12 replies to this topic

[McGolff]

Merged 3 post

Merged 2 more

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.


I've been having issues with a virus that occasionally intercepts my website click and redirects me to an advertising site (most times). I've been putting up with it because it only happens on the first try. If I go back to the original site and re-click the same link it will take me to the correct place and will continue to work properly until a new browser session.

The problem is that yesterday is redirected me to a site that quickly downloaded the S.M.A.R.T. HDD virus...... two minutes later I had a screen full of false hard disk errors and SMART HDD was running on my desktop with no way to shut it down. When I went to Start/Programs to start running MalwareBytes I found that most of my programs were missing, including the ability to add/remove software. I shut the system down and brought in another laptop to help me fight the virus. When I rebooted, my start menu was completely blank and I couldn't get Windows Explorer access so that I could run the kill programs on my USB drive.

I did a full reboot again, this time everything was missing except the SMART HDD application and my Search Desktop entry box on the toolbar. I was able to use that to bring up Windows Explorer and ran Rkill.exe from the USB drive. That stopped Smart HDD.
Explorer showed that my drives were empty so, I ran UnHide.exe to get my Start Menu and directory structures back.
Then I installed and ran the latest version of MalwareBytes and did a full scan. it removed 2 items on my C partition and 2 items on my E partition.
When I restarted the system the C drive was still empty, so I had to run UnHide.exe again and all the files reappeared.

SMART HDD was showing as a "Newly Installed Program", was still in my program list and had a launch icon on my desktop as well.
I checked the properties of the desktop shortcut and removed all of the files with similar names in Documents & Settings/All Users/Application Data.
They looked something like GVHlwFLpzZ3put.exe, 4 files in all, the other 3 had the same name with different extensions. I removed them all
I then removed the Shortcut links from my user's Start Menu folder in Documents & Settings. There was an "Uninstall Smart HDD" link but it didn't seem like a smart idea to use it.
I did a full re-run of MalwareBytes and it found zero issues, however while it was running, Norton Antivirus popped up and said that it had located three instances of a Bloodhound heuristics virus and quarantined them - I did a full delete of those.
I then did a full run of AdAware and it found a malware in C:/Recycler (something that I deleted manually?) and a bunch of cookie issues.
I'm rerunning AdAware again just to see if anything is left, but while it was running Norton popped up again with a Trojan Malware alert in my java jar cache: 356222b46d9.jar-4d799c0e-1666db2d.zip. --- which it says that it deleted rather than quarantined.

Then the very first website that I went to after rebooting the system, I click on one of the internal links and "The Document has moved, Redirecting". So I'm basically back where I started except that I'm pretty sure there are still remnants of SMART HDD and potentially some more viruses lurking on the system and want to continue the process until I can get this beast completely clean. This last redirect cost me about 12 hours of time to get back up and running --- can't afford that again.

Just an add-on update to this --- AdAware just finished scanning again and is still finding a virus. Looks to be in the System Restore area?
Description: c:\system volume information\_restore{a8393674-085c-4723-b63e-39928c5f4c89}\rp837\a0156673.exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 17c21b6fdd8d0e3e160901bb4b2a771f

Norton full scan is in progress - 1 security risk found and quarantined:
Scan type: Manual Scan
Event: Security Risk Found!
Risk: SecurityRisk.URLRedir
File: Unavailable
Location: Quarantine

(Still feel that there are bits and pieces of several viruses spread around the system --- every time I run a scan with these three tools, they find something new)

Here are the DDS.Txt and Attach.txt reports:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by TimM at 16:32:39 on 2012-04-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1188 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\dwrcs\DWRCS.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\dwrcs\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~2\VPTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DameWare MRC Agent] c:\windows\dwrcs\DWRCST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{1ce60928-8325-49a8-8b06-633e48dd2b67}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: accruent.com\demoapp2v
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} - hxxp://demoapp2v.accruent.com/fps/TeeChart/teechart.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://demoapp2v.accruent.com/cosalesxi/MGViewer/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252114649437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254344453328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6595FD99-E07A-49CF-BE09-4E45BFEB1044} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: MRCNotify - c:\windows\dwrcs\DWRCWXL.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli psqlpwd ACGina
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
Hosts: 184.95.41.155 www.statcounter.com.
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\timm\application data\mozilla\firefox\profiles\ky1nsjzz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-12 64512]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-5 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120426.002\naveng.sys [2012-4-26 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120426.002\navex15.sys [2012-4-26 1576312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [2009-11-24 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [2009-11-24 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [2009-11-24 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [2009-11-24 5888]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys --> c:\windows\system32\drivers\pwi_bus.sys [?]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys --> c:\windows\system32\drivers\pwi_mdfl.sys [?]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys --> c:\windows\system32\drivers\pwi_mdm.sys [?]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys --> c:\windows\system32\drivers\pwi_oflt.sys [?]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys --> c:\windows\system32\drivers\pwi_serd.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-13 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-04-24 20:16:29 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-03-30 17:04:51 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-30 17:04:51 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-28 00:47:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-03-28 00:47:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-03-28 00:47:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-03-28 00:47:55 110280 ----a-w- c:\windows\system32\drivers\sscdserd.sys
2012-03-28 00:47:54 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-03-28 00:47:52 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-03-28 00:47:52 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-03-28 00:47:52 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-03-28 00:47:47 -------- d-----w- c:\program files\SAMSUNG
2012-03-28 00:47:38 -------- d-----w- c:\documents and settings\all users\application data\Samsung
2012-03-28 00:47:30 53248 ----a-r- c:\documents and settings\timm\application data\microsoft\installer\{c0c1d2bc-72fe-4f77-a2f9-cd10d5aa8f93}\ARPPRODUCTICON.exe
.
==================== Find3M ====================
.
2012-04-17 19:51:00 249856 ------w- c:\windows\Setup1.exe
2012-04-17 19:50:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 10:59:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-12 10:59:08 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-09 17:40:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 20:30:33 60304 ----a-w- c:\documents and settings\timm\g2mdlhlpx.exe
1997-06-23 19:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 19:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
============= FINISH: 16:34:06.10 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/4/2009 3:33:44 AM
System Uptime: 4/26/2012 8:50:32 AM (8 hours ago)
.
Motherboard: LENOVO | | 2623KEU
Processor: Intel® Core™2 CPU T5600 @ 1.83GHz | None | 1828/167mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.4
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
Atomic Clock Sync
AutoCAD Map 3D 2009
AutoCAD Map 3D 2009 Version 4
Autodesk Design Review 2009
Bing Maps 3D
BlackBerry Java Development Environment 3.7
Bonjour
Cisco Systems VPN Client 5.0.07.0410
Configuration Manager Client
Curitel PC Card Software
CutePDF Writer 2.8
Dell Printer Software Uninstall
Digital Photo Navigator 1.5
eFax Messenger
Everio MediaBrowser
FAI9New
FAMIS Drawing Coordination 8.2.2.X/10.2.2.X/10.3.1.X
Fax_CDA
FreeMind
GoToMeeting 5.1.0.880
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photosmart, Officejet and Deskjet 7.0.A
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
iRise® Reader v7.3.0.0 (Build:22115)
iTunes
J2SE Runtime Environment 5.0 Update 22
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 24
LiveReg (Symantec Corporation)
LiveUpdate 3.1 (Symantec Corporation)
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.61.0.1400
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mMHouse
Mozilla Firefox 11.0 (x86 en-US)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
mXML
Network Recording Player
NewCopy_CDA
NotesLink
OGA Notifier 2.0.0048.0
Opera Mobile
PC-Doctor 5 for Windows
Picasa 2
Productivity Center Supplement for ThinkPad
QFolder
QuickTime
RDC
Readme
RecordNow Audio
RecordNow Copy
RecordNow Data
refresh
Remove Multimedia Center
SAMSUNG USB Driver for Mobile Phones V5.16.0.0
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Click to Call
Skype™ 5.5
SlingPlayer
SnagIt 7
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Symantec AntiVirus
System Migration Assistant
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Fingerprint Software 5.5
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2264107)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UPSDK411
VBA (2627.01)
VZAccess Manager
Wallpapers
WD SmartWare
WD Software Upgrader
WebEx
WebFldrs XP
WebReg
WebSlingPlayer ActiveX
WIMGAPI
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinSABA-AutoCAD Interface v1.3
WinSABA-AutoCAD Interface v1.3 (C:\Program Files\WinSABA-AutoCAD Interface\)
XP Themes
.
==== Event Viewer Messages From Past Week ========
.
4/24/2012 3:55:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/24/2012 3:53:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC eeCtrl Fips IBMTPCHK intelppm SAVRT SAVRTPEL ShockMgr Smapint SPBBCDrv SYMTDI TDSMAPI TPHKDRV TPPWRIF TSMAPIP
4/24/2012 10:54:01 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
4/24/2012 10:49:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0019D29F7D14 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/22/2012 5:57:26 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ACCRUENT due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/19/2012 1:34:25 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".



DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.



Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[McGolff]

Well the Redirect virus is still there ---- got two clicks hijacked this morning from different sites. Didn't appear to be anything tagged as malicious on the TDSSKiller scan. Results are here:
18:11:38.0859 7608 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:11:39.0531 7608 ============================================================
18:11:39.0531 7608 Current date / time: 2012/04/30 18:11:39.0531
18:11:39.0531 7608 SystemInfo:
18:11:39.0531 7608
18:11:39.0531 7608 OS Version: 5.1.2600 ServicePack: 3.0
18:11:39.0531 7608 Product type: Workstation
18:11:39.0531 7608 ComputerName: MCLEAN-LT
18:11:39.0531 7608 UserName: TimM
18:11:39.0531 7608 Windows directory: C:\WINDOWS
18:11:39.0531 7608 System windows directory: C:\WINDOWS
18:11:39.0531 7608 Processor architecture: Intel x86
18:11:39.0531 7608 Number of processors: 2
18:11:39.0531 7608 Page size: 0x1000
18:11:39.0531 7608 Boot type: Normal boot
18:11:39.0531 7608 ============================================================
18:11:43.0953 7608 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
18:11:43.0953 7608 ============================================================
18:11:43.0953 7608 \Device\Harddisk0\DR0:
18:11:43.0953 7608 MBR partitions:
18:11:43.0953 7608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8BF8771
18:11:43.0968 7608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x950E14F, BlocksNum 0x950A5C1
18:11:43.0968 7608 ============================================================
18:11:44.0000 7608 C: <-> \Device\Harddisk0\DR0\Partition0
18:11:44.0031 7608 E: <-> \Device\Harddisk0\DR0\Partition1
18:11:44.0031 7608 ============================================================
18:11:44.0031 7608 Initialize success
18:11:44.0031 7608 ============================================================
18:12:25.0781 2592 ============================================================
18:12:25.0781 2592 Scan started
18:12:25.0781 2592 Mode: Manual; SigCheck; TDLFS;
18:12:25.0781 2592 ============================================================
18:12:26.0406 2592 Abiosdsk - ok
18:12:26.0437 2592 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:12:26.0718 2592 abp480n5 - ok
18:12:26.0750 2592 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
18:12:26.0875 2592 ac97intc - ok
18:12:26.0921 2592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:12:27.0046 2592 ACPI - ok
18:12:27.0062 2592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:12:27.0234 2592 ACPIEC - ok
18:12:27.0328 2592 AcPrfMgrSvc (b256d804e3af59023dfeedc743b4dd96) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
18:12:27.0359 2592 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
18:12:27.0359 2592 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
18:12:27.0375 2592 AcSvc (4abaf28ffcfca1bbdc2ed83af1b80faa) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
18:12:27.0421 2592 AcSvc ( UnsignedFile.Multi.Generic ) - warning
18:12:27.0421 2592 AcSvc - detected UnsignedFile.Multi.Generic (1)
18:12:27.0468 2592 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:12:27.0546 2592 ADIHdAudAddService - ok
18:12:27.0578 2592 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:12:27.0703 2592 adpu160m - ok
18:12:27.0718 2592 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
18:12:27.0750 2592 AEAudioService - ok
18:12:27.0796 2592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:12:27.0921 2592 aec - ok
18:12:27.0953 2592 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:12:27.0984 2592 AegisP ( UnsignedFile.Multi.Generic ) - warning
18:12:27.0984 2592 AegisP - detected UnsignedFile.Multi.Generic (1)
18:12:28.0015 2592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:12:28.0109 2592 AFD - ok
18:12:28.0125 2592 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:12:28.0281 2592 agp440 - ok
18:12:28.0281 2592 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:12:28.0406 2592 agpCPQ - ok
18:12:28.0421 2592 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:12:28.0500 2592 Aha154x - ok
18:12:28.0515 2592 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:12:28.0656 2592 aic78u2 - ok
18:12:28.0687 2592 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:12:28.0812 2592 aic78xx - ok
18:12:28.0843 2592 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:12:28.0968 2592 Alerter - ok
18:12:29.0000 2592 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:12:29.0125 2592 ALG - ok
18:12:29.0140 2592 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:12:29.0250 2592 AliIde - ok
18:12:29.0265 2592 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:12:29.0375 2592 alim1541 - ok
18:12:29.0390 2592 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:12:29.0515 2592 amdagp - ok
18:12:29.0531 2592 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:12:29.0609 2592 amsint - ok
18:12:29.0640 2592 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
18:12:29.0671 2592 ANC ( UnsignedFile.Multi.Generic ) - warning
18:12:29.0671 2592 ANC - detected UnsignedFile.Multi.Generic (1)
18:12:29.0765 2592 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:12:29.0812 2592 Apple Mobile Device - ok
18:12:29.0843 2592 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:12:29.0968 2592 AppMgmt - ok
18:12:29.0984 2592 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:12:30.0109 2592 asc - ok
18:12:30.0125 2592 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:12:30.0187 2592 asc3350p - ok
18:12:30.0203 2592 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:12:30.0328 2592 asc3550 - ok
18:12:30.0390 2592 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:12:30.0500 2592 aspnet_state - ok
18:12:30.0515 2592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:12:30.0640 2592 AsyncMac - ok
18:12:30.0671 2592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:12:30.0765 2592 atapi - ok
18:12:30.0781 2592 Atdisk - ok
18:12:30.0828 2592 Ati HotKey Poller (c382626e3880f55f93c79002a246821f) C:\WINDOWS\system32\Ati2evxx.exe
18:12:30.0953 2592 Ati HotKey Poller - ok
18:12:31.0078 2592 ati2mtag (6fdb638e0921d99a48ec4ae52071173c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:12:31.0218 2592 ati2mtag - ok
18:12:31.0343 2592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:12:31.0484 2592 Atmarpc - ok
18:12:31.0500 2592 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
18:12:31.0578 2592 atmeltpm - ok
18:12:31.0609 2592 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:12:31.0750 2592 AudioSrv - ok
18:12:31.0781 2592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:12:31.0921 2592 audstub - ok
18:12:32.0015 2592 Autodesk Licensing Service (df687ee356b7f80a6442ae4d2c3ee3b4) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
18:12:32.0062 2592 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:12:32.0062 2592 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:12:32.0078 2592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:12:32.0218 2592 Beep - ok
18:12:32.0281 2592 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:12:32.0484 2592 BITS - ok
18:12:32.0562 2592 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:12:32.0609 2592 Bonjour Service - ok
18:12:32.0656 2592 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:12:32.0781 2592 Browser - ok
18:12:32.0828 2592 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
18:12:32.0953 2592 BthEnum - ok
18:12:32.0984 2592 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
18:12:33.0109 2592 BthPan - ok
18:12:33.0156 2592 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
18:12:33.0218 2592 BTHPORT - ok
18:12:33.0265 2592 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
18:12:33.0406 2592 BthServ - ok
18:12:33.0421 2592 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
18:12:33.0546 2592 BTHUSB - ok
18:12:33.0625 2592 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:12:33.0687 2592 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
18:12:33.0687 2592 BTKRNL - detected UnsignedFile.Multi.Generic (1)
18:12:33.0812 2592 btwdins (cb2a3bae9aad6b42f7b6473363bbc168) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
18:12:33.0875 2592 btwdins ( UnsignedFile.Multi.Generic ) - warning
18:12:33.0875 2592 btwdins - detected UnsignedFile.Multi.Generic (1)
18:12:33.0906 2592 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
18:12:33.0953 2592 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
18:12:33.0953 2592 BTWUSB - detected UnsignedFile.Multi.Generic (1)
18:12:34.0000 2592 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:12:34.0187 2592 cbidf - ok
18:12:34.0187 2592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:12:34.0343 2592 cbidf2k - ok
18:12:34.0390 2592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:12:34.0562 2592 CCDECODE - ok
