13:59:55.0250 3748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:59:55.0265 3748 mnmdd - ok
13:59:55.0765 3748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:59:55.0765 3748 Modem - ok
13:59:56.0234 3748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:59:56.0250 3748 Mouclass - ok
13:59:56.0734 3748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:59:56.0750 3748 mouhid - ok
13:59:57.0234 3748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:59:57.0281 3748 MountMgr - ok
13:59:57.0812 3748 MR97310_USB_DUAL_CAMERA (d2edba04df4d3e428e1e5dbd217e242a) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
13:59:57.0875 3748 MR97310_USB_DUAL_CAMERA - ok
13:59:58.0312 3748 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:59:58.0359 3748 mraid35x - ok
13:59:58.0562 3748 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:59:58.0593 3748 MREMP50 - ok
13:59:58.0796 3748 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:59:58.0828 3748 MRESP50 - ok
13:59:59.0328 3748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:59:59.0406 3748 MRxDAV - ok
14:00:00.0015 3748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:00:00.0187 3748 MRxSmb - ok
14:00:00.0671 3748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:00:00.0703 3748 Msfs - ok
14:00:01.0171 3748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:00:01.0187 3748 MSKSSRV - ok
14:00:01.0640 3748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:00:01.0656 3748 MSPCLOCK - ok
14:00:02.0093 3748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:00:02.0125 3748 MSPQM - ok
14:00:02.0593 3748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:00:02.0593 3748 mssmbios - ok
14:00:03.0062 3748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:00:03.0078 3748 MSTEE - ok
14:00:03.0593 3748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:00:03.0640 3748 Mup - ok
14:00:04.0390 3748 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
14:00:04.0437 3748 mxnic - ok
14:00:04.0906 3748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:00:04.0953 3748 NABTSFEC - ok
14:00:05.0156 3748 NAVAP (511fcccf134f7afc420c041cf1121277) C:\Program Files\NavNT\NAVAP.sys
14:00:05.0187 3748 NAVAP - ok
14:00:05.0234 3748 NAVAPEL (299bc2115d8899b89fab5042f3baf466) C:\Program Files\NavNT\NAVAPEL.SYS
14:00:05.0250 3748 NAVAPEL - ok
14:00:05.0500 3748 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys
14:00:05.0515 3748 NAVENG - ok
14:00:06.0187 3748 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys
14:00:06.0218 3748 NAVEX15 - ok
14:00:06.0750 3748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:00:06.0843 3748 NDIS - ok
14:00:07.0296 3748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:00:07.0312 3748 NdisIP - ok
14:00:07.0781 3748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:00:07.0812 3748 NdisTapi - ok
14:00:08.0281 3748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:00:08.0296 3748 Ndisuio - ok
14:00:08.0828 3748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:00:08.0890 3748 NdisWan - ok
14:00:09.0328 3748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:00:09.0359 3748 NDProxy - ok
14:00:09.0843 3748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:00:09.0875 3748 NetBIOS - ok
14:00:10.0390 3748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:00:10.0484 3748 NetBT - ok
14:00:11.0000 3748 NetworkX (50adfab00ed479a87d7964a89578002e) C:\WINDOWS\system32\ckldrv.sys
14:00:11.0015 3748 NetworkX - ok
14:00:11.0578 3748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:00:11.0625 3748 Npfs - ok
14:00:12.0281 3748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:00:12.0500 3748 Ntfs - ok
14:00:12.0968 3748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:00:12.0984 3748 Null - ok
14:00:14.0312 3748 nv (c43d9d777d53d668d1fe683947c9ffe1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:00:15.0234 3748 nv - ok
14:00:15.0718 3748 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:00:15.0750 3748 NVENETFD - ok
14:00:16.0265 3748 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:00:16.0281 3748 nvnetbus - ok
14:00:16.0765 3748 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
14:00:16.0828 3748 nv_agp - ok
14:00:17.0296 3748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:00:17.0328 3748 NwlnkFlt - ok
14:00:17.0781 3748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:00:17.0859 3748 NwlnkFwd - ok
14:00:18.0343 3748 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
14:00:18.0375 3748 P3 - ok
14:00:18.0906 3748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:00:18.0937 3748 Parport - ok
14:00:19.0421 3748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:00:19.0437 3748 PartMgr - ok
14:00:19.0921 3748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:00:19.0937 3748 ParVdm - ok
14:00:20.0421 3748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:00:20.0468 3748 PCI - ok
14:00:20.0890 3748 PCIDump - ok
14:00:21.0328 3748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:00:21.0359 3748 PCIIde - ok
14:00:21.0859 3748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:00:21.0906 3748 Pcmcia - ok
14:00:22.0343 3748 PDCOMP - ok
14:00:22.0765 3748 PDFRAME - ok
14:00:23.0171 3748 PDRELI - ok
14:00:23.0609 3748 PDRFRAME - ok
14:00:24.0062 3748 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:00:24.0125 3748 perc2 - ok
14:00:24.0609 3748 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:00:24.0625 3748 perc2hib - ok
14:00:25.0187 3748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:00:25.0218 3748 PptpMiniport - ok
14:00:25.0718 3748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:00:25.0765 3748 PSched - ok
14:00:26.0265 3748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:00:26.0296 3748 Ptilink - ok
14:00:26.0765 3748 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:00:26.0812 3748 PxHelp20 - ok
14:00:27.0296 3748 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:00:27.0421 3748 ql1080 - ok
14:00:27.0890 3748 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:00:28.0000 3748 Ql10wnt - ok
14:00:28.0468 3748 ql12160 (91f5782d2ba3710a227582a3cf3df68c) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:00:28.0531 3748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ql12160.sys. Real md5: 91f5782d2ba3710a227582a3cf3df68c, Fake md5: c33e458143092a9a982666acbcc55ebc
14:00:28.0531 3748 ql12160 ( ForgedFile.Multi.Generic ) - warning
14:00:28.0531 3748 ql12160 - detected ForgedFile.Multi.Generic (1)
14:00:29.0031 3748 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:00:29.0140 3748 ql1240 - ok
14:00:29.0625 3748 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:00:29.0796 3748 ql1280 - ok
14:00:30.0281 3748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:00:30.0296 3748 RasAcd - ok
14:00:30.0781 3748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:00:30.0828 3748 Rasl2tp - ok
14:00:31.0312 3748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:00:31.0359 3748 RasPppoe - ok
14:00:31.0828 3748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:00:31.0859 3748 Raspti - ok
14:00:32.0390 3748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:00:32.0468 3748 Rdbss - ok
14:00:32.0953 3748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:00:32.0968 3748 RDPCDD - ok
14:00:33.0484 3748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:00:33.0562 3748 rdpdr - ok
14:00:34.0078 3748 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:00:34.0140 3748 RDPWD - ok
14:00:34.0625 3748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:00:34.0671 3748 redbook - ok
14:00:34.0859 3748 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:00:34.0875 3748 SASDIFSV - ok
14:00:34.0953 3748 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:00:34.0984 3748 SASENUM - ok
14:00:35.0109 3748 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:00:35.0125 3748 SASKUTIL - ok
14:00:35.0171 3748 SAVRT - ok
14:00:35.0203 3748 SAVRTPEL - ok
14:00:35.0703 3748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:00:35.0734 3748 Secdrv - ok
14:00:36.0203 3748 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:00:36.0234 3748 Ser2pl - ok
14:00:36.0703 3748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:00:36.0718 3748 serenum - ok
14:00:37.0187 3748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:00:37.0234 3748 Serial - ok
14:00:37.0734 3748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:00:37.0750 3748 Sfloppy - ok
14:00:38.0171 3748 Simbad - ok
14:00:38.0656 3748 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32
 
