Jump to content

shiannte

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Back to normal Thank you sooooo much for all of your help!
  2. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=efd6fba95682834ba2e9374d5060c928 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-17 01:19:56 # local_time=2012-07-16 03:19:56 (-1000, Hawaiian Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3589 16777189 100 74 1397679 93060631 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=185669 # found=16 # cleaned=16 # scan_time=3461 C:\Program Files\Zwinky_5qEI\Installr\1.bin\5qEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Zwinky_5qEI\Installr\1.bin\5qEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{99127170-8C24-4E44-88F1-D9B20302B823}\RP4\A0000168.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{99127170-8C24-4E44-88F1-D9B20302B823}\RP4\A0000169.dll a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0011.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  3. ComboFix 12-07-14.01 - Admin 07/16/2012 12:17:47.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1188 [GMT -10:00] Running from: c:\documents and settings\Admin\My Documents\ComboFix.exe Command switches used :: c:\documents and settings\Admin\My Documents\CFScript.txt AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))) . . 2012-07-15 04:43 . 2012-07-15 05:14 -------- d-----w- c:\documents and settings\Admin\Application Data\webex 2012-07-14 20:55 . 2012-07-14 20:55 1193472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\mac.dll 2012-07-14 20:53 . 2012-07-14 20:52 173568 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\welsvp.dll 2012-07-14 20:52 . 2012-07-14 20:52 43008 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\wbxtrace.dll 2012-07-14 20:52 . 2012-07-14 20:52 52736 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\raurl.dll 2012-07-14 20:52 . 2012-07-14 20:52 516920 ----a-w- c:\program files\Mozilla Firefox\plugins\atcliun.exe 2012-07-14 20:52 . 2012-07-14 20:52 4004352 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atres.dll 2012-07-14 20:52 . 2012-07-14 20:52 50176 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atpack.dll 2012-07-14 20:52 . 2012-07-14 20:52 8704 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atmemmgr.dll 2012-07-14 20:52 . 2012-07-14 20:52 69120 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atcarmcl.dll 2012-07-14 20:52 . 2012-07-14 20:52 1028096 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\Atwbxui12.dll 2012-07-14 20:52 . 2012-07-14 20:52 9216 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atkbctl.dll 2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\Mozilla Firefox\plugins\ieatgpc.dll 2012-07-14 20:52 . 2012-07-14 20:52 586040 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcext.dll 2012-07-14 20:52 . 2012-07-14 20:52 80184 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcdec.dll 2012-07-14 20:52 . 2012-07-14 20:52 215864 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll 2012-07-12 11:55 . 2012-07-12 11:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2012-07-12 11:50 . 2012-07-15 01:16 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Epson 2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Leader Technologies 2012-07-02 02:25 . 2012-07-02 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-07-02 02:24 . 2009-01-25 23:14 15224 ----a-w- c:\windows\system32\sdnclean.exe 2012-07-02 02:24 . 2012-07-02 02:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-06-30 10:41 . 2012-06-30 10:41 -------- d-----w- c:\documents and settings\Laptop User\Application Data\Malwarebytes 2012-06-30 10:40 . 2012-06-30 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-06-30 10:40 . 2012-07-03 23:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 10:40 . 2012-07-12 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-30 09:36 . 2012-06-30 09:36 -------- d-----w- c:\documents and settings\Laptop User\Application Data\DriverCure 2012-06-30 09:35 . 2012-06-30 09:35 -------- d-----w- c:\documents and settings\Laptop User\Application Data\SpeedMaxPc 2012-06-30 09:35 . 2012-07-01 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc 2012-06-28 06:05 . 2012-06-28 06:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-06-28 06:05 . 2012-06-28 06:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\windows\system32\drivers\N360 2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Norton 360 2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Windows Sidebar 2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\program files\NortonInstaller 2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2012-06-28 01:56 . 2012-06-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3E0405F6ED00096165D151FC4E 2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\sysprs7.dll 2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth2.dll 2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth1.dll 2012-06-26 22:25 . 2012-06-26 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software 2012-06-26 22:19 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2012-06-26 22:19 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2012-06-26 22:18 . 2008-04-14 00:12 16384 ----a-w- c:\windows\system32\ipsink.ax 2012-06-26 22:18 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2012-06-26 22:18 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2012-06-26 22:18 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2012-06-26 22:18 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2012-06-26 22:18 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2012-06-26 21:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2012-06-26 21:55 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax 2012-06-26 21:55 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys 2012-06-26 21:55 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax 2012-06-26 21:55 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax 2012-06-26 21:55 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys 2012-06-26 21:54 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys 2012-06-23 23:57 . 2012-06-23 23:57 -------- d-----w- c:\documents and settings\Laptop User\Local Settings\Application Data\IBM 2012-06-23 20:54 . 2012-04-20 19:29 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll 2012-06-23 20:54 . 2012-04-20 19:29 81920 ----a-w- c:\windows\system32\ieencode.dll 2012-06-23 07:09 . 2012-06-23 07:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-23 07:09 . 2012-06-23 07:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-22 05:43 . 2012-06-22 05:43 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-22 05:43 . 2012-06-22 05:43 472840 ----a-w- c:\windows\system32\deployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 20:22 . 2012-04-13 06:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-28 20:22 . 2011-06-07 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-22 05:43 . 2008-09-26 23:07 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-06 09:35 . 2012-06-06 09:35 83424 ----a-w- c:\windows\system32\dwabho.dll 2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-05 15:50 . 2005-09-08 11:03 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-03 01:19 . 2008-07-28 21:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-03 01:19 . 2008-07-28 21:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-03 01:19 . 2008-07-24 23:39 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-03 01:19 . 2008-07-24 23:39 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-03 01:19 . 2008-07-24 23:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-03 01:19 . 2009-01-09 20:15 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-03 01:19 . 2008-07-28 21:10 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-03 01:19 . 2008-07-24 23:39 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-03 01:19 . 2008-07-24 23:39 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-03 01:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-03 01:19 . 2008-07-28 21:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-03 01:19 . 2008-07-24 23:39 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-03 01:19 . 