MorrisNTex

Possible Infection? A/V install issues

14 posts in this topic

Oops... Previously posted in the wrong (general) forum.

Didn't think about HJT Log first time either...

Hi,

I have a Win7 Pro 32 bit computer that the Symantec Endpoint security had quit updating in Mid-May. I tried fixing those issues and in the process completely uninstalled the product. Now I am unable to install the Symantec Corporate A/V product and Malware Bytes would not install until I renamed the download, which I downloaded yesterday. I ran 2 full scans that came back clean. I then downloaded Super Anti-Spyware then installed it without any problems, updated it and ran a full scan, it only found some unsavory tracking cookies. This morning I downloaded, installed and updated AVG without any problems then ran a full scan twice, both came back clean.

I don't use this computer much, mostly for testing some of our apps for compatibility issues since we're still 99% XP.

What makes me think I may have some type of malware infection is that Malware Bytes wouldn't install until I renamed the install file and I still can't get the Endpoint security to install. It gets to around 80-85% then "rolls back" and reports that it was interrupted before completion.

I'm fishing for some ideas here. The "self-Help" areas of Symantec suggest an infection first then some other deeper technical problems next. I want to rule out for sure this computer doesn't have a malware infection.

After doing a little research I've read where TDL-4 is very hard to detect and quite stealthy. Which detection tool would you recommend?

Thanks

Joey

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:50:24 PM, on 8/11/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Winamp\winampa.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Joey.ABSTRACT\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Installs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_s480g&r=170503114004p2429u395467417433

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_s480g&r=170503114004p2429u395467417433

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_s480g&r=170503114004p2429u395467417433

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_s480g&r=170503114004p2429u395467417433

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe

O4 - HKLM\..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe

O4 - HKLM\..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe

O4 - HKLM\..\Run: [secureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"

O4 - HKLM\..\Run: [WavXMgr] "C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe"

O4 - HKLM\..\Run: [EmbassySecurityCheck] ";C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [Google Update] "C:\Users\Joey.ABSTRACT\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = abstract.wtabstract.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{108BADAA-61EA-472E-A849-8C9D5612E01A}: NameServer = 192.168.1.235

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = abstract.wtabstract.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{108BADAA-61EA-472E-A849-8C9D5612E01A}: NameServer = 192.168.1.235

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = abstract.wtabstract.com

O17 - HKLM\System\CS2\Services\Tcpip\..\{108BADAA-61EA-472E-A849-8C9D5612E01A}: NameServer = 192.168.1.235

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Acer SmartBoot Service (ASLSvc) - Acer Incorporated - C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 9710 bytes

Share this post


Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Share this post


Link to post
Share on other sites

Elise025,

Thank you for your reply and your time assisting me with this. I finally had a chance to get back to this today. Did you wish to see the "attach.txt" file also?

Thanks

Joey

DDS.zip

Share this post


Link to post
Share on other sites

Hello again,

Yes, please post me also attach.txt (you can just paste the log into the reply box).

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

I crossed paths with a tech buddy on Friday and we often compare notes on issues we run into. I told him about the weird problem I had on this computer and he also is a firm believer/user of Malwarebytes. He felt also that I may have some type of Malware on it. I just think it kinda odd since I don't use this computer very much. I know though that these things happen...

The "attach.txt" results below. I will download and run the TDS Killer in just a moment.

-----------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 3/1/2011 4:56:59 PM

System Uptime: 8/16/2011 8:56:38 AM (4 hours ago)

.

Motherboard: Acer | | Veriton M480

Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 2499/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 129 GiB total, 94.759 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&41F0058&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&41F0058&0

Service: i8042prt

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_436B&SUBSYS_76071025&REV_16\4&33CD8BE4&0&00E1

Manufacturer: Marvell

Name: Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_436B&SUBSYS_76071025&REV_16\4&33CD8BE4&0&00E1

Service: yukonw7

.

==== System Restore Points ===================

.

RP56: 7/19/2011 12:31:58 PM - Scheduled Checkpoint

RP57: 7/19/2011 5:57:45 PM - Windows Update

RP58: 7/28/2011 9:27:02 AM - Scheduled Checkpoint

RP59: 8/8/2011 9:27:30 AM - Scheduled Checkpoint

RP60: 8/9/2011 4:10:48 PM - Removed Symantec Endpoint Protection Small Business Edition.