The rest

\DRIVERS\sisagp.sys
14:00:38.0703 3748 sisagp - ok
14:00:39.0171 3748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:00:39.0203 3748 SLIP - ok
14:00:39.0671 3748 SnapTHN (95bedff5ee400640cd4347103c764e60) C:\WINDOWS\system32\drivers\SnapTHN.sys
14:00:39.0687 3748 SnapTHN - ok
14:00:40.0171 3748 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:00:40.0218 3748 Sparrow - ok
14:00:40.0500 3748 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:00:40.0921 3748 SPBBCDrv - ok
14:00:41.0390 3748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:00:41.0421 3748 splitter - ok
14:00:41.0906 3748 SQTECH905C (6f6a0307c30b33e65aaf52c46cea2ecd) C:\WINDOWS\system32\Drivers\Capt905c.sys
14:00:41.0937 3748 SQTECH905C - ok
14:00:42.0437 3748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:00:42.0484 3748 sr - ok
14:00:43.0078 3748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:00:43.0203 3748 Srv - ok
14:00:43.0671 3748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:00:43.0687 3748 streamip - ok
14:00:44.0171 3748 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
14:00:44.0171 3748 SunkFilt - ok
14:00:44.0640 3748 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
14:00:44.0765 3748 SunkFilt39 - ok
14:00:45.0171 3748 Sunkfiltp - ok
14:00:45.0640 3748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:00:45.0656 3748 swenum - ok
14:00:46.0156 3748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:00:46.0203 3748 swmidi - ok
14:00:46.0687 3748 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:00:46.0718 3748 symc810 - ok
14:00:47.0171 3748 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:00:47.0265 3748 symc8xx - ok
14:00:47.0421 3748 SymEvent (9f69e39b58377be1d085a66f3580e58e) C:\Program Files\Symantec\SYMEVENT.SYS
14:00:47.0453 3748 SymEvent - ok
14:00:47.0906 3748 SYMREDRV (281f3398b1fd6d9a6bc7c1aed19fce3e) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
14:00:47.0968 3748 SYMREDRV - ok
14:00:48.0515 3748 SYMTDI (2d7b6c9da22f54b38843e5a9f99775fc) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
14:00:48.0546 3748 SYMTDI - ok
14:00:49.0046 3748 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:00:49.0109 3748 sym_hi - ok
14:00:49.0593 3748 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:00:49.0671 3748 sym_u3 - ok
14:00:50.0171 3748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:00:50.0203 3748 sysaudio - ok
14:00:50.0812 3748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:00:50.0953 3748 Tcpip - ok
14:00:51.0437 3748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:00:51.0453 3748 TDPIPE - ok
14:00:51.0906 3748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:00:51.0937 3748 TDTCP - ok
14:00:52.0421 3748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:00:52.0453 3748 TermDD - ok
14:00:52.0968 3748 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
14:00:52.0984 3748 tmcomm - ok
14:00:53.0453 3748 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:00:53.0484 3748 TosIde - ok
14:00:53.0984 3748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:00:54.0015 3748 Udfs - ok
14:00:54.0515 3748 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:00:54.0593 3748 ultra - ok
14:00:55.0187 3748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:00:55.0328 3748 Update - ok
14:00:55.0812 3748 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:00:55.0843 3748 USBAAPL - ok
14:00:56.0328 3748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:00:56.0359 3748 usbccgp - ok
14:00:56.0843 3748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:00:56.0859 3748 usbehci - ok
14:00:57.0359 3748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:00:57.0390 3748 usbhub - ok
14:00:57.0859 3748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:00:57.0890 3748 usbohci - ok
14:00:58.0359 3748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:00:58.0375 3748 usbprint - ok
14:00:58.0859 3748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:00:58.0890 3748 usbscan - ok
14:00:59.0343 3748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:00:59.0343 3748 USBSTOR - ok
14:00:59.0796 3748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:00:59.0812 3748 usbuhci - ok
14:01:00.0281 3748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:01:00.0312 3748 VgaSave - ok
14:01:00.0750 3748 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:01:00.0781 3748 viaagp - ok
14:01:01.0265 3748 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:01:01.0281 3748 ViaIde - ok
14:01:01.0765 3748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:01:01.0796 3748 VolSnap - ok
14:01:02.0250 3748 vsdatant (319a93514159ab3257c99e77cc7c4310) C:\WINDOWS\system32\vsdatant.sys
14:01:02.0312 3748 vsdatant - ok
14:01:02.0781 3748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:01:02.0812 3748 Wanarp - ok
14:01:03.0234 3748 wanatw - ok
14:01:03.0671 3748 WDICA - ok
14:01:04.0171 3748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:01:04.0234 3748 wdmaud - ok
14:01:04.0921 3748 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:01:05.0156 3748 winachsf - ok
14:01:05.0718 3748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:01:05.0734 3748 WS2IFSL - ok
14:01:06.0234 3748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:01:06.0265 3748 WSTCODEC - ok
14:01:06.0734 3748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:01:06.0765 3748 WudfPf - ok
14:01:07.0250 3748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:01:07.0296 3748 WudfRd - ok
14:01:07.0375 3748 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
14:01:07.0406 3748 \Device\Harddisk0\DR0 - ok
14:01:07.0437 3748 Boot (0x1200) (0cc2a757558676b7810b24ad6c5242fa) \Device\Harddisk0\DR0\Partition0
14:01:07.0437 3748 \Device\Harddisk0\DR0\Partition0 - ok
14:01:07.0453 3748 Boot (0x1200) (8bee8e4b85cc51fa189c2aba7b16fc2a) \Device\Harddisk0\DR0\Partition1
14:01:07.0453 3748 \Device\Harddisk0\DR0\Partition1 - ok
14:01:07.0453 3748 ============================================================
