ICE virus

jlcaylor · Sep 8, 2013

ICE screen lockout...24 hours of frustration.
I have followed steps 1,2, and 3 of the tutorial.
Unable to start in safe mode, as it shuts down during startup.
Unable to use Hitman Kickstart because "new hardware" dialogue box hidden by ICE screen.
Able to use Kaspersky Rescue Disk 10, but ICE re-appears on restart. Even after identifying and deleting the virus. And even after using "windowsunlocker" via Terminal tab within Kaspersky.
I even tried to guess at a system restore point hidden behind the locked ICE screen. No luck.
I now have another clean XP machine beside the infected one and I am ready to fix this.
Please help!

P.S. I am unable to download and add the OTL or aswMBR LOGS due to inability to get into safe mode.

Fiery · Sep 8, 2013

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Please print these instruction out so that you know what you are doing

Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
Wait for the CD to detect your hardware and load the operating system
Your system should now display a Reatogo desktop
Note : as you are running from CD it is not exactly speedy
Insert the USB with FRST
Locate the flash drive with FRST and double click
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

jlcaylor · Sep 9, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01
Ran by SYSTEM on REATOGO on 09-09-2013 18:26:02
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)
HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-26] ( )
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-02-26] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [InboxToolbar] - C:\PROGRA~1\INBOXT~1\Inbox.exe [1738904 2013-07-22] (Inbox.com, Inc.)
HKLM\...\Run: [Enhanced Performance Keyboard] - C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [253440 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
Winlogon\Notify\rssnotify: rssnotify.dll ()
Winlogon\Notify\uvncnotify: uvncnotify.dll [X]
HKU\cpeed\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-21] (Google Inc.)
HKU\cpeed\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\dklose\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-21] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Scans\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CesarFTP.lnk
ShortcutTarget: CesarFTP.lnk -> C:\Program Files\CesarFTP\CesarFTP.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Scans\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Scans\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Documents and Settings\cpeed\Start Menu\Programs\Startup\17tbrrzj.lnk
ShortcutTarget: 17tbrrzj.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz ()

========================== Services (Whitelisted) =================

S2 Allscripts Deployment Client Updater Service; C:\Program Files\Allscripts\Deployment\ClientUpdater.exe [243200 2012-04-10] (Allscripts)
S2 DefaultTabUpdate; C:\Documents and Settings\cpeed\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-06] ()
S3 RssUVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssuvnc.exe [1408176 2012-05-10] (UltraVNC)
S3 RssVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssvnc.exe [424280 2012-05-10] (RealVNC Ltd.)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz [166400 2013-09-07] ()
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
S3 RssDSService; "C:\Program Files\SecureLink\bin\SLinkSW\RssDSProxy.exe" -service -listenport 5916 -rsschannel 127.0.0.1:7892 [x]
S2 slinksc; "C:\Program Files\SecureLink\bin\Wrapper.exe" -s "C:\Program Files\SecureLink\conf\wrapper.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-25] (Broadcom Corporation)
S1 NEOFLTR_7110_21187; C:\WINDOWS\system32\Drivers\NEOFLTR_7110_21187.SYS [85680 2012-06-11] (Juniper Networks)
S3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S4 vsdatant; a [x]
S1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-07 18:08 - 2013-09-08 21:44 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\17tbrrzj.pff
2013-09-07 18:08 - 2013-09-08 20:35 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\17tbrrzj.ctrl
2013-09-07 18:08 - 2013-09-07 18:08 - 00166400 _____ C:\Documents and Settings\All Users\Application Data\jzrrbt71.plz
2013-09-07 16:27 - 2013-09-08 15:34 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-07 15:53 - 2008-04-13 20:12 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\ptpusd.dll
2013-09-07 15:53 - 2001-08-17 23:36 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\ptpusb.dll
2013-09-07 15:33 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2013-09-04 20:01 - 2013-09-04 20:01 - 00005256 _____ C:\Windows\DPINST.LOG
2013-09-04 20:01 - 2013-09-04 20:01 - 00000000 ____D C:\Program Files\Lenovo
2013-09-04 19:41 - 2008-04-13 14:45 - 00032128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-08-28 19:33 - 2013-08-28 19:33 - 00004358 _____ C:\Windows\KB2803821-v2.log
2013-08-28 19:33 - 2013-08-28 19:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2803821-v2_WM9$
2013-08-15 11:41 - 2013-08-15 11:41 - 00000264 _____ C:\Documents and Settings\cpeed\Desktop\Aprima PRM.appref-ms
2013-08-15 10:41 - 2013-08-15 10:41 - 00001749 _____ C:\Documents and Settings\cpeed\Desktop\Aprima_11.0.1306.2014.lnk
2013-08-15 10:41 - 2013-08-15 10:41 - 00000000 ____D C:\Documents and Settings\cpeed\Desktop\MOB_TS_Aprima_11.0.1306.2014.msi
2013-08-15 10:40 - 2013-08-15 10:40 - 00000000 ____D C:\Program Files\7-Zip
2013-08-15 10:39 - 2013-08-15 10:39 - 00021237 _____ C:\Documents and Settings\cpeed\Desktop\MOB_TS_Aprima_11.0.1306.2014.msi.7z
2013-08-14 19:12 - 2013-08-14 19:13 - 00011680 _____ C:\Windows\KB2862772-IE8.log
2013-08-14 19:05 - 2013-08-14 19:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2850869$
2013-08-14 19:04 - 2013-08-14 19:04 - 00005126 _____ C:\Windows\KB2863058.log
2013-08-14 19:04 - 2013-08-14 19:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2863058$
2013-08-14 19:04 - 2013-08-14 19:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2859537$
2013-08-14 19:03 - 2013-08-14 19:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2849470$
2013-08-14 10:43 - 2013-08-14 19:05 - 00008968 _____ C:\Windows\KB2850869.log
2013-08-14 10:42 - 2013-08-14 19:05 - 00010962 _____ C:\Windows\KB2859537.log

==================== One Month Modified Files and Folders =======

2013-09-09 18:25 - 2013-09-09 18:25 - 00000000 ____D C:\FRST
2013-09-08 21:44 - 2013-09-07 18:08 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\17tbrrzj.pff
2013-09-08 21:44 - 2008-02-05 11:30 - 00000278 ___SH C:\Documents and Settings\cpeed\ntuser.ini
2013-09-08 21:44 - 2004-08-11 17:20 - 00032576 _____ C:\Windows\SchedLgU.Txt
2013-09-08 21:44 - 2004-08-11 17:13 - 01234519 _____ C:\Windows\WindowsUpdate.log
2013-09-08 21:44 - 2004-08-11 17:09 - 00000216 ____C C:\Windows\wiadebug.log
2013-09-08 20:35 - 2013-09-07 18:08 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\17tbrrzj.ctrl
2013-09-08 20:35 - 2004-08-11 17:09 - 00000048 ____C C:\Windows\wiaservc.log
2013-09-08 19:21 - 2008-08-21 10:57 - 00854810 _____ C:\Windows\setupapi.log
2013-09-08 19:15 - 2008-09-11 15:25 - 00000000 __SHD C:\Windows\CSC
2013-09-08 15:34 - 2013-09-07 16:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-08 14:22 - 2008-08-21 10:58 - 00001757 _____ C:\Windows\setupact.log
2013-09-08 14:11 - 2013-02-07 10:34 - 00000000 ____D C:\Documents and Settings\cpeed\Application Data\Inbox Toolbar
2013-09-07 18:12 - 2008-09-11 15:25 - 00000128 _____ C:\Windows\System32\config\netlogon.ftl
2013-09-07 18:08 - 2013-09-07 18:08 - 00166400 _____ C:\Documents and Settings\All Users\Application Data\jzrrbt71.plz
2013-09-07 16:33 - 2013-06-24 15:38 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-09-07 15:19 - 2004-08-11 17:00 - 00002206 _____ C:\Windows\System32\wpa.dbl
2013-09-04 20:01 - 2013-09-04 20:01 - 00005256 _____ C:\Windows\DPINST.LOG
2013-09-04 20:01 - 2013-09-04 20:01 - 00000000 ____D C:\Program Files\Lenovo
2013-09-04 15:18 - 2013-04-03 09:18 - 00001734 ____H C:\Documents and Settings\cpeed\My Documents\Default.rdp
2013-09-03 16:26 - 2013-04-15 16:37 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Deployment
2013-08-28 19:33 - 2013-08-28 19:33 - 00004358 _____ C:\Windows\KB2803821-v2.log
2013-08-28 19:33 - 2013-08-28 19:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2803821-v2_WM9$
2013-08-28 19:33 - 2004-08-11 17:07 - 02398883 _____ C:\Windows\FaxSetup.log
2013-08-28 19:33 - 2004-08-11 17:07 - 01155031 _____ C:\Windows\ocgen.log
2013-08-28 19:33 - 2004-08-11 17:07 - 01098667 _____ C:\Windows\tsoc.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00740678 _____ C:\Windows\msmqinst.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00637846 _____ C:\Windows\comsetup.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00623017 _____ C:\Windows\iis6.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00418840 _____ C:\Windows\netfxocm.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00386273 _____ C:\Windows\ntdtcsetup.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00165295 _____ C:\Windows\MedCtrOC.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00120563 _____ C:\Windows\tabletoc.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00119800 _____ C:\Windows\msgsocm.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00105000 _____ C:\Windows\ocmsn.log
2013-08-28 19:33 - 2004-08-11 17:07 - 00001374 _____ C:\Windows\imsins.log
2013-08-21 12:00 - 2013-06-24 15:37 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-21 12:00 - 2013-06-24 15:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-15 11:41 - 2013-08-15 11:41 - 00000264 _____ C:\Documents and Settings\cpeed\Desktop\Aprima PRM.appref-ms
2013-08-15 10:41 - 2013-08-15 10:41 - 00001749 _____ C:\Documents and Settings\cpeed\Desktop\Aprima_11.0.1306.2014.lnk
2013-08-15 10:41 - 2013-08-15 10:41 - 00000000 ____D C:\Documents and Settings\cpeed\Desktop\MOB_TS_Aprima_11.0.1306.2014.msi
2013-08-15 10:41 - 2013-02-07 10:41 - 00000000 ____D C:\Program Files\RemotePackages
2013-08-15 10:40 - 2013-08-15 10:40 - 00000000 ____D C:\Program Files\7-Zip
2013-08-15 10:39 - 2013-08-15 10:39 - 00021237 _____ C:\Documents and Settings\cpeed\Desktop\MOB_TS_Aprima_11.0.1306.2014.msi.7z
2013-08-15 09:48 - 2004-08-11 17:21 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 19:13 - 2013-08-14 19:12 - 00011680 _____ C:\Windows\KB2862772-IE8.log
2013-08-14 19:13 - 2008-08-21 11:06 - 00265136 _____ C:\Windows\updspapi.log
2013-08-14 19:13 - 2004-08-11 17:07 - 00001374 _____ C:\Windows\imsins.BAK
2013-08-14 19:12 - 2013-07-31 20:12 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 19:09 - 2011-10-07 09:34 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 19:07 - 2004-08-11 17:07 - 00608024 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-14 19:05 - 2013-08-14 19:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2850869$
2013-08-14 19:05 - 2013-08-14 10:43 - 00008968 _____ C:\Windows\KB2850869.log
2013-08-14 19:05 - 2013-08-14 10:42 - 00010962 _____ C:\Windows\KB2859537.log
2013-08-14 19:04 - 2013-08-14 19:04 - 00005126 _____ C:\Windows\KB2863058.log
2013-08-14 19:04 - 2013-08-14 19:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2863058$
2013-08-14 19:04 - 2013-08-14 19:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2859537$
2013-08-14 19:04 - 2013-08-14 19:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2849470$
2013-08-14 19:04 - 2008-08-21 11:09 - 00757298 ____C C:\Windows\System32\TZLog.log
2013-08-14 18:02 - 2013-01-29 10:46 - 00000000 ____D C:\Program Files\Aprima 2011 - Version 7B
2013-08-13 08:49 - 2013-02-07 10:34 - 00000000 ____D C:\Program Files\Inbox Toolbar