2008-07-24 23:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-03 01:18 . 2010-01-19 07:08 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-03 01:18 . 2010-01-19 07:08 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-03 01:18 . 2010-01-19 07:08 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2008-07-24 23:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-20 19:29 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-04-19 12:44 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec 2005-06-16 22:19 . 2005-06-16 22:19 2482176 ----a-w- c:\program files\TCTrill.dll 2005-06-11 01:12 . 2005-06-11 01:12 847872 ----a-w- c:\program files\TCTrillS.dll 2005-06-03 18:59 . 2005-06-03 18:59 61440 ----a-w- c:\program files\TCReports.dll 2004-02-12 04:11 . 2004-02-12 04:11 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe 2004-02-12 03:59 . 2004-02-12 03:59 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe 2004-01-27 02:04 . 2004-01-27 02:04 49152 ----a-w- c:\program files\TCAlerts.dll 2003-11-04 22:21 . 2003-11-04 22:21 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll 2003-11-04 22:21 . 2003-11-04 22:21 561152 ----a-w- c:\program files\xp32_207.dll 2003-11-04 22:21 . 2003-11-04 22:21 21776 ----a-w- c:\program files\shfolder.dll 2003-11-04 22:20 . 2003-11-04 22:20 479232 ----a-w- c:\program files\rp32_207.dll 2003-11-04 22:20 . 2003-11-04 22:20 217088 ----a-w- c:\program files\sa32_207.dll 2003-11-04 22:19 . 2003-11-04 22:19 725032 ----a-w- c:\program files\kSAdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 692264 ----a-w- c:\program files\kCPdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 413736 ----a-w- c:\program files\kGRdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 401462 ----a-w- c:\program files\msvcp60.dll 2003-11-04 22:19 . 2003-11-04 22:19 290869 ----a-w- c:\program files\msvcrt.dll 2003-11-04 22:19 . 2003-11-04 22:19 2744361 ----a-w- c:\program files\kFDMdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1982504 ----a-w- c:\program files\kFDdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1937448 ----a-w- c:\program files\kXPdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1794088 ----a-w- c:\program files\kRPdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1597480 ----a-w- c:\program files\kDBdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1486848 ----a-w- c:\program files\owl609v.dll 2003-11-04 22:18 . 2003-11-04 22:18 638976 ----a-w- c:\program files\fd32_207.dll 2003-11-04 22:18 . 2003-11-04 22:18 401728 ----a-w- c:\program files\EQNEDIT.EXE 2003-11-04 22:18 . 2003-11-04 22:18 352256 ----a-w- c:\program files\db32_207.dll 2003-11-04 22:18 . 2003-11-04 22:18 212992 ----a-w- c:\program files\cp32_207.dll 2003-11-04 22:18 . 2003-11-04 22:18 131072 ----a-w- c:\program files\gr32_207.dll 2003-11-04 22:18 . 2003-11-04 22:18 1122304 ----a-w- c:\program files\fm32_207.dll 2003-11-04 22:17 . 2003-11-04 22:17 311296 ----a-w- c:\program files\APE24EXT_MT.dll 2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-06-23 07:09 . 2011-12-28 05:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-15_01.40.44 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-15 01:51 . 2012-07-15 01:51 16384 c:\windows\Temp\Perflib_Perfdata_8e4.dat + 2012-07-15 01:45 . 2012-07-15 01:45 16384 c:\windows\Temp\Perflib_Perfdata_310.dat + 2012-07-15 01:49 . 2012-07-15 01:49 19968 c:\windows\Installer\3bbe3.msi + 2011-01-14 17:10 . 2011-01-14 17:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL + 2011-01-14 17:10 . 2011-01-14 17:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL + 2011-07-21 22:34 . 2011-07-21 22:34 3456000 c:\windows\Installer\26ec878.msp + 2011-01-14 17:10 . 2011-01-14 17:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL + 2011-01-14 17:10 . 2011-01-14 17:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL + 2011-01-14 17:10 . 2011-01-14 17:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UMonit"="c:\windows\system32\umonit.exe" [2007-06-18 200704] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008] "NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2007-04-20 181896] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-26 136512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-26 823296] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-26 974848] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-12-19 611712] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-11 3349488] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-1-12 679936] SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-11-19 13310832] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"= "c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"= "c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SymDS.sys [6/27/2012 8:05 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SymEFA.sys [6/27/2012 8:05 PM 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 1:31 AM 821920] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [6/27/2012 8:05 PM 132744] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.sys [6/27/2012 8:05 PM 149624] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 1:01 PM 521600] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [9/29/2009 11:29 AM 3397000] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/30/2012 12:40 AM 655944] R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [6/27/2012 8:04 PM 138232] R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [4/19/2007 9:01 PM 632456] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [7/1/2012 4:24 PM 1122296] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [7/1/2012 4:24 PM 838136] R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [11/19/2010 7:58 PM 846192] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2012 4:09 PM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSXpx86.sys [7/14/2012 12:57 AM 369632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2012 12:40 AM 22344] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112] S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2/6/2012 7:05 PM 6016] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 PM 113120] S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [11/19/2010 7:59 PM 1664368] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-02 02:29] . 2012-07-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-02 02:29] . 2012-07-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-07-02 02:29] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF} FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\7wgst86i.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-16 12:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run UMonit = c:\windows\system32\umonit.exe?USB\Vid_1713&Pid_01008???????I_03????(!??B\ROOT_H8??????V????????????????????h?????A~(!???????????b@?????????????????@$?|?????$?|??B~??@???E~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:5c,7c,2e,44,07,d1,54,06,ef,30,5f,22,e3,21,18,6d,13,c9,fb,1b,f7, 44,50,70,ec,57,e4,82,0e,d2,30,9b,ee,e8,ae,db,e4,1d,fb,9c,81,e3,64,01,34,ee,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1200) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\program files\IBM\Lotus\Notes\npnotes.dll c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(8088) c:\program files\SetPoint\lgscroll.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-07-16 12:28:03 ComboFix-quarantined-files.txt 2012-07-16 22:27 ComboFix2.txt 2012-07-15 01:42 . Pre-Run: 25,100,419,072 bytes free Post-Run: 25,097,547,776 bytes free . - - End Of File - - 8E82462B56C1E73DEBBD35B0FD508DA0