14:01:07.0453 3748 Scan finished
14:01:07.0453 3748 ============================================================
14:01:07.0484 3740 Detected object count: 1
14:01:07.0484 3740 Actual detected object count: 1
14:01:11.0750 3740 ql12160 ( ForgedFile.Multi.Generic ) - skipped by user
14:01:11.0750 3740 ql12160 ( ForgedFile.Multi.Generic ) - User select action: Skip
14:01:53.0781 0152 ============================================================
14:01:53.0781 0152 Scan started
14:01:53.0781 0152 Mode: Manual;
14:01:53.0781 0152 ============================================================
14:01:54.0296 0152 Abiosdsk - ok
14:01:54.0750 0152 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:01:54.0750 0152 abp480n5 - ok
14:01:55.0265 0152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:01:55.0265 0152 ACPI - ok
14:01:55.0718 0152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:01:55.0718 0152 ACPIEC - ok
14:01:56.0265 0152 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:01:56.0281 0152 adpu160m - ok
14:01:56.0812 0152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:01:56.0828 0152 aec - ok
14:01:57.0312 0152 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:01:57.0312 0152 AegisP - ok
14:01:57.0812 0152 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
14:01:57.0828 0152 Afc - ok
14:01:58.0703 0152 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:01:58.0703 0152 AFD - ok
14:01:59.0484 0152 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:01:59.0484 0152 agp440 - ok
14:02:00.0375 0152 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:02:00.0375 0152 agpCPQ - ok
14:02:01.0125 0152 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:02:01.0125 0152 Aha154x - ok
14:02:01.0859 0152 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:02:01.0859 0152 aic78u2 - ok
14:02:02.0593 0152 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:02:02.0593 0152 aic78xx - ok
14:02:03.0234 0152 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:02:03.0234 0152 AliIde - ok
14:02:04.0421 0152 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:02:04.0421 0152 alim1541 - ok
14:02:05.0656 0152 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:02:05.0656 0152 amdagp - ok
14:02:06.0343 0152 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:02:06.0343 0152 AmdK7 - ok
14:02:07.0171 0152 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:02:07.0171 0152 amsint - ok
14:02:07.0890 0152 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:02:07.0906 0152 asc - ok
14:02:08.0812 0152 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:02:08.0812 0152 asc3350p - ok
14:02:09.0765 0152 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:02:09.0765 0152 asc3550 - ok
14:02:10.0625 0152 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
14:02:10.0640 0152 Aspi32 - ok
14:02:11.0312 0152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:02:11.0312 0152 AsyncMac - ok
14:02:12.0140 0152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:02:12.0140 0152 atapi - ok
14:02:12.0734 0152 Atdisk - ok
14:02:13.0484 0152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:02:13.0484 0152 Atmarpc - ok
14:02:14.0046 0152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:02:14.0046 0152 audstub - ok
14:02:14.0593 0152 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
14:02:14.0593 0152 BANTExt - ok
14:02:15.0171 0152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:02:15.0171 0152 Beep - ok
14:02:15.0640 0152 BW2NDIS5 - ok
14:02:16.0171 0152 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:02:16.0171 0152 cbidf - ok
14:02:16.0593 0152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:02:16.0609 0152 cbidf2k - ok
14:02:17.0062 0152 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:02:17.0062 0152 CCDECODE - ok
14:02:17.0500 0152 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:02:17.0500 0152 cd20xrnt - ok
14:02:17.0953 0152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:02:17.0968 0152 Cdaudio - ok
14:02:18.0453 0152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:02:18.0453 0152 Cdfs - ok
14:02:18.0937 0152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:02:18.0953 0152 Cdrom - ok
14:02:19.0375 0152 Changer - ok
14:02:19.0828 0152 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:02:19.0828 0152 CmdIde - ok
14:02:20.0890 0152 cmuda3 (e02e0ebbed23d6efbf1300d08d57d7aa) C:\WINDOWS\system32\drivers\cmuda3.sys
14:02:20.0921 0152 cmuda3 - ok
14:02:21.0390 0152 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:02:21.0390 0152 Cpqarray - ok
14:02:21.0843 0152 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:02:21.0843 0152 dac2w2k - ok
14:02:22.0281 0152 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:02:22.0281 0152 dac960nt - ok
14:02:22.0781 0152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:02:22.0781 0152 Disk - ok
14:02:23.0500 0152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:02:23.0500 0152 dmboot - ok
14:02:24.0015 0152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:02:24.0015 0152 dmio - ok
14:02:24.0468 0152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:02:24.0468 0152 dmload - ok
14:02:24.0937 0152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:02:24.0937 0152 DMusic - ok
14:02:25.0375 0152 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:02:25.0375 0152 dpti2o - ok
14:02:25.0875 0152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:02:25.0875 0152 drmkaud - ok
14:02:26.0359 0152 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
14:02:26.0359 0152 elagopro - ok
14:02:26.0843 0152 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
14:02:26.0843 0152 elaunidr - ok
14:02:27.0359 0152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:02:27.0359 0152 Fastfat - ok
14:02:27.0859 0152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:02:27.0859 0152 Fdc - ok
14:02:28.0328 0152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:02:28.0328 0152 Fips - ok