RP61: 8/9/2011 5:03:41 PM - Installed Symantec Endpoint Protection Small Business Edition.

RP62: 8/9/2011 5:10:35 PM - Installed Symantec Endpoint Protection Small Business Edition.

RP63: 8/9/2011 5:21:02 PM - Installed Symantec Endpoint Protection Small Business Edition.

RP64: 8/9/2011 5:31:29 PM - Installed Symantec Endpoint Protection Small Business Edition.

RP65: 8/10/2011 10:46:46 AM - Installed Symantec Endpoint Protection Small Business Edition.

RP66: 8/10/2011 4:32:43 PM - Windows Update

RP67: 8/10/2011 5:06:49 PM - Installed Symantec Endpoint Protection Small Business Edition.

RP68: 8/11/2011 9:41:23 AM - Installed AVG 2011

RP69: 8/11/2011 9:41:40 AM - Installed AVG 2011

RP70: 8/12/2011 9:03:30 AM - Windows Update

.

==== Installed Programs ======================

.

Acer Assist

Acer Backup Manager

Acer eLock Management

Acer eRecovery Management

Acer eSettings Management

Acer Framework

Acer PowerSaver

Acer QuickMigration

Acer Registration

Acer ScreenSaver

Acer SmartBoot

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.0)

Advertising Center

AuthenTec Fingerprint Sensor Minimum Install

AVG 2011

Backup Manager Advance

Brava! Reader 7.0

Complete Closing Enteprise Client Tools

CyberLink PowerDVD 8

EMBASSY Security Center Lite

EMBASSY Security Setup

Embassy Trust Suite - Acer Edition

ESC Home Page Plugin

eSobi v2

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Identity Card

ImagXpress

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Intel® Matrix Storage Manager

IZArc 4.1.6

Malwarebytes' Anti-Malware version 1.51.1.1800

Marvell Management Configuration

Microsoft .NET Framework 4 Client Profile

Microsoft Office Standard Edition 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 5.0 (x86 en-US)

Mozilla Thunderbird (3.1.11)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Notepad++

NVIDIA Drivers

Paint Shop Pro 7

PaperVision Document Viewer Controls

PDFCreator

Private Information Manager

Realtek High Definition Audio Driver

Secure Update

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Simple Adblock

SUPERAntiSpyware

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

upekmsi

Veriton ControlCenter

Wave Infrastructure Installer

Wave Support Software

Welcome Center

Winamp

Winamp Detector Plug-in

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/16/2011 8:56:57 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

8/16/2011 8:56:53 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

8/16/2011 8:56:52 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ABSTRACT due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

8/12/2011 9:06:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).

8/12/2011 9:06:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2533523).

8/10/2011 9:23:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

8/10/2011 9:22:55 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/10/2011 9:22:40 AM, Error: Service Control Manager [7034] - The GRegService service terminated unexpectedly. It has done this 1 time(s).

8/10/2011 9:22:06 AM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s).

8/10/2011 9:15:20 AM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\abstract.wtabstract.com\sysvol\abstract.wtabstract.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.

8/10/2011 9:15:01 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

8/10/2011 5:19:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/10/2011 5:18:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/10/2011 5:18:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/10/2011 5:18:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/10/2011 5:18:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/10/2011 5:18:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/10/2011 5:13:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

8/10/2011 5:13:12 PM, Error: Service Control Manager [7001] - The Net.Msmq Listener Adapter service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.

8/10/2011 4:59:48 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Well, I guess I'll have to wait until I get off work and download the TDS Killer utility from home. For some reason the Trend Micro content filter/virus block on the firewall is not allowing me to download this. I have tried several work-arounds without actually disabling the filter to no avail.

Share this post


Link to post
Share on other sites

Okay, please take your time. If you continue to have trouble with it, just let me know. :)

Share this post


Link to post
Share on other sites

Hi Elise025,

Well I got the TDS Killer tool downloaded and moved over to the computer in question then ran it.

