dielind

We seem to be blissfully virus free. Thank you for all of your advice and help - we greatly appreciate it and have taken the recommended steps to avoid being affected in the future.

Thank you again for all of your help! I uninstalled Spybot SD and also uninstalled and reinstalled firefox. Everything seems to be running normally now. Should I run any additional diagnostics?

We primarily use the Mozilla Foxfire browser, version 13.0.1 I checked and the homepage was also changed in IE but I was able to successfully change it back to google and did not experience any link redirections during my short search engine experiement. I ran RogueKiller again. The results are as follows: RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: D [Admin rights] Mode: Scan -- Date: 06/23/2012 11:08:22 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A433AD8) SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x89F0D800) SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A4658C0) SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89EA0AA8) SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x89F03B98) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A464EC0) SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A46E608) SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A16B5F8) SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A433848) SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A632D20) SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x89F10A70) SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A5DB198) SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8A5536D8) SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0x8A612198) SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A46BDF0) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A47AEF8) SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A513D90) SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8A68DA50) SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A5E0198) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A643AD0) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A479E40) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A6ECBF8) SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A46E0D0) SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A464950) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST980813ASG +++++ --- User --- [MBR] 0d20519f4697fe02675d1961fb932b3e [bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Unfortunately the computer is still redirecting webpage clicks and changing our homepage... Ran MBAM again. Here are the results: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.23.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 D :: DFT43YF1 [administrator] 6/23/2012 10:37:59 AM mbam-log-2012-06-23 (10-37-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 220790 Time elapsed: 4 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Thank you for your help. I downloaded and ran combofix 2x. I have attached the results of the second scan. ComboFix 12-06-23.05 - D 06/23/2012 9:55.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1392 [GMT -4:00] Running from: c:\documents and settings\D\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))) . . 2012-06-23 01:56 . 2012-06-23 01:56 -------- d-----w- c:\program files\ERUNT 2012-06-16 21:06 . 2012-06-16 21:06 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Sun 2012-06-15 02:55 . 2012-06-15 02:55 -------- d-----w- c:\program files\Oracle 2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- c:\documents and settings\D\Application Data\Oracle 2012-06-15 02:54 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-15 02:47 . 2012-06-15 02:47 -------- d-----w- c:\program files\Adobe Download Assistant 2012-06-13 20:49 . 2012-06-13 20:49 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Cyberlink 2012-06-06 20:47 . 2012-06-01 15:39 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-06 20:47 . 2012-06-01 15:39 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-02 03:12 . 2012-06-02 03:12 87960 ----a-r- c:\documents and settings\D\Application Data\Microsoft\Installer\{ECC01078-AC91-4A40-9F15-9D586F065CC7}\ARPPRODUCTICON.exe 2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\documents and settings\D\Local Settings\Application Data\Scholastic 2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\program files\Common Files\K-NFB Reading 2012-06-02 03:12 . 2012-06-02 03:12 -------- d-----w- c:\program files\PlayReady . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-15 02:17 . 2012-03-28 14:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-15 02:17 . 2011-07-14 11:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 19:19 . 2007-07-30 23:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19 . 2004-08-11 23:12 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 19:19 . 2004-08-11 23:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19 . 2004-08-11 23:12 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 19:19 . 2007-07-30 23:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19 . 2004-08-11 23:12 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 19:19 . 2004-08-11 23:12 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 19:19 . 2004-08-11 23:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 19:19 . 2007-07-30 23:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:19 . 2004-08-11 23:12 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 19:19 . 2004-08-11 23:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 19:18 . 2008-03-31 21:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 19:18 . 2008-03-31 21:09 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18 . 2007-07-30 23:18 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-15 15:39 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2004-08-11 23:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-10 10:40 . 2008-03-28 23:04 0 ----a-w- c:\documents and settings\D\Local Settings\Application Data\WavXMapDrive.bat 2012-05-04 23:29 . 2008-06-30 14:18 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-05-04 23:29 . 2012-01-02 01:32 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-04 13:16 . 2004-08-11 23:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2004-08-11 23:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-23 14:46 . 2004-08-11 23:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-04-23 14:46 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-04-23 14:46 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll 2012-04-04 19:56 . 2012-05-02 01:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-17 17:37 . 2012-01-05 01:40 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-30 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2007-10-08 125368] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\D\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-01-25 08:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-10-09 10:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2007-05-14 19:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS] 2006-10-16 05:31 106496 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcxtime.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-05-18 17:45 162584 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04] 2006-01-06 19:07 348160 ----a-w- c:\windows\system32\hphmon04.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-05-18 17:45 138008 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain] 2006-11-02 19:05 282624 ----a-w- c:\windows\system32\KADxMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2007-01-12 00:15 101136 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2010-05-20 20:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] 2007-01-12 00:15 101136 ----a-w- c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-05-18 17:45 138008 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostCopy] 2001-07-25 21:16 20480 ------w- c:\windows\system32\BELKIN\F5D5050\PostCopy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] 2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade] 2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2007-12-05 23:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 13:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-08-30 22:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-04-05 13:47 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] 2007-10-08 00:48 125368 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr] 2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\D\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dlbfcoms.exe"= . R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432] R2 dlbf_device;dlbf_device;c:\windows\system32\dlbfcoms.exe -service --> c:\windows\system32\dlbfcoms.exe -service [?] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/2/2012 6:10 AM 106104] S2 gupdate1c985a741df6b8;Google Update Service (gupdate1c985a741df6b8);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 10:27 PM 133104] S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [3/28/2008 7:18 PM 20160] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/28/2012 10:16 AM 257224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 10:27 PM 133104] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/30/2012 7:08 AM 113120] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/11/2011 8:09 PM 30576] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 02:17] . 2012-05-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-DFT43YF1-D.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-10-02 21:42] . 2012-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-05-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-30 07:42] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 02:27] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 02:27] . 2012-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-939076650-941321340-1201637723-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25] . 2012-05-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-939076650-941321340-1201637723-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25] . . ------- Supplementary Scan ------- . uStart Page = https://www.bankofamerica.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324 uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 FF - ProfilePath - c:\documents and settings\D\Application Data\Mozilla\Firefox\Profiles\ty86au9v.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.bankofamerica.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: browser.startup.homepage - hxxps://www.bankofamerica.com FF - user.js: browser.startup.page - 1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-23 09:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1248) c:\windows\System32\BCMLogon.dll . - - - - - - - > 'lsass.exe'(1304) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . - - - - - - - > 'explorer.exe'(2116) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-23 10:01:08 ComboFix-quarantined-files.txt 2012-06-23 14:01 ComboFix2.txt 2012-06-23 13:48 . Pre-Run: 12,913,041,408 bytes free Post-Run: 12,895,879,168 bytes free . - - End Of File - - 82D3BFDAC56472EBD30767F9CAFD903B

Thank you MrC. I ran RogueKiller again and deleted the processes, then restarted the program and ran the scan again to delete the registry entries. On the second scan, the registry entries did not show up so I went ahead with the system restore and erunt, then ran the TDSSKILLER program. The results are as follows: 21:58:13.0812 2616 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 21:58:14.0046 2616 ============================================================ 21:58:14.0046 2616 Current date / time: 2012/06/22 21:58:14.0046 21:58:14.0046 2616 SystemInfo: 21:58:14.0046 2616 21:58:14.0046 2616 OS Version: 5.1.2600 ServicePack: 3.0 21:58:14.0046 2616 Product type: Workstation 21:58:14.0046 2616 ComputerName: DFT43YF1 21:58:14.0046 2616 UserName: D 21:58:14.0046 2616 Windows directory: C:\WINDOWS 21:58:14.0046 2616 System windows directory: C:\WINDOWS 21:58:14.0046 2616 Processor architecture: Intel x86 21:58:14.0046 2616 Number of processors: 2 21:58:14.0046 2616 Page size: 0x1000 21:58:14.0046 2616 Boot type: Normal boot 21:58:14.0046 2616 ============================================================ 21:58:15.0718 2616 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:58:15.0718 2616 ============================================================ 21:58:15.0718 2616 \Device\Harddisk0\DR0: 21:58:15.0718 2616 MBR partitions: 21:58:15.0718 2616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94EAFF8 21:58:15.0718 2616 ============================================================ 21:58:15.0750 2616 C: <-> \Device\Harddisk0\DR0\Partition0 21:58:15.0750 2616 ============================================================ 21:58:15.0750 2616 Initialize success 21:58:15.0750 2616 ============================================================ 21:58:56.0171 3184 ============================================================ 21:58:56.0171 3184 Scan started 21:58:56.0171 3184 Mode: Manual; SigCheck; TDLFS; 21:58:56.0171 3184 ============================================================ 21:58:56.0421 3184 Abiosdsk - ok 21:58:56.0468 3184 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 21:58:56.0734 3184 abp480n5 - ok 21:58:56.0765 3184 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:58:56.0921 3184 ACPI - ok 21:58:56.0984 3184 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:58:57.0093 3184 ACPIEC - ok 21:58:57.0125 3184 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS 21:58:57.0187 3184 ADM8511 - ok 21:58:57.0250 3184 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:58:57.0328 3184 AdobeFlashPlayerUpdateSvc - ok 21:58:57.0359 3184 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 21:58:57.0453 3184 adpu160m - ok 21:58:57.0500 3184 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:58:57.0593 3184 aec - ok 21:58:57.0640 3184 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:58:57.0687 3184 AFD - ok 21:58:57.0718 3184 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 21:58:57.0812 3184 agp440 - ok 21:58:57.0843 3184 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 21:58:57.0937 3184 agpCPQ - ok 21:58:57.0968 3184 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 21:58:58.0046 3184 Aha154x - ok 21:58:58.0062 3184 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 21:58:58.0156 3184 aic78u2 - ok 21:58:58.0171 3184 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 21:58:58.0281 3184 aic78xx - ok 21:58:58.0312 3184 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 21:58:58.0421 3184 Alerter - ok 21:58:58.0453 3184 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 21:58:58.0562 3184 ALG - ok 21:58:58.0593 3184 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 21:58:58.0687 3184 AliIde - ok 21:58:58.0734 3184 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 21:58:58.0812 3184 alim1541 - ok 21:58:58.0812 3184 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 21:58:58.0921 3184 amdagp - ok 21:58:58.0968 3184 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 21:58:59.0015 3184 amsint - ok 21:58:59.0046 3184 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 21:58:59.0062 3184 ApfiltrService ( UnsignedFile.Multi.Generic ) - warning 21:58:59.0062 3184 ApfiltrService - detected UnsignedFile.Multi.Generic (1) 21:58:59.0109 3184 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 21:58:59.0109 3184 APPDRV ( UnsignedFile.Multi.Generic ) - warning 21:58:59.0109 3184 APPDRV - detected UnsignedFile.Multi.Generic (1) 21:58:59.0187 3184 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:58:59.0187 3184 Apple Mobile Device - ok 21:58:59.0218 3184 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 21:58:59.0343 3184 AppMgmt - ok 21:58:59.0375 3184 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:58:59.0484 3184 Arp1394 - ok 21:58:59.0500 3184 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 21:58:59.0593 3184 asc - ok 21:58:59.0609 3184 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 21:58:59.0671 3184 asc3350p - ok 21:58:59.0687 3184 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 