Files to move or delete:
====================
C:\Documents and Settings\cpeed\g2ax_customer_downloadhelper_win32_x86.exe
C:\Documents and Settings\administrator.W11673DOM\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv_5fb2d044.exe
C:\Documents and Settings\cpeed\Local Settings\Temp\nqweyrogwjruhfkqkre.bfg

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-09-08 20:56 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1135

RP: -> 2013-09-07 15:53 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1134

RP: -> 2013-09-07 15:33 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1133

RP: -> 2013-09-04 20:01 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1132

RP: -> 2013-09-04 19:40 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1131

RP: -> 2013-09-04 11:34 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1130

RP: -> 2013-09-04 11:03 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1129

RP: -> 2013-09-03 10:41 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1128

RP: -> 2013-08-28 19:33 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1127

RP: -> 2013-08-28 10:50 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1126

RP: -> 2013-08-27 10:05 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1125

RP: -> 2013-08-26 09:47 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1124

RP: -> 2013-08-21 14:35 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1123

RP: -> 2013-08-20 10:31 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1122

RP: -> 2013-08-15 10:41 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1121

RP: -> 2013-08-14 19:01 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1120

RP: -> 2013-08-14 13:04 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1119

RP: -> 2013-08-13 09:59 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1118

RP: -> 2013-08-12 09:52 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1117

RP: -> 2013-07-31 20:11 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1116

RP: -> 2013-07-31 12:41 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1115

RP: -> 2013-07-30 11:59 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1114

RP: -> 2013-07-29 11:46 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1113

RP: -> 2013-07-25 14:39 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1112

RP: -> 2013-07-24 14:05 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1111

RP: -> 2013-07-23 09:43 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1110

RP: -> 2013-07-22 08:56 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1109

RP: -> 2013-07-17 12:12 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1108

RP: -> 2013-07-16 09:56 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1107

RP: -> 2013-07-15 09:52 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1106

RP: -> 2013-07-10 19:44 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1105

RP: -> 2013-07-10 11:30 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1104

RP: -> 2013-07-09 11:14 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1103

RP: -> 2013-07-08 09:30 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1102

RP: -> 2013-07-03 11:18 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1101

RP: -> 2013-07-02 10:57 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1100

RP: -> 2013-07-01 10:44 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1099

RP: -> 2013-06-26 13:44 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1098

RP: -> 2013-06-25 12:03 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1097

RP: -> 2013-06-24 10:27 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1096

RP: -> 2013-06-19 12:35 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1095

RP: -> 2013-06-18 11:30 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1094

RP: -> 2013-06-17 09:13 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1093

RP: -> 2013-06-12 18:12 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1092

RP: -> 2013-06-12 13:03 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1091

RP: -> 2013-06-11 10:12 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1090

RP: -> 2013-06-10 09:25 - 028672 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1089

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 2036.9 MB
Available physical RAM: 1779.14 MB
Total Pagefile: 1867.63 MB
Available Pagefile: 1802.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.54 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:74.45 GB) (Free:54.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HITMANPRO) (Removable) (Total:3.62 GB) (Free:3.6 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: A92BA76D)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Fiery · Sep 9, 2013

Hi,

On your clean PC, download the following file by right-clicking it and select save as

[attachment=5571]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally. If successful,

Download TDSSkiller from here

Double-Click on TDSSKiller.exe to run the application
When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
click Start scan .
If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

jlcaylor · Sep 11, 2013

I'm sorry Fiery..."boot to system recovery". I'm not sure if I'm using Reatogo for this or the boot menu of the infected PC. Please direct me.

jlcaylor · Sep 11, 2013

UPDATE...I was a little slow. I got back to windows and the web. Working on TDSSkiller now.