18:12:34.0625 2592 ccEvtMgr (0a6786c95a6f8715aa4285e3c27f201f) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
18:12:34.0640 2592 ccEvtMgr - ok
18:12:34.0734 2592 CcmExec (15434423b77f80036c71205a240c1507) C:\WINDOWS\system32\CCM\CcmExec.exe
18:12:34.0812 2592 CcmExec - ok
18:12:34.0828 2592 ccSetMgr (3b4898cf051bb04fb76e94361e336a83) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
18:12:34.0843 2592 ccSetMgr - ok
18:12:34.0875 2592 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:12:34.0968 2592 cd20xrnt - ok
18:12:34.0984 2592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:12:35.0109 2592 Cdaudio - ok
18:12:35.0140 2592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:12:35.0265 2592 Cdfs - ok
18:12:35.0312 2592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:12:35.0453 2592 Cdrom - ok
18:12:35.0453 2592 Changer - ok
18:12:35.0515 2592 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:12:35.0625 2592 CiSvc - ok
18:12:35.0640 2592 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:12:35.0781 2592 ClipSrv - ok
18:12:36.0031 2592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:12:36.0156 2592 clr_optimization_v2.0.50727_32 - ok
18:12:36.0218 2592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:12:36.0328 2592 clr_optimization_v4.0.30319_32 - ok
18:12:36.0343 2592 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:12:36.0484 2592 CmBatt - ok
18:12:36.0515 2592 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:12:36.0640 2592 CmdIde - ok
18:12:36.0718 2592 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:12:36.0843 2592 Compbatt - ok
18:12:36.0843 2592 COMSysApp - ok
18:12:36.0859 2592 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:12:36.0984 2592 Cpqarray - ok
18:12:37.0015 2592 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:12:37.0156 2592 CryptSvc - ok
18:12:37.0187 2592 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:12:37.0234 2592 CVirtA - ok
18:12:37.0359 2592 CVPND (30443eef52f5fb043654859eaa8e5247) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
18:12:37.0453 2592 CVPND - ok
18:12:37.0703 2592 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:12:37.0750 2592 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
18:12:37.0750 2592 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
18:12:37.0796 2592 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:12:37.0953 2592 dac2w2k - ok
18:12:37.0953 2592 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:12:38.0093 2592 dac960nt - ok
18:12:38.0125 2592 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:12:38.0187 2592 DcomLaunch - ok
18:12:38.0250 2592 DefWatch (1f709c66d8aadff35530c56ee261c462) C:\Program Files\Symantec AntiVirus\DefWatch.exe
18:12:38.0281 2592 DefWatch - ok
18:12:38.0312 2592 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:12:38.0437 2592 Dhcp - ok
18:12:38.0468 2592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:12:38.0593 2592 Disk - ok
18:12:38.0640 2592 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:12:38.0656 2592 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
18:12:38.0656 2592 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
18:12:38.0671 2592 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:12:38.0687 2592 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
18:12:38.0687 2592 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
18:12:38.0703 2592 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
18:12:38.0718 2592 DLADResN ( UnsignedFile.Multi.Generic ) - warning
18:12:38.0718 2592 DLADResN - detected UnsignedFile.Multi.Generic (1)
18:12:38.0734 2592 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:12:38.0765 2592 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
18:12:38.0765 2592 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
18:12:38.0765 2592 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:12:38.0796 2592 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
18:12:38.0796 2592 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
18:12:38.0812 2592 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:12:38.0828 2592 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
18:12:38.0828 2592 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
18:12:38.0859 2592 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
18:12:38.0906 2592 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
18:12:38.0906 2592 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
18:12:38.0937 2592 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:12:38.0953 2592 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
18:12:38.0953 2592 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
18:12:38.0984 2592 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:12:39.0015 2592 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
18:12:39.0015 2592 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
18:12:39.0031 2592 dmadmin - ok
18:12:39.0140 2592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:12:39.0296 2592 dmboot - ok
18:12:39.0312 2592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:12:39.0453 2592 dmio - ok
18:12:39.0484 2592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:12:39.0640 2592 dmload - ok
18:12:39.0734 2592 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:12:39.0875 2592 dmserver - ok
18:12:39.0906 2592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:12:40.0046 2592 DMusic - ok
18:12:40.0093 2592 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:12:40.0109 2592 DNE - ok
18:12:40.0156 2592 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:12:40.0281 2592 Dnscache - ok
18:12:40.0343 2592 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:12:40.0468 2592 Dot3svc - ok
18:12:40.0515 2592 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:12:40.0656 2592 Dot4 - ok
18:12:40.0687 2592 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:12:40.0828 2592 Dot4Print - ok
18:12:40.0828 2592 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
18:12:41.0031 2592 dot4usb - ok
18:12:41.0125 2592 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:12:41.0265 2592 dpti2o - ok
18:12:41.0296 2592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:12:41.0421 2592 drmkaud - ok
18:12:41.0468 2592 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:12:41.0484 2592 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
18:12:41.0484 2592 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
18:12:41.0500 2592 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:12:41.0531 2592 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
18:12:41.0531 2592 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
18:12:41.0562 2592 DwMirror (383182215a2c238e76b86e3b5ede40eb) C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
18:12:41.0640 2592 DwMirror - ok
18:12:41.0656 2592 dwmrcs - ok
18:12:41.0687 2592 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
18:12:41.0734 2592 dwvkbd - ok
18:12:41.0781 2592 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:12:41.0921 2592 E100B - ok
18:12:41.0968 2592 e1express (b1e9161ba28d5b826e49a1d0ded7fcc4) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:12:42.0453 2592 e1express - ok
18:12:42.0500 2592 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:12:42.0640 2592 EapHost - ok
18:12:42.0734 2592 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:12:42.0765 2592 eeCtrl - ok
18:12:42.0796 2592 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
18:12:42.0828 2592 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
18:12:42.0828 2592 EGATHDRV - detected UnsignedFile.Multi.Generic (1)
18:12:42.0859 2592 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:12:42.0875 2592 EraserUtilRebootDrv - ok
18:12:42.0906 2592 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:12:43.0031 2592 ERSvc - ok
18:12:43.0078 2592 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:12:43.0109 2592 Eventlog - ok
18:12:43.0156 2592 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:12:43.0218 2592 EventSystem - ok
18:12:43.0281 2592 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
18:12:43.0343 2592 EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:12:43.0343 2592 EvtEng - detected UnsignedFile.Multi.Generic (1)
18:12:43.0421 2592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:12:43.0593 2592 Fastfat - ok
18:12:43.0640 2592 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:12:43.0671 2592 FastUserSwitchingCompatibility - ok
18:12:43.0687 2592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:12:43.0812 2592 Fdc - ok
18:12:43.0828 2592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:12:43.0953 2592 Fips - ok
18:12:43.0968 2592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:12:44.0250 2592 Flpydisk - ok
18:12:44.0281 2592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:12:44.0406 2592 FltMgr - ok