  4. Still no luck at removing the mcafee software. Here is my tdsskiller log: 15:13:12.0437 3728 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 15:13:12.0921 3728 ============================================================ 15:13:12.0921 3728 Current date / time: 2012/07/14 15:13:12.0921 15:13:12.0921 3728 SystemInfo: 15:13:12.0921 3728 15:13:12.0921 3728 OS Version: 5.1.2600 ServicePack: 3.0 15:13:12.0937 3728 Product type: Workstation 15:13:12.0937 3728 ComputerName: E0460871 15:13:12.0937 3728 UserName: Admin 15:13:12.0937 3728 Windows directory: C:\WINDOWS 15:13:12.0937 3728 System windows directory: C:\WINDOWS 15:13:12.0937 3728 Processor architecture: Intel x86 15:13:12.0937 3728 Number of processors: 2 15:13:12.0937 3728 Page size: 0x1000 15:13:12.0937 3728 Boot type: Normal boot 15:13:12.0937 3728 ============================================================ 15:13:14.0906 3728 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:13:14.0921 3728 ============================================================ 15:13:14.0921 3728 \Device\Harddisk0\DR0: 15:13:14.0921 3728 MBR partitions: 15:13:14.0921 3728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x94DB4F4 15:13:14.0921 3728 ============================================================ 15:13:14.0937 3728 C: <-> \Device\Harddisk0\DR0\Partition0 15:13:14.0937 3728 ============================================================ 15:13:14.0937 3728 Initialize success 15:13:14.0937 3728 ============================================================ 15:13:24.0421 4872 ============================================================ 15:13:24.0421 4872 Scan started 15:13:24.0421 4872 Mode: Manual; SigCheck; TDLFS; 15:13:24.0421 4872 ============================================================ 15:13:25.0765 4872 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 15:13:33.0328 4872 61883 - ok 15:13:33.0328 4872 Abiosdsk - ok 15:13:33.0343 4872 abp480n5 - ok 15:13:33.0375 4872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:13:33.0531 4872 ACPI - ok 15:13:33.0562 4872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:13:33.0703 4872 ACPIEC - ok 15:13:33.0734 4872 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys 15:13:33.0765 4872 adfs - ok 15:13:33.0875 4872 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe 15:13:33.0921 4872 Adobe Version Cue CS4 - ok 15:13:33.0937 4872 adpu160m - ok 15:13:33.0968 4872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:13:34.0171 4872 aec - ok 15:13:34.0187 4872 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys 15:13:34.0281 4872 AegisP - ok 15:13:34.0328 4872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 15:13:34.0390 4872 AFD - ok 15:13:34.0390 4872 Aha154x - ok 15:13:34.0390 4872 aic78u2 - ok 15:13:34.0406 4872 aic78xx - ok 15:13:34.0437 4872 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 15:13:34.0593 4872 Alerter - ok 15:13:34.0609 4872 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 15:13:34.0781 4872 ALG - ok 15:13:34.0781 4872 AliIde - ok 15:13:34.0796 4872 amsint - ok 15:13:34.0843 4872 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 15:13:34.0890 4872 Apple Mobile Device - ok 15:13:34.0937 4872 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 15:13:35.0046 4872 AppMgmt - ok 15:13:35.0062 4872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:13:35.0203 4872 Arp1394 - ok 15:13:35.0218 4872 asc - ok 15:13:35.0218 4872 asc3350p - ok 15:13:35.0218 4872 asc3550 - ok 15:13:35.0328 4872 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:13:35.0375 4872 aspnet_state - ok 15:13:35.0406 4872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:13:35.0546 4872 AsyncMac - ok 15:13:35.0578 4872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:13:35.0703 4872 atapi - ok 15:13:35.0703 4872 Atdisk - ok 15:13:35.0734 4872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:13:35.0843 4872 Atmarpc - ok 15:13:35.0875 4872 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 15:13:36.0000 4872 AudioSrv - ok 15:13:36.0031 4872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:13:36.0171 4872 audstub - ok 15:13:36.0203 4872 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 15:13:36.0312 4872 Avc - ok 15:13:36.0343 4872 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 15:13:36.0421 4872 b57w2k - ok 15:13:36.0453 4872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:13:36.0593 4872 Beep - ok 15:13:36.0718 4872 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys 15:13:36.0781 4872 BHDrvx86 - ok 15:13:36.0828 4872 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 15:13:37.0000 4872 BITS - ok 15:13:37.0046 4872 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe 15:13:37.0109 4872 Bonjour Service - ok 15:13:37.0125 4872 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 15:13:37.0265 4872 Browser - ok 15:13:37.0312 4872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:13:37.0453 4872 cbidf2k - ok 15:13:37.0468 4872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:13:37.0593 4872 CCDECODE - ok 15:13:37.0640 4872 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys 15:13:37.0687 4872 ccSet_N360 - ok 15:13:37.0687 4872 cd20xrnt - ok 15:13:37.0718 4872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:13:37.0859 4872 Cdaudio - ok 15:13:37.0906 4872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:13:38.0031 4872 Cdfs - ok 15:13:38.0046 4872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:13:38.0187 4872 Cdrom - ok 15:13:38.0187 4872 Changer - ok 15:13:38.0203 4872 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 15:13:38.0328 4872 CiSvc - ok 15:13:38.0375 4872 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 15:13:38.0515 4872 ClipSrv - ok 15:13:38.0593 4872 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:13:38.0625 4872 clr_optimization_v2.0.50727_32 - ok 15:13:38.0656 4872 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:13:38.0765 4872 CmBatt - ok 15:13:38.0781 4872 CmdIde - ok 15:13:38.0781 4872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:13:38.0921 4872 Compbatt - ok 15:13:38.0921 4872 COMSysApp - ok 15:13:38.0937 4872 Cpqarray - ok 15:13:38.0953 4872 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 15:13:39.0093 4872 CryptSvc - ok 15:13:39.0109 4872 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys 15:13:39.0140 4872 CSRBC ( UnsignedFile.Multi.Generic ) - warning 15:13:39.0140 4872 CSRBC - detected UnsignedFile.Multi.Generic (1) 15:13:39.0140 4872 dac2w2k - ok 15:13:39.0140 4872 dac960nt - ok 15:13:39.0187 4872 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 15:13:39.0281 4872 DcomLaunch - ok 15:13:39.0312 4872 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 15:13:39.0421 4872 Dhcp - ok 15:13:39.0421 4872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:13:39.0546 4872 Disk - ok 15:13:39.0578 4872 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 15:13:39.0609 4872 DLABMFSM - ok 15:13:39.0625 4872 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 15:13:39.0656 4872 DLABOIOM - ok 15:13:39.0671 4872 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 15:13:39.0703 4872 DLACDBHM - ok 15:13:39.0703 4872 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 15:13:39.0734 4872 DLADResM - ok 15:13:39.0750 4872 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 15:13:39.0796 4872 DLAIFS_M - ok 15:13:39.0796 4872 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 15:13:39.0828 4872 DLAOPIOM - ok 15:13:39.0828 4872 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 15:13:39.0875 4872 DLAPoolM - ok 15:13:39.0875 4872 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 15:13:39.0906 4872 DLARTL_M - ok 15:13:39.0937 4872 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 15:13:39.0984 4872 DLAUDFAM - ok 15:13:40.0000 4872 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 15:13:40.0062 4872 DLAUDF_M - ok 15:13:40.0062 4872 dmadmin - ok 15:13:40.0125 4872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 15:13:40.0281 4872 dmboot - ok 15:13:40.0312 4872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 15:13:40.0453 4872 dmio - ok 15:13:40.0468 4872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:13:40.0656 4872 dmload - ok 15:13:40.0687 4872 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 15:13:40.0843 4872 dmserver - ok 15:13:40.0875 4872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:13:41.0031 4872 DMusic - ok 15:13:41.0046 4872 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 15:13:41.0156 4872 Dnscache - ok 15:13:41.0187 4872 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 15:13:41.0312 4872 Dot3svc - ok 15:13:41.0312 4872 dpti2o - ok 15:13:41.0328 4872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:13:41.0437 4872 drmkaud - ok 15:13:41.0468 4872 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 