Scan came back clean.

Here is the log file from that scan:

2011/08/17 11:14:27.0065 5184 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13

2011/08/17 11:14:27.0751 5184 ================================================================================

2011/08/17 11:14:27.0751 5184 SystemInfo:

2011/08/17 11:14:27.0751 5184

2011/08/17 11:14:27.0751 5184 OS Version: 6.1.7601 ServicePack: 1.0

2011/08/17 11:14:27.0751 5184 Product type: Workstation

2011/08/17 11:14:27.0751 5184 ComputerName: JOEY-PC

2011/08/17 11:14:27.0751 5184 UserName: Joey

2011/08/17 11:14:27.0751 5184 Windows directory: C:\Windows

2011/08/17 11:14:27.0751 5184 System windows directory: C:\Windows

2011/08/17 11:14:27.0751 5184 Processor architecture: Intel x86

2011/08/17 11:14:27.0751 5184 Number of processors: 4

2011/08/17 11:14:27.0751 5184 Page size: 0x1000

2011/08/17 11:14:27.0751 5184 Boot type: Normal boot

2011/08/17 11:14:27.0751 5184 ================================================================================

2011/08/17 11:14:28.0032 5184 Initialize success

2011/08/17 11:15:24.0854 0420 ================================================================================

2011/08/17 11:15:24.0854 0420 Scan started

2011/08/17 11:15:24.0854 0420 Mode: Manual;

2011/08/17 11:15:24.0854 0420 ================================================================================

2011/08/17 11:15:25.0322 0420 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/08/17 11:15:25.0415 0420 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/08/17 11:15:25.0509 0420 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/08/17 11:15:25.0649 0420 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/17 11:15:25.0774 0420 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/17 11:15:25.0868 0420 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/17 11:15:25.0993 0420 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/08/17 11:15:26.0086 0420 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/08/17 11:15:26.0195 0420 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/08/17 11:15:26.0305 0420 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/08/17 11:15:26.0398 0420 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/08/17 11:15:26.0492 0420 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/08/17 11:15:26.0585 0420 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/17 11:15:26.0679 0420 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/17 11:15:26.0788 0420 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/08/17 11:15:26.0882 0420 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/17 11:15:26.0960 0420 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/08/17 11:15:27.0147 0420 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/08/17 11:15:27.0256 0420 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/08/17 11:15:27.0350 0420 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/17 11:15:27.0459 0420 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/17 11:15:27.0553 0420 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/08/17 11:15:27.0693 0420 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

2011/08/17 11:15:27.0787 0420 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

2011/08/17 11:15:27.0849 0420 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

2011/08/17 11:15:27.0911 0420 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

2011/08/17 11:15:28.0036 0420 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys

2011/08/17 11:15:28.0145 0420 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys

2011/08/17 11:15:28.0270 0420 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys

2011/08/17 11:15:28.0379 0420 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys

2011/08/17 11:15:28.0504 0420 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/08/17 11:15:28.0598 0420 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/08/17 11:15:28.0707 0420 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/08/17 11:15:28.0816 0420 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/17 11:15:28.0894 0420 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/17 11:15:29.0004 0420 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/17 11:15:29.0035 0420 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/17 11:15:29.0144 0420 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/08/17 11:15:29.0238 0420 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/17 11:15:29.0316 0420 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/17 11:15:29.0347 0420 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/08/17 11:15:29.0440 0420 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/17 11:15:29.0550 0420 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/17 11:15:29.0643 0420 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/08/17 11:15:29.0706 0420 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/17 11:15:29.0737 0420 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/08/17 11:15:29.0862 0420 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/17 11:15:29.0893 0420 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/08/17 11:15:29.0940 0420 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/08/17 11:15:30.0002 0420 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/17 11:15:30.0096 0420 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/17 11:15:30.0189 0420 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/17 11:15:30.0283 0420 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/08/17 11:15:30.0408 0420 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/08/17 11:15:30.0454 0420 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/08/17 11:15:30.0548 0420 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/08/17 11:15:30.0657 0420 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/08/17 11:15:30.0720 0420 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/17 11:15:30.0860 0420 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/08/17 11:15:31.0016 0420 eLock2BurnerLockDriver (1815153e6ac1edd08e4f2f367345ae5d) C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys

2011/08/17 11:15:31.0063 0420 eLock2FSCTLDriver (c93b7caa8c8734baf34682a4df24f945) C:\Windows\system32\DRIVERS\eLock2FSCTLDriver.sys

2011/08/17 11:15:31.0172 0420 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/17 11:15:31.0234 0420 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/08/17 11:15:31.0328 0420 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/08/17 11:15:31.0406 0420 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/08/17 11:15:31.0500 0420 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/17 11:15:31.0546 0420 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/08/17 11:15:31.0562 0420 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/08/17 11:15:31.0609 0420 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/17 11:15:31.0671 0420 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/08/17 11:15:31.0780 0420 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/08/17 11:15:31.0796 0420 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/17 11:15:31.0858 0420 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/17 11:15:31.0968 0420 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/17 11:15:32.0092 0420 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/17 11:15:32.0186 0420 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/08/17 11:15:32.0280 0420 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/17 11:15:32.0311 0420 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/17 11:15:32.0342 0420 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/17 11:15:32.0358 0420 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/17 11:15:32.0451 0420 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/08/17 11:15:32.0560 0420 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/17 11:15:32.0654 0420 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/08/17 11:15:32.0701 0420 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/17 11:15:32.0810 0420 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/08/17 11:15:32.0904 0420 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys

2011/08/17 11:15:33.0013 0420 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/08/17 11:15:33.0247 0420 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/08/17 11:15:33.0496 0420 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/17 11:15:33.0652 0420 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys

2011/08/17 11:15:33.0746 0420 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/08/17 11:15:33.0840 0420 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/17 11:15:33.0949 0420 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/17 11:15:34.0042 0420 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/17 11:15:34.0089 0420 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/08/17 11:15:34.0183 0420 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/08/17 11:15:34.0214 0420 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/08/17 11:15:34.0261 0420 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/08/17 11:15:34.0339 0420 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/08/17 11:15:34.0370 0420 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/08/17 11:15:34.0417 0420 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/17 11:15:34.0495 0420 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/17 11:15:34.0588 0420 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/17 11:15:34.0651 0420 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/17 11:15:34.0698 0420 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/17 11:15:34.0744 0420 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/17 11:15:34.0791 0420 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/17 11:15:34.0823 0420 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/08/17 11:15:34.0932 0420 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/17 11:15:35.0025 0420 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/17 11:15:35.0119 0420 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/08/17 11:15:35.0213 0420 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/17 11:15:35.0306 0420 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/08/17 11:15:35.0400 0420 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/17 11:15:35.0462 0420 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/08/17 11:15:35.0540 0420 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/08/17 11:15:35.0587 0420 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/17 11:15:35.0665 0420 MQAC (a5888c609efcc07b060dd823fa3d474a) C:\Windows\system32\drivers\mqac.sys

2011/08/17 11:15:35.0743 0420 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/08/17 11:15:35.0837 0420 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/17 11:15:35.0930 0420 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/17 11:15:35.0993 0420 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/17 11:15:36.0024 0420 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/08/17 11:15:36.0102 0420 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/08/17 11:15:36.0227 0420 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/08/17 11:15:36.0305 0420 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/17 11:15:36.0367 0420 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/08/17 11:15:36.0461 0420 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/17 11:15:36.0539 0420 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/17 11:15:36.0648 0420 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/08/17 11:15:36.0695 0420 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/08/17 11:15:36.0726 0420 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/08/17 11:15:36.0819 0420 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/08/17 11:15:36.0851 0420 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/17 11:15:36.0929 0420 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/08/17 11:15:37.0038 0420 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/17 11:15:37.0131 0420 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/08/17 11:15:37.0256 0420 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/17 11:15:37.0365 0420 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/17 11:15:37.0428 0420 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/17 11:15:37.0475 0420 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/17 11:15:37.0553 0420 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/08/17 11:15:37.0646 0420 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/17 11:15:37.0724 0420 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/17 11:15:37.0865 0420 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/08/17 11:15:37.0974 0420 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/08/17 11:15:37.0989 0420 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/17 11:15:38.0067 0420 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/08/17 11:15:38.0177 0420 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys

2011/08/17 11:15:38.0208 0420 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/08/17 11:15:38.0270 0420 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/08/17 11:15:38.0301 0420 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/08/17 11:15:38.0395 0420 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/08/17 11:15:38.0442 0420 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/08/17 11:15:38.0520 0420 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/08/17 11:15:38.0551 0420 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/08/17 11:15:38.0598 0420 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/08/17 11:15:38.0676 0420 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/08/17 11:15:38.0723 0420 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/08/17 11:15:38.0754 0420 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/08/17 11:15:38.0785 0420 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/08/17 11:15:38.0863 0420 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/08/17 11:15:39.0003 0420 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/17 11:15:39.0050 0420 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/08/17 11:15:39.0144 0420 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/17 11:15:39.0206 0420 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/08/17 11:15:39.0269 0420 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/08/17 11:15:39.0315 0420 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/17 11:15:39.0347 0420 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/17 11:15:39.0393 0420 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/08/17 11:15:39.0440 0420 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/17 11:15:39.0487 0420 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/17 11:15:39.0565 0420 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/17 11:15:39.0612 0420 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/17 11:15:39.0643 0420 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/08/17 11:15:39.0721 0420 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/17 11:15:39.0752 0420 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/08/17 11:15:39.0846 0420 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/17 11:15:39.0877 0420 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/08/17 11:15:39.0908 0420 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/08/17 11:15:40.0002 0420 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/08/17 11:15:40.0127 0420 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/17 11:15:40.0158 0420 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/08/17 11:15:40.0251 0420 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/08/17 11:15:40.0298 0420 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/08/17 11:15:40.0376 0420 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/08/17 11:15:40.0423 0420 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/08/17 11:15:40.0517 0420 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/08/17 11:15:40.0626 0420 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/08/17 11:15:40.0641 0420 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/08/17 11:15:40.0673 0420 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/08/17 11:15:40.0719 0420 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/08/17 11:15:40.0735 0420 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/17 11:15:40.0751 0420 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/17 11:15:40.0813 0420 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/08/17 11:15:40.0922 0420 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/08/17 11:15:41.0016 0420 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/08/17 11:15:41.0047 0420 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/08/17 11:15:41.0094 0420 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/08/17 11:15:41.0203 0420 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/08/17 11:15:41.0312 0420 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/08/17 11:15:41.0406 0420 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/17 11:15:41.0484 0420 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/17 11:15:41.0578 0420 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/08/17 11:15:41.0687 0420 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/08/17 11:15:41.0780 0420 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/08/17 11:15:41.0827 0420 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/08/17 11:15:41.0921 0420 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

2011/08/17 11:15:42.0061 0420 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/17 11:15:42.0155 0420 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/17 11:15:42.0233 0420 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/08/17 11:15:42.0264 0420 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/08/17 11:15:42.0295 0420 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/17 11:15:42.0342 0420 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/08/17 11:15:42.0451 0420 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/17 11:15:42.0545 0420 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/08/17 11:15:42.0654 0420 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/17 11:15:42.0748 0420 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys

2011/08/17 11:15:42.0763 0420 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/08/17 11:15:42.0841 0420 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys

2011/08/17 11:15:42.0872 0420 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/17 11:15:42.0982 0420 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/17 11:15:43.0075 0420 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/08/17 11:15:43.0122 0420 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/08/17 11:15:43.0200 0420 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/08/17 11:15:43.0231 0420 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/08/17 11:15:43.0278 0420 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/17 11:15:43.0340 0420 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/17 11:15:43.0434 0420 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/08/17 11:15:43.0450 0420 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/17 11:15:43.0496 0420 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/08/17 11:15:43.0543 0420 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/17 11:15:43.0621 0420 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/08/17 11:15:43.0699 0420 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/17 11:15:43.0715 0420 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/08/17 11:15:43.0762 0420 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/08/17 11:15:43.0855 0420 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/08/17 11:15:43.0902 0420 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/08/17 11:15:43.0949 0420 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/08/17 11:15:43.0980 0420 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/08/17 11:15:44.0027 0420 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/08/17 11:15:44.0074 0420 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/08/17 11:15:44.0105 0420 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/08/17 11:15:44.0183 0420 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/08/17 11:15:44.0276 0420 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/08/17 11:15:44.0308 0420 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/08/17 11:15:44.0386 0420 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/08/17 11:15:44.0432 0420 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/17 11:15:44.0448 0420 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/17 11:15:44.0510 0420 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/08/17 11:15:44.0542 0420 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/17 11:15:44.0651 0420 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/08/17 11:15:44.0682 0420 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/08/17 11:15:44.0776 0420 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/17 11:15:44.0838 0420 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/17 11:15:44.0900 0420 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/08/17 11:15:44.0994 0420 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/17 11:15:45.0119 0420 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys

2011/08/17 11:15:45.0228 0420 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys

2011/08/17 11:15:45.0275 0420 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/08/17 11:15:45.0290 0420 Boot (0x1200) (c3849b3816b1af545a7da4df75fae887) \Device\Harddisk0\DR0\Partition0

2011/08/17 11:15:45.0322 0420 Boot (0x1200) (7bd89dc0159427d0ab42302fc6e13c3c) \Device\Harddisk0\DR0\Partition1

2011/08/17 11:15:45.0322 0420 ================================================================================

2011/08/17 11:15:45.0322 0420 Scan finished

2011/08/17 11:15:45.0322 0420 ================================================================================

2011/08/17 11:15:45.0337 5376 Detected object count: 0

2011/08/17 11:15:45.0337 5376 Actual detected object count: 0

2011/08/17 11:16:09.0986 4368 Deinitialize success

Share this post


Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Share this post


Link to post
Share on other sites

Hi Elise025,

ComboFix was downloaded and ran. It rebooted the computer during the process and then after it was done I had to reboot before any browser would work.

Here is the log file from it:

ComboFix 11-08-17.03 - Joey 08/17/2011 16:45:26.1.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.1739 [GMT -5:00]

Running from: c:\users\Joey.ABSTRACT\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Joey.ABSTRACT\GoToAssistDownloadHelper.exe

c:\windows\Downloaded Program Files\tgctlsr.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))

.

.

2011-08-17 21:48 . 2011-08-17 21:52 -------- d-----w- c:\users\Joey.ABSTRACT\AppData\Local\temp

2011-08-17 21:48 . 2011-08-17 21:48 -------- d-----w- c:\users\JOEY~1~ABS\AppData\Local\temp

2011-08-17 21:48 . 2011-08-17 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-17 21:48 . 2011-08-17 21:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-08-17 21:48 . 2011-08-17 21:48 -------- d-----w- c:\users\Joey\AppData\Local\temp

2011-08-12 14:04 . 2011-08-12 14:04 -------- d-----w- C:\b1e0c67d0a15d9660750

2011-08-11 14:43 . 2011-08-11 14:43 -------- d-----w- c:\users\Joey.ABSTRACT\AppData\Roaming\AVG10

2011-08-11 14:42 . 2011-08-11 14:42 -------- d--h--w- c:\programdata\Common Files

2011-08-11 14:41 . 2011-08-17 14:17 -------- d-----w- c:\windows\system32\drivers\AVG

2011-08-11 14:41 . 2011-08-11 14:42 -------- d-----w- c:\programdata\AVG10

2011-08-11 14:41 . 2011-08-11 14:41 -------- d-----w- c:\program files\AVG

2011-08-11 14:40 . 2011-08-11 14:43 -------- d-----w- c:\programdata\MFAData

2011-08-10 22:07 . 2011-08-10 22:07 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-08-10 21:26 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 21:25 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 21:25 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 21:25 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 21:25 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 21:25 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-08-10 21:25 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 21:25 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 21:25 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 15:56 . 2011-08-10 15:56 -------- d-----w- c:\users\Joey.ABSTRACT\AppData\Roaming\SUPERAntiSpyware.com

2011-08-10 15:56 . 2011-08-10 15:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-08-10 15:56 . 2011-08-12 14:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-08-10 14:25 . 2011-08-10 14:25 -------- d-----w- c:\users\Joey.ABSTRACT\AppData\Roaming\Malwarebytes