jlcaylor · Sep 11, 2013

21:15:03.0812 3044 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:15:04.0296 3044 ============================================================
21:15:04.0296 3044 Current date / time: 2013/09/11 21:15:04.0296
21:15:04.0296 3044 SystemInfo:
21:15:04.0296 3044
21:15:04.0296 3044 OS Version: 5.1.2600 ServicePack: 3.0
21:15:04.0296 3044 Product type: Workstation
21:15:04.0296 3044 ComputerName: D6LNV5H1
21:15:04.0296 3044 UserName: cpeed
21:15:04.0296 3044 Windows directory: C:\WINDOWS
21:15:04.0296 3044 System windows directory: C:\WINDOWS
21:15:04.0296 3044 Processor architecture: Intel x86
21:15:04.0296 3044 Number of processors: 2
21:15:04.0296 3044 Page size: 0x1000
21:15:04.0296 3044 Boot type: Normal boot
21:15:04.0296 3044 ============================================================
21:15:05.0078 3044 BG loaded
21:15:05.0484 3044 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:15:05.0484 3044 ============================================================
21:15:05.0484 3044 \Device\Harddisk0\DR0:
21:15:05.0484 3044 MBR partitions:
21:15:05.0484 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x94E7137
21:15:05.0484 3044 ============================================================
21:15:06.0125 3044 C: <-> \Device\Harddisk0\DR0\Partition1
21:15:06.0281 3044 ============================================================
21:15:06.0281 3044 Initialize success
21:15:06.0281 3044 ============================================================
21:16:24.0796 3548 ============================================================
21:16:24.0796 3548 Scan started
21:16:24.0796 3548 Mode: Manual; SigCheck; TDLFS;
21:16:24.0796 3548 ============================================================
21:16:24.0937 3548 ================ Scan system memory ========================
21:16:24.0937 3548 System memory - ok
21:16:24.0937 3548 ================ Scan services =============================
21:16:25.0062 3548 Abiosdsk - ok
21:16:25.0078 3548 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:16:26.0281 3548 abp480n5 ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0281 3548 abp480n5 - detected UnsignedFile.Multi.Generic (1)
21:16:26.0359 3548 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:16:26.0375 3548 ACPI ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0375 3548 ACPI - detected UnsignedFile.Multi.Generic (1)
21:16:26.0406 3548 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:16:26.0406 3548 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0406 3548 ACPIEC - detected UnsignedFile.Multi.Generic (1)
21:16:26.0484 3548 [ 0F0A69496989912351284BB1BAA2CE57 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:16:26.0484 3548 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0484 3548 ADIHdAudAddService - detected UnsignedFile.Multi.Generic (1)
21:16:26.0593 3548 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:16:26.0656 3548 AdobeFlashPlayerUpdateSvc - ok
21:16:26.0687 3548 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:16:26.0703 3548 adpu160m ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0703 3548 adpu160m - detected UnsignedFile.Multi.Generic (1)
21:16:26.0734 3548 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:16:26.0734 3548 aec ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0734 3548 aec - detected UnsignedFile.Multi.Generic (1)
21:16:26.0796 3548 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:16:26.0828 3548 AFD ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0828 3548 AFD - detected UnsignedFile.Multi.Generic (1)
21:16:26.0859 3548 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:16:26.0859 3548 agp440 ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0859 3548 agp440 - detected UnsignedFile.Multi.Generic (1)
21:16:26.0859 3548 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:16:26.0875 3548 agpCPQ ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0875 3548 agpCPQ - detected UnsignedFile.Multi.Generic (1)
21:16:26.0890 3548 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:16:26.0890 3548 Aha154x ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0890 3548 Aha154x - detected UnsignedFile.Multi.Generic (1)
21:16:26.0906 3548 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:16:26.0921 3548 aic78u2 ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0921 3548 aic78u2 - detected UnsignedFile.Multi.Generic (1)
21:16:26.0937 3548 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:16:26.0953 3548 aic78xx ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0953 3548 aic78xx - detected UnsignedFile.Multi.Generic (1)
21:16:26.0968 3548 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:16:26.0968 3548 Alerter ( UnsignedFile.Multi.Generic ) - warning
21:16:26.0968 3548 Alerter - detected UnsignedFile.Multi.Generic (1)
21:16:27.0000 3548 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:16:27.0031 3548 ALG ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0031 3548 ALG - detected UnsignedFile.Multi.Generic (1)
21:16:27.0046 3548 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:16:27.0062 3548 AliIde ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0062 3548 AliIde - detected UnsignedFile.Multi.Generic (1)
21:16:27.0062 3548 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:16:27.0078 3548 alim1541 ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0078 3548 alim1541 - detected UnsignedFile.Multi.Generic (1)
21:16:27.0203 3548 [ 5FD521EDD869F49CC5636093FA3D752D ] Allscripts Deployment Client Updater Service C:\Program Files\Allscripts\Deployment\ClientUpdater.exe
21:16:27.0218 3548 Allscripts Deployment Client Updater Service ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0218 3548 Allscripts Deployment Client Updater Service - detected UnsignedFile.Multi.Generic (1)
21:16:27.0250 3548 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:16:27.0250 3548 amdagp ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0250 3548 amdagp - detected UnsignedFile.Multi.Generic (1)
21:16:27.0250 3548 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:16:27.0281 3548 amsint ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0281 3548 amsint - detected UnsignedFile.Multi.Generic (1)
21:16:27.0312 3548 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:16:27.0312 3548 AppMgmt ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0312 3548 AppMgmt - detected UnsignedFile.Multi.Generic (1)
21:16:27.0328 3548 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:16:27.0343 3548 asc ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0343 3548 asc - detected UnsignedFile.Multi.Generic (1)
21:16:27.0359 3548 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:16:27.0359 3548 asc3350p ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0359 3548 asc3350p - detected UnsignedFile.Multi.Generic (1)
21:16:27.0406 3548 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:16:27.0406 3548 asc3550 ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0406 3548 asc3550 - detected UnsignedFile.Multi.Generic (1)
21:16:27.0531 3548 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:16:27.0562 3548 aspnet_state - ok
21:16:27.0593 3548 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:16:27.0609 3548 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0609 3548 AsyncMac - detected UnsignedFile.Multi.Generic (1)
21:16:27.0640 3548 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:16:27.0640 3548 atapi ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0640 3548 atapi - detected UnsignedFile.Multi.Generic (1)
21:16:27.0640 3548 Atdisk - ok
21:16:27.0687 3548 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:16:27.0687 3548 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0687 3548 Atmarpc - detected UnsignedFile.Multi.Generic (1)
21:16:27.0718 3548 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:16:27.0734 3548 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0734 3548 AudioSrv - detected UnsignedFile.Multi.Generic (1)
21:16:27.0781 3548 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:16:27.0781 3548 audstub ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0781 3548 audstub - detected UnsignedFile.Multi.Generic (1)
21:16:27.0843 3548 [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:16:27.0843 3548 b57w2k ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0843 3548 b57w2k - detected UnsignedFile.Multi.Generic (1)
21:16:27.0859 3548 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:16:27.0875 3548 Beep ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0875 3548 Beep - detected UnsignedFile.Multi.Generic (1)
21:16:27.0921 3548 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:16:27.0953 3548 BITS ( UnsignedFile.Multi.Generic ) - warning
21:16:27.0953 3548 BITS - detected UnsignedFile.Multi.Generic (1)
21:16:28.0000 3548 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:16:28.0000 3548 Browser ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0000 3548 Browser - detected UnsignedFile.Multi.Generic (1)
21:16:28.0031 3548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:16:28.0031 3548 cbidf ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0031 3548 cbidf - detected UnsignedFile.Multi.Generic (1)
21:16:28.0046 3548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:16:28.0046 3548 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0046 3548 cbidf2k - detected UnsignedFile.Multi.Generic (1)
21:16:28.0062 3548 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:16:28.0062 3548 cd20xrnt ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0062 3548 cd20xrnt - detected UnsignedFile.Multi.Generic (1)
21:16:28.0078 3548 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:16:28.0078 3548 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0078 3548 Cdaudio - detected UnsignedFile.Multi.Generic (1)
21:16:28.0109 3548 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:16:28.0109 3548 Cdfs ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0109 3548 Cdfs - detected UnsignedFile.Multi.Generic (1)
21:16:28.0156 3548 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:16:28.0156 3548 Cdrom ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0156 3548 Cdrom - detected UnsignedFile.Multi.Generic (1)
21:16:28.0156 3548 Changer - ok
21:16:28.0203 3548 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:16:28.0203 3548 CiSvc ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0203 3548 CiSvc - detected UnsignedFile.Multi.Generic (1)
21:16:28.0203 3548 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:16:28.0218 3548 ClipSrv ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0218 3548 ClipSrv - detected UnsignedFile.Multi.Generic (1)
21:16:28.0296 3548 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:28.0343 3548 clr_optimization_v2.0.50727_32 - ok
21:16:28.0375 3548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:16:28.0453 3548 clr_optimization_v4.0.30319_32 - ok
21:16:28.0468 3548 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:16:28.0484 3548 CmdIde ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0484 3548 CmdIde - detected UnsignedFile.Multi.Generic (1)
21:16:28.0484 3548 COMSysApp - ok
21:16:28.0500 3548 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:16:28.0515 3548 Cpqarray ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0515 3548 Cpqarray - detected UnsignedFile.Multi.Generic (1)
21:16:28.0546 3548 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:16:28.0546 3548 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0546 3548 CryptSvc - detected UnsignedFile.Multi.Generic (1)
21:16:28.0593 3548 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:16:28.0609 3548 dac2w2k ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0609 3548 dac2w2k - detected UnsignedFile.Multi.Generic (1)
21:16:28.0625 3548 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:16:28.0625 3548 dac960nt ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0625 3548 dac960nt - detected UnsignedFile.Multi.Generic (1)
21:16:28.0671 3548 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:16:28.0687 3548 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0687 3548 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
21:16:28.0734 3548 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:16:28.0734 3548 Dhcp ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0734 3548 Dhcp - detected UnsignedFile.Multi.Generic (1)
21:16:28.0781 3548 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:16:28.0796 3548 Disk ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0796 3548 Disk - detected UnsignedFile.Multi.Generic (1)
21:16:28.0812 3548 dmadmin - ok
21:16:28.0859 3548 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:16:28.0921 3548 dmboot ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0921 3548 dmboot - detected UnsignedFile.Multi.Generic (1)
21:16:28.0921 3548 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:16:28.0937 3548 dmio ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0937 3548 dmio - detected UnsignedFile.Multi.Generic (1)
21:16:28.0984 3548 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:16:28.0984 3548 dmload ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0984 3548 dmload - detected UnsignedFile.Multi.Generic (1)
21:16:29.0031 3548 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:16:29.0046 3548 dmserver ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0046 3548 dmserver - detected UnsignedFile.Multi.Generic (1)
21:16:29.0046 3548 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:16:29.0062 3548 DMusic ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0062 3548 DMusic - detected UnsignedFile.Multi.Generic (1)
21:16:29.0109 3548 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:16:29.0109 3548 Dnscache ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0109 3548 Dnscache - detected UnsignedFile.Multi.Generic (1)
21:16:29.0156 3548 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:16:29.0156 3548 Dot3svc ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0156 3548 Dot3svc - detected UnsignedFile.Multi.Generic (1)
21:16:29.0187 3548 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:16:29.0187 3548 dpti2o ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0187 3548 dpti2o - detected UnsignedFile.Multi.Generic (1)
21:16:29.0203 3548 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:16:29.0203 3548 drmkaud ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0203 3548 drmkaud - detected UnsignedFile.Multi.Generic (1)
21:16:29.0234 3548 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:16:29.0234 3548 E100B ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0234 3548 E100B - detected UnsignedFile.Multi.Generic (1)
21:16:29.0265 3548 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:16:29.0265 3548 EapHost ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0265 3548 EapHost - detected UnsignedFile.Multi.Generic (1)
21:16:29.0296 3548 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:16:29.0312 3548 ERSvc ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0312 3548 ERSvc - detected UnsignedFile.Multi.Generic (1)
21:16:29.0359 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:16:29.0375 3548 Eventlog ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0375 3548 Eventlog - detected UnsignedFile.Multi.Generic (1)
21:16:29.0390 3548 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:16:29.0406 3548 EventSystem ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0406 3548 EventSystem - detected UnsignedFile.Multi.Generic (1)
21:16:29.0453 3548 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:16:29.0453 3548 Fastfat ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0453 3548 Fastfat - detected UnsignedFile.Multi.Generic (1)
21:16:29.0500 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:16:29.0500 3548 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0500 3548 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
21:16:29.0531 3548 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:16:29.0531 3548 Fax ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0531 3548 Fax - detected UnsignedFile.Multi.Generic (1)
21:16:29.0562 3548 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:16:29.0562 3548 Fdc ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0562 3548 Fdc - detected UnsignedFile.Multi.Generic (1)
21:16:29.0593 3548 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:16:29.0609 3548 Fips ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0609 3548 Fips - detected UnsignedFile.Multi.Generic (1)
21:16:29.0609 3548 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:16:29.0609 3548 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0609 3548 Flpydisk - detected UnsignedFile.Multi.Generic (1)
21:16:29.0671 3548 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:16:29.0671 3548 FltMgr ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0671 3548 FltMgr - detected UnsignedFile.Multi.Generic (1)
21:16:29.0734 3548 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:29.0750 3548 FontCache3.0.0.0 - ok
21:16:29.0781 3548 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:16:29.0781 3548 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0781 3548 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
21:16:29.0796 3548 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:16:29.0796 3548 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0796 3548 Ftdisk - detected UnsignedFile.Multi.Generic (1)
21:16:29.0859 3548 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:16:29.0859 3548 Gpc ( UnsignedFile.Multi.Generic ) - warning
21:16:29.0859 3548 Gpc - detected UnsignedFile.Multi.Generic (1)
21:16:30.0000 3548 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:30.0031 3548 gupdate - ok
21:16:30.0031 3548 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:30.0062 3548 gupdatem - ok