15:13:41.0515 4872 DRVMCDB - ok 15:13:41.0546 4872 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 15:13:41.0578 4872 DRVNDDM - ok 15:13:41.0625 4872 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 15:13:41.0750 4872 EapHost - ok 15:13:41.0828 4872 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 15:13:41.0890 4872 eeCtrl - ok 15:13:41.0937 4872 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 15:13:41.0968 4872 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 15:13:41.0968 4872 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 15:13:42.0031 4872 EpsonCustomerParticipation (b78436ca173ff723a1eace5cd4900375) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe 15:13:42.0093 4872 EpsonCustomerParticipation - ok 15:13:42.0125 4872 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 15:13:42.0156 4872 EraserUtilRebootDrv - ok 15:13:42.0187 4872 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 15:13:42.0328 4872 ERSvc - ok 15:13:42.0359 4872 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 15:13:42.0390 4872 Eventlog - ok 15:13:42.0421 4872 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 15:13:42.0500 4872 EventSystem - ok 15:13:42.0562 4872 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 15:13:42.0656 4872 EvtEng ( UnsignedFile.Multi.Generic ) - warning 15:13:42.0656 4872 EvtEng - detected UnsignedFile.Multi.Generic (1) 15:13:42.0718 4872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:13:42.0859 4872 Fastfat - ok 15:13:42.0890 4872 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:13:43.0000 4872 FastUserSwitchingCompatibility - ok 15:13:43.0015 4872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 15:13:43.0250 4872 Fdc - ok 15:13:43.0281 4872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 15:13:43.0500 4872 Fips - ok 15:13:43.0531 4872 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys 15:13:43.0593 4872 fixustor ( UnsignedFile.Multi.Generic ) - warning 15:13:43.0593 4872 fixustor - detected UnsignedFile.Multi.Generic (1) 15:13:43.0687 4872 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 15:13:43.0781 4872 FLEXnet Licensing Service - ok 15:13:43.0796 4872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:13:44.0000 4872 Flpydisk - ok 15:13:44.0031 4872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:13:44.0156 4872 FltMgr - ok 15:13:44.0234 4872 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:13:44.0265 4872 FontCache3.0.0.0 - ok 15:13:44.0312 4872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:13:44.0453 4872 Fs_Rec - ok 15:13:44.0453 4872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:13:44.0609 4872 Ftdisk - ok 15:13:44.0656 4872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:13:44.0687 4872 GEARAspiWDM - ok 15:13:44.0718 4872 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe 15:13:44.0781 4872 getPlus® Helper - ok 15:13:44.0812 4872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:13:44.0953 4872 Gpc - ok 15:13:44.0984 4872 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys 15:13:45.0031 4872 guardian2 - ok 15:13:45.0046 4872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:13:45.0171 4872 HDAudBus - ok 15:13:45.0203 4872 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:13:45.0343 4872 helpsvc - ok 15:13:45.0359 4872 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 15:13:45.0484 4872 HidServ - ok 15:13:45.0500 4872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:13:45.0640 4872 HidUsb - ok 15:13:45.0687 4872 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 15:13:45.0812 4872 hkmsvc - ok 15:13:45.0812 4872 hpn - ok 15:13:45.0859 4872 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 15:13:45.0984 4872 HPZid412 - ok 15:13:46.0000 4872 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 15:13:46.0093 4872 HPZipr12 - ok 15:13:46.0125 4872 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 15:13:46.0203 4872 HPZius12 - ok 15:13:46.0250 4872 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 15:13:46.0328 4872 HSFHWAZL - ok 15:13:46.0406 4872 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 15:13:46.0531 4872 HSF_DPV - ok 15:13:46.0578 4872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 15:13:46.0687 4872 HTTP - ok 15:13:46.0703 4872 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 15:13:46.0843 4872 HTTPFilter - ok 15:13:46.0843 4872 i2omgmt - ok 15:13:46.0843 4872 i2omp - ok 15:13:46.0875 4872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:13:47.0140 4872 i8042prt - ok 15:13:47.0500 4872 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 15:13:47.0781 4872 ialm - ok 15:13:47.0953 4872 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:13:48.0031 4872 idsvc - ok 15:13:48.0156 4872 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSxpx86.sys 15:13:48.0187 4872 IDSxpx86 - ok 15:13:48.0281 4872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:13:48.0500 4872 Imapi - ok 15:13:48.0578 4872 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 15:13:48.0796 4872 ImapiService - ok 15:13:48.0812 4872 ini910u - ok 15:13:48.0812 4872 IntelIde - ok 15:13:48.0859 4872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:13:49.0046 4872 intelppm - ok 15:13:49.0062 4872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:13:49.0203 4872 Ip6Fw - ok 15:13:49.0234 4872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:13:49.0359 4872 IpFilterDriver - ok 15:13:49.0375 4872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:13:49.0500 4872 IpInIp - ok 15:13:49.0531 4872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:13:49.0671 4872 IpNat - ok 15:13:49.0734 4872 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe 15:13:49.0781 4872 iPod Service - ok 15:13:49.0812 4872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:13:49.0921 4872 IPSec - ok 15:13:49.0953 4872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:13:50.0062 4872 IRENUM - ok 15:13:50.0093 4872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:13:50.0234 4872 isapnp - ok 15:13:50.0296 4872 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe 15:13:50.0328 4872 JavaQuickStarterService - ok 15:13:50.0343 4872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:13:50.0484 4872 Kbdclass - ok 15:13:50.0515 4872 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:13:50.0625 4872 kbdhid - ok 15:13:50.0671 4872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:13:50.0781 4872 kmixer - ok 15:13:50.0796 4872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 15:13:50.0875 4872 KSecDD - ok 15:13:50.0921 4872 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 15:13:50.0984 4872 lanmanserver - ok 15:13:51.0031 4872 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 15:13:51.0109 4872 lanmanworkstation - ok 15:13:51.0125 4872 lbrtfdc - ok 15:13:51.0156 4872 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 15:13:51.0187 4872 LHidFilt - ok 15:13:51.0218 4872 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 15:13:51.0375 4872 LmHosts - ok 15:13:51.0390 4872 LMouFilt (8bd61e1f686d352b318b025524542128) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 15:13:51.0484 4872 LMouFilt - ok 15:13:51.0734 4872 Lotus Notes Diagnostics (986e0f3be701b232b8913de59c7adc7c) C:\Program Files\IBM\Lotus\Notes\nsd.exe 15:13:51.0937 4872 Lotus Notes Diagnostics - ok 15:13:52.0015 4872 Lotus Notes Single Logon (71f607abe2355fabea9fb13e057ac050) C:\Program Files\IBM\Lotus\Notes\nslsvice.exe 15:13:52.0078 4872 Lotus Notes Single Logon - ok 15:13:52.0171 4872 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys 15:13:52.0234 4872 MBAMProtector - ok 15:13:52.0296 4872 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:13:52.0390 4872 MBAMService - ok 15:13:52.0437 4872 McAfeeFramework (447d4617b99ac0a4ba056713dfe02279) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe 15:13:52.0468 4872 McAfeeFramework - ok 15:13:52.0500 4872 McShield (12bef73e0281ac793865be1a331c67fc) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe 15:13:52.0578 4872 McShield - ok 15:13:52.0609 4872 McTaskManager (d0f500bc9f114c99d32df4dc4c857c94) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe 15:13:52.0640 