18:12:44.0500 2592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:12:44.0531 2592 FontCache3.0.0.0 - ok
18:12:44.0546 2592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:12:44.0703 2592 Fs_Rec - ok
18:12:44.0718 2592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:12:44.0843 2592 Ftdisk - ok
18:12:44.0859 2592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:12:44.0875 2592 GEARAspiWDM - ok
18:12:44.0906 2592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:12:45.0015 2592 Gpc - ok
18:12:45.0031 2592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:12:45.0171 2592 HDAudBus - ok
18:12:45.0234 2592 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:12:45.0359 2592 helpsvc - ok
18:12:45.0390 2592 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:12:45.0500 2592 HidServ - ok
18:12:45.0546 2592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:12:45.0687 2592 HidUsb - ok
18:12:45.0734 2592 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:12:45.0875 2592 hkmsvc - ok
18:12:45.0953 2592 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
18:12:46.0031 2592 HP Port Resolver - ok
18:12:46.0062 2592 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
18:12:46.0140 2592 HP Status Server - ok
18:12:46.0171 2592 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:12:46.0281 2592 hpn - ok
18:12:46.0328 2592 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:12:46.0406 2592 HSFHWAZL - ok
18:12:46.0515 2592 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:12:46.0609 2592 HSF_DPV - ok
18:12:46.0671 2592 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
18:12:46.0734 2592 HSXHWAZL - ok
18:12:46.0796 2592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:12:46.0859 2592 HTTP - ok
18:12:46.0890 2592 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:12:47.0031 2592 HTTPFilter - ok
18:12:47.0078 2592 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:12:47.0171 2592 i2omgmt - ok
18:12:47.0203 2592 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:12:47.0328 2592 i2omp - ok
18:12:47.0359 2592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:12:47.0484 2592 i8042prt - ok
18:12:47.0578 2592 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:12:47.0671 2592 iaStor ( UnsignedFile.Multi.Generic ) - warning
18:12:47.0671 2592 iaStor - detected UnsignedFile.Multi.Generic (1)
18:12:47.0703 2592 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
18:12:47.0718 2592 IBMPMDRV - ok
18:12:47.0734 2592 IBMPMSVC (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\WINDOWS\system32\ibmpmsvc.exe
18:12:47.0765 2592 IBMPMSVC - ok
18:12:47.0765 2592 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
18:12:47.0796 2592 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
18:12:47.0796 2592 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
18:12:47.0890 2592 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:12:47.0921 2592 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:12:47.0921 2592 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:12:48.0046 2592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:12:48.0140 2592 idsvc - ok
18:12:48.0187 2592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:12:48.0312 2592 Imapi - ok
18:12:48.0359 2592 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:12:48.0484 2592 ImapiService - ok
18:12:48.0515 2592 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:12:48.0671 2592 ini910u - ok
18:12:48.0687 2592 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:12:48.0812 2592 IntelIde - ok
18:12:48.0828 2592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:12:48.0953 2592 intelppm - ok
18:12:48.0968 2592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:12:49.0093 2592 Ip6Fw - ok
18:12:49.0109 2592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:12:49.0234 2592 IpFilterDriver - ok
18:12:49.0250 2592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:12:49.0359 2592 IpInIp - ok
18:12:49.0406 2592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:12:49.0531 2592 IpNat - ok
18:12:49.0625 2592 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:12:49.0703 2592 iPod Service - ok
18:12:49.0718 2592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:12:49.0828 2592 IPSec - ok
18:12:49.0859 2592 IPSSVC (4d1d3b3644737746fb98c4d272fb4a86) C:\WINDOWS\system32\IPSSVC.EXE
18:12:49.0906 2592 IPSSVC ( UnsignedFile.Multi.Generic ) - warning
18:12:49.0906 2592 IPSSVC - detected UnsignedFile.Multi.Generic (1)
18:12:49.0921 2592 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
18:12:50.0062 2592 irda - ok
18:12:50.0078 2592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:12:50.0187 2592 IRENUM - ok
18:12:50.0218 2592 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
18:12:50.0328 2592 Irmon - ok
18:12:50.0375 2592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:12:50.0484 2592 isapnp - ok
18:12:50.0531 2592 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
18:12:50.0531 2592 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
18:12:50.0531 2592 Iviaspi - detected UnsignedFile.Multi.Generic (1)
18:12:50.0546 2592 ivusb - ok
18:12:50.0625 2592 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
18:12:50.0656 2592 JavaQuickStarterService - ok
18:12:50.0671 2592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:12:50.0781 2592 Kbdclass - ok
18:12:50.0812 2592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:12:50.0906 2592 kbdhid - ok
18:12:51.0015 2592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:12:51.0140 2592 kmixer - ok
18:12:51.0171 2592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:12:51.0281 2592 KSecDD - ok
18:12:51.0312 2592 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:12:51.0375 2592 lanmanserver - ok
18:12:51.0406 2592 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:12:51.0484 2592 lanmanworkstation - ok
18:12:51.0703 2592 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
18:12:51.0859 2592 Lavasoft Ad-Aware Service - ok
18:12:52.0015 2592 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:12:52.0031 2592 Lbd - ok
18:12:52.0031 2592 lbrtfdc - ok
18:12:52.0312 2592 LiveUpdate (fb3a35318ca7f6a10fa3c3826a69affe) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:12:52.0453 2592 LiveUpdate - ok
18:12:52.0609 2592 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:12:52.0750 2592 LmHosts - ok
18:12:52.0796 2592 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
18:12:52.0812 2592 LVPr2Mon - ok
18:12:52.0890 2592 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
18:12:52.0921 2592 LVPrcSrv - ok
18:12:52.0953 2592 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:12:52.0984 2592 mdmxsdk - ok
18:12:53.0015 2592 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:12:53.0140 2592 Messenger - ok
18:12:53.0218 2592 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:12:53.0265 2592 Microsoft Office Groove Audit Service - ok
18:12:53.0296 2592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:12:53.0421 2592 mnmdd - ok
18:12:53.0531 2592 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:12:53.0656 2592 mnmsrvc - ok
18:12:53.0687 2592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:12:53.0812 2592 Modem - ok
18:12:53.0843 2592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:12:53.0968 2592 Mouclass - ok
18:12:54.0000 2592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:12:54.0140 2592 mouhid - ok
18:12:54.0171 2592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:12:54.0312 2592 MountMgr - ok
18:12:54.0343 2592 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:12:54.0468 2592 mraid35x - ok
18:12:54.0484 2592 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:12:54.0562 2592 MRxDAV - ok
18:12:54.0609 2592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:12:54.0750 2592 MRxSmb - ok
18:12:54.0781 2592 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:12:54.0890 2592 MSDTC - ok
18:12:54.0890 2592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:12:55.0015 2592 Msfs - ok
18:12:55.0046 2592 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
18:12:55.0156 2592 MSIRCOMM - ok
18:12:55.0156 2592 MSIServer - ok
18:12:55.0203 2592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:12:55.0312 2592 MSKSSRV - ok
18:12:55.0343 2592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:12:55.0468 2592 MSPCLOCK - ok
18:12:55.0468 2592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:12:55.0593 2592 MSPQM - ok
18:12:55.0625 2592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:12:55.0734 2592 mssmbios - ok
18:12:55.0750 2592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:12:55.0875 2592 MSTEE - ok
18:12:55.0906 2592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:12:55.0968 2592 Mup - ok