21:16:30.0109 3548 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:16:30.0140 3548 gusvc - ok
21:16:30.0203 3548 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:16:30.0203 3548 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0203 3548 HDAudBus - detected UnsignedFile.Multi.Generic (1)
21:16:30.0296 3548 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:16:30.0296 3548 helpsvc ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0296 3548 helpsvc - detected UnsignedFile.Multi.Generic (1)
21:16:30.0359 3548 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:16:30.0359 3548 HidServ ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0359 3548 HidServ - detected UnsignedFile.Multi.Generic (1)
21:16:30.0406 3548 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:16:30.0406 3548 HidUsb ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0406 3548 HidUsb - detected UnsignedFile.Multi.Generic (1)
21:16:30.0453 3548 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:16:30.0453 3548 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0453 3548 hkmsvc - detected UnsignedFile.Multi.Generic (1)
21:16:30.0468 3548 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:16:30.0468 3548 hpn ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0468 3548 hpn - detected UnsignedFile.Multi.Generic (1)
21:16:30.0515 3548 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:16:30.0531 3548 HTTP ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0531 3548 HTTP - detected UnsignedFile.Multi.Generic (1)
21:16:30.0562 3548 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:16:30.0562 3548 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0562 3548 HTTPFilter - detected UnsignedFile.Multi.Generic (1)
21:16:30.0609 3548 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:16:30.0609 3548 i2omgmt ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0609 3548 i2omgmt - detected UnsignedFile.Multi.Generic (1)
21:16:30.0640 3548 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:16:30.0640 3548 i2omp ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0640 3548 i2omp - detected UnsignedFile.Multi.Generic (1)
21:16:30.0640 3548 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:16:30.0640 3548 i8042prt ( UnsignedFile.Multi.Generic ) - warning
21:16:30.0640 3548 i8042prt - detected UnsignedFile.Multi.Generic (1)
21:16:30.0765 3548 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
21:16:30.0843 3548 IAANTMON - ok
21:16:31.0078 3548 [ 12C7F8D581C4A9F126F5F8F5683A1C29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:16:31.0250 3548 ialm ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0250 3548 ialm - detected UnsignedFile.Multi.Generic (1)
21:16:31.0296 3548 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
21:16:31.0312 3548 iaStor - ok
21:16:31.0390 3548 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:31.0453 3548 idsvc - ok
21:16:31.0453 3548 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:16:31.0453 3548 Imapi ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0453 3548 Imapi - detected UnsignedFile.Multi.Generic (1)
21:16:31.0531 3548 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:16:31.0531 3548 ImapiService ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0531 3548 ImapiService - detected UnsignedFile.Multi.Generic (1)
21:16:31.0562 3548 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:16:31.0562 3548 ini910u ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0562 3548 ini910u - detected UnsignedFile.Multi.Generic (1)
21:16:31.0578 3548 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:16:31.0578 3548 IntelIde ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0578 3548 IntelIde - detected UnsignedFile.Multi.Generic (1)
21:16:31.0625 3548 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:16:31.0625 3548 intelppm ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0625 3548 intelppm - detected UnsignedFile.Multi.Generic (1)
21:16:31.0671 3548 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:16:31.0671 3548 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0671 3548 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
21:16:31.0703 3548 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:16:31.0703 3548 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0703 3548 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
21:16:31.0718 3548 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:16:31.0718 3548 IpInIp ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0718 3548 IpInIp - detected UnsignedFile.Multi.Generic (1)
21:16:31.0750 3548 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:16:31.0750 3548 IpNat ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0750 3548 IpNat - detected UnsignedFile.Multi.Generic (1)
21:16:31.0765 3548 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:16:31.0781 3548 IPSec ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0781 3548 IPSec - detected UnsignedFile.Multi.Generic (1)
21:16:31.0812 3548 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:16:31.0812 3548 IRENUM ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0812 3548 IRENUM - detected UnsignedFile.Multi.Generic (1)
21:16:31.0843 3548 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:16:31.0843 3548 isapnp ( UnsignedFile.Multi.Generic ) - warning
21:16:31.0843 3548 isapnp - detected UnsignedFile.Multi.Generic (1)
21:16:31.0984 3548 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:16:32.0000 3548 JavaQuickStarterService - ok
21:16:32.0046 3548 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:16:32.0062 3548 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0062 3548 Kbdclass - detected UnsignedFile.Multi.Generic (1)
21:16:32.0062 3548 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:16:32.0062 3548 kbdhid ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0062 3548 kbdhid - detected UnsignedFile.Multi.Generic (1)
21:16:32.0125 3548 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:16:32.0125 3548 kmixer ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0125 3548 kmixer - detected UnsignedFile.Multi.Generic (1)
21:16:32.0156 3548 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:16:32.0171 3548 KSecDD ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0171 3548 KSecDD - detected UnsignedFile.Multi.Generic (1)
21:16:32.0234 3548 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:16:32.0234 3548 lanmanserver ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0234 3548 lanmanserver - detected UnsignedFile.Multi.Generic (1)
21:16:32.0296 3548 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:16:32.0296 3548 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0296 3548 lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
21:16:32.0312 3548 lbrtfdc - ok
21:16:32.0375 3548 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:16:32.0375 3548 LmHosts ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0375 3548 LmHosts - detected UnsignedFile.Multi.Generic (1)
21:16:32.0421 3548 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:16:32.0421 3548 Messenger ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0421 3548 Messenger - detected UnsignedFile.Multi.Generic (1)
21:16:32.0468 3548 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:16:32.0468 3548 mnmdd ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0468 3548 mnmdd - detected UnsignedFile.Multi.Generic (1)
21:16:32.0515 3548 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:16:32.0515 3548 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0515 3548 mnmsrvc - detected UnsignedFile.Multi.Generic (1)
21:16:32.0531 3548 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:16:32.0531 3548 Modem ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0531 3548 Modem - detected UnsignedFile.Multi.Generic (1)
21:16:32.0578 3548 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:16:32.0578 3548 Mouclass ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0578 3548 Mouclass - detected UnsignedFile.Multi.Generic (1)
21:16:32.0593 3548 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:16:32.0593 3548 mouhid ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0593 3548 mouhid - detected UnsignedFile.Multi.Generic (1)
21:16:32.0609 3548 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:16:32.0609 3548 MountMgr ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0609 3548 MountMgr - detected UnsignedFile.Multi.Generic (1)
21:16:32.0656 3548 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:16:32.0656 3548 mraid35x ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0656 3548 mraid35x - detected UnsignedFile.Multi.Generic (1)
21:16:32.0671 3548 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:16:32.0671 3548 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0671 3548 MRxDAV - detected UnsignedFile.Multi.Generic (1)
21:16:32.0750 3548 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:16:32.0765 3548 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0765 3548 MRxSmb - detected UnsignedFile.Multi.Generic (1)
21:16:32.0812 3548 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:16:32.0812 3548 MSDTC ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0812 3548 MSDTC - detected UnsignedFile.Multi.Generic (1)
21:16:32.0828 3548 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:16:32.0828 3548 Msfs ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0828 3548 Msfs - detected UnsignedFile.Multi.Generic (1)
21:16:32.0828 3548 MSIServer - ok
21:16:32.0843 3548 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:16:32.0843 3548 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0859 3548 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
21:16:32.0859 3548 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:16:32.0859 3548 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0859 3548 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
21:16:32.0859 3548 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:16:32.0875 3548 MSPQM ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0875 3548 MSPQM - detected UnsignedFile.Multi.Generic (1)
21:16:32.0890 3548 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:16:32.0906 3548 mssmbios ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0906 3548 mssmbios - detected UnsignedFile.Multi.Generic (1)
21:16:32.0921 3548 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:16:32.0937 3548 Mup ( UnsignedFile.Multi.Generic ) - warning
21:16:32.0937 3548 Mup - detected UnsignedFile.Multi.Generic (1)
21:16:32.0984 3548 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:16:33.0000 3548 napagent ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0000 3548 napagent - detected UnsignedFile.Multi.Generic (1)
21:16:33.0046 3548 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:16:33.0062 3548 NDIS ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0062 3548 NDIS - detected UnsignedFile.Multi.Generic (1)
21:16:33.0109 3548 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:16:33.0125 3548 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0125 3548 NdisTapi - detected UnsignedFile.Multi.Generic (1)
21:16:33.0140 3548 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:16:33.0140 3548 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0140 3548 Ndisuio - detected UnsignedFile.Multi.Generic (1)
21:16:33.0140 3548 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:16:33.0156 3548 NdisWan ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0156 3548 NdisWan - detected UnsignedFile.Multi.Generic (1)
21:16:33.0203 3548 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:16:33.0203 3548 NDProxy ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0203 3548 NDProxy - detected UnsignedFile.Multi.Generic (1)
21:16:33.0250 3548 [ 84663A0937C2B95449B953C7D545D1CA ] NEOFLTR_7110_21187 C:\WINDOWS\system32\Drivers\NEOFLTR_7110_21187.SYS
21:16:33.0281 3548 NEOFLTR_7110_21187 - ok
21:16:33.0343 3548 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:16:33.0343 3548 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0343 3548 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:16:33.0359 3548 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:16:33.0359 3548 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0359 3548 NetBIOS - detected UnsignedFile.Multi.Generic (1)
21:16:33.0375 3548 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:16:33.0375 3548 NetBT ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0375 3548 NetBT - detected UnsignedFile.Multi.Generic (1)
21:16:33.0421 3548 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:16:33.0437 3548 NetDDE ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0437 3548 NetDDE - detected UnsignedFile.Multi.Generic (1)
21:16:33.0437 3548 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:16:33.0437 3548 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0437 3548 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
21:16:33.0484 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:16:33.0500 3548 Netlogon ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0500 3548 Netlogon - detected UnsignedFile.Multi.Generic (1)
21:16:33.0500 3548 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:16:33.0515 3548 Netman ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0515 3548 Netman - detected UnsignedFile.Multi.Generic (1)
21:16:33.0546 3548 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:16:33.0562 3548 NetTcpPortSharing - ok
21:16:33.0625 3548 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:16:33.0625 3548 Nla ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0625 3548 Nla - detected UnsignedFile.Multi.Generic (1)
21:16:33.0687 3548 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:16:33.0687 3548 Npfs ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0687 3548 Npfs - detected UnsignedFile.Multi.Generic (1)
21:16:33.0703 3548 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:16:33.0734 3548 Ntfs ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0734 3548 Ntfs - detected UnsignedFile.Multi.Generic (1)
21:16:33.0734 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:16:33.0734 3548 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0734 3548 NtLmSsp - detected UnsignedFile.Multi.Generic (1)
21:16:33.0781 3548 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:16:33.0796 3548 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0796 3548 NtmsSvc - detected UnsignedFile.Multi.Generic (1)
21:16:33.0843 3548 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:16:33.0843 3548 Null ( UnsignedFile.Multi.Generic ) - warning
21:16:33.0843 3548 Null - detected UnsignedFile.Multi.Generic (1)
21:16:33.0921 3548 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:16:34.0015 3548 nv ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0015 3548 nv - detected UnsignedFile.Multi.Generic (1)
21:16:34.0109 3548 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:16:34.0109 3548 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0109 3548 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
21:16:34.0125 3548 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:16:34.0125 3548 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0125 3548 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
21:16:34.0203 3548 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:16:34.0218 3548 ose - ok
21:16:34.0265 3548 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:16:34.0265 3548 Parport ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0265 3548 Parport - detected UnsignedFile.Multi.Generic (1)
21:16:34.0281 3548 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:16:34.0281 3548 PartMgr ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0281 3548 PartMgr - detected UnsignedFile.Multi.Generic (1)
21:16:34.0312 3548 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:16:34.0312 3548 ParVdm ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0312 3548 ParVdm - detected UnsignedFile.Multi.Generic (1)
21:16:34.0312 3548 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:16:34.0328 3548 PCI ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0328 3548 PCI - detected UnsignedFile.Multi.Generic (1)
21:16:34.0359 3548 PCIDump - ok
21:16:34.0375 3548 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:16:34.0390 3548 PCIIde ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0390 3548 PCIIde - detected UnsignedFile.Multi.Generic (1)
21:16:34.0406 3548 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:16:34.0406 3548 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0406 3548 Pcmcia - detected UnsignedFile.Multi.Generic (1)
21:16:34.0421 3548 PDCOMP - ok
21:16:34.0421 3548 PDFRAME - ok
21:16:34.0421 3548 PDRELI - ok
21:16:34.0437 3548 PDRFRAME - ok
21:16:34.0453 3548 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:16:34.0453 3548 perc2 ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0453 3548 perc2 - detected UnsignedFile.Multi.Generic (1)
21:16:34.0500 3548 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:16:34.0515 3548 perc2hib ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0515 3548 perc2hib - detected UnsignedFile.Multi.Generic (1)
21:16:34.0562 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:16:34.0562 3548 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0562 3548 PlugPlay - detected UnsignedFile.Multi.Generic (1)
21:16:34.0578 3548 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:16:34.0578 3548 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0578 3548 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:16:34.0578 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:16:34.0593 3548 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0593 3548 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