4872 McTaskManager - ok 15:13:52.0687 4872 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 15:13:52.0734 4872 MDM - ok 15:13:52.0781 4872 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 15:13:52.0843 4872 mdmxsdk - ok 15:13:52.0875 4872 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 15:13:53.0000 4872 Messenger - ok 15:13:53.0015 4872 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys 15:13:53.0062 4872 mfeapfk - ok 15:13:53.0093 4872 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys 15:13:53.0125 4872 mfeavfk - ok 15:13:53.0140 4872 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys 15:13:53.0171 4872 mfebopk - ok 15:13:53.0203 4872 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys 15:13:53.0250 4872 mfehidk - ok 15:13:53.0250 4872 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 15:13:53.0296 4872 mferkdk - ok 15:13:53.0312 4872 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys 15:13:53.0343 4872 mfetdik - ok 15:13:53.0359 4872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:13:53.0515 4872 mnmdd - ok 15:13:53.0546 4872 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 15:13:53.0687 4872 mnmsrvc - ok 15:13:53.0703 4872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 15:13:53.0828 4872 Modem - ok 15:13:53.0843 4872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:13:53.0984 4872 Mouclass - ok 15:13:54.0015 4872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:13:54.0171 4872 mouhid - ok 15:13:54.0187 4872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:13:54.0328 4872 MountMgr - ok 15:13:54.0375 4872 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:13:54.0421 4872 MozillaMaintenance - ok 15:13:54.0421 4872 mraid35x - ok 15:13:54.0437 4872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:13:54.0578 4872 MRxDAV - ok 15:13:54.0687 4872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:13:54.0765 4872 MRxSmb - ok 15:13:54.0796 4872 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 15:13:54.0937 4872 MSDTC - ok 15:13:54.0968 4872 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 15:13:55.0078 4872 MSDV - ok 15:13:55.0093 4872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:13:55.0218 4872 Msfs - ok 15:13:55.0218 4872 MSIServer - ok 15:13:55.0250 4872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:13:55.0375 4872 MSKSSRV - ok 15:13:55.0375 4872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:13:55.0515 4872 MSPCLOCK - ok 15:13:55.0531 4872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:13:55.0640 4872 MSPQM - ok 15:13:55.0671 4872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:13:55.0781 4872 mssmbios - ok 15:13:55.0812 4872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 15:13:55.0937 4872 MSTEE - ok 15:13:55.0984 4872 Multi-user Cleanup Service (218d58976c01c60657818ed0eac81602) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe 15:13:56.0015 4872 Multi-user Cleanup Service - ok 15:13:56.0062 4872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 15:13:56.0109 4872 Mup - ok 15:13:56.0156 4872 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe 15:13:56.0171 4872 N360 - ok 15:13:56.0203 4872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:13:56.0328 4872 NABTSFEC - ok 15:13:56.0390 4872 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 15:13:56.0515 4872 napagent - ok 15:13:56.0593 4872 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120713.035\NAVENG.SYS 15:13:56.0625 4872 NAVENG - ok 15:13:56.0750 4872 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120713.035\NAVEX15.SYS 15:13:56.0828 4872 NAVEX15 - ok 15:13:56.0953 4872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:13:57.0187 4872 NDIS - ok 15:13:57.0265 4872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:13:57.0390 4872 NdisIP - ok 15:13:57.0421 4872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:13:57.0500 4872 NdisTapi - ok 15:13:57.0515 4872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:13:57.0656 4872 Ndisuio - ok 15:13:57.0656 4872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:13:57.0781 4872 NdisWan - ok 15:13:57.0812 4872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 15:13:57.0859 4872 NDProxy - ok 15:13:57.0890 4872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:13:58.0031 4872 NetBIOS - ok 15:13:58.0046 4872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:13:58.0187 4872 NetBT - ok 15:13:58.0234 4872 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 15:13:58.0359 4872 NetDDE - ok 15:13:58.0359 4872 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 15:13:58.0468 4872 NetDDEdsdm - ok 15:13:58.0500 4872 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:13:58.0640 4872 Netlogon - ok 15:13:58.0687 4872 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 15:13:58.0812 4872 Netman - ok 15:13:58.0906 4872 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:13:58.0937 4872 NetTcpPortSharing - ok 15:13:59.0156 4872 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 15:13:59.0343 4872 NETw4x32 - ok 15:13:59.0468 4872 NGCLIENT (174692e8a5eb4df16d44c1b44f978d3f) C:\Program Files\Symantec\Ghost\ngctw32.exe 15:13:59.0531 4872 NGCLIENT - ok 15:13:59.0656 4872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:13:59.0812 4872 NIC1394 - ok 15:13:59.0859 4872 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 15:13:59.0906 4872 Nla - ok 15:13:59.0937 4872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:14:00.0062 4872 Npfs - ok 15:14:00.0093 4872 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS 15:14:00.0140 4872 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning 15:14:00.0140 4872 NSNDIS5 - detected UnsignedFile.Multi.Generic (1) 15:14:00.0187 4872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:14:00.0359 4872 Ntfs - ok 15:14:00.0406 4872 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:14:00.0500 4872 NtLmSsp - ok 15:14:00.0562 4872 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 15:14:00.0703 4872 NtmsSvc - ok 15:14:00.0734 4872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:14:00.0859 4872 Null - ok 15:14:00.0875 4872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:14:01.0015 4872 NwlnkFlt - ok 15:14:01.0031 4872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:14:01.0171 4872 NwlnkFwd - ok 15:14:01.0296 4872 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:14:01.0343 4872 odserv - ok 15:14:01.0375 4872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:14:01.0500 4872 ohci1394 - ok 15:14:01.0531 4872 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:14:01.0578 4872 ose - ok 15:14:01.0609 4872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 15:14:01.0781 4872 Parport - ok 15:14:01.0781 4872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:14:01.0953 4872 PartMgr - ok 15:14:01.0984 4872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 15:14:02.0171 4872 ParVdm - ok 15:14:02.0250 4872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 15:14:02.0390 4872 PCI - ok 15:14:02.0406 4872 PCIDump - ok 15:14:02.0406 4872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:14:02.0562 4872 PCIIde - ok 15:14:02.0578 4872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 15:14:02.0703 4872 Pcmcia - ok 15:14:02.0703 4872 PDCOMP - ok 15:14:02.0718 4872 PDFRAME - ok 15:14:02.0718 4872 PDRELI - ok 15:14:02.0718 4872 PDRFRAME - ok 15:14:02.0734 4872 perc2 - ok 15:14:02.0734 4872 perc2hib - ok 15:14:02.0781 4872 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 15:14:02.0796 4872 PlugPlay - ok 15:14:02.0828 4872 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe 15:14:02.0875 4872 Pml Driver HPZ12 - ok 15:14:02.0890 4872 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:14:03.0000 4872 PolicyAgent - ok 15:14:03.0015 4872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:14:03.0156 4872 PptpMiniport - ok 15:14:03.0171 4872 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:14:03.0265 4872 ProtectedStorage - ok 15:14:03.0281 4872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:14:03.0437 4872 PSched - ok 15:14:03.0453 4872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:14:03.0609 4872 Ptilink - ok 15:14:03.0640 