14:02:28.0796 0152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:02:28.0796 0152 Flpydisk - ok
14:02:29.0328 0152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:02:29.0328 0152 FltMgr - ok
14:02:29.0765 0152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:02:29.0765 0152 Fs_Rec - ok
14:02:30.0218 0152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:02:30.0218 0152 Ftdisk - ok
14:02:30.0687 0152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:02:30.0687 0152 GEARAspiWDM - ok
14:02:31.0171 0152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:02:31.0171 0152 Gpc - ok
14:02:31.0671 0152 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:02:31.0671 0152 HidUsb - ok
14:02:32.0125 0152 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:02:32.0125 0152 hpn - ok
14:02:32.0656 0152 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:02:32.0656 0152 HSFHWBS2 - ok
14:02:33.0500 0152 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:02:33.0515 0152 HSF_DP - ok
14:02:34.0062 0152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:02:34.0062 0152 HTTP - ok
14:02:34.0531 0152 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:02:34.0531 0152 i2omgmt - ok
14:02:35.0000 0152 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:02:35.0000 0152 i2omp - ok
14:02:35.0500 0152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:02:35.0500 0152 i8042prt - ok
14:02:35.0984 0152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:02:35.0984 0152 Imapi - ok
14:02:36.0437 0152 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:02:36.0437 0152 ini910u - ok
14:02:36.0906 0152 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:02:36.0906 0152 IntelIde - ok
14:02:37.0375 0152 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
14:02:37.0375 0152 iomdisk - ok
14:02:37.0859 0152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:02:37.0859 0152 Ip6Fw - ok
14:02:38.0328 0152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:02:38.0328 0152 IpFilterDriver - ok
14:02:38.0781 0152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:02:38.0781 0152 IpInIp - ok
14:02:39.0265 0152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:02:39.0265 0152 IpNat - ok
14:02:39.0765 0152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:02:39.0765 0152 IPSec - ok
14:02:40.0234 0152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:02:40.0234 0152 IRENUM - ok
14:02:40.0703 0152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:02:40.0703 0152 isapnp - ok
14:02:41.0203 0152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:02:41.0203 0152 Kbdclass - ok
14:02:41.0734 0152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:02:41.0734 0152 kmixer - ok
14:02:42.0250 0152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:02:42.0250 0152 KSecDD - ok
14:02:42.0671 0152 lbrtfdc - ok
14:02:43.0171 0152 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:02:43.0171 0152 mdmxsdk - ok
14:02:43.0625 0152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:02:43.0625 0152 mnmdd - ok
14:02:44.0125 0152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:02:44.0125 0152 Modem - ok
14:02:44.0609 0152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:02:44.0609 0152 Mouclass - ok
14:02:45.0078 0152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:02:45.0078 0152 mouhid - ok
14:02:45.0562 0152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:02:45.0562 0152 MountMgr - ok
14:02:46.0078 0152 MR97310_USB_DUAL_CAMERA (d2edba04df4d3e428e1e5dbd217e242a) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
14:02:46.0078 0152 MR97310_USB_DUAL_CAMERA - ok
14:02:46.0515 0152 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:02:46.0515 0152 mraid35x - ok
14:02:46.0687 0152 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:02:46.0703 0152 MREMP50 - ok
14:02:46.0765 0152 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:02:46.0765 0152 MRESP50 - ok
14:02:47.0265 0152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:02:47.0265 0152 MRxDAV - ok
14:02:47.0875 0152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:02:47.0890 0152 MRxSmb - ok
14:02:48.0375 0152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:02:48.0375 0152 Msfs - ok
14:02:48.0843 0152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:02:48.0843 0152 MSKSSRV - ok
14:02:49.0296 0152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:02:49.0296 0152 MSPCLOCK - ok
14:02:49.0750 0152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:02:49.0750 0152 MSPQM - ok
14:02:50.0203 0152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:02:50.0203 0152 mssmbios - ok
14:02:50.0656 0152 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:02:50.0656 0152 MSTEE - ok
14:02:51.0156 0152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:02:51.0156 0152 Mup - ok
14:02:51.0609 0152 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
14:02:51.0609 0152 mxnic - ok
14:02:52.0093 0152 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:02:52.0093 0152 NABTSFEC - ok
14:02:52.0281 0152 NAVAP (511fcccf134f7afc420c041cf1121277) C:\Program Files\NavNT\NAVAP.sys
14:02:52.0296 0152 NAVAP - ok
14:02:52.0343 0152 NAVAPEL (299bc2115d8899b89fab5042f3baf466) C:\Program Files\NavNT\NAVAPEL.SYS
14:02:52.0343 0152 NAVAPEL - ok
14:02:52.0578 0152 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys
14:02:52.0578 0152 NAVENG - ok
14:02:53.0265 0152 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys
14:02:53.0281 0152 NAVEX15 - ok
14:02:53.0812 0152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:02:53.0828 0152 NDIS - ok
14:02:54.0281 0152 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:02:54.0281 0152 NdisIP - ok
14:02:54.0750 0152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:02:54.0750 0152 NdisTapi - ok
14:02:55.0234 0152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:02:55.0234 0152 Ndisuio - ok
14:02:55.0734 0152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:02:55.0734 0152 NdisWan - ok