21:58:59.0796 3184 asc3550 - ok 21:58:59.0843 3184 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe 21:58:59.0859 3184 ASFIPmon - ok 21:58:59.0937 3184 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:59:00.0015 3184 aspnet_state - ok 21:59:00.0015 3184 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:59:00.0109 3184 AsyncMac - ok 21:59:00.0156 3184 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:59:00.0234 3184 atapi - ok 21:59:00.0234 3184 Atdisk - ok 21:59:00.0250 3184 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:59:00.0343 3184 Atmarpc - ok 21:59:00.0390 3184 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 21:59:00.0484 3184 AudioSrv - ok 21:59:00.0515 3184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:59:00.0625 3184 audstub - ok 21:59:00.0656 3184 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 21:59:00.0656 3184 b57w2k ( UnsignedFile.Multi.Generic ) - warning 21:59:00.0656 3184 b57w2k - detected UnsignedFile.Multi.Generic (1) 21:59:00.0671 3184 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 21:59:00.0703 3184 BASFND ( UnsignedFile.Multi.Generic ) - warning 21:59:00.0703 3184 BASFND - detected UnsignedFile.Multi.Generic (1) 21:59:00.0750 3184 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 21:59:00.0781 3184 BCM43XX ( UnsignedFile.Multi.Generic ) - warning 21:59:00.0781 3184 BCM43XX - detected UnsignedFile.Multi.Generic (1) 21:59:00.0812 3184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:59:00.0921 3184 Beep - ok 21:59:00.0953 3184 bgsvcgen (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe 21:59:00.0984 3184 bgsvcgen ( UnsignedFile.Multi.Generic ) - warning 21:59:00.0984 3184 bgsvcgen - detected UnsignedFile.Multi.Generic (1) 21:59:01.0031 3184 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 21:59:01.0156 3184 BITS - ok 21:59:01.0281 3184 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe 21:59:01.0296 3184 Bonjour Service - ok 21:59:01.0343 3184 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 21:59:01.0437 3184 Browser - ok 21:59:01.0453 3184 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 21:59:01.0562 3184 cbidf - ok 21:59:01.0562 3184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:59:01.0656 3184 cbidf2k - ok 21:59:01.0750 3184 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe 21:59:01.0765 3184 CCALib8 ( UnsignedFile.Multi.Generic ) - warning 21:59:01.0765 3184 CCALib8 - detected UnsignedFile.Multi.Generic (1) 21:59:01.0796 3184 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:59:01.0890 3184 CCDECODE - ok 21:59:01.0968 3184 ccEvtMgr (73a35ad810cb750367cc01564a44b0e7) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 21:59:01.0968 3184 ccEvtMgr - ok 21:59:01.0984 3184 ccSetMgr (5e32d63b71495a8eda09f05bd153a537) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 21:59:02.0000 3184 ccSetMgr - ok 21:59:02.0015 3184 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 21:59:02.0062 3184 cd20xrnt - ok 21:59:02.0093 3184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:59:02.0390 3184 Cdaudio - ok 21:59:02.0421 3184 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:59:02.0578 3184 Cdfs - ok 21:59:02.0640 3184 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:59:02.0781 3184 Cdrom - ok 21:59:02.0781 3184 Changer - ok 21:59:02.0843 3184 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 21:59:02.0921 3184 CiSvc - ok 21:59:02.0968 3184 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 21:59:03.0078 3184 ClipSrv - ok 21:59:03.0156 3184 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:59:03.0218 3184 clr_optimization_v2.0.50727_32 - ok 21:59:03.0250 3184 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:59:03.0343 3184 CmBatt - ok 21:59:03.0375 3184 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 21:59:03.0484 3184 CmdIde - ok 21:59:03.0500 3184 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:59:03.0609 3184 Compbatt - ok 21:59:03.0609 3184 COMSysApp - ok 21:59:03.0625 3184 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 21:59:03.0734 3184 Cpqarray - ok 21:59:03.0781 3184 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 21:59:03.0859 3184 CryptSvc - ok 21:59:03.0890 3184 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 21:59:03.0984 3184 dac2w2k - ok 21:59:04.0015 3184 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 21:59:04.0125 3184 dac960nt - ok 21:59:04.0171 3184 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 21:59:04.0234 3184 DcomLaunch - ok 21:59:04.0312 3184 DefWatch (7f7efcc3ef73160147b27a8270b4cb9e) C:\Program Files\Symantec AntiVirus\DefWatch.exe 21:59:04.0312 3184 DefWatch - ok 21:59:04.0343 3184 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 21:59:04.0453 3184 Dhcp - ok 21:59:04.0468 3184 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:59:04.0562 3184 Disk - ok 21:59:04.0578 3184 dlbf_device - ok 21:59:04.0578 3184 dlcx_device - ok 21:59:04.0578 3184 dmadmin - ok 21:59:04.0656 3184 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:59:04.0765 3184 dmboot - ok 21:59:04.0765 3184 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:59:04.0859 3184 dmio - ok 21:59:04.0890 3184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:59:04.0984 3184 dmload - ok 21:59:05.0015 3184 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 21:59:05.0187 3184 dmserver - ok 21:59:05.0203 3184 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:59:05.0281 3184 DMusic - ok 21:59:05.0312 3184 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 21:59:05.0406 3184 Dnscache - ok 21:59:05.0437 3184 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 21:59:05.0593 3184 Dot3svc - ok 21:59:05.0671 3184 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 21:59:05.0828 3184 dot4 - ok 21:59:05.0875 3184 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys 21:59:05.0953 3184 Dot4 HPH11 - ok 21:59:05.0984 3184 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 21:59:06.0140 3184 Dot4Print - ok 21:59:06.0203 3184 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys 21:59:06.0234 3184 Dot4Print HPH11 - ok 21:59:06.0265 3184 Dot4Storage HPH11 (df0a7516e9f803c1c64796b81605495c) C:\WINDOWS\system32\Drivers\hphs2k11.sys 21:59:06.0296 3184 Dot4Storage HPH11 - ok 21:59:06.0328 3184 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys 21:59:06.0468 3184 dot4usb - ok 21:59:06.0515 3184 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys 21:59:06.0546 3184 Dot4Usb HPH11 - ok 21:59:06.0578 3184 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 21:59:06.0671 3184 dpti2o - ok 21:59:06.0687 3184 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:59:06.0765 3184 drmkaud - ok 21:59:06.0812 3184 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 21:59:06.0812 3184 DXEC01 ( UnsignedFile.Multi.Generic ) - warning 21:59:06.0812 3184 DXEC01 - detected UnsignedFile.Multi.Generic (1) 21:59:06.0843 3184 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 21:59:06.0953 3184 E100B - ok 21:59:06.0984 3184 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 21:59:07.0187 3184 EapHost - ok 21:59:07.0328 3184 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 21:59:07.0375 3184 eeCtrl - ok 21:59:07.0406 3184 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 21:59:07.0421 3184 EraserUtilRebootDrv - ok 21:59:07.0437 3184 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 21:59:07.0640 3184 ERSvc - ok 21:59:07.0718 3184 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:59:07.0765 3184 Eventlog - ok 21:59:07.0812 3184 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 21:59:07.0906 3184 EventSystem - ok 21:59:07.0937 3184 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:59:08.0156 3184 Fastfat - ok 21:59:08.0218 3184 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:59:08.0281 3184 FastUserSwitchingCompatibility - ok 21:59:08.0281 3184 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:59:08.0390 3184 Fdc - ok 21:59:08.0406 3184 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:59:08.0500 3184 Fips - ok 21:59:08.0515 3184 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:59:08.0625 