18:12:56.0000 2592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:12:56.0109 2592 NABTSFEC - ok
18:12:56.0156 2592 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:12:56.0296 2592 napagent - ok
18:12:56.0421 2592 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120430.002\naveng.sys
18:12:56.0437 2592 NAVENG - ok
18:12:56.0593 2592 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120430.002\navex15.sys
18:12:56.0656 2592 NAVEX15 - ok
18:12:56.0828 2592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:12:56.0968 2592 NDIS - ok
18:12:57.0000 2592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:12:57.0109 2592 NdisIP - ok
18:12:57.0156 2592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:12:57.0203 2592 NdisTapi - ok
18:12:57.0218 2592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:12:57.0328 2592 Ndisuio - ok
18:12:57.0359 2592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:12:57.0484 2592 NdisWan - ok
18:12:57.0515 2592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:12:57.0546 2592 NDProxy - ok
18:12:57.0578 2592 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\WINDOWS\system32\HPZinw12.dll
18:12:57.0625 2592 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:12:57.0625 2592 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:12:57.0656 2592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:12:57.0781 2592 NetBIOS - ok
18:12:57.0812 2592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:12:57.0953 2592 NetBT - ok
18:12:58.0000 2592 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:12:58.0140 2592 NetDDE - ok
18:12:58.0140 2592 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:12:58.0234 2592 NetDDEdsdm - ok
18:12:58.0328 2592 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:12:58.0437 2592 Netlogon - ok
18:12:58.0453 2592 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:12:58.0593 2592 Netman - ok
18:12:58.0687 2592 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:12:58.0703 2592 NetTcpPortSharing - ok
18:12:58.0843 2592 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:12:58.0953 2592 NETw3x32 - ok
18:12:59.0140 2592 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:12:59.0171 2592 Nla - ok
18:12:59.0234 2592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:12:59.0375 2592 Npfs - ok
18:12:59.0406 2592 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
18:12:59.0515 2592 NSCIRDA - ok
18:12:59.0546 2592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:12:59.0718 2592 Ntfs - ok
18:12:59.0734 2592 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:12:59.0843 2592 NtLmSsp - ok
18:12:59.0890 2592 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:13:00.0031 2592 NtmsSvc - ok
18:13:00.0062 2592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:13:00.0203 2592 Null - ok
18:13:00.0531 2592 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:13:00.0750 2592 nv - ok
18:13:00.0875 2592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:13:01.0015 2592 NwlnkFlt - ok
18:13:01.0031 2592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:13:01.0171 2592 NwlnkFwd - ok
18:13:01.0281 2592 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:13:01.0343 2592 odserv - ok
18:13:01.0390 2592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:13:01.0453 2592 ose - ok
18:13:01.0500 2592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:13:01.0640 2592 Parport - ok
18:13:01.0687 2592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:13:01.0843 2592 PartMgr - ok
18:13:01.0875 2592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:13:02.0000 2592 ParVdm - ok
18:13:02.0015 2592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:13:02.0140 2592 PCI - ok
18:13:02.0140 2592 PCIDump - ok
18:13:02.0156 2592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:13:02.0281 2592 PCIIde - ok
18:13:02.0296 2592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:13:02.0406 2592 Pcmcia - ok
18:13:02.0421 2592 PDCOMP - ok
18:13:02.0421 2592 PDFRAME - ok
18:13:02.0421 2592 PDRELI - ok
18:13:02.0437 2592 PDRFRAME - ok
18:13:02.0437 2592 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:13:02.0578 2592 perc2 - ok
18:13:02.0578 2592 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:13:02.0718 2592 perc2hib - ok
18:13:02.0781 2592 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:13:02.0796 2592 PlugPlay - ok
18:13:02.0828 2592 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
18:13:02.0828 2592 pmem ( UnsignedFile.Multi.Generic ) - warning
18:13:02.0828 2592 pmem - detected UnsignedFile.Multi.Generic (1)
18:13:02.0859 2592 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\WINDOWS\system32\HPZipm12.dll
18:13:02.0906 2592 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:13:02.0906 2592 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:13:02.0937 2592 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:13:03.0031 2592 PolicyAgent - ok
18:13:03.0062 2592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:13:03.0171 2592 PptpMiniport - ok
18:13:03.0234 2592 prepdrvr (2a3e82aeaf8a4a1ed7bd22f6a2424a35) C:\WINDOWS\system32\CCM\prepdrv.sys
18:13:03.0281 2592 prepdrvr - ok
18:13:03.0296 2592 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
18:13:03.0328 2592 PROCDD ( UnsignedFile.Multi.Generic ) - warning
18:13:03.0328 2592 PROCDD - detected UnsignedFile.Multi.Generic (1)
18:13:03.0343 2592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:13:03.0453 2592 Processor - ok
18:13:03.0468 2592 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:13:03.0562 2592 ProtectedStorage - ok
18:13:03.0593 2592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:13:03.0718 2592 PSched - ok
18:13:03.0750 2592 PTDWBus (fbd9a22ec513457bc4b9227a239bce2c) C:\WINDOWS\system32\DRIVERS\PTDWBus.sys
18:13:03.0796 2592 PTDWBus - ok
18:13:03.0812 2592 PTDWMdm (33477b60160223e71c2850532cbba647) C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys
18:13:03.0859 2592 PTDWMdm - ok
18:13:03.0859 2592 PTDWVsp (80811c30bc5ec69078bd45cae6dec82e) C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys
18:13:03.0890 2592 PTDWVsp - ok
18:13:03.0921 2592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:13:04.0062 2592 Ptilink - ok
18:13:04.0078 2592 PWCTLDRV (f82f63e56c9d0c769a2bb385a972120b) C:\WINDOWS\system32\drivers\PWCTLDRV.sys
18:13:04.0109 2592 PWCTLDRV - ok
18:13:04.0109 2592 pwi_bus - ok
18:13:04.0125 2592 pwi_mdfl - ok
18:13:04.0125 2592 pwi_mdm - ok
18:13:04.0140 2592 pwi_oflt - ok
18:13:04.0140 2592 pwi_serd - ok
18:13:04.0171 2592 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:13:04.0203 2592 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:13:04.0203 2592 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:13:04.0218 2592 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:13:04.0359 2592 ql1080 - ok
18:13:04.0359 2592 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:13:04.0484 2592 Ql10wnt - ok
18:13:04.0500 2592 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:13:04.0625 2592 ql12160 - ok
18:13:04.0625 2592 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:13:04.0750 2592 ql1240 - ok
18:13:04.0765 2592 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:13:04.0875 2592 ql1280 - ok
18:13:04.0906 2592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:13:05.0250 2592 RasAcd - ok
18:13:05.0281 2592 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:13:05.0406 2592 RasAuto - ok
18:13:05.0437 2592 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:13:05.0515 2592 Rasirda - ok
18:13:05.0546 2592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:13:05.0687 2592 Rasl2tp - ok
18:13:05.0718 2592 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:13:05.0890 2592 RasMan - ok
18:13:05.0890 2592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:13:06.0015 2592 RasPppoe - ok
18:13:06.0031 2592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:13:06.0140 2592 Raspti - ok
18:13:06.0171 2592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:13:06.0296 2592 Rdbss - ok
18:13:06.0312 2592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:13:06.0453 2592 RDPCDD - ok
18:13:06.0484 2592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:13:06.0609 2592 rdpdr - ok
18:13:06.0656 2592 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:13:06.0734 2592 RDPWD - ok
18:13:06.0765 2592 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:13:06.0906 2592 RDSessMgr - ok
18:13:06.0921 2592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:13:07.0046 2592 redbook - ok
18:13:07.0140 2592 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
18:13:07.0187 2592 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:13:07.0187 2592 RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:13:07.0234 2592 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:13:07.0359 2592 RemoteAccess - ok