14:02:56.0203 0152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:02:56.0203 0152 NDProxy - ok
14:02:56.0687 0152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:02:56.0687 0152 NetBIOS - ok
14:02:57.0203 0152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:02:57.0203 0152 NetBT - ok
14:02:57.0640 0152 NetworkX (50adfab00ed479a87d7964a89578002e) C:\WINDOWS\system32\ckldrv.sys
14:02:57.0640 0152 NetworkX - ok
14:02:58.0156 0152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:02:58.0156 0152 Npfs - ok
14:02:58.0781 0152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:02:58.0796 0152 Ntfs - ok
14:02:59.0296 0152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:02:59.0296 0152 Null - ok
14:03:00.0609 0152 nv (c43d9d777d53d668d1fe683947c9ffe1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:03:00.0640 0152 nv - ok
14:03:01.0125 0152 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:03:01.0125 0152 NVENETFD - ok
14:03:01.0593 0152 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:03:01.0593 0152 nvnetbus - ok
14:03:02.0078 0152 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
14:03:02.0078 0152 nv_agp - ok
14:03:02.0562 0152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:03:02.0562 0152 NwlnkFlt - ok
14:03:03.0015 0152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:03:03.0015 0152 NwlnkFwd - ok
14:03:03.0500 0152 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
14:03:03.0500 0152 P3 - ok
14:03:04.0000 0152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:03:04.0000 0152 Parport - ok
14:03:04.0500 0152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:03:04.0500 0152 PartMgr - ok
14:03:04.0953 0152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:03:04.0953 0152 ParVdm - ok
14:03:05.0453 0152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:03:05.0453 0152 PCI - ok
14:03:05.0875 0152 PCIDump - ok
14:03:06.0343 0152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:03:06.0343 0152 PCIIde - ok
14:03:06.0843 0152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:03:06.0843 0152 Pcmcia - ok
14:03:07.0250 0152 PDCOMP - ok
14:03:07.0671 0152 PDFRAME - ok
14:03:08.0093 0152 PDRELI - ok
14:03:08.0531 0152 PDRFRAME - ok
14:03:09.0015 0152 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:03:09.0015 0152 perc2 - ok
14:03:09.0546 0152 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:03:09.0546 0152 perc2hib - ok
14:03:10.0109 0152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:03:10.0109 0152 PptpMiniport - ok
14:03:10.0625 0152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:03:10.0640 0152 PSched - ok
14:03:11.0109 0152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:03:11.0109 0152 Ptilink - ok
14:03:11.0609 0152 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:03:11.0609 0152 PxHelp20 - ok
14:03:12.0078 0152 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:03:12.0093 0152 ql1080 - ok
14:03:12.0578 0152 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:03:12.0578 0152 Ql10wnt - ok
14:03:13.0062 0152 ql12160 (91f5782d2ba3710a227582a3cf3df68c) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:03:13.0062 0152 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ql12160.sys. Real md5: 91f5782d2ba3710a227582a3cf3df68c, Fake md5: c33e458143092a9a982666acbcc55ebc
14:03:13.0062 0152 ql12160 ( ForgedFile.Multi.Generic ) - warning
14:03:13.0062 0152 ql12160 - detected ForgedFile.Multi.Generic (1)
14:03:13.0531 0152 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:03:13.0531 0152 ql1240 - ok
14:03:14.0015 0152 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:03:14.0015 0152 ql1280 - ok
14:03:14.0500 0152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:03:14.0500 0152 RasAcd - ok
14:03:14.0984 0152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:03:14.0984 0152 Rasl2tp - ok
14:03:15.0484 0152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:03:15.0484 0152 RasPppoe - ok
14:03:15.0968 0152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:03:15.0968 0152 Raspti - ok
14:03:16.0515 0152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:03:16.0515 0152 Rdbss - ok
14:03:16.0984 0152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:03:16.0984 0152 RDPCDD - ok
14:03:17.0515 0152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:03:17.0531 0152 rdpdr - ok
14:03:18.0015 0152 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:03:18.0015 0152 RDPWD - ok
14:03:18.0484 0152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:03:18.0484 0152 redbook - ok
14:03:18.0687 0152 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:03:18.0687 0152 SASDIFSV - ok
14:03:18.0765 0152 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:03:18.0765 0152 SASENUM - ok
14:03:18.0859 0152 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:03:18.0859 0152 SASKUTIL - ok
14:03:18.0890 0152 SAVRT - ok
14:03:18.0921 0152 SAVRTPEL - ok
14:03:19.0406 0152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:03:19.0406 0152 Secdrv - ok
14:03:19.0875 0152 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:03:19.0875 0152 Ser2pl - ok
14:03:20.0343 0152 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:03:20.0343 0152 serenum - ok
14:03:20.0828 0152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:03:20.0843 0152 Serial - ok
14:03:21.0312 0152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:03:21.0312 0152 Sfloppy - ok
14:03:21.0750 0152 Simbad - ok
14:03:22.0218 0152 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:03:22.0218 0152 sisagp - ok
14:03:22.0703 0152 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:03:22.0703 0152 SLIP - ok
14:03:23.0171 0152 SnapTHN (95bedff5ee400640cd4347103c764e60) C:\WINDOWS\system32\drivers\SnapTHN.sys
14:03:23.0171 0152 SnapTHN - ok
14:03:23.0656 0152 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:03:23.0656 0152 Sparrow - ok
14:03:23.0937 0152 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:03:23.0953 0152 SPBBCDrv - ok