3184 Flpydisk - ok 21:59:08.0656 3184 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:59:08.0750 3184 FltMgr - ok 21:59:08.0843 3184 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:59:08.0875 3184 FontCache3.0.0.0 - ok 21:59:08.0890 3184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:59:09.0015 3184 Fs_Rec - ok 21:59:09.0078 3184 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:59:09.0218 3184 Ftdisk - ok 21:59:09.0281 3184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 21:59:09.0281 3184 GEARAspiWDM - ok 21:59:09.0296 3184 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:59:09.0453 3184 Gpc - ok 21:59:09.0515 3184 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys 21:59:09.0531 3184 guardian2 ( UnsignedFile.Multi.Generic ) - warning 21:59:09.0531 3184 guardian2 - detected UnsignedFile.Multi.Generic (1) 21:59:09.0609 3184 gupdate1c985a741df6b8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 21:59:09.0625 3184 gupdate1c985a741df6b8 - ok 21:59:09.0625 3184 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 21:59:09.0640 3184 gupdatem - ok 21:59:09.0703 3184 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 21:59:09.0734 3184 gusvc - ok 21:59:09.0781 3184 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:59:09.0984 3184 HDAudBus - ok 21:59:10.0062 3184 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:59:10.0171 3184 helpsvc - ok 21:59:10.0203 3184 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 21:59:10.0296 3184 HidServ - ok 21:59:10.0328 3184 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:59:10.0421 3184 HidUsb - ok 21:59:10.0453 3184 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 21:59:10.0593 3184 hkmsvc - ok 21:59:10.0625 3184 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 21:59:10.0765 3184 hpn - ok 21:59:10.0812 3184 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 21:59:10.0843 3184 HSFHWAZL ( UnsignedFile.Multi.Generic ) - warning 21:59:10.0843 3184 HSFHWAZL - detected UnsignedFile.Multi.Generic (1) 21:59:10.0906 3184 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 21:59:10.0953 3184 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning 21:59:10.0953 3184 HSF_DPV - detected UnsignedFile.Multi.Generic (1) 21:59:11.0000 3184 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:59:11.0062 3184 HTTP - ok 21:59:11.0093 3184 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 21:59:11.0187 3184 HTTPFilter - ok 21:59:11.0234 3184 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 21:59:11.0421 3184 i2omgmt - ok 21:59:11.0468 3184 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 21:59:11.0562 3184 i2omp - ok 21:59:11.0578 3184 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:59:11.0671 3184 i8042prt - ok 21:59:11.0953 3184 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 21:59:12.0359 3184 ialm ( UnsignedFile.Multi.Generic ) - warning 21:59:12.0359 3184 ialm - detected UnsignedFile.Multi.Generic (1) 21:59:12.0453 3184 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:59:12.0500 3184 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:59:12.0500 3184 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:59:12.0656 3184 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:59:12.0875 3184 idsvc - ok 21:59:12.0953 3184 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:59:13.0062 3184 Imapi - ok 21:59:13.0093 3184 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 21:59:13.0203 3184 ImapiService - ok 21:59:13.0234 3184 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 21:59:13.0343 3184 ini910u - ok 21:59:13.0375 3184 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:59:13.0468 3184 IntelIde - ok 21:59:13.0500 3184 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:59:13.0578 3184 intelppm - ok 21:59:13.0609 3184 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:59:13.0687 3184 Ip6Fw - ok 21:59:13.0734 3184 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:59:13.0828 3184 IpFilterDriver - ok 21:59:13.0875 3184 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:59:13.0953 3184 IpInIp - ok 21:59:13.0968 3184 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:59:14.0062 3184 IpNat - ok 21:59:14.0156 3184 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe 21:59:14.0234 3184 iPod Service - ok 21:59:14.0281 3184 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:59:14.0375 3184 IPSec - ok 21:59:14.0390 3184 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:59:14.0484 3184 IRENUM - ok 21:59:14.0500 3184 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:59:14.0609 3184 isapnp - ok 21:59:14.0671 3184 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 21:59:14.0687 3184 JavaQuickStarterService - ok 21:59:14.0687 3184 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:59:14.0796 3184 Kbdclass - ok 21:59:14.0812 3184 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 21:59:14.0906 3184 kbdhid - ok 21:59:14.0937 3184 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:59:15.0015 3184 kmixer - ok 21:59:15.0062 3184 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:59:15.0125 3184 KSecDD - ok 21:59:15.0156 3184 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 21:59:15.0218 3184 lanmanserver - ok 21:59:15.0250 3184 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 21:59:15.0281 3184 lanmanworkstation - ok 21:59:15.0281 3184 lbrtfdc - ok 21:59:15.0312 3184 LHidFilt (597d79382c154cedb638a65012925a23) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 21:59:15.0312 3184 LHidFilt - ok 21:59:15.0500 3184 LiveUpdate (7c63055bfb959199eeef366bbbe56456) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 21:59:15.0812 3184 LiveUpdate - ok 21:59:15.0906 3184 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 21:59:16.0109 3184 LmHosts - ok 21:59:16.0171 3184 LMouFilt (9ead053d28182bd6acb19d5f58202194) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 21:59:16.0187 3184 LMouFilt - ok 21:59:16.0265 3184 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 21:59:16.0312 3184 MDM - ok 21:59:16.0343 3184 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 21:59:16.0375 3184 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning 21:59:16.0375 3184 mdmxsdk - detected UnsignedFile.Multi.Generic (1) 21:59:16.0406 3184 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 21:59:16.0625 3184 Messenger - ok 21:59:16.0656 3184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:59:16.0750 3184 mnmdd - ok 21:59:16.0781 3184 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 21:59:16.0890 3184 mnmsrvc - ok 21:59:16.0921 3184 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:59:17.0000 3184 Modem - ok 21:59:17.0046 3184 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:59:17.0140 3184 Mouclass - ok 21:59:17.0156 3184 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:59:17.0281 3184 mouhid - ok 21:59:17.0328 3184 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:59:17.0421 3184 MountMgr - ok 21:59:17.0468 3184 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:59:17.0546 3184 MozillaMaintenance - ok 21:59:17.0562 3184 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 21:59:17.0687 3184 mraid35x - ok 21:59:17.0718 3184 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:59:17.0843 3184 MRxDAV - ok 21:59:17.0906 3184 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:59:18.0000 3184 MRxSmb - ok 21:59:18.0062 3184 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe 21:59:18.0078 3184 MSCamSvc - ok 21:59:18.0109 3184 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:59:18.0250 3184 Msfs - ok 21:59:18.0296 3184 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys 21:59:18.0312 3184 MSHUSBVideo - ok 21:59:18.0312 3184 MSIServer - ok 21:59:18.0343 3184 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:59:18.0453 3184 MSKSSRV - ok 21:59:18.0468 3184 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:59:18.0562 3184 MSPCLOCK - ok 21:59:18.0593 3184 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:59:18.0687 3184 MSPQM - ok 21:59:18.0718 3184 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:59:18.0812 