18:13:07.0390 2592 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:13:07.0515 2592 RemoteRegistry - ok
18:13:07.0578 2592 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
18:13:07.0718 2592 RFCOMM - ok
18:13:07.0734 2592 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:13:07.0859 2592 RpcLocator - ok
18:13:07.0921 2592 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:13:07.0937 2592 RpcSs - ok
18:13:07.0968 2592 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:13:08.0109 2592 RSVP - ok
18:13:08.0281 2592 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
18:13:08.0343 2592 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
18:13:08.0343 2592 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
18:13:08.0406 2592 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:13:08.0421 2592 s24trans ( UnsignedFile.Multi.Generic ) - warning
18:13:08.0421 2592 s24trans - detected UnsignedFile.Multi.Generic (1)
18:13:08.0453 2592 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:13:08.0562 2592 SamSs - ok
18:13:08.0609 2592 SavRoam (3525fdcfc567e807a337c61aff366be8) C:\Program Files\Symantec AntiVirus\SavRoam.exe
18:13:08.0640 2592 SavRoam - ok
18:13:08.0671 2592 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
18:13:08.0703 2592 SAVRT - ok
18:13:08.0734 2592 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:13:08.0750 2592 SAVRTPEL - ok
18:13:08.0796 2592 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:13:08.0921 2592 SCardSvr - ok
18:13:08.0968 2592 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:13:09.0109 2592 Schedule - ok
18:13:09.0140 2592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:13:09.0265 2592 Secdrv - ok
18:13:09.0281 2592 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:13:09.0406 2592 seclogon - ok
18:13:09.0421 2592 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:13:09.0562 2592 SENS - ok
18:13:09.0578 2592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:13:09.0703 2592 serenum - ok
18:13:09.0718 2592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:13:09.0843 2592 Serial - ok
18:13:09.0890 2592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:13:10.0000 2592 Sfloppy - ok
18:13:10.0062 2592 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:13:10.0187 2592 SharedAccess - ok
18:13:10.0218 2592 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:13:10.0234 2592 ShellHWDetection - ok
18:13:10.0265 2592 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
18:13:10.0281 2592 ShockMgr ( UnsignedFile.Multi.Generic ) - warning
18:13:10.0281 2592 ShockMgr - detected UnsignedFile.Multi.Generic (1)
18:13:10.0312 2592 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
18:13:10.0328 2592 Shockprf ( UnsignedFile.Multi.Generic ) - warning
18:13:10.0328 2592 Shockprf - detected UnsignedFile.Multi.Generic (1)
18:13:10.0343 2592 Simbad - ok
18:13:10.0375 2592 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:13:10.0484 2592 sisagp - ok
18:13:10.0531 2592 SlingAgentService (0973bd0931bf4d0dfb1885bd464e9766) C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
18:13:10.0562 2592 SlingAgentService - ok
18:13:10.0609 2592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:13:10.0734 2592 SLIP - ok
18:13:10.0765 2592 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
18:13:10.0781 2592 Smapint ( UnsignedFile.Multi.Generic ) - warning
18:13:10.0781 2592 Smapint - detected UnsignedFile.Multi.Generic (1)
18:13:10.0828 2592 smihlp (01a4388e45ba272082bfc35b0c8dbf8a) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
18:13:10.0859 2592 smihlp ( UnsignedFile.Multi.Generic ) - warning
18:13:10.0859 2592 smihlp - detected UnsignedFile.Multi.Generic (1)
18:13:10.0890 2592 SMNDIS5 - ok
18:13:10.0921 2592 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
18:13:10.0937 2592 SMSIVZAM5 - ok
18:13:10.0984 2592 smsmdd (4736f44316b481eb2ead736b639a7a7f) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
18:13:11.0000 2592 smsmdd - ok
18:13:11.0031 2592 smstsmgr - ok
18:13:11.0093 2592 SNDSrvc (0d411eea92751c1ecd8453892f41e726) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
18:13:11.0140 2592 SNDSrvc - ok
18:13:11.0171 2592 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:13:11.0234 2592 Sparrow - ok
18:13:11.0281 2592 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:13:11.0312 2592 SPBBCDrv - ok
18:13:11.0406 2592 SPBBCSvc (c830007369e18a54aed23b5bb3afa2ba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
18:13:11.0484 2592 SPBBCSvc - ok
18:13:11.0640 2592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:13:11.0765 2592 splitter - ok
18:13:11.0796 2592 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:13:11.0875 2592 Spooler - ok
18:13:11.0890 2592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:13:12.0015 2592 sr - ok
18:13:12.0062 2592 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:13:12.0171 2592 srservice - ok
18:13:12.0234 2592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:13:12.0312 2592 Srv - ok
18:13:12.0343 2592 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:13:12.0375 2592 sscdbus - ok
18:13:12.0406 2592 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:13:12.0421 2592 sscdmdfl - ok
18:13:12.0437 2592 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:13:12.0468 2592 sscdmdm - ok
18:13:12.0500 2592 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
18:13:12.0515 2592 sscdserd - ok
18:13:12.0562 2592 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:13:12.0703 2592 SSDPSRV - ok
18:13:12.0734 2592 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:13:12.0859 2592 StillCam - ok
18:13:12.0906 2592 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:13:13.0062 2592 stisvc - ok
18:13:13.0093 2592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:13:13.0218 2592 streamip - ok
18:13:13.0234 2592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:13:13.0359 2592 swenum - ok
18:13:13.0375 2592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:13:13.0484 2592 swmidi - ok
18:13:13.0500 2592 SwPrv - ok
18:13:13.0718 2592 Symantec AntiVirus (8fdaadf204a4f29214da1b03342e2735) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
18:13:13.0796 2592 Symantec AntiVirus - ok
18:13:13.0937 2592 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:13:14.0046 2592 symc810 - ok
18:13:14.0062 2592 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:13:14.0187 2592 symc8xx - ok
18:13:14.0281 2592 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
18:13:14.0312 2592 SymEvent - ok
18:13:14.0328 2592 SYMIDSCO - ok
18:13:14.0343 2592 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:13:14.0359 2592 SYMREDRV - ok
18:13:14.0406 2592 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:13:14.0421 2592 SYMTDI - ok
18:13:14.0453 2592 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:13:14.0593 2592 sym_hi - ok
18:13:14.0609 2592 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:13:14.0734 2592 sym_u3 - ok
18:13:14.0781 2592 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:13:14.0812 2592 SynTP - ok
18:13:14.0843 2592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:13:14.0968 2592 sysaudio - ok
18:13:15.0015 2592 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:13:15.0125 2592 SysmonLog - ok
18:13:15.0171 2592 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:13:15.0296 2592 TapiSrv - ok
18:13:15.0343 2592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:13:15.0390 2592 Tcpip - ok
18:13:15.0421 2592 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
18:13:15.0484 2592 TcUsb - ok
18:13:15.0515 2592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:13:15.0656 2592 TDPIPE - ok
18:13:15.0687 2592 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
18:13:15.0718 2592 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
18:13:15.0718 2592 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
18:13:15.0718 2592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:13:15.0828 2592 TDTCP - ok
18:13:15.0828 2592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:13:15.0953 2592 TermDD - ok
18:13:16.0000 2592 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:13:16.0140 2592 TermService - ok
18:13:16.0171 2592 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:13:16.0187 2592 Themes - ok
18:13:16.0234 2592 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:13:16.0359 2592 TlntSvr - ok
18:13:16.0390 2592 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:13:16.0500 2592 TosIde - ok
18:13:16.0546 2592 TPHDEXLGSVC (a3552782e8d402f3aa513765d93c852d) C:\WINDOWS\system32\TPHDEXLG.EXE
18:13:16.0562 2592 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - warning
18:13:16.0562 2592 TPHDEXLGSVC - detected UnsignedFile.Multi.Generic (1)
18:13:16.0593 2592 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
18:13:16.0609 2592 TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