21:16:34.0640 3548 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:16:34.0640 3548 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0640 3548 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
21:16:34.0656 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:16:34.0671 3548 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0671 3548 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
21:16:34.0671 3548 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:16:34.0671 3548 PSched ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0671 3548 PSched - detected UnsignedFile.Multi.Generic (1)
21:16:34.0687 3548 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:16:34.0687 3548 Ptilink ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0687 3548 Ptilink - detected UnsignedFile.Multi.Generic (1)
21:16:34.0718 3548 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:16:34.0734 3548 ql1080 ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0734 3548 ql1080 - detected UnsignedFile.Multi.Generic (1)
21:16:34.0734 3548 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:16:34.0734 3548 Ql10wnt ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0734 3548 Ql10wnt - detected UnsignedFile.Multi.Generic (1)
21:16:34.0750 3548 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:16:34.0750 3548 ql12160 ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0750 3548 ql12160 - detected UnsignedFile.Multi.Generic (1)
21:16:34.0765 3548 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:16:34.0765 3548 ql1240 ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0765 3548 ql1240 - detected UnsignedFile.Multi.Generic (1)
21:16:34.0781 3548 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:16:34.0781 3548 ql1280 ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0781 3548 ql1280 - detected UnsignedFile.Multi.Generic (1)
21:16:34.0812 3548 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:16:34.0812 3548 RasAcd ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0812 3548 RasAcd - detected UnsignedFile.Multi.Generic (1)
21:16:34.0859 3548 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:16:34.0859 3548 RasAuto ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0859 3548 RasAuto - detected UnsignedFile.Multi.Generic (1)
21:16:34.0890 3548 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:16:34.0906 3548 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0906 3548 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
21:16:34.0953 3548 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:16:34.0968 3548 RasMan ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0968 3548 RasMan - detected UnsignedFile.Multi.Generic (1)
21:16:34.0968 3548 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:16:34.0968 3548 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0968 3548 RasPppoe - detected UnsignedFile.Multi.Generic (1)
21:16:34.0984 3548 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:16:34.0984 3548 Raspti ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0984 3548 Raspti - detected UnsignedFile.Multi.Generic (1)
21:16:35.0000 3548 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:16:35.0000 3548 Rdbss ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0000 3548 Rdbss - detected UnsignedFile.Multi.Generic (1)
21:16:35.0015 3548 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:16:35.0015 3548 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0015 3548 RDPCDD - detected UnsignedFile.Multi.Generic (1)
21:16:35.0031 3548 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:16:35.0046 3548 rdpdr ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0046 3548 rdpdr - detected UnsignedFile.Multi.Generic (1)
21:16:35.0093 3548 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:16:35.0093 3548 RDPWD ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0093 3548 RDPWD - detected UnsignedFile.Multi.Generic (1)
21:16:35.0109 3548 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:16:35.0125 3548 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0125 3548 RDSessMgr - detected UnsignedFile.Multi.Generic (1)
21:16:35.0156 3548 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:16:35.0156 3548 redbook ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0156 3548 redbook - detected UnsignedFile.Multi.Generic (1)
21:16:35.0187 3548 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:16:35.0203 3548 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0203 3548 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
21:16:35.0265 3548 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:16:35.0265 3548 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0265 3548 RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
21:16:35.0296 3548 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:16:35.0296 3548 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0296 3548 RpcLocator - detected UnsignedFile.Multi.Generic (1)
21:16:35.0343 3548 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:16:35.0359 3548 RpcSs ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0359 3548 RpcSs - detected UnsignedFile.Multi.Generic (1)
21:16:35.0515 3548 [ D3A155691CDE72C2048ED1CB756BEA47 ] RssDSService C:\Program Files\SecureLink\bin\SLinkSW\RssDSProxy.exe
21:16:35.0531 3548 RssDSService - ok
21:16:35.0593 3548 [ 3F2BE8B8719C3031E0BEA61D3BF088BA ] RssUVNC C:\Program Files\SecureLink\bin\SLinkSW\rssuvnc.exe
21:16:35.0703 3548 RssUVNC ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0703 3548 RssUVNC - detected UnsignedFile.Multi.Generic (1)
21:16:35.0734 3548 [ EF6C988E7A37A3EF847320D9459B6E4E ] RssVNC C:\Program Files\SecureLink\bin\SLinkSW\rssvnc.exe
21:16:35.0765 3548 RssVNC - ok
21:16:35.0812 3548 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:16:35.0812 3548 RSVP ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0812 3548 RSVP - detected UnsignedFile.Multi.Generic (1)
21:16:35.0843 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:16:35.0843 3548 SamSs ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0843 3548 SamSs - detected UnsignedFile.Multi.Generic (1)
21:16:35.0890 3548 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:16:35.0906 3548 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0906 3548 SCardSvr - detected UnsignedFile.Multi.Generic (1)
21:16:35.0953 3548 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:16:35.0953 3548 Schedule ( UnsignedFile.Multi.Generic ) - warning
21:16:35.0953 3548 Schedule - detected UnsignedFile.Multi.Generic (1)
21:16:36.0000 3548 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:16:36.0000 3548 Secdrv ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0000 3548 Secdrv - detected UnsignedFile.Multi.Generic (1)
21:16:36.0046 3548 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:16:36.0046 3548 seclogon ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0046 3548 seclogon - detected UnsignedFile.Multi.Generic (1)
21:16:36.0109 3548 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
21:16:36.0125 3548 SenFiltService ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0125 3548 SenFiltService - detected UnsignedFile.Multi.Generic (1)
21:16:36.0125 3548 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:16:36.0140 3548 SENS ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0140 3548 SENS - detected UnsignedFile.Multi.Generic (1)
21:16:36.0156 3548 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:16:36.0171 3548 serenum ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0171 3548 serenum - detected UnsignedFile.Multi.Generic (1)
21:16:36.0187 3548 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:16:36.0187 3548 Serial ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0187 3548 Serial - detected UnsignedFile.Multi.Generic (1)
21:16:36.0203 3548 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:16:36.0203 3548 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0203 3548 Sfloppy - detected UnsignedFile.Multi.Generic (1)
21:16:36.0265 3548 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:16:36.0281 3548 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0281 3548 SharedAccess - detected UnsignedFile.Multi.Generic (1)
21:16:36.0296 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:16:36.0296 3548 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0296 3548 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
21:16:36.0312 3548 Simbad - ok
21:16:36.0343 3548 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:16:36.0343 3548 sisagp ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0343 3548 sisagp - detected UnsignedFile.Multi.Generic (1)
21:16:36.0390 3548 [ 99A4E928F36BB5B7A5E7CA7DD314B996 ] slinksc C:\Program Files\SecureLink\bin\Wrapper.exe
21:16:36.0406 3548 slinksc ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0406 3548 slinksc - detected UnsignedFile.Multi.Generic (1)
21:16:36.0437 3548 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:16:36.0453 3548 Sparrow ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0453 3548 Sparrow - detected UnsignedFile.Multi.Generic (1)
21:16:36.0468 3548 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:16:36.0484 3548 splitter ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0484 3548 splitter - detected UnsignedFile.Multi.Generic (1)
21:16:36.0531 3548 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:16:36.0531 3548 Spooler ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0531 3548 Spooler - detected UnsignedFile.Multi.Generic (1)
21:16:36.0546 3548 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:16:36.0546 3548 sr ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0546 3548 sr - detected UnsignedFile.Multi.Generic (1)
21:16:36.0562 3548 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:16:36.0562 3548 srservice ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0562 3548 srservice - detected UnsignedFile.Multi.Generic (1)
21:16:36.0609 3548 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:16:36.0609 3548 Srv ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0609 3548 Srv - detected UnsignedFile.Multi.Generic (1)
21:16:36.0656 3548 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:16:36.0656 3548 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0656 3548 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
21:16:36.0671 3548 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:16:36.0687 3548 stisvc ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0687 3548 stisvc - detected UnsignedFile.Multi.Generic (1)
21:16:36.0718 3548 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:16:36.0718 3548 swenum ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0718 3548 swenum - detected UnsignedFile.Multi.Generic (1)
21:16:36.0734 3548 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:16:36.0750 3548 swmidi ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0750 3548 swmidi - detected UnsignedFile.Multi.Generic (1)
21:16:36.0750 3548 SwPrv - ok
21:16:36.0796 3548 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:16:36.0796 3548 symc810 ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0796 3548 symc810 - detected UnsignedFile.Multi.Generic (1)
21:16:36.0812 3548 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:16:36.0828 3548 symc8xx ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0828 3548 symc8xx - detected UnsignedFile.Multi.Generic (1)
21:16:36.0828 3548 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:16:36.0828 3548 sym_hi ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0828 3548 sym_hi - detected UnsignedFile.Multi.Generic (1)
21:16:36.0843 3548 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:16:36.0843 3548 sym_u3 ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0843 3548 sym_u3 - detected UnsignedFile.Multi.Generic (1)
21:16:36.0875 3548 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:16:36.0890 3548 sysaudio ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0890 3548 sysaudio - detected UnsignedFile.Multi.Generic (1)
21:16:36.0906 3548 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:16:36.0921 3548 SysmonLog ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0921 3548 SysmonLog - detected UnsignedFile.Multi.Generic (1)
21:16:36.0953 3548 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:16:36.0953 3548 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
21:16:36.0953 3548 TapiSrv - detected UnsignedFile.Multi.Generic (1)
21:16:37.0015 3548 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:16:37.0031 3548 Tcpip ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0031 3548 Tcpip - detected UnsignedFile.Multi.Generic (1)
21:16:37.0062 3548 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:16:37.0062 3548 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0062 3548 TDPIPE - detected UnsignedFile.Multi.Generic (1)
21:16:37.0093 3548 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:16:37.0109 3548 TDTCP ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0109 3548 TDTCP - detected UnsignedFile.Multi.Generic (1)
21:16:37.0140 3548 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:16:37.0140 3548 TermDD ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0140 3548 TermDD - detected UnsignedFile.Multi.Generic (1)
21:16:37.0171 3548 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:16:37.0171 3548 TermService ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0171 3548 TermService - detected UnsignedFile.Multi.Generic (1)
21:16:37.0234 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:16:37.0234 3548 Themes ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0234 3548 Themes - detected UnsignedFile.Multi.Generic (1)
21:16:37.0281 3548 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:16:37.0281 3548 TlntSvr ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0281 3548 TlntSvr - detected UnsignedFile.Multi.Generic (1)
21:16:37.0296 3548 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:16:37.0312 3548 TosIde ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0312 3548 TosIde - detected UnsignedFile.Multi.Generic (1)
21:16:37.0343 3548 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:16:37.0359 3548 TrkWks ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0359 3548 TrkWks - detected UnsignedFile.Multi.Generic (1)
21:16:37.0406 3548 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:16:37.0406 3548 Udfs ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0406 3548 Udfs - detected UnsignedFile.Multi.Generic (1)
21:16:37.0421 3548 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:16:37.0437 3548 ultra ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0437 3548 ultra - detected UnsignedFile.Multi.Generic (1)
21:16:37.0484 3548 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:16:37.0500 3548 Update ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0500 3548 Update - detected UnsignedFile.Multi.Generic (1)
21:16:37.0515 3548 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:16:37.0531 3548 upnphost ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0531 3548 upnphost - detected UnsignedFile.Multi.Generic (1)
21:16:37.0546 3548 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:16:37.0546 3548 UPS ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0546 3548 UPS - detected UnsignedFile.Multi.Generic (1)
21:16:37.0593 3548 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:16:37.0593 3548 usbccgp ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0593 3548 usbccgp - detected UnsignedFile.Multi.Generic (1)
21:16:37.0609 3548 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:16:37.0609 3548 usbehci ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0609 3548 usbehci - detected UnsignedFile.Multi.Generic (1)
21:16:37.0625 3548 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:16:37.0625 3548 usbhub ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0625 3548 usbhub - detected UnsignedFile.Multi.Generic (1)
21:16:37.0687 3548 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:16:37.0687 3548 usbscan ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0687 3548 usbscan - detected UnsignedFile.Multi.Generic (1)
21:16:37.0718 3548 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:16:37.0734 3548 USBSTOR ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0734 3548 USBSTOR - detected UnsignedFile.Multi.Generic (1)
21:16:37.0750 3548 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:16:37.0750 3548 usbuhci ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0750 3548 usbuhci - detected UnsignedFile.Multi.Generic (1)
21:16:37.0750 3548 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:16:37.0750 3548 VgaSave ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0750 3548 VgaSave - detected UnsignedFile.Multi.Generic (1)
21:16:37.0796 3548 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:16:37.0796 3548 viaagp ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0796 3548 viaagp - detected UnsignedFile.Multi.Generic (1)
21:16:37.0796 3548 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:16:37.0812 3548 ViaIde ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0812 3548 ViaIde - detected UnsignedFile.Multi.Generic (1)
21:16:37.0843 3548 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:16:37.0843 3548 VolSnap ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0843 3548 VolSnap - detected UnsignedFile.Multi.Generic (1)
21:16:37.0843 3548 vsdatant - ok
21:16:37.0875 3548 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:16:37.0890 3548 VSS ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0890 3548 VSS - detected UnsignedFile.Multi.Generic (1)
21:16:37.0921 3548 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
21:16:37.0921 3548 w32time ( UnsignedFile.Multi.Generic ) - warning
21:16:37.0921 3548 w32time - detected UnsignedFile.Multi.Generic (1)
21:16:37.0937 3548 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp

jlcaylor · Sep 11, 2013

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.11.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cpeed :: D6LNV5H1 [administrator]

9/11/2013 9:50:14 PM
mbar-log-2013-09-11 (21-50-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 339266
Time elapsed: 15 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2135838720, free: 1544105984

Downloaded database version: v2013.09.11.08
Downloaded database version: v2013.08.06.01
=======================================
------------ Kernel report ------------
09/11/2013 21:34:05
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
93261300.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\Senfilt.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\??\C:\WINDOWS\system32\Drivers\NEOFLTR_7110_21187.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a1896c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8a779030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a1896c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a1894a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1896c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a779030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\toside.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\toside.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ultra.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ultra.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mraid35x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mraid35x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\perc2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\perc2hib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2hib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1080.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql1080.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql10wnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql10wnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql12160.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql12160.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1240.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql1240.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1280.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql1280.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cd20xrnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cd20xrnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cmdide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cmdide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqarray.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqarray.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dac2w2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dac2w2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dac960nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dac960nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dpti2o.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dpti2o.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\e100b325.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\e100b325.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sym_u3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sym_u3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_OPT_330.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_OPT_330.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ABP480N5.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ABP480N5.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adpu160m.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adpu160m.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aha154x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aha154x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aic78u2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aic78u2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aic78xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aic78xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hpn.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hpn.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ini910u.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ini910u.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sparrow.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sparrow.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\symc810.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\symc810.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\symc8xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\symc8xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sym_hi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sym_hi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amsint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amsint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\asc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc3350p.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\asc3350p.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc3550.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\asc3550.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 156135735
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Read File: File "C:\WINDOWS\wiadebug.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\wiaservc.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\cpeed\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\cpeed\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat" is compressed (flags = 1)
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify --> [PUM.Disabled.SecurityCenter]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_96390_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2135838720, free: 1474719744

Initializing...
======================
------------ Kernel report ------------
09/11/2013 21:50:02
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
93261300.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\Senfilt.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\??\C:\WINDOWS\system32\Drivers\NEOFLTR_7110_21187.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a1896c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8a779030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a1896c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a1894a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1896c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a779030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\toside.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\toside.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ultra.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ultra.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mraid35x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mraid35x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\perc2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\perc2hib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2hib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1080.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql1080.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql10wnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql10wnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql12160.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql12160.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1240.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql1240.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1280.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql1280.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cd20xrnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cd20xrnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cmdide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cmdide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqarray.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqarray.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dac2w2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dac2w2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dac960nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dac960nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dpti2o.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dpti2o.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\e100b325.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\e100b325.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sym_u3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sym_u3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_OPT_330.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_OPT_330.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ABP480N5.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ABP480N5.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adpu160m.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adpu160m.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aha154x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aha154x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aic78u2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aic78u2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aic78xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aic78xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hpn.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hpn.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ini910u.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ini910u.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sparrow.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sparrow.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\symc810.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\symc810.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\symc8xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\symc8xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sym_hi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sym_hi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amsint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amsint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\asc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc3350p.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\asc3350p.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc3550.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\asc3550.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 156135735
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Read File: File "C:\WINDOWS\wiadebug.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\wiaservc.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\cpeed\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\cpeed\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat" is compressed (flags = 1)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_96390_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

jlcaylor · Sep 11, 2013

What ya think Fiery? Are we done. I am AMAZED at your expertise! Thank you so much!!

Fiery · Sep 11, 2013

Hi,

Not quite done yet. Can you attach your TDSSKiller log? CLick New Reply and scroll down tot he Attachment section. A few more scans and we will be done

Please download Malwarebytes' Anti-Malware from here to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
When it prompts you to try their 30-day trail, click decline
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
- Scan unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

jlcaylor · Sep 24, 2013

Here is the most recent TDSSkiller log.

jlcaylor · Sep 24, 2013

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.24.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cpeed :: D6LNV5H1 [administrator]

Protection: Enabled

9/24/2013 1:26:38 PM
mbam-log-2013-09-24 (13-26-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308376
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 36
HKCR\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCR\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCR\CLSID\{042DA63B-0933-403D-9395-B49307691690} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCR\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCR\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCR\Inbox.JSServer (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCR\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|InboxToolbar (PUP.Optional.Inbox) -> Data: "C:\PROGRA~1\INBOXT~1\Inbox.exe" /STARTUP -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.1.7.0 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.1.7.0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\Inbox Toolbar\Inbox.exe (PUP.Optional.Inbox) -> Delete on reboot.
C:\Program Files\Inbox Toolbar\Inbox.dll (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

(end)

jlcaylor · Sep 24, 2013

My Eset NOD32 log.

Fiery · Sep 24, 2013

Download OTL by Old Timer from here and save it to your Desktop.

Open OTL. Under custom scan/fixes, copy and paste the following:

:Commands
[EMPTYTEMP]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

How is your PC running now?

jlcaylor · Oct 23, 2013

Hey Fiery,
Sorry for the tardy reply.
I have attempted to run this OTL by Oldtimer several times. The run just freezes. I thought that it was just a real slow process, so I let it run all night several times to no avail.
Should I try something different?

Fiery · Oct 29, 2013

Hi,

Please transfer the Farbar tool from your USB onto your Desktop. Then double click it and run it. It will produce a log, please post that in your next reply.