14:03:24.0406 0152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:03:24.0406 0152 splitter - ok
14:03:24.0890 0152 SQTECH905C (6f6a0307c30b33e65aaf52c46cea2ecd) C:\WINDOWS\system32\Drivers\Capt905c.sys
14:03:24.0890 0152 SQTECH905C - ok
14:03:25.0375 0152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:03:25.0375 0152 sr - ok
14:03:25.0953 0152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:03:25.0953 0152 Srv - ok
14:03:26.0437 0152 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:03:26.0437 0152 streamip - ok
14:03:26.0906 0152 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
14:03:26.0906 0152 SunkFilt - ok
14:03:27.0375 0152 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
14:03:27.0375 0152 SunkFilt39 - ok
14:03:27.0781 0152 Sunkfiltp - ok
14:03:28.0250 0152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:03:28.0250 0152 swenum - ok
14:03:28.0750 0152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:03:28.0750 0152 swmidi - ok
14:03:29.0218 0152 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:03:29.0218 0152 symc810 - ok
14:03:29.0734 0152 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:03:29.0734 0152 symc8xx - ok
14:03:29.0890 0152 SymEvent (9f69e39b58377be1d085a66f3580e58e) C:\Program Files\Symantec\SYMEVENT.SYS
14:03:29.0890 0152 SymEvent - ok
14:03:30.0343 0152 SYMREDRV (281f3398b1fd6d9a6bc7c1aed19fce3e) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
14:03:30.0343 0152 SYMREDRV - ok
14:03:30.0875 0152 SYMTDI (2d7b6c9da22f54b38843e5a9f99775fc) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
14:03:30.0890 0152 SYMTDI - ok
14:03:31.0359 0152 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:03:31.0359 0152 sym_hi - ok
14:03:31.0843 0152 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:03:31.0843 0152 sym_u3 - ok
14:03:32.0328 0152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:03:32.0328 0152 sysaudio - ok
14:03:32.0906 0152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:03:32.0921 0152 Tcpip - ok
14:03:33.0390 0152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:03:33.0390 0152 TDPIPE - ok
14:03:33.0843 0152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:03:33.0843 0152 TDTCP - ok
14:03:34.0312 0152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:03:34.0312 0152 TermDD - ok
14:03:34.0828 0152 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
14:03:34.0828 0152 tmcomm - ok
14:03:35.0296 0152 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:03:35.0296 0152 TosIde - ok
14:03:35.0828 0152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:03:35.0828 0152 Udfs - ok
14:03:36.0312 0152 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:03:36.0328 0152 ultra - ok
14:03:36.0921 0152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:03:36.0937 0152 Update - ok
14:03:37.0421 0152 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:03:37.0421 0152 USBAAPL - ok
14:03:37.0875 0152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:03:37.0875 0152 usbccgp - ok
14:03:38.0359 0152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:03:38.0359 0152 usbehci - ok
14:03:38.0843 0152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:03:38.0859 0152 usbhub - ok
14:03:39.0312 0152 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:03:39.0312 0152 usbohci - ok
14:03:39.0796 0152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:03:39.0796 0152 usbprint - ok
14:03:40.0265 0152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:03:40.0265 0152 usbscan - ok
14:03:40.0750 0152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:03:40.0750 0152 USBSTOR - ok
14:03:41.0203 0152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:03:41.0203 0152 usbuhci - ok
14:03:41.0656 0152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:03:41.0656 0152 VgaSave - ok
14:03:42.0140 0152 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:03:42.0140 0152 viaagp - ok
14:03:42.0625 0152 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:03:42.0625 0152 ViaIde - ok
14:03:43.0109 0152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:03:43.0109 0152 VolSnap - ok
14:03:43.0562 0152 vsdatant (319a93514159ab3257c99e77cc7c4310) C:\WINDOWS\system32\vsdatant.sys
14:03:43.0562 0152 vsdatant - ok
14:03:44.0062 0152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:03:44.0062 0152 Wanarp - ok
14:03:44.0500 0152 wanatw - ok
14:03:44.0921 0152 WDICA - ok
14:03:45.0390 0152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:03:45.0390 0152 wdmaud - ok
14:03:46.0109 0152 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:03:46.0125 0152 winachsf - ok
14:03:46.0671 0152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:03:46.0671 0152 WS2IFSL - ok
14:03:47.0140 0152 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:03:47.0156 0152 WSTCODEC - ok
14:03:47.0640 0152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:03:47.0640 0152 WudfPf - ok
14:03:48.0125 0152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:03:48.0125 0152 WudfRd - ok
14:03:48.0203 0152 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
14:03:48.0234 0152 \Device\Harddisk0\DR0 - ok
14:03:48.0265 0152 Boot (0x1200) (0cc2a757558676b7810b24ad6c5242fa) \Device\Harddisk0\DR0\Partition0
14:03:48.0265 0152 \Device\Harddisk0\DR0\Partition0 - ok
14:03:48.0265 0152 Boot (0x1200) (8bee8e4b85cc51fa189c2aba7b16fc2a) \Device\Harddisk0\DR0\Partition1
14:03:48.0265 0152 \Device\Harddisk0\DR0\Partition1 - ok
14:03:48.0281 0152 ============================================================
14:03:48.0281 0152 Scan finished
14:03:48.0281 0152 ============================================================
14:03:48.0312 2020 Detected object count: 1
14:03:48.0312 2020 Actual detected object count: 1
14:03:57.0515 2020 ql12160 ( ForgedFile.Multi.Generic ) - skipped by user
14:03:57.0515 2020 ql12160 ( ForgedFile.Multi.Generic ) - User select action: Skip
14:04:38.0187 3376 Deinitialize success
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
If you're running Spybot...

Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

Alternatively, I suggest, you uninstall Spybot since it's a tool of the past.
 
Norton Antivirus 2005 remnant

I've run into an old problem; when I replaced Norton Antivirus 2005 - it stubbornly refused to go. I had gotten most of it out but a last bit remained and would not allow me to remove it. It did not bother the new antivirus so I left it.

Now combofix sees it and wants me to disable it - issue is there is nothing to disable that I can get at. I tried add/remove programs and ccleaner's uninstaller.

It says I must go through that program's msi or setup but none of that remains.I can run it at my own risk but thought to ask first.
 
Played another hunch

That remnant has been there for years and I remember a previous occasion where combofix was used to fix an infection without incident.
here is the log:
ComboFix 11-12-31.03 - Admiral 12/31/2011 18:54:47.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1475 [GMT -5:00]
Running from: c:\documents and settings\Admiral\Desktop\ComboFix.exe
AV: Norton AntiVirus 2005 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Favorites\Thumbs.db
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Admiral\Favorites\Thumbs.db
c:\documents and settings\Admiral\WINDOWS
c:\documents and settings\All Users\Application Data\4muVHThpnI2nz3
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL33F.tmp
c:\documents and settings\Corina.ALBERT\Favorites\Thumbs.db
c:\documents and settings\Corina.ALBERT\WINDOWS
c:\documents and settings\Corina\Favorites\Thumbs.db
c:\documents and settings\Corina\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\Favorites\Thumbs.db
c:\documents and settings\Guest\WINDOWS
c:\program files\CouponAlert_2pEI
c:\windows\desktop
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET101.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETFF.tmp
c:\windows\system32\SYSTem~1.dll
c:\windows\system32\systemhook.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2011-12-30 18:59 . 2012-01-01 00:12 -------- d-----w- c:\documents and settings\Admiral
2011-12-30 18:06 . 2011-12-30 18:06 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-29 00:41 . 2011-12-29 00:41 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-29 00:41 . 2005-02-01 23:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2011-12-29 00:41 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2011-12-29 00:41 . 2003-09-26 04:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2011-12-29 00:41 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2011-12-29 00:41 . 2011-12-29 00:41 -------- d-----w- c:\program files\Linksys
2011-12-29 00:41 . 2011-12-29 00:41 -------- d--h--w- c:\documents and settings\Administrator\Application Data\InstallShield
2011-12-29 00:04 . 2011-12-29 00:04 -------- d-----w- C:\Wallpaper Master
2011-12-28 19:40 . 2011-12-28 19:40 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-12-28 19:40 . 2011-12-28 19:40 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-12-28 18:54 . 2011-12-28 18:54 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2011-12-28 08:22 . 2011-12-28 08:22 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2011-12-28 08:20 . 2011-12-28 08:20 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Windows Search
2011-12-28 07:32 . 2011-12-28 07:32 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-28 07:31 . 2011-12-28 07:31 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2011-12-27 23:10 . 2011-12-27 23:10 3038 ----a-w- C:\fix_svchost.bat
2011-12-27 23:08 . 2011-12-27 23:08 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2011-12-27 23:06 . 2011-12-27 23:06 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\program files\Windows Desktop Search
2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\windows\system32\GroupPolicy
2011-12-27 20:00 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-12-27 20:00 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-12-27 19:41 . 2011-12-27 19:41 -------- d--h--w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2011-12-27 19:04 . 2011-12-27 19:04 -------- d--h--w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2009-03-15 21:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 22:58 . 2011-05-15 17:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-11 14:24 . 2011-09-18 13:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-03-26 18:17 . 2008-07-04 18:05 149008 ----a-w- c:\program files\mozilla firefox\components\WRSForFireFox.dll
2007-03-09 07:12 27648 -csha-w- c:\windows\system32\AVSredirect.dll
.
Code: 
<pre>
c:\program files\Misc Programs\ELFBOW .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"vptray"="c:\program files\NavNT\vptray.exe" [2001-10-31 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-07-28 4514992]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2011-07-28 70832]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-27 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-18 23:28 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 21:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Deskup"=c:\program files\Iomega\DriveIcons\deskup.exe /IMGSTART
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\lxeecoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 10:43 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 10:43 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/18/2010 6:28 PM 116608]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 10:17 PM 136176]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [1/24/2010 3:40 PM 193192]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/6/2011 10:03 AM 191752]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 10:17 PM 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/26/2004 11:12 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 10:43 AM 12872]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [11/17/2010 1:16 PM 323584]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP100
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 03:17]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 03:17]
.
2011-12-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2005-01-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-20 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8A48CAB4-5DA2-4C89-98E5-C2D712B952E7}: DhcpNameServer = 192.168.1.254
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 19:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2011-12-31 19:35:58
ComboFix-quarantined-files.txt 2012-01-01 00:35
.
Pre-Run: 66,883,989,504 bytes free
Post-Run: 67,768,606,720 bytes free
.
- - End Of File - - CFC38660B5FAB1D9ADCEE9E76E7D7C9C
 
MBR log

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-31 15:10:20
-----------------------------
15:10:20.796 OS Version: Windows 5.1.2600 Service Pack 3
15:10:20.796 Number of processors: 1 586 0xA00
15:10:20.796 ComputerName: ALBERT UserName:
15:10:23.406 Initialize success
15:10:42.203 AVAST engine download error: 0
15:10:45.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:10:45.062 Disk 0 Vendor: WDC_WD1200BB-00GUA0 08.02D08 Size: 114473MB BusType: 3
15:10:45.093 Disk 0 MBR read successfully
15:10:45.093 Disk 0 MBR scan
15:10:45.109 Disk 0 unknown MBR code
15:10:45.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 110658 MB offset 7791525
15:10:45.140 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3804 MB offset 63
15:10:45.171 Disk 0 scanning sectors +234420480
15:10:45.265 Disk 0 scanning C:\WINDOWS\system32\drivers
15:11:31.828 Service scanning
15:11:37.890 Service vsdatant C:\WINDOWS\system32\vsdatant.sys **LOCKED** 32
15:11:38.484 Modules scanning
15:12:17.031 Disk 0 trace - called modules:
15:12:17.453 ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll ACPI.sys atapi.sys pciide.sys
15:12:17.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa94ab8]
15:12:17.484 3 CLASSPNP.SYS[f76a7fd7] -> nt!IofCallDriver -> [0x8aaf8d78]
15:12:17.515 5 iomdisk.sys[f777fbc3] -> nt!IofCallDriver -> \Device\00000091[0x8ab241f8]
15:12:17.531 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aaa1d98]
15:12:17.546 Scan finished successfully
15:12:53.828 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:12:53.859 The log file has been saved successfully to "C:\aswMBR.txt"


aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-31 19:45:27
-----------------------------
19:45:27.937 OS Version: Windows 5.1.2600 Service Pack 3
19:45:27.937 Number of processors: 1 586 0xA00
19:45:27.937 ComputerName: ALBERT UserName:
19:45:29.609 Initialize success
19:45:40.921 AVAST engine download error: 0
19:46:10.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:46:10.796 Disk 0 Vendor: WDC_WD1200BB-00GUA0 08.02D08 Size: 114473MB BusType: 3
19:46:10.828 Disk 0 MBR read successfully
19:46:10.843 Disk 0 MBR scan
19:46:10.843 Disk 0 unknown MBR code
19:46:10.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 110658 MB offset 7791525
19:46:10.875 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3804 MB offset 63
19:46:10.890 Disk 0 scanning sectors +234420480
19:46:11.000 Disk 0 scanning C:\WINDOWS\system32\drivers
19:46:32.625 Service scanning
19:46:37.265 Service vsdatant C:\WINDOWS\system32\vsdatant.sys **LOCKED** 32
19:46:37.796 Modules scanning
19:47:10.046 Disk 0 trace - called modules:
19:47:10.093 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll ACPI.sys atapi.sys pciide.sys
19:47:10.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aacfab8]
19:47:10.125 3 CLASSPNP.SYS[f76a7fd7] -> nt!IofCallDriver -> [0x8aa92d78]
19:47:10.156 5 iomdisk.sys[f777fbc3] -> nt!IofCallDriver -> \Device\0000008e[0x8ab1ef18]
19:47:10.171 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ab05d98]
19:47:10.187 Scan finished successfully
19:47:31.468 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
19:47:31.500 The log file has been saved successfully to "C:\aswMBR.txt"
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
SecCenter::
{E10A9785-9598-4754-B552-92431C1C35F8}
{990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

RenV::
c:\program files\Misc Programs\ELFBOW .exe


Folder::
c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here is is

ComboFix 11-12-31.03 - Admiral 12/31/2011 20:14:52.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1334 [GMT -5:00]
Running from: c:\documents and settings\Admiral\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admiral\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
c:\documents and settings\Administrator\Local Settings\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Logs\12282011.Log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2011-12-30 18:59 . 2012-01-01 00:12 -------- d-----w- c:\documents and settings\Admiral
2011-12-30 18:06 . 2011-12-30 18:06 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-29 00:41 . 2011-12-29 00:41 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-29 00:41 . 2005-02-01 23:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2011-12-29 00:41 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2011-12-29 00:41 . 2003-09-26 04:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2011-12-29 00:41 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2011-12-29 00:41 . 2011-12-29 00:41 -------- d-----w- c:\program files\Linksys
2011-12-29 00:41 . 2011-12-29 00:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2011-12-29 00:04 . 2011-12-29 00:04 -------- d-----w- C:\Wallpaper Master
2011-12-28 19:40 . 2011-12-28 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-12-28 19:40 . 2011-12-28 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-12-28 08:22 . 2011-12-28 08:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2011-12-28 08:20 . 2011-12-28 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2011-12-28 07:32 . 2011-12-28 07:32 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-28 07:31 . 2011-12-28 07:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2011-12-27 23:10 . 2011-12-27 23:10 3038 ----a-w- C:\fix_svchost.bat
2011-12-27 23:08 . 2011-12-27 23:08 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2011-12-27 23:06 . 2011-12-27 23:06 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\program files\Windows Desktop Search
2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\windows\system32\GroupPolicy
2011-12-27 20:00 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-12-27 20:00 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-12-27 19:41 . 2011-12-27 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2011-12-27 19:04 . 2011-12-27 19:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2009-03-15 21:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 22:58 . 2011-05-15 17:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-11 14:24 . 2011-09-18 13:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-03-26 18:17 . 2008-07-04 18:05 149008 ----a-w- c:\program files\mozilla firefox\components\WRSForFireFox.dll
2007-03-09 07:12 27648 -csha-w- c:\windows\system32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"vptray"="c:\program files\NavNT\vptray.exe" [2001-10-31 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-07-28 4514992]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2011-07-28 70832]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-27 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-18 23:28 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 21:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Deskup"=c:\program files\Iomega\DriveIcons\deskup.exe /IMGSTART
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\lxeecoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 10:43 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 10:43 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/18/2010 6:28 PM 116608]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 10:17 PM 136176]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [1/24/2010 3:40 PM 193192]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/6/2011 10:03 AM 191752]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 10:17 PM 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/26/2004 11:12 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 10:43 AM 12872]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [11/17/2010 1:16 PM 323584]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - PROCEXP100
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 03:17]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 03:17]
.
2011-12-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2005-01-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-20 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8A48CAB4-5DA2-4C89-98E5-C2D712B952E7}: DhcpNameServer = 192.168.1.254
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2011-12-31 20:30:15
ComboFix-quarantined-files.txt 2012-01-01 01:30
ComboFix2.txt 2012-01-01 00:35
.
Pre-Run: 67,793,670,144 bytes free
Post-Run: 67,765,325,824 bytes free
.
- - End Of File - - F87BD0D6D4A784802D0E99571E2FEC98
 
You must log in or register to reply here.

Similar threads

J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni
T
Solved Missing desktop icons and start menu.
Replies
4
Views
2K
Tobiasrieper
T
Bubbajim
Customer service chatbot gets foul-mouthed and calls its own company "useless"
Replies
8
Views
208
PurpaFur
PurpaFur

Latest posts

Back