4872 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:14:03.0671 4872 PxHelp20 - ok 15:14:03.0687 4872 ql1080 - ok 15:14:03.0687 4872 Ql10wnt - ok 15:14:03.0687 4872 ql12160 - ok 15:14:03.0687 4872 ql1240 - ok 15:14:03.0703 4872 ql1280 - ok 15:14:03.0718 4872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:14:03.0843 4872 RasAcd - ok 15:14:03.0875 4872 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 15:14:04.0000 4872 RasAuto - ok 15:14:04.0015 4872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:14:04.0156 4872 Rasl2tp - ok 15:14:04.0187 4872 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 15:14:04.0296 4872 RasMan - ok 15:14:04.0296 4872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:14:04.0421 4872 RasPppoe - ok 15:14:04.0421 4872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:14:04.0578 4872 Raspti - ok 15:14:04.0656 4872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:14:04.0781 4872 Rdbss - ok 15:14:04.0781 4872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:14:04.0906 4872 RDPCDD - ok 15:14:04.0937 4872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:14:05.0093 4872 rdpdr - ok 15:14:05.0125 4872 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 15:14:05.0187 4872 RDPWD - ok 15:14:05.0218 4872 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 15:14:05.0359 4872 RDSessMgr - ok 15:14:05.0390 4872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:14:05.0531 4872 redbook - ok 15:14:05.0593 4872 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 15:14:05.0671 4872 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 15:14:05.0671 4872 RegSrvc - detected UnsignedFile.Multi.Generic (1) 15:14:05.0703 4872 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 15:14:05.0828 4872 RemoteAccess - ok 15:14:05.0859 4872 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 15:14:05.0984 4872 RemoteRegistry - ok 15:14:06.0031 4872 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 15:14:06.0187 4872 RpcLocator - ok 15:14:06.0234 4872 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 15:14:06.0296 4872 RpcSs - ok 15:14:06.0343 4872 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 15:14:06.0531 4872 RSVP - ok 15:14:06.0609 4872 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 15:14:06.0703 4872 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning 15:14:06.0703 4872 S24EventMonitor - detected UnsignedFile.Multi.Generic (1) 15:14:06.0734 4872 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys 15:14:06.0781 4872 s24trans ( UnsignedFile.Multi.Generic ) - warning 15:14:06.0781 4872 s24trans - detected UnsignedFile.Multi.Generic (1) 15:14:06.0812 4872 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:14:06.0953 4872 SamSs - ok 15:14:06.0984 4872 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 15:14:07.0109 4872 SCardSvr - ok 15:14:07.0140 4872 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 15:14:07.0281 4872 Schedule - ok 15:14:07.0406 4872 SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe 15:14:07.0500 4872 SDScannerService - ok 15:14:07.0578 4872 SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe 15:14:07.0656 4872 SDUpdateService - ok 15:14:07.0781 4872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:14:07.0937 4872 Secdrv - ok 15:14:07.0968 4872 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 15:14:08.0125 4872 seclogon - ok 15:14:08.0140 4872 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 15:14:08.0296 4872 SENS - ok 15:14:08.0312 4872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 15:14:08.0468 4872 serenum - ok 15:14:08.0531 4872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 15:14:08.0671 4872 Serial - ok 15:14:08.0687 4872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:14:08.0828 4872 Sfloppy - ok 15:14:08.0875 4872 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 15:14:09.0015 4872 SharedAccess - ok 15:14:09.0046 4872 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:14:09.0093 4872 ShellHWDetection - ok 15:14:09.0093 4872 Simbad - ok 15:14:09.0125 4872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:14:09.0265 4872 SLIP - ok 15:14:09.0718 4872 SMART Board Service (6dac3f90ef7b3ac349890e4eebacb260) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe 15:14:09.0968 4872 SMART Board Service - ok 15:14:10.0125 4872 SMART Display Controller (63beb15cc3e249bf51134e85dd56535d) C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe 15:14:10.0203 4872 SMART Display Controller - ok 15:14:10.0343 4872 SMART SNMP Agent Service (3bcb934ae0a0fca1c3aa7a3a8088bc68) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe 15:14:10.0468 4872 SMART SNMP Agent Service - ok 15:14:10.0578 4872 Sparrow - ok 15:14:10.0609 4872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:14:10.0875 4872 splitter - ok 15:14:10.0937 4872 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 15:14:10.0984 4872 Spooler - ok 15:14:11.0015 4872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 15:14:11.0156 4872 sr - ok 15:14:11.0187 4872 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 15:14:11.0296 4872 srservice - ok 15:14:11.0406 4872 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSP.SYS 15:14:11.0437 4872 SRTSP - ok 15:14:11.0453 4872 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS 15:14:11.0500 4872 SRTSPX - ok 15:14:11.0546 4872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 15:14:11.0609 4872 Srv - ok 15:14:11.0625 4872 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 15:14:11.0812 4872 SSDPSRV - ok 15:14:11.0859 4872 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe 15:14:11.0921 4872 STacSV - ok 15:14:12.0046 4872 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 15:14:12.0140 4872 STHDA - ok 15:14:12.0218 4872 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 15:14:12.0390 4872 stisvc - ok 15:14:12.0468 4872 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 15:14:12.0531 4872 stllssvr ( UnsignedFile.Multi.Generic ) - warning 15:14:12.0531 4872 stllssvr - detected UnsignedFile.Multi.Generic (1) 15:14:12.0578 4872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:14:12.0781 4872 streamip - ok 15:14:12.0843 4872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:14:12.0984 4872 swenum - ok 15:14:13.0015 4872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:14:13.0125 4872 swmidi - ok 15:14:13.0125 4872 SwPrv - ok 15:14:13.0140 4872 symc810 - ok 15:14:13.0140 4872 symc8xx - ok 15:14:13.0203 4872 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS 15:14:13.0250 4872 SymDS - ok 15:14:13.0359 4872 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS 15:14:13.0437 4872 SymEFA - ok 15:14:13.0484 4872 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 15:14:13.0515 4872 SymEvent - ok 15:14:13.0546 4872 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS 15:14:13.0578 4872 SymIRON - ok 15:14:13.0609 4872 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMTDI.SYS 15:14:13.0656 4872 SYMTDI - ok 15:14:13.0656 4872 sym_hi - ok 15:14:13.0671 4872 sym_u3 - ok 15:14:13.0687 4872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:14:13.0828 4872 sysaudio - ok 15:14:13.0875 4872 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 15:14:14.0000 4872 SysmonLog - ok 15:14:14.0031 4872 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 15:14:14.0156 4872 TapiSrv - ok 15:14:14.0218 4872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:14:14.0265 4872 Tcpip - ok 15:14:14.0328 4872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:14:14.0437 4872 TDPIPE - ok 15:14:14.0468 4872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:14:14.0609 4872 TDTCP - ok 15:14:14.0640 4872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:14:14.0765 4872 TermDD - ok 15:14:14.0781 4872 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 15:14:14.0906 4872 TermService - ok 15:14:14.0953 4872 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:14:14.0984 4872 Themes - ok 15:14:15.0015 4872 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 15:14:15.0140 4872 TlntSvr - ok 15:14:15.0156 4872 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys 15:14:15.0250 4872 toshidpt - ok 