How is your PC running?

jlcaylor · Oct 30, 2013

FARBAR log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013
Ran by cpeed (administrator) on D6LNV5H1 on 30-10-2013 18:10:04
Running from C:\Documents and Settings\cpeed\Desktop\My Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Allscripts) C:\Program Files\Allscripts\Deployment\ClientUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\SecureLink\bin\Wrapper.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Sun Microsystems, Inc.) C:\Program Files\SecureLink\java\bin\java.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(PFU LIMITED) C:\Scans\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(PFU LIMITED) C:\Scans\PFU\ScanSnap\Driver\PfuSsMon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)
HKLM\...\Run: [ECenter] - C:\dell\E-Center\EULALauncher.exe [17920 2008-02-26] ( )
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-02-26] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Enhanced Performance Keyboard] - C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe [253440 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
Winlogon\Notify\rssnotify: C:\WINDOWS\system32\rssnotify.dll ()
Winlogon\Notify\uvncnotify: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-21] (Google Inc.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
MountPoints2: {6e351506-c2b3-11e0-8a5c-001ec95745cc} - E:\setup.exe
HKU\dklose\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-21] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Scans\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CesarFTP.lnk
ShortcutTarget: CesarFTP.lnk -> C:\Program Files\CesarFTP\CesarFTP.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Scans\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Scans\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Documents and Settings\cpeed\Start Menu\Programs\Startup\17tbrrzj.lnk
ShortcutTarget: 17tbrrzj.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {D295732D-567D-4990-B3A2-C8A2419F9331} URL = http://www.mysearchresults.com/search?c=2804&t=01&q={searchTerms}
SearchScopes: HKCU - {FB3E12EA-D9F7-47CB-BB68-9A12749C7B11} URL = http://search.conduit.com/Results.aspx?&ctid=CT3283894&SearchSource=45?&q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
DPF: {222D8CD9-C9C2-4035-ABDC-414836D9B49F} https://portal.chs.net/,DanaInfo=10.41.4.12+MPI.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.chs.net/dana-cached/sc/JuniperSetupClient.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 205.171.3.26 205.171.2.26

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 Allscripts Deployment Client Updater Service; C:\Program Files\Allscripts\Deployment\ClientUpdater.exe [243200 2012-04-10] (Allscripts)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 RssUVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssuvnc.exe [1408176 2012-05-10] (UltraVNC)
S3 RssVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssvnc.exe [424280 2012-05-10] (RealVNC Ltd.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 RssDSService; "C:\Program Files\SecureLink\bin\SLinkSW\RssDSProxy.exe" -service -listenport 5916 -rsschannel 127.0.0.1:7892 [x]
R2 slinksc; "C:\Program Files\SecureLink\bin\Wrapper.exe" -s "C:\Program Files\SecureLink\conf\wrapper.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-25] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 NEOFLTR_7110_21187; C:\WINDOWS\system32\Drivers\NEOFLTR_7110_21187.SYS [85680 2012-06-11] (Juniper Networks)
R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S4 vsdatant; a [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-30 18:06 - 2013-10-30 18:07 - 00000000 ____D C:\WINDOWS\LastGood
2013-10-29 17:50 - 2013-10-29 17:50 - 00000000 ____D C:\Documents and Settings\cpeed\Application Data\Oracle
2013-10-29 17:49 - 2013-10-29 17:49 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Sun
2013-10-29 17:48 - 2013-10-29 17:48 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-29 17:48 - 2013-10-29 17:48 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-29 17:48 - 2013-10-29 17:48 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-29 17:48 - 2013-10-29 17:48 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-29 17:48 - 2013-10-29 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-29 17:43 - 2013-10-29 18:06 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-10-29 17:43 - 2013-10-29 17:44 - 00030391 _____ C:\WINDOWS\KB926139-v2.log
2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$
2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\WINDOWS\system32\windowspowershell
2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2013-10-23 19:29 - 2013-10-23 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix
2013-10-23 14:00 - 2013-10-23 14:00 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-23 13:32 - 2013-10-29 18:10 - 00032888 _____ C:\WINDOWS\KB2862335.log
2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-23 13:24 - 2013-10-23 13:24 - 00020531 _____ C:\WINDOWS\KB2868038.log
2013-10-23 13:24 - 2013-10-23 13:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-23 13:23 - 2013-10-23 13:24 - 00018664 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-23 13:23 - 2013-10-23 13:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-23 13:22 - 2013-10-23 13:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2013-10-23 13:15 - 2013-10-23 13:33 - 00021747 _____ C:\WINDOWS\KB2847311.log
2013-10-23 13:15 - 2013-07-16 19:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-23 13:15 - 2013-07-16 19:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-23 13:15 - 2013-07-16 19:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-23 13:15 - 2013-07-02 21:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-23 13:15 - 2013-07-02 20:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-10-23 13:14 - 2013-08-08 19:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-23 13:14 - 2013-08-08 19:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-23 13:14 - 2013-08-08 19:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-23 13:14 - 2009-03-18 06:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-01 13:32 - 2013-10-01 13:32 - 00000000 ____D C:\_OTL

==================== One Month Modified Files and Folders =======

2013-10-30 18:07 - 2013-10-30 18:06 - 00000000 ____D C:\WINDOWS\LastGood
2013-10-30 18:07 - 2008-08-21 09:57 - 00989329 _____ C:\WINDOWS\setupapi.log
2013-10-30 18:07 - 2004-08-11 16:13 - 01658397 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-30 18:00 - 2013-06-24 14:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-30 17:13 - 2010-02-15 12:07 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 16:30 - 2008-09-11 14:25 - 00000128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2013-10-30 15:46 - 2010-02-15 12:07 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 15:45 - 2004-08-11 16:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-30 15:45 - 2004-08-11 16:09 - 00000159 ____C C:\WINDOWS\wiadebug.log
2013-10-30 15:45 - 2004-08-11 16:09 - 00000050 ____C C:\WINDOWS\wiaservc.log
2013-10-29 18:10 - 2013-10-23 13:32 - 00032888 _____ C:\WINDOWS\KB2862335.log
2013-10-29 18:10 - 2004-08-11 16:20 - 00032486 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-29 18:09 - 2008-02-05 10:30 - 00000278 ___SH C:\Documents and Settings\cpeed\ntuser.ini
2013-10-29 18:09 - 2008-02-05 10:30 - 00000000 ____D C:\Documents and Settings\cpeed
2013-10-29 18:08 - 2008-08-21 10:17 - 00086491 ____C C:\WINDOWS\spupdsvc.log
2013-10-29 18:06 - 2013-10-29 17:43 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-10-29 18:06 - 2004-08-11 16:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-29 17:50 - 2013-10-29 17:50 - 00000000 ____D C:\Documents and Settings\cpeed\Application Data\Oracle
2013-10-29 17:50 - 2008-08-21 10:11 - 00000000 ____D C:\Program Files\Java
2013-10-29 17:50 - 2008-08-21 10:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-29 17:49 - 2013-10-29 17:49 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Sun
2013-10-29 17:48 - 2013-10-29 17:48 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-29 17:48 - 2013-10-29 17:48 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-29 17:48 - 2013-10-29 17:48 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-29 17:48 - 2013-10-29 17:48 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-29 17:48 - 2013-10-29 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-29 17:48 - 2008-08-21 10:12 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-29 17:44 - 2013-10-29 17:43 - 00030391 _____ C:\WINDOWS\KB926139-v2.log
2013-10-29 17:44 - 2004-08-11 16:07 - 02466629 _____ C:\WINDOWS\FaxSetup.log
2013-10-29 17:44 - 2004-08-11 16:07 - 01187547 _____ C:\WINDOWS\ocgen.log
2013-10-29 17:44 - 2004-08-11 16:07 - 01129699 _____ C:\WINDOWS\tsoc.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00761672 _____ C:\WINDOWS\msmqinst.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00697285 _____ C:\WINDOWS\iis6.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00660390 _____ C:\WINDOWS\comsetup.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00430753 _____ C:\WINDOWS\netfxocm.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00399929 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00169970 _____ C:\WINDOWS\MedCtrOC.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00123984 _____ C:\WINDOWS\tabletoc.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00123199 _____ C:\WINDOWS\msgsocm.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00108762 _____ C:\WINDOWS\ocmsn.log
2013-10-29 17:44 - 2004-08-11 16:07 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$
2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\WINDOWS\system32\windowspowershell
2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2013-10-29 17:40 - 2004-08-11 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-23 20:06 - 2004-08-11 16:06 - 00214472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-23 19:29 - 2013-10-23 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix
2013-10-23 19:29 - 2013-01-29 09:44 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Citrix
2013-10-23 19:29 - 2009-05-19 11:42 - 00000000 ____D C:\Program Files\Citrix
2013-10-23 14:00 - 2013-10-23 14:00 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-23 14:00 - 2013-06-24 14:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-23 14:00 - 2013-06-24 14:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-23 13:35 - 2004-08-11 16:07 - 00589442 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-23 13:33 - 2013-10-23 13:15 - 00021747 _____ C:\WINDOWS\KB2847311.log
2013-10-23 13:33 - 2004-08-11 16:07 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-23 13:32 - 2008-08-21 10:06 - 00271022 _____ C:\WINDOWS\updspapi.log
2013-10-23 13:29 - 2013-07-31 19:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-23 13:24 - 2013-10-23 13:24 - 00020531 _____ C:\WINDOWS\KB2868038.log
2013-10-23 13:24 - 2013-10-23 13:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-23 13:24 - 2013-10-23 13:23 - 00018664 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-23 13:24 - 2011-10-07 08:34 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-23 13:23 - 2013-10-23 13:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-23 13:23 - 2011-10-07 08:38 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-23 13:22 - 2013-10-23 13:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2013-10-23 13:18 - 2013-06-24 14:38 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-23 13:07 - 2008-09-11 14:25 - 00000000 __SHD C:\WINDOWS\CSC
2013-10-01 13:32 - 2013-10-01 13:32 - 00000000 ____D C:\_OTL