2011-08-10 14:25 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-10 14:24 . 2011-08-10 14:24 -------- d-----w- c:\programdata\Malwarebytes

2011-08-10 14:24 . 2011-08-10 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-10 14:24 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-09 22:32 . 2011-08-10 22:07 -------- d-----w- c:\programdata\Symantec

2011-08-09 13:48 . 2011-08-09 13:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Acer PowerSaver

2011-08-09 13:48 . 2011-08-09 13:48 -------- d-----w- c:\users\Default\AppData\Local\Symantec

2011-07-21 14:05 . 2011-07-21 14:05 -------- d-----w- c:\users\Joey.ABSTRACT\AppData\Roaming\SPE

2011-07-19 22:57 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-07-19 22:57 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-19 22:57 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-19 22:57 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-19 22:57 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-19 22:57 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-19 22:57 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-17 21:50 . 2011-03-11 19:00 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2011-08-10 21:54 . 2011-06-21 17:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-25 00:14 . 2011-03-02 21:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:44 . 2011-06-29 23:31 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-16 04:17 . 2011-06-21 17:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-26 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4600704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]

"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2009-02-17 446464]

"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]

"Acer SmartBoot"="c:\program files\Acer\Acer SmartBoot\ASLTray.exe" [2009-05-13 376832]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-07-27 656696]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]

"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"MsmqIntCert"="mqrt.dll" [2010-11-20 152064]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"disablecad"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-12 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 135664]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-02 1343400]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]

S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [2008-03-11 22560]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-12 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 ASLSvc;Acer SmartBoot Service;c:\program files\Acer\Acer SmartBoot\ASLSvc.exe [2009-05-13 417792]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [2008-03-11 87072]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-02-18 24576]

S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-15 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

ipripsvc REG_MULTI_SZ iprip

yksvcs REG_MULTI_SZ yksvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 21:58]

.

2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 21:58]

.

2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1562508263-3741669831-3593901154-1119Core.job

- c:\users\Joey.ABSTRACT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 21:58]

.

2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1562508263-3741669831-3593901154-1119UA.job

- c:\users\Joey.ABSTRACT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 21:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_s480g&r=170503114004p2429u395467417433

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_s480g&r=170503114004p2429u395467417433

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: Interfaces\{108BADAA-61EA-472E-A849-8C9D5612E01A}: NameServer = 192.168.1.235

FF - ProfilePath - c:\users\Joey.ABSTRACT\AppData\Roaming\Mozilla\Firefox\Profiles\oxbyr16k.default\

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-WavXMgr - c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

HKLM-Run-EmbassySecurityCheck - c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1252)

c:\program files\Acer\Acer PowerSaver\SysHook.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG10\avgchsvx.exe

c:\progra~1\AVG\AVG10\avgrsx.exe

c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\mqsvc.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\windows\System32\tcpsvcs.exe

c:\windows\System32\snmp.exe

c:\program files\AVG\AVG10\avgnsx.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\AVG\AVG10\avgemcx.exe

c:\windows\system32\conhost.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2011-08-17 16:54:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-17 21:54

.

Pre-Run: 102,634,045,440 bytes free

Post-Run: 102,663,024,640 bytes free

.

- - End Of File - - A99D8A19C83CCE318A8A5B82C98181E7

Share this post


Link to post
Share on other sites

This computer is running fine. I wasn't having any performance issues or inconsistencies before except for the Symantec End Point product wouldn't update, and then wouldn't re-install when I tried to fix the issue. After doing some light research on Symantec's forums it made me think I might have some malware of some type and then when I tried to install the current version of Malware Bytes I couldn't until I renamed the install file. That too made me think some type of infection, but every scan I tried kept coming back clean. I will try to install the SAV product after a bit here and see how that does. I'll post a reply to this and let you know how that does.

Where you able to glean anything pertinent from the log files? Was it an infection?

Again thanks for your time!

Joey

Share this post


Link to post
Share on other sites

No, I see no sings of anything bad in your logs. Please keep me posted on how SAV behaves. :)

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.