18:13:16.0609 2592 TPHKDRV - detected UnsignedFile.Multi.Generic (1)
18:13:16.0625 2592 TpKmpSVC (dfb268ff0a6dcb9280015ff527f892ff) C:\WINDOWS\system32\TpKmpSVC.exe
18:13:16.0718 2592 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
18:13:16.0718 2592 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
18:13:16.0750 2592 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
18:13:16.0765 2592 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
18:13:16.0765 2592 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
18:13:16.0796 2592 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:13:16.0937 2592 TrkWks - ok
18:13:16.0968 2592 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys
18:13:17.0000 2592 TrueSight ( UnsignedFile.Multi.Generic ) - warning
18:13:17.0000 2592 TrueSight - detected UnsignedFile.Multi.Generic (1)
18:13:17.0031 2592 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
18:13:17.0046 2592 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
18:13:17.0046 2592 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
18:13:17.0046 2592 TVTPktFilter - ok
18:13:17.0078 2592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:13:17.0187 2592 Udfs - ok
18:13:17.0296 2592 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:13:17.0375 2592 ultra - ok
18:13:17.0437 2592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:13:17.0578 2592 Update - ok
18:13:17.0609 2592 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:13:17.0750 2592 upnphost - ok
18:13:17.0765 2592 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:13:17.0890 2592 UPS - ok
18:13:18.0000 2592 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:13:18.0078 2592 USBAAPL - ok
18:13:18.0109 2592 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:13:18.0234 2592 usbaudio - ok
18:13:18.0281 2592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:13:18.0390 2592 usbccgp - ok
18:13:18.0421 2592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:13:18.0546 2592 usbehci - ok
18:13:18.0578 2592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:13:18.0718 2592 usbhub - ok
18:13:18.0750 2592 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:13:18.0875 2592 usbohci - ok
18:13:18.0906 2592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:13:19.0031 2592 usbprint - ok
18:13:19.0062 2592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:13:19.0187 2592 usbscan - ok
18:13:19.0218 2592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:13:19.0328 2592 USBSTOR - ok
18:13:19.0421 2592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:13:19.0531 2592 usbuhci - ok
18:13:19.0593 2592 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:13:19.0718 2592 usbvideo - ok
18:13:19.0750 2592 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
18:13:19.0875 2592 usb_rndisx - ok
18:13:19.0875 2592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:13:19.0984 2592 VgaSave - ok
18:13:20.0015 2592 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:13:20.0140 2592 viaagp - ok
18:13:20.0156 2592 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:13:20.0281 2592 ViaIde - ok
18:13:20.0312 2592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:13:20.0421 2592 VolSnap - ok
18:13:20.0531 2592 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
18:13:20.0578 2592 vsdatant - ok
18:13:20.0625 2592 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:13:20.0750 2592 VSS - ok
18:13:20.0781 2592 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:13:20.0906 2592 W32Time - ok
18:13:20.0937 2592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:13:21.0062 2592 Wanarp - ok
18:13:21.0093 2592 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:13:21.0171 2592 wceusbsh - ok
18:13:21.0203 2592 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:13:21.0234 2592 WDC_SAM - ok
18:13:21.0343 2592 WDDMService (300b4847e1157bdd7a306b18ed65a97e) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
18:13:21.0390 2592 WDDMService ( UnsignedFile.Multi.Generic ) - warning
18:13:21.0390 2592 WDDMService - detected UnsignedFile.Multi.Generic (1)
18:13:21.0453 2592 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:13:21.0500 2592 Wdf01000 - ok
18:13:21.0500 2592 WDICA - ok
18:13:21.0546 2592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:13:21.0671 2592 wdmaud - ok
18:13:21.0718 2592 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
18:13:21.0750 2592 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
18:13:21.0750 2592 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
18:13:21.0828 2592 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:13:21.0968 2592 WebClient - ok
18:13:22.0031 2592 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:13:22.0125 2592 winachsf - ok
18:13:22.0203 2592 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:13:22.0328 2592 winmgmt - ok
18:13:22.0421 2592 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
18:13:22.0531 2592 WinRM - ok
18:13:22.0578 2592 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:13:22.0671 2592 WmdmPmSN - ok
18:13:22.0734 2592 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:13:22.0781 2592 Wmi - ok
18:13:22.0859 2592 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:13:23.0000 2592 WmiApSrv - ok
18:13:23.0156 2592 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:13:23.0234 2592 WMPNetworkSvc - ok
18:13:23.0390 2592 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:13:23.0468 2592 WPFFontCache_v0400 - ok
18:13:23.0593 2592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:13:23.0734 2592 WS2IFSL - ok
18:13:23.0765 2592 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:13:23.0875 2592 wscsvc - ok
18:13:23.0890 2592 WSearch - ok
18:13:23.0984 2592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:13:24.0125 2592 WSTCODEC - ok
18:13:24.0140 2592 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:13:24.0265 2592 wuauserv - ok
18:13:24.0312 2592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:13:24.0359 2592 WudfPf - ok
18:13:24.0375 2592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:13:24.0406 2592 WudfRd - ok
18:13:24.0437 2592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:13:24.0468 2592 WudfSvc - ok
18:13:24.0562 2592 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:13:24.0671 2592 WZCSVC - ok
18:13:24.0703 2592 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:13:24.0843 2592 xmlprov - ok
18:13:24.0875 2592 MBR (0x1B8) (9ee25a1684c377f4043702db3a62f5d3) \Device\Harddisk0\DR0
18:13:25.0000 2592 \Device\Harddisk0\DR0 - ok
18:13:25.0015 2592 Boot (0x1200) (5ce2a9792ff2ce5d7bdd2e4807f32293) \Device\Harddisk0\DR0\Partition0
18:13:25.0015 2592 \Device\Harddisk0\DR0\Partition0 - ok
18:13:25.0031 2592 Boot (0x1200) (f8c23ec82b58646844ef826dfa233dc1) \Device\Harddisk0\DR0\Partition1
18:13:25.0031 2592 \Device\Harddisk0\DR0\Partition1 - ok
18:13:25.0031 2592 ============================================================
18:13:25.0031 2592 Scan finished
18:13:25.0031 2592 ============================================================
18:13:25.0140 7064 Detected object count: 48
18:13:25.0140 7064 Actual detected object count: 48
18:14:20.0953 7064 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0953 7064 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0953 7064 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0953 7064 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0953 7064 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0953 7064 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0953 7064 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0953 7064 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0968 7064 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0968 7064 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:20.0984 7064 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:20.0984 7064 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 IPSSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 IPSSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0000 7064 ShockMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0000 7064 ShockMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 Shockprf ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 Shockprf ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 smihlp ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 smihlp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0015 7064 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0015 7064 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0031 7064 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0031 7064 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:14:21.0031 7064 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
18:14:21.0031 7064 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:47.0437 4784 Deinitialize success