3184 mssmbios - ok 21:59:18.0843 3184 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 21:59:18.0953 3184 MSTEE - ok 21:59:19.0000 3184 Multi-user Cleanup Service (6822fb514a3b9d2348727a64f19b0100) C:\lotus\notes\ntmulti.exe 21:59:19.0031 3184 Multi-user Cleanup Service - ok 21:59:19.0078 3184 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:59:19.0125 3184 Mup - ok 21:59:19.0156 3184 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:59:19.0250 3184 NABTSFEC - ok 21:59:19.0296 3184 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 21:59:19.0437 3184 napagent - ok 21:59:19.0546 3184 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110902.002\naveng.sys 21:59:19.0562 3184 NAVENG - ok 21:59:19.0656 3184 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110902.002\navex15.sys 21:59:19.0781 3184 NAVEX15 - ok 21:59:19.0906 3184 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:59:20.0000 3184 NDIS - ok 21:59:20.0046 3184 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:59:20.0140 3184 NdisIP - ok 21:59:20.0171 3184 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:59:20.0218 3184 NdisTapi - ok 21:59:20.0250 3184 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:59:20.0359 3184 Ndisuio - ok 21:59:20.0375 3184 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:59:20.0484 3184 NdisWan - ok 21:59:20.0515 3184 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:59:20.0562 3184 NDProxy - ok 21:59:20.0578 3184 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:59:20.0671 3184 NetBIOS - ok 21:59:20.0718 3184 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:59:20.0812 3184 NetBT - ok 21:59:20.0843 3184 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:59:21.0031 3184 NetDDE - ok 21:59:21.0031 3184 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:59:21.0109 3184 NetDDEdsdm - ok 21:59:21.0171 3184 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:59:21.0281 3184 Netlogon - ok 21:59:21.0312 3184 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 21:59:21.0406 3184 Netman - ok 21:59:21.0500 3184 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:59:21.0531 3184 NetTcpPortSharing - ok 21:59:21.0546 3184 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 21:59:21.0656 3184 NIC1394 - ok 21:59:21.0750 3184 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe 21:59:21.0781 3184 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning 21:59:21.0781 3184 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1) 21:59:21.0828 3184 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 21:59:21.0859 3184 Nla - ok 21:59:21.0875 3184 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:59:21.0984 3184 Npfs - ok 21:59:22.0031 3184 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:59:22.0140 3184 Ntfs - ok 21:59:22.0171 3184 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:59:22.0343 3184 NtLmSsp - ok 21:59:22.0421 3184 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 21:59:22.0562 3184 NtmsSvc - ok 21:59:22.0593 3184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:59:22.0703 3184 Null - ok 21:59:22.0812 3184 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 21:59:23.0015 3184 nv - ok 21:59:23.0125 3184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:59:23.0234 3184 NwlnkFlt - ok 21:59:23.0250 3184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:59:23.0343 3184 NwlnkFwd - ok 21:59:23.0375 3184 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 21:59:23.0484 3184 ohci1394 - ok 21:59:23.0546 3184 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:59:23.0562 3184 ose - ok 21:59:23.0578 3184 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 21:59:23.0671 3184 Parport - ok 21:59:23.0687 3184 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:59:23.0781 3184 PartMgr - ok 21:59:23.0812 3184 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:59:23.0921 3184 ParVdm - ok 21:59:23.0953 3184 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 21:59:23.0953 3184 PBADRV - ok 21:59:23.0968 3184 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:59:24.0062 3184 PCI - ok 21:59:24.0062 3184 PCIDump - ok 21:59:24.0093 3184 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:59:24.0203 3184 PCIIde - ok 21:59:24.0234 3184 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 21:59:24.0343 3184 Pcmcia - ok 21:59:24.0343 3184 PDCOMP - ok 21:59:24.0343 3184 PDFRAME - ok 21:59:24.0359 3184 PDRELI - ok 21:59:24.0359 3184 PDRFRAME - ok 21:59:24.0390 3184 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 21:59:24.0468 3184 perc2 - ok 21:59:24.0515 3184 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 21:59:24.0593 3184 perc2hib - ok 21:59:24.0640 3184 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:59:24.0656 3184 PlugPlay - ok 21:59:24.0703 3184 Pml Driver HPH11 (0d337e0cf7041c5f538b27c2f86e48bf) C:\WINDOWS\system32\HPHipm11.exe 21:59:24.0750 3184 Pml Driver HPH11 - ok 21:59:24.0781 3184 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:59:24.0859 3184 PolicyAgent - ok 21:59:24.0875 3184 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:59:24.0984 3184 PptpMiniport - ok 21:59:24.0984 3184 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:59:25.0062 3184 ProtectedStorage - ok 21:59:25.0078 3184 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:59:25.0171 3184 PSched - ok 21:59:25.0203 3184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:59:25.0312 3184 Ptilink - ok 21:59:25.0343 3184 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:59:25.0343 3184 PxHelp20 - ok 21:59:25.0375 3184 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 21:59:25.0468 3184 ql1080 - ok 21:59:25.0468 3184 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 21:59:25.0546 3184 Ql10wnt - ok 21:59:25.0578 3184 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 21:59:25.0656 3184 ql12160 - ok 21:59:25.0687 3184 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 21:59:25.0765 3184 ql1240 - ok 21:59:25.0796 3184 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 21:59:25.0890 3184 ql1280 - ok 21:59:25.0921 3184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:59:26.0000 3184 RasAcd - ok 21:59:26.0015 3184 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 21:59:26.0140 3184 RasAuto - ok 21:59:26.0156 3184 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:59:26.0234 3184 Rasl2tp - ok 21:59:26.0281 3184 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 21:59:26.0375 3184 RasMan - ok 21:59:26.0375 3184 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:59:26.0468 3184 RasPppoe - ok 21:59:26.0500 3184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:59:26.0593 3184 Raspti - ok 21:59:26.0625 3184 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:59:26.0718 3184 Rdbss - ok 21:59:26.0765 3184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:59:26.0859 3184 RDPCDD - ok 21:59:26.0890 3184 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:59:26.0984 3184 rdpdr - ok 21:59:27.0046 3184 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 21:59:27.0093 3184 RDPWD - ok 21:59:27.0125 3184 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 21:59:27.0281 3184 RDSessMgr - ok 21:59:27.0328 3184 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:59:27.0421 3184 redbook - ok 21:59:27.0453 3184 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 21:59:27.0562 3184 RemoteAccess - ok 21:59:27.0593 3184 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 21:59:27.0687 3184 RemoteRegistry - ok 21:59:27.0718 3184 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 21:59:27.0812 3184 RpcLocator - ok 21:59:27.0859 3184 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 21:59:27.0906 3184 RpcSs - ok 21:59:27.0953 3184 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 21:59:28.0062 3184 RSVP - ok 21:59:28.0093 3184 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:59:28.0171 3184 SamSs - ok 21:59:28.0234 3184 SavRoam (92554f1d5037033146501f72c74b4d9f) C:\Program Files\Symantec AntiVirus\SavRoam.exe 21:59:28.0265 3184 SavRoam - ok 21:59:28.0296 3184 