Files to move or delete:
====================
C:\Documents and Settings\cpeed\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Documents and Settings\administrator.W11673DOM\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv_5fb2d044.exe
C:\Documents and Settings\cpeed\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

jlcaylor · Oct 30, 2013

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2013
Ran by cpeed at 2013-10-30 18:10:48
Running from C:\Documents and Settings\cpeed\Desktop\My Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
7-Zip 9.20
ABBYY FineReader for ScanSnap (TM) 4.1 (Version: 8.02.380.7259)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader 9 (Version: 9.0.0)
Allscripts MyWay Client (Version: 10.1.1479.807)
Aprima PRM (HKCU Version: 11.0.1306.2014)
Aprima_11.0.1306.2014 (Version: 0.1)
Aprima_1284 (Version: 0.1)
CardMinder (Version: V4.1L10)
CardMinder V4.1 (Version: 4.1.10.1)
Catella4 (Version: 4.0.44)
Cisco WebEx Meetings
Citrix online plug-in - web (Version: 12.1.44.1)
Citrix online plug-in (DV) (Version: 12.1.44.1)
Citrix online plug-in (HDX) (Version: 12.1.44.1)
Citrix online plug-in (USB) (Version: 12.1.44.1)
Citrix online plug-in (Web) (Version: 12.1.44.1)
DefaultTab (Version: 2.1.7.0)
DownloadX ActiveX Download Control 1.6.7
ESET Online Scanner v3
FileHelp Assistant (Version: 2.0.0)
Free File Opener (Version: 2011.8.0.0)
Google Chrome (Version: 30.0.1599.101)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Inbox Toolbar (Version: 2.0.0.55)
InfoPrint AFP Viewer Plug-In (Version: 3.4.1.7)
InstallPDFDrivers (Version: 1.00.000)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
join.me (HKCU Version: 1.9.2.216)
Juniper Networks Host Checker (HKCU Version: 6.5.0.15255)
Juniper Networks Secure Application Manager (Version: 7.1.10.21187)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.10.21853)
Kyocera Product Library (Version: 2.0.0713)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2003 Web Components (Version: 11.0.5614.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Office XP Web Components (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Misys Tiger Service Pack 9.10.2 SP3 (Version: 9.10.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
OpalRAD Image Viewer (remove only)
PowerDVD (Version: 8.0)
ScanSnap (Version: 5.1.11.1)
ScanSnap Manager (Version: V5.1L11)
ScanSnap Organizer (Version: 4.1.11.18)
ScanSnap Organizer (Version: V4.1L11)
SearchAssist
SecureLink Gatekeeper (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
USB Enhanced Performance Keyboard (Version: 2.0.1.8)
WebFldrs XP (Version: 9.50.7523)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell(TM) 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Software Update
Yahoo! Toolbar

==================== Restore Points =========================

12-08-2013 13:52:54 System Checkpoint
13-08-2013 13:59:08 System Checkpoint
14-08-2013 17:04:57 System Checkpoint
14-08-2013 23:01:00 Software Distribution Service 3.0
15-08-2013 14:41:40 Installed Aprima_11.0.1306.2014
20-08-2013 14:31:04 System Checkpoint
21-08-2013 18:35:22 System Checkpoint
26-08-2013 13:47:31 System Checkpoint
27-08-2013 14:05:25 System Checkpoint
28-08-2013 14:50:54 System Checkpoint
28-08-2013 23:33:01 Software Distribution Service 3.0
03-09-2013 14:41:38 System Checkpoint
04-09-2013 15:03:02 Unsigned driver install
04-09-2013 15:34:32 Unsigned driver install
04-09-2013 23:40:04 Unsigned driver install
05-09-2013 00:01:14 Installed USB Enhanced Performance Keyboard.
07-09-2013 19:33:22 Unsigned driver install
07-09-2013 19:53:20 Unsigned driver install
09-09-2013 00:58:41 System Checkpoint
12-09-2013 02:48:52 Malwarebytes Anti-Rootkit Restore Point
12-09-2013 00:20:53 Software Distribution Service 3.0
17-09-2013 14:37:42 System Checkpoint
18-09-2013 15:21:14 System Checkpoint
19-09-2013 16:21:15 System Checkpoint
20-09-2013 17:21:15 System Checkpoint
21-09-2013 18:21:15 System Checkpoint
22-09-2013 19:21:14 System Checkpoint
23-09-2013 20:21:15 System Checkpoint
24-09-2013 21:14:58 System Checkpoint
25-09-2013 22:06:28 System Checkpoint
26-09-2013 23:06:06 System Checkpoint
28-09-2013 00:06:06 System Checkpoint
29-09-2013 01:06:06 System Checkpoint
30-09-2013 02:06:06 System Checkpoint
01-10-2013 20:15:08 System Checkpoint
23-10-2013 18:16:48 Software Distribution Service 3.0
29-10-2013 22:42:31 Software Distribution Service 3.0
29-10-2013 22:43:39 Installed %1 %2.
29-10-2013 22:47:48 Removed Java(TM) 6 Update 26
29-10-2013 22:48:21 Installed Java 7 Update 45
29-10-2013 23:09:40 Software Distribution Service 3.0
30-10-2013 23:06:31 Unsigned driver install

==================== Hosts content: ==========================

2004-08-11 16:00 - 2011-06-23 10:37 - 00000791 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
192.168.20.10 w11673-1 #Server

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-16 10:47 - 2012-05-10 17:51 - 00122760 _____ () C:\WINDOWS\system32\rssnotify.dll
2006-11-06 10:44 - 2006-11-06 10:44 - 00069632 _____ () C:\Program Files\SecureLink\lib\Wrapper.dll
2011-10-07 08:55 - 2008-11-12 15:32 - 00014848 _____ () C:\Scans\PFU\ScanSnap\CardMinder\CardPath.dll
2011-10-07 08:52 - 2009-11-23 09:34 - 00344064 _____ () C:\Scans\PFU\ScanSnap\Driver\PfuSsConfig.dll
2011-10-07 08:52 - 2009-10-15 09:02 - 00233472 _____ () C:\Scans\PFU\ScanSnap\Driver\PfuSsExtention.dll
2011-10-07 08:52 - 2003-03-26 18:46 - 00135168 _____ () C:\Scans\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2011-10-07 08:52 - 2007-06-26 20:27 - 00167936 _____ () C:\Scans\PFU\ScanSnap\Driver\SSsltsa.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27977206.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48701187.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27977206.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48701187.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2013 05:22:48 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/30/2013 05:22:33 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/30/2013 03:46:14 PM) (Source: UserInit) (User: )
Description: Could not execute the following script D:\BIS\logon.bat. The system cannot find the file specified.
.

Error: (10/30/2013 03:46:07 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/30/2013 03:46:06 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/30/2013 03:45:51 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/29/2013 06:09:04 PM) (Source: UserInit) (User: )
Description: Could not execute the following script D:\BIS\logon.bat. The system cannot find the file specified.
.

Error: (10/29/2013 06:08:56 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/29/2013 06:08:41 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/29/2013 06:08:25 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

System errors:
=============
Error: (10/30/2013 04:01:12 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (10/30/2013 03:45:57 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/30/2013 03:45:41 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/30/2013 03:45:36 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain W11673DOM due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/29/2013 06:08:30 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/29/2013 06:08:15 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/29/2013 06:08:10 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain W11673DOM due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/29/2013 05:56:34 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (10/29/2013 05:41:19 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/29/2013 05:41:04 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Microsoft Office Sessions:
=========================
Error: (10/30/2013 05:22:48 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/30/2013 05:22:33 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/30/2013 03:46:14 PM) (Source: UserInit)(User: )
Description: D:\BIS\logon.batThe system cannot find the file specified.

Error: (10/30/2013 03:46:07 PM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/30/2013 03:46:06 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/30/2013 03:45:51 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/29/2013 06:09:04 PM) (Source: UserInit)(User: )
Description: D:\BIS\logon.batThe system cannot find the file specified.

Error: (10/29/2013 06:08:56 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/29/2013 06:08:41 PM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/29/2013 06:08:25 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 2036.89 MB
Available physical RAM: 1013.18 MB
Total Pagefile: 3929.2 MB
Available Pagefile: 3061.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.45 GB) (Free:54.13 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (HITMANPRO) (Removable) (Total:3.62 GB) (Free:3.6 GB) FAT32
Drive f: () (Network) (Total:40.36 GB) (Free:25.88 GB) NTFS
Drive h: () (Network) (Total:40.36 GB) (Free:25.88 GB) NTFS
Drive s: () (Network) (Total:40.36 GB) (Free:25.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: A92BA76D)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Fiery · Oct 30, 2013

Hi,

Download the following file by right-clicking it and select save as

[attachment=6094]

and save it in the same folder as the Farbar tool.

Then open FRST and click fix. Post the generated log.

Please let me know how your PC is doing.

jlcaylor · Jan 1, 2014

Computer running slow, but otherwise OK.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-01-2014
Ran by cpeed at 2014-01-01 14:09:26 Run:2
Running from C:\Documents and Settings\cpeed\Desktop\My Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Startup: C:\Documents and Settings\cpeed\Start Menu\Programs\Startup\17tbrrzj.lnk
ShortcutTarget: 17tbrrzj.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz (No File)
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=DownloadX...01/01/1970
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=DownloadX...01/01/1970
SearchScopes: HKCU - {D295732D-567D-4990-B3A2-C8A2419F9331} URL = http://www.mysearchresults.com/search?c=...archTerms}
SearchScopes: HKCU - {FB3E12EA-D9F7-47CB-BB68-9A12749C7B11} URL = http://search.conduit.com/Results.aspx?&...archTerms}
C:\Documents and Settings\cpeed\Start Menu\Programs\Startup\17tbrrzj.lnk
C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz
*****************
C:\Documents and Settings\cpeed\Start Menu\Programs\Startup\17tbrrzj.lnk => Moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D295732D-567D-4990-B3A2-C8A2419F9331} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D295732D-567D-4990-B3A2-C8A2419F9331} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB3E12EA-D9F7-47CB-BB68-9A12749C7B11} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB3E12EA-D9F7-47CB-BB68-9A12749C7B11} => Key not found.
"C:\Documents and Settings\cpeed\Start Menu\Programs\Startup\17tbrrzj.lnk" => File/Directory not found.
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz" => File/Directory not found.
==== End of Fixlog ====

ICE virus

New Member

Level 1

New Member

Level 1

Attachments

New Member

New Member

New Member

New Member

New Member

Level 1

New Member

Attachments

New Member

New Member

Attachments

Level 1

New Member

Level 1

New Member

New Member

Level 1

Attachments

New Member

Similar threads