[LDTate]

We're seeing a new infection like this.
Is it happenning only with FireFox?

You also have 2 AV running

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

[McGolff]

No, in fact I have not seen it with FireFox, which I do use several times a day for certain sites. This is always on Internet Explorer. First noticed it happening during March Maddness when I was on the CBS Sportsline.com site. I would click on one of the bracket links and it would pop into a search ad site. It would cause two page jumps to be placed in my page history so that I couldn't just hit back page to return to where I was. I always had to use the drop down selector and go down several entries to return to the Bracket site. After that, no matter what link I selected, it would go to the correct URL...... only happened the first time into a browser session. Did not happen from Google and did not happen when I was selecting sites from history on my Home Page or from my Favorite Links. It was always a jump link inside a website that caused the redirect. Also noticed that it was not the same entries in the history ---- there was some consistency, I noticed some that repeated several different occasions. But definitely not the same one every time.

[LDTate]

Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[McGolff]

Finished Combofix. tested out a few websites without any hijacked clicks. Noticed that my login setting for this PC had been changed (Lenovo fingerprint login), tried to reset back to what it was. Big Mistake! Turns out that the VRLOGON.DLL file that was deleted was key to that particular process. On reboot, it got an error loaded that dll and the only option was a restart. Finally able to find my admin pdw and login through safe mode and turn the fingerprint stuff back off. Don't know how to put that back, since I can't seem to find it on my backup either.
Rest of system appears to be OK at the moment.
ComboFix results here:

ComboFix 12-05-01.01 - TimM 05/01/2012 9:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1783 [GMT -4:00]
Running from: c:\documents and settings\timm\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\timm\g2mdlhlpx.exe
c:\documents and settings\timm\GoToAssistDownloadHelper.exe
c:\documents and settings\timm\Local Settings\Application Data\assembly\tmp
c:\documents and settings\timm\WINDOWS
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\vrlogon.dll
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-04-25 19:08 . 2012-04-25 19:08 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2012-04-25 19:08 . 2012-04-25 19:08 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2012-04-24 20:16 . 2012-04-24 20:16 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 19:51 . 2010-11-16 14:49 249856 ------w- c:\windows\Setup1.exe
2012-04-17 19:50 . 2010-11-16 14:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-04-04 19:56 . 2010-10-04 00:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 00:47 . 2012-03-28 00:47 53248 ----a-r- c:\documents and settings\timm\Application Data\Microsoft\Installer\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}\ARPPRODUCTICON.exe
2012-03-12 10:59 . 2012-03-12 10:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-09 17:40 . 2011-06-10 03:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-12-14 12:02 . 2010-12-14 12:02 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-03-30 17:04 . 2011-08-17 13:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
1997-06-23 19:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 19:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2010-04-23 128296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-12-25 110592]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2006-09-28 125168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2011-09-06 5152096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2011-01-21 264064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-4 24576]
MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-12-13 541976]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-12-20 6144]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MRCNotify]
2011-01-21 23:02 53632 ----a-w- c:\windows\dwrcs\DWRCWXL.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-112094599-710031513-4547331-6356\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ------w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\timm\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\OraHome_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry JDE 3.7\\bin\\OsLoader.exe"=
"c:\\Program Files\\Openwave\\UPSDK411\\upsim411.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"6129:TCP"= 6129:TCP:DameWare Mini Remote Control Service
"6129:UDP"= 6129:UDP:DameWare Mini Remote Control Service
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 7:00 AM 26624]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 11:33 PM 116464]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 3:16 PM 93960]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 10:00 PM 3456]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/17/2009 11:52 AM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 10:58 AM 20480]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 7:00 AM 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/5/2012 5:06 AM 106104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [11/24/2009 12:33 AM 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [11/24/2009 12:33 AM 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [11/24/2009 12:33 AM 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [11/24/2009 12:33 AM 5888]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\DRIVERS\pwi_bus.sys --> c:\windows\system32\DRIVERS\pwi_bus.sys [?]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\DRIVERS\pwi_mdfl.sys --> c:\windows\system32\DRIVERS\pwi_mdfl.sys [?]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\DRIVERS\pwi_mdm.sys --> c:\windows\system32\DRIVERS\pwi_mdm.sys [?]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\DRIVERS\pwi_oflt.sys --> c:\windows\system32\DRIVERS\pwi_oflt.sys [?]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\pwi_serd.sys --> c:\windows\system32\DRIVERS\pwi_serd.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 4:43 PM 32408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/13/2010 11:38 AM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 2:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-05-01 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-04 16:13]
.
2012-05-01 c:\windows\Tasks\User_Feed_Synchronization-{9D1E9383-44B5-4C49-B538-132A53A62BF1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2012-05-01 c:\windows\Tasks\User_Feed_Synchronization-{A3BAA395-A096-444C-8CE3-8F1C51123C8D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: accruent.com\demoapp2v
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} - hxxp://demoapp2v.accruent.com/fps/TeeChart/teechart.cab
FF - ProfilePath - c:\documents and settings\timm\Application Data\Mozilla\Firefox\Profiles\ky1nsjzz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-01 10:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1392)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\dwrcs\DWRCWXL.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'lsass.exe'(1448)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
- - - - - - - > 'explorer.exe'(6616)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\dwrcs\DWRCS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2012-05-01 10:26:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 14:26
.
Pre-Run: 18,040,070,144 bytes free
Post-Run: 19,574,345,728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 467CE29072D06EAC6E717650D029D3C2

[LDTate]

Lets see if we can restore it.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

Dequarantine::
C:\Qoobox\Quarantine\c:\windows\system32\vrlogon.vir
Quit::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...




Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.

[LDTate]

You could also try it this way.
Go to:
C:\Qoobox\Quarantine\c:\windows\system32\vrlogon.vir <--Rename to vrlogon.dll

Copy vrlogon.dll to c:\windows\system32\

[McGolff]

Used the second method and it worked and restored that feature.
Did notice after I rebooted that while loading my home page the message at the bottom said something like "waiting for Http://zedo..............insert[Click Tracker]. it cleared before I could hit print screen to capture what it specifically said, but it definitely wasn't the site I was supposed to be waiting for....

I did try a couple of sites without any hijacking, so this may just be something that MSN.com loads every time you pass through it.

Also, as you mentioned, the autostart on CD's and USB insertion is turned off. If I choose to turn it back on later, (knowing that is the way a lot of viruses load), how do I do that?

[LDTate]

Also, as you mentioned, the autostart on CD's and USB insertion is turned off. If I choose to turn it back on later, (knowing that is the way a lot of viruses load), how do I do that?

Combofix didn't remove the autorun feature.

If they don't autoplay try this:
http://www.microsoft...ls.aspx?id=2648

Autoplay Repair Wizard
http://www.microsoft...&DisplayLang=en

http://www.moonvalle...avdc/enable.htm

Lets uninstall combofix and give it a day or two and see hjow it goes.


Good job

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.


Log looks good

• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
  Without a firewall your computer is succeptible to being hacked and taken over.
  I am very serious about this and see it happen almost every day with my clients.
  Simply using a Firewall in its default configuration can lower your risk greatly.
  
• 
  
• Securing Your Web Browser
  This paper will help you configure your web browser for safer internet surfing.
  
  
  
• Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
  
  •Free browser plug-in for Internet Explorer and Firefox
  •Real-time safety ratings
  •Ideal for Facebook, Twitter and LinkedIn
  
  
  
• JAVA Click this link and click on the Free JAVA Download
  
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  This will ensure your computer has always the latest security updates available installed on your computer.
  If there are new updates to install, install them immediately, reboot your computer, and revisit the site
  until there are no more critical updates.

Only run one Anti-Virus and Firewall program.


I would suggest you read:
PC Safety and Security--What Do I Need?.
How to Prevent Malware:


The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.
We use different ways of protecting your computer(s):

• Dynamically Blocks Malware Sites & Servers
  
• Malware Execution Prevention

Save yourself the hassle and get protected.

[McGolff]

Thanks again for all your help!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!