15:14:15.0250 4872 TosIde - ok 15:14:15.0250 4872 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys 15:14:15.0296 4872 tosporte - ok 15:14:15.0312 4872 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 15:14:15.0359 4872 tosrfbd - ok 15:14:15.0375 4872 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 15:14:15.0437 4872 tosrfbnp - ok 15:14:15.0453 4872 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys 15:14:15.0515 4872 Tosrfcom - ok 15:14:15.0546 4872 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 15:14:15.0578 4872 Tosrfhid - ok 15:14:15.0593 4872 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 15:14:15.0656 4872 tosrfnds - ok 15:14:15.0671 4872 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 15:14:15.0734 4872 Tosrfusb - ok 15:14:15.0765 4872 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 15:14:15.0906 4872 TrkWks - ok 15:14:15.0921 4872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:14:16.0062 4872 Udfs - ok 15:14:16.0062 4872 ultra - ok 15:14:16.0125 4872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:14:16.0296 4872 Update - ok 15:14:16.0328 4872 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 15:14:16.0468 4872 upnphost - ok 15:14:16.0484 4872 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 15:14:16.0687 4872 UPS - ok 15:14:16.0703 4872 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 15:14:16.0796 4872 USBAAPL - ok 15:14:16.0828 4872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 15:14:16.0968 4872 usbaudio - ok 15:14:17.0015 4872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:14:17.0156 4872 usbccgp - ok 15:14:17.0187 4872 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys 15:14:17.0234 4872 USBCCID - ok 15:14:17.0265 4872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:14:17.0390 4872 usbehci - ok 15:14:17.0421 4872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:14:17.0546 4872 usbhub - ok 15:14:17.0578 4872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:14:17.0703 4872 usbprint - ok 15:14:17.0734 4872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:14:17.0859 4872 usbscan - ok 15:14:17.0906 4872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:14:18.0062 4872 USBSTOR - ok 15:14:18.0078 4872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:14:18.0187 4872 usbuhci - ok 15:14:18.0218 4872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:14:18.0359 4872 VgaSave - ok 15:14:18.0359 4872 ViaIde - ok 15:14:18.0375 4872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 15:14:18.0515 4872 VolSnap - ok 15:14:18.0562 4872 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 15:14:18.0750 4872 VSS - ok 15:14:18.0781 4872 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 15:14:18.0921 4872 W32Time - ok 15:14:18.0937 4872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:14:19.0062 4872 Wanarp - ok 15:14:19.0109 4872 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 15:14:19.0156 4872 Wdf01000 - ok 15:14:19.0171 4872 WDICA - ok 15:14:19.0203 4872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:14:19.0328 4872 wdmaud - ok 15:14:19.0359 4872 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 15:14:19.0484 4872 WebClient - ok 15:14:19.0562 4872 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 15:14:19.0640 4872 winachsf - ok 15:14:19.0687 4872 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 15:14:19.0812 4872 winmgmt - ok 15:14:19.0906 4872 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 15:14:19.0953 4872 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning 15:14:19.0953 4872 WLANKEEPER - detected UnsignedFile.Multi.Generic (1) 15:14:20.0000 4872 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 15:14:20.0078 4872 WmdmPmSN - ok 15:14:20.0171 4872 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 15:14:20.0234 4872 Wmi - ok 15:14:20.0281 4872 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 15:14:20.0390 4872 WmiAcpi - ok 15:14:20.0437 4872 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:14:20.0625 4872 WmiApSrv - ok 15:14:20.0718 4872 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 15:14:20.0828 4872 WMPNetworkSvc - ok 15:14:20.0875 4872 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 15:14:20.0984 4872 wscsvc - ok 15:14:21.0031 4872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:14:21.0187 4872 WSTCODEC - ok 15:14:21.0203 4872 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 15:14:21.0343 4872 wuauserv - ok 15:14:21.0437 4872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:14:21.0531 4872 WudfPf - ok 15:14:21.0531 4872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:14:21.0593 4872 WudfRd - ok 15:14:21.0609 4872 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 15:14:21.0656 4872 WudfSvc - ok 15:14:21.0718 4872 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 15:14:21.0890 4872 WZCSVC - ok 15:14:21.0921 4872 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 15:14:22.0109 4872 xmlprov - ok 15:14:22.0140 4872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 15:14:22.0546 4872 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 15:14:22.0546 4872 \Device\Harddisk0\DR0 - detected TDSS File System (1) 15:14:22.0546 4872 Boot (0x1200) (6a8375b063e3f895c13c123b5305a0f1) \Device\Harddisk0\DR0\Partition0 15:14:22.0546 4872 \Device\Harddisk0\DR0\Partition0 - ok 15:14:22.0562 4872 ============================================================ 15:14:22.0562 4872 Scan finished 15:14:22.0562 4872 ============================================================ 15:14:22.0671 4008 Detected object count: 11 15:14:22.0671 4008 Actual detected object count: 11 15:16:34.0765 4008 CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0765 4008 CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0765 4008 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0765 4008 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0765 4008 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0765 4008 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0781 4008 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0781 4008 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0781 4008 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0781 4008 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0781 4008 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0781 4008 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0781 4008 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0781 4008 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0781 4008 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0781 4008 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0781 4008 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0781 4008 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0781 4008 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:34.0781 4008 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:34.0843 4008 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 15:16:34.0859 4008 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 15:16:35.0015 4008 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 15:16:35.0109 4008 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 15:16:35.0562 4008 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 15:16:35.0640 4008 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 15:16:35.0640 4008 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 15:16:35.0671 4008 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 15:16:35.0718 4008 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 15:16:35.0750 4008 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 15:16:35.0781 4008 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 15:16:35.0796 4008 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 15:16:36.0000 4008 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 15:16:36.0078 4008 \Device\Harddisk0\DR0\TDLFS - deleted 15:16:36.0078 4008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 15:17:23.0406 0160 Deinitialize success Here is the combofix log: ComboFix 12-07-14.01 - Admin 07/14/2012 15:32:45.