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys 21:59:28.0328 3184 SAVRT - ok 21:59:28.0343 3184 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 21:59:28.0359 3184 SAVRTPEL - ok 21:59:28.0390 3184 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 21:59:28.0500 3184 SCardSvr - ok 21:59:28.0531 3184 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 21:59:28.0640 3184 Schedule - ok 21:59:28.0687 3184 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:59:28.0781 3184 Secdrv - ok 21:59:28.0828 3184 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 21:59:28.0921 3184 seclogon - ok 21:59:29.0000 3184 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe 21:59:29.0078 3184 SecureStorageService ( UnsignedFile.Multi.Generic ) - warning 21:59:29.0078 3184 SecureStorageService - detected UnsignedFile.Multi.Generic (1) 21:59:29.0109 3184 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 21:59:29.0203 3184 SENS - ok 21:59:29.0234 3184 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:59:29.0312 3184 serenum - ok 21:59:29.0328 3184 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 21:59:29.0437 3184 Serial - ok 21:59:29.0468 3184 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 21:59:29.0578 3184 Sfloppy - ok 21:59:29.0625 3184 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 21:59:29.0718 3184 SharedAccess - ok 21:59:29.0765 3184 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:59:29.0796 3184 ShellHWDetection - ok 21:59:29.0796 3184 Simbad - ok 21:59:29.0828 3184 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 21:59:29.0937 3184 sisagp - ok 21:59:29.0968 3184 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:59:30.0062 3184 SLIP - ok 21:59:30.0140 3184 SNDSrvc (213c7eb70a762afdbb095e3535e8545c) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 21:59:30.0187 3184 SNDSrvc - ok 21:59:30.0218 3184 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 21:59:30.0281 3184 Sparrow - ok 21:59:30.0328 3184 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 21:59:30.0359 3184 SPBBCDrv - ok 21:59:30.0437 3184 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 21:59:30.0484 3184 SPBBCSvc - ok 21:59:30.0593 3184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:59:30.0687 3184 splitter - ok 21:59:30.0734 3184 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 21:59:30.0781 3184 Spooler - ok 21:59:30.0812 3184 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:59:30.0906 3184 sr - ok 21:59:30.0953 3184 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 21:59:31.0062 3184 srservice - ok 21:59:31.0109 3184 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:59:31.0171 3184 Srv - ok 21:59:31.0203 3184 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 21:59:31.0296 3184 SSDPSRV - ok 21:59:31.0343 3184 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe 21:59:31.0359 3184 STacSV ( UnsignedFile.Multi.Generic ) - warning 21:59:31.0359 3184 STacSV - detected UnsignedFile.Multi.Generic (1) 21:59:31.0453 3184 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 21:59:31.0500 3184 STHDA ( UnsignedFile.Multi.Generic ) - warning 21:59:31.0500 3184 STHDA - detected UnsignedFile.Multi.Generic (1) 21:59:31.0546 3184 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 21:59:31.0671 3184 stisvc - ok 21:59:31.0718 3184 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:59:31.0812 3184 streamip - ok 21:59:31.0843 3184 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:59:31.0937 3184 swenum - ok 21:59:32.0109 3184 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 21:59:32.0250 3184 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 21:59:32.0250 3184 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 21:59:32.0281 3184 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:59:32.0375 3184 swmidi - ok 21:59:32.0375 3184 SwPrv - ok 21:59:32.0515 3184 Symantec AntiVirus (7ac1fccc7976857aac3906d45a81d77b) C:\Program Files\Symantec AntiVirus\Rtvscan.exe 21:59:32.0671 3184 Symantec AntiVirus - ok 21:59:32.0781 3184 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 21:59:32.0875 3184 symc810 - ok 21:59:32.0890 3184 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 21:59:33.0000 3184 symc8xx - ok 21:59:33.0046 3184 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 21:59:33.0062 3184 SymEvent - ok 21:59:33.0078 3184 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 21:59:33.0078 3184 SYMREDRV - ok 21:59:33.0093 3184 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 21:59:33.0109 3184 SYMTDI - ok 21:59:33.0140 3184 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 21:59:33.0234 3184 sym_hi - ok 21:59:33.0250 3184 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 21:59:33.0359 3184 sym_u3 - ok 21:59:33.0390 3184 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:59:33.0500 3184 sysaudio - ok 21:59:33.0531 3184 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 21:59:33.0625 3184 SysmonLog - ok 21:59:33.0656 3184 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 21:59:33.0765 3184 TapiSrv - ok 21:59:33.0812 3184 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:59:33.0828 3184 Tcpip - ok 21:59:33.0968 3184 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe 21:59:34.0015 3184 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning 21:59:34.0015 3184 tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1) 21:59:34.0093 3184 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe 21:59:34.0125 3184 TdmService ( UnsignedFile.Multi.Generic ) - warning 21:59:34.0125 3184 TdmService - detected UnsignedFile.Multi.Generic (1) 21:59:34.0250 3184 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:59:34.0343 3184 TDPIPE - ok 21:59:34.0375 3184 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:59:34.0468 3184 TDTCP - ok 21:59:34.0484 3184 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:59:34.0578 3184 TermDD - ok 21:59:34.0625 3184 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 21:59:34.0734 3184 TermService - ok 21:59:34.0765 3184 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:59:34.0781 3184 Themes - ok 21:59:34.0812 3184 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 21:59:34.0968 3184 TlntSvr - ok 21:59:35.0000 3184 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys 21:59:35.0015 3184 toshidpt ( UnsignedFile.Multi.Generic ) - warning 21:59:35.0015 3184 toshidpt - detected UnsignedFile.Multi.Generic (1) 21:59:35.0046 3184 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 21:59:35.0125 3184 TosIde - ok 21:59:35.0156 3184 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys 21:59:35.0171 3184 tosporte ( UnsignedFile.Multi.Generic ) - warning 21:59:35.0171 3184 tosporte - detected UnsignedFile.Multi.Generic (1) 21:59:35.0203 3184 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 21:59:35.0218 3184 tosrfbd ( UnsignedFile.Multi.Generic ) - warning 21:59:35.0218 3184 tosrfbd - detected UnsignedFile.Multi.Generic (1) 21:59:35.0250 3184 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 21:59:35.0250 3184 tosrfbnp ( UnsignedFile.Multi.Generic ) - warning 21:59:35.0250 3184 tosrfbnp - detected UnsignedFile.Multi.Generic (1) 21:59:35.0281 3184 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys 21:59:35.0296 3184 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning 21:59:35.0296 3184 Tosrfcom - detected UnsignedFile.Multi.Generic (1) 21:59:35.0328 3184 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 21:59:35.0359 3184 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning 21:59:35.0359 3184 Tosrfhid - detected UnsignedFile.Multi.Generic (1) 21:59:35.0375 3184 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 21:59:35.0406 3184 tosrfnds ( UnsignedFile.Multi.Generic ) - warning 21:59:35.0406 3184 tosrfnds - detected UnsignedFile.Multi.Generic (1) 21:59:35.0421 3184 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 21:59:35.0437 3184 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning 21:59:35.0437 3184 Tosrfusb - detected UnsignedFile.Multi.Generic (1) 21:59:35.0468 3184 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 21:59:35.0578 3184 TrkWks - ok 21:59:35.0593 3184 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:59:35.0687 3184 Udfs - ok 21:59:35.0734 3184 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 21:59:35.0796 3184 ultra - ok 21:59:35.0843 3184 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:59:35.0921 3184 Update - ok 21:59:35.0968 3184 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 21:59:36.0093 3184 upnphost - ok 21:59:36.0109 3184 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 21:59:36.0218 3184 UPS - ok 21:59:36.0250 3184 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 21:59:36.0328 3184 USBAAPL - ok 21:59:36.0359 3184 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 21:59:36.0453 3184 usbaudio - ok 21:59:36.0484 3184 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:59:36.0593 3184 usbccgp - ok 21:59:36.0625 3184 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:59:36.0703 3184 usbehci - ok 21:59:36.0718 3184 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:59:36.0812 3184 usbhub - ok 21:59:36.0843 3184 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:59:36.0937 3184 usbprint - ok 21:59:36.0968 3184 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:59:37.0046 3184 usbscan - ok 21:59:37.0062 3184 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:59:37.0140 3184 USBSTOR - ok 21:59:37.0156 3184 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:59:37.0234 3184 usbuhci - ok 21:59:37.0265 3184 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 21:59:37.0359 3184 usbvideo - ok 21:59:37.0375 3184 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:59:37.0468 3184 VgaSave - ok 21:59:37.0515 3184 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 21:59:37.0593 3184 viaagp - ok 21:59:37.0625 3184 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 21:59:37.0718 3184 ViaIde - ok 21:59:37.0734 3184 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:59:37.0812 3184 VolSnap - ok 21:59:37.0859 3184 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 21:59:37.0968 3184 VSS - ok 21:59:37.0984 3184 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 21:59:38.0109 3184 w32time - ok 21:59:38.0140 3184 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:59:38.0218 3184 Wanarp - ok 21:59:38.0218 3184 Wave UCSPlus - ok 21:59:38.0343 3184 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe 21:59:38.0390 3184 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - warning 21:59:38.0390 3184 WaveEnrollmentService - detected UnsignedFile.Multi.Generic (1) 21:59:38.0437 3184 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 21:59:38.0453 3184 WaveFDE ( UnsignedFile.Multi.Generic ) - warning 21:59:38.0453 3184 WaveFDE - detected UnsignedFile.Multi.Generic (1) 21:59:38.0484 3184 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 21:59:38.0500 3184 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning 21:59:38.0500 3184 WavxDMgr - detected UnsignedFile.Multi.Generic (1) 21:59:38.0531 3184 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 21:59:38.0546 3184 Wdf01000 - ok 21:59:38.0562 3184 WDICA - ok 21:59:38.0578 3184 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:59:38.0687 3184 wdmaud - ok 21:59:38.0718 3184 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 21:59:38.0812 3184 WebClient - ok 21:59:38.0906 3184 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 21:59:38.0953 3184 winachsf ( UnsignedFile.Multi.Generic ) - warning 21:59:38.0953 3184 winachsf - detected UnsignedFile.Multi.Generic (1) 21:59:39.0000 3184 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:59:39.0109 3184 winmgmt - ok 21:59:39.0109 3184 wltrysvc - ok 21:59:39.0140 3184 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:59:39.0203 3184 WmdmPmSN - ok 21:59:39.0250 3184 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 21:59:39.0312 3184 Wmi - ok 21:59:39.0375 3184 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 21:59:39.0468 3184 WmiAcpi - ok 21:59:39.0500 3184 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:59:39.0625 3184 WmiApSrv - ok 21:59:39.0734 3184 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 21:59:39.0843 3184 WMPNetworkSvc - ok 21:59:39.0890 3184 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 21:59:39.0984 3184 wscsvc - ok 21:59:40.0031 3184 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 21:59:40.0125 3184 WSTCODEC - ok 21:59:40.0156 3184 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 21:59:40.0250 3184 wuauserv - ok 21:59:40.0265 3184 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:59:40.0328 3184 WudfPf - ok 21:59:40.0343 3184 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:59:40.0375 3184 WudfRd - ok 21:59:40.0390 3184 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:59:40.0437 3184 WudfSvc - ok 21:59:40.0484 3184 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 21:59:40.0625 3184 WZCSVC - ok 21:59:40.0640 3184 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 21:59:40.0781 3184 xmlprov - ok 21:59:40.0796 3184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 21:59:41.0218 3184 \Device\Harddisk0\DR0 - ok 21:59:41.0250 3184 Boot (0x1200) (bc30ec154761c164ee51f69bb07f7e3a) \Device\Harddisk0\DR0\Partition0 21:59:41.0250 3184 \Device\Harddisk0\DR0\Partition0 - ok 21:59:41.0250 3184 ============================================================ 21:59:41.0250 3184 Scan finished 21:59:41.0250 3184 ============================================================ 21:59:41.0359 0844 Detected object count: 33 21:59:41.0359 0844 Actual detected object count: 33 22:02:12.0609 0844 ApfiltrService ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0609 0844 ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0609 0844 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0609 0844 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0609 0844 b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0609 0844 b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0609 0844 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0609 0844 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0609 0844 BCM43XX ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0609 0844 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0625 0844 bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0625 0844 bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0625 0844 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0625 0844 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0625 0844 DXEC01 ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0625 0844 DXEC01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0625 0844 guardian2 ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0625 0844 guardian2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0625 0844 HSFHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0625 0844 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0625 0844 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0625 0844 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0625 0844 ialm ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0625 0844 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0640 0844 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0640 0844 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0640 0844 mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0640 0844 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0640 0844 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0640 0844 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0640 0844 SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0640 0844 SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0640 0844 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0640 0844 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0640 0844 STHDA ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0640 0844 STHDA ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 TdmService ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 TdmService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0656 0844 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0656 0844 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0671 0844 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0671 0844 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0671 0844 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0671 0844 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0671 0844 WaveFDE ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0671 0844 WaveFDE ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0671 0844 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0671 0844 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:02:12.0671 0844 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user 22:02:12.0671 0844 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip

Thank you for your time! The first time I tried to run the program windows explorer crashed part way through... this is results of the second scan: RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: D [Admin rights] Mode: Scan -- Date: 06/22/2012 21:32:43 ¤¤¤ Bad processes: 3 ¤¤¤ [sUSP PATH] qwxktqbm.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll -> UNLOADED [sUSP PATH] qwxktqbm.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll -> KILLED [TermProc] [sUSP PATH] ivnabfndt.dll -- C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll -> KILLED [TermProc] ¤¤¤ Registry Entries: 12 ¤¤¤ [bLACKLIST DLL] HKCU\[...]\Run : Cyberlink (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll",AllocatePfxEngineClient) -> FOUND [bLACKLIST DLL] HKCU\[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-19_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-20_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005[...]\Run : Cyberlink (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Cyberlink\qwxktqbm.dll",AllocatePfxEngineClient) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-21-939076650-941321340-1201637723-1005_Classes[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Ares (rundll32.exe "C:\Documents and Settings\D\Local Settings\Application Data\Google\Ares\ivnabfndt.dll",CreateInstance) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A660648) SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A5EB008) SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A6677E0) SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A6537D8) SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x8A670EB0) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A66A9F8) SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A582E50) SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A675550) SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A65E340) SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A0F72C0) SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x8A66C6B8) SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A5ED9A8) SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8A6E7008) SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0x8A0E8038) SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A5ED120) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A7638E0) SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A7FE7E0) SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8A5E8008) SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A0ED350) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A7A7008) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A5ED838) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A7626F0) SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A569770) SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A663DA0) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.1001-search.info 127.0.0.1 1001-search.info 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.123topsearch.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST980813ASG +++++ --- User --- [MBR] 0d20519f4697fe02675d1961fb932b3e [bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

My computer is infected with some virus or malware. We started noticing that our homepage kept changing a few months ago. We couldn't seem to get the computer to save our preferred page (google). Now our searches occasionally get rerouted to random other pages when we click on links. I have included the dds and attach logs. Any help would be greatly appreciated! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1 Run by D at 19:40:20 on 2012-06-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.804 [GMT -4:00] . AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\dlbfcoms.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\lotus\notes\ntmulti.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.bankofamerica.com uSearch Page = hxxp://www.google.com uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324 uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080324 uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [AdobeBridge] uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Cyberlink] rundll32.exe "c:\documents and settings\d\local settings\application data\cyberlink\qwxktqbm.dll",AllocatePfxEngineClient uRun: [Ares] rundll32.exe "c:\documents and settings\d\local settings\application data\google\ares\ivnabfndt.dll",CreateInstance uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [Ares] rundll32.exe "c:\documents and settings\d\local settings\application data\google\ares\ivnabfndt.dll",CreateInstance dRunOnce: [RunNarrator] Narrator.exe IE: Add to Google Photos Screensa&ver IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206748501763 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\d\application data\mozilla\firefox\profiles\ty86au9v.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.bankofamerica.com FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: browser.startup.homepage - hxxps://www.bankofamerica.com FF - user.js: browser.startup.page - 1 . ============= SERVICES / DRIVERS =============== . R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576] R2 dlbf_device;dlbf_device;c:\windows\system32\dlbfcoms.exe -service --> c:\windows\system32\dlbfcoms.exe -service [?] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-2 106104] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110902.002\naveng.sys [2011-9-2 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110902.002\navex15.sys [2011-9-2 1576312] S2 gupdate1c985a741df6b8;Google Update Service (gupdate1c985a741df6b8);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104] S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2008-3-28 20160] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 257224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 113120] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-2-11 30576] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648] . =============== Created Last 30 ================ . 2012-06-16 21:06:10 -------- d-----w- c:\documents and settings\d\local settings\application data\Sun 2012-06-15 02:55:29 -------- d-----w- c:\program files\Oracle 2012-06-15 02:54:33 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-15 02:47:54 -------- d-----w- c:\program files\Adobe Download Assistant 2012-06-13 20:49:43 -------- d-----w- c:\documents and settings\d\local settings\application data\Cyberlink 2012-06-06 20:47:05 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-06 20:47:05 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-02 03:12:48 87960 ----a-r- c:\documents and settings\d\application data\microsoft\installer\{ecc01078-ac91-4a40-9f15-9d586f065cc7}\ARPPRODUCTICON.exe 2012-06-02 03:12:31 -------- d-----w- c:\documents and settings\d\local settings\application data\Scholastic 2012-06-02 03:12:09 -------- d-----w- c:\program files\common files\K-NFB Reading 2012-06-02 03:12:02 -------- d-----w- c:\program files\PlayReady . ==================== Find3M ==================== . 2012-06-15 02:17:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-15 02:17:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-04 23:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-04-23 14:46:47 17408 ------w- c:\windows\system32\corpol.dll 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 19:42:12.89 =============== attach.txt