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1161 [GMT -10:00] Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Laptop User\WINDOWS c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 ))))))))))))))))))))))))))))))) . . 2012-07-14 20:55 . 2012-07-14 20:55 1193472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\mac.dll 2012-07-14 20:53 . 2012-07-14 20:52 173568 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\welsvp.dll 2012-07-14 20:52 . 2012-07-14 20:52 43008 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\wbxtrace.dll 2012-07-14 20:52 . 2012-07-14 20:52 52736 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\raurl.dll 2012-07-14 20:52 . 2012-07-14 20:52 516920 ----a-w- c:\program files\Mozilla Firefox\plugins\atcliun.exe 2012-07-14 20:52 . 2012-07-14 20:52 4004352 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atres.dll 2012-07-14 20:52 . 2012-07-14 20:52 50176 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atpack.dll 2012-07-14 20:52 . 2012-07-14 20:52 8704 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atmemmgr.dll 2012-07-14 20:52 . 2012-07-14 20:52 69120 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atcarmcl.dll 2012-07-14 20:52 . 2012-07-14 20:52 1028096 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\Atwbxui12.dll 2012-07-14 20:52 . 2012-07-14 20:52 9216 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atkbctl.dll 2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\Mozilla Firefox\plugins\ieatgpc.dll 2012-07-14 20:52 . 2012-07-14 20:52 586040 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcext.dll 2012-07-14 20:52 . 2012-07-14 20:52 80184 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcdec.dll 2012-07-14 20:52 . 2012-07-14 20:52 215864 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll 2012-07-12 11:55 . 2012-07-12 11:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2012-07-12 11:50 . 2012-07-15 01:16 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Epson 2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Leader Technologies 2012-07-02 02:25 . 2012-07-02 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-07-02 02:24 . 2009-01-25 23:14 15224 ----a-w- c:\windows\system32\sdnclean.exe 2012-07-02 02:24 . 2012-07-02 02:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-06-30 10:41 . 2012-06-30 10:41 -------- d-----w- c:\documents and settings\Laptop User\Application Data\Malwarebytes 2012-06-30 10:40 . 2012-06-30 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-06-30 10:40 . 2012-07-03 23:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 10:40 . 2012-07-12 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-30 09:36 . 2012-06-30 09:36 -------- d-----w- c:\documents and settings\Laptop User\Application Data\DriverCure 2012-06-30 09:35 . 2012-06-30 09:35 -------- d-----w- c:\documents and settings\Laptop User\Application Data\SpeedMaxPc 2012-06-30 09:35 . 2012-07-01 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc 2012-06-28 06:05 . 2012-06-28 06:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-06-28 06:05 . 2012-06-28 06:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\windows\system32\drivers\N360 2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Norton 360 2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Windows Sidebar 2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\program files\NortonInstaller 2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2012-06-28 01:56 . 2012-06-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3E0405F6ED00096165D151FC4E 2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\sysprs7.dll 2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth2.dll 2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth1.dll 2012-06-26 22:25 . 2012-06-26 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software 2012-06-26 22:19 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2012-06-26 22:19 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2012-06-26 22:18 . 2008-04-14 00:12 16384 ----a-w- c:\windows\system32\ipsink.ax 2012-06-26 22:18 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2012-06-26 22:18 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2012-06-26 22:18 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2012-06-26 22:18 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2012-06-26 22:18 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2012-06-26 21:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2012-06-26 21:55 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax 2012-06-26 21:55 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys 2012-06-26 21:55 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax 2012-06-26 21:55 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax 2012-06-26 21:55 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys 2012-06-26 21:54 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys 2012-06-23 23:57 . 2012-06-23 23:57 -------- d-----w- c:\documents and settings\Laptop User\Local Settings\Application Data\IBM 2012-06-23 20:54 . 2012-04-20 19:29 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll 2012-06-23 20:54 . 2012-04-20 19:29 81920 ----a-w- c:\windows\system32\ieencode.dll 2012-06-23 07:09 . 2012-06-23 07:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-23 07:09 . 2012-06-23 07:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-22 05:43 . 2012-06-22 05:43 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-22 05:43 . 2012-06-22 05:43 472840 ----a-w- c:\windows\system32\deployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 20:22 . 2012-04-13 06:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-28 20:22 . 2011-06-07 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-22 05:43 . 2008-09-26 23:07 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-06 09:35 . 2012-06-06 09:35 83424 ----a-w- c:\windows\system32\dwabho.dll 2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-05 15:50 . 2005-09-08 11:03 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-03 01:19 . 2008-07-28 21:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-03 01:19 . 2008-07-28 21:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-03 01:19 . 2008-07-24 23:39 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-03 01:19 . 2008-07-24 23:39 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-03 01:19 . 2008-07-24 23:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-03 01:19 . 2009-01-09 20:15 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-03 01:19 . 2008-07-28 21:10 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-03 01:19 . 2008-07-24 23:39 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-03 01:19 . 2008-07-24 23:39 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-03 01:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-03 01:19 . 2008-07-28 21:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-03 01:19 . 2008-07-24 23:39 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-03 01:19 . 2008-07-24 23:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-03 01:18 . 2010-01-19 07:08 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-03 01:18 . 2010-01-19 07:08 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-03 01:18 . 2010-01-19 07:08 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2008-07-24 23:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-20 19:29 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-04-19 12:44 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec 2005-06-16 22:19 . 2005-06-16 22:19 2482176 ----a-w- c:\program files\TCTrill.dll 2005-06-11 01:12 . 2005-06-11 01:12 847872 ----a-w- c:\program files\TCTrillS.dll 2005-06-03 18:59 . 2005-06-03 18:59 61440 ----a-w- c:\program files\TCReports.dll 2004-02-12 04:11 . 2004-02-12 04:11 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe 2004-02-12 03:59 . 2004-02-12 03:59 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe 2004-01-27 02:04 . 2004-01-27 02:04 49152 ----a-w- c:\program files\TCAlerts.dll 2003-11-04 22:21 . 2003-11-04 22:21 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll 2003-11-04 22:21 . 2003-11-04 22:21 561152 ----a-w- c:\program files\xp32_207.dll 2003-11-04 22:21 . 2003-11-04 22:21 21776 ----a-w- c:\program files\shfolder.dll 2003-11-04 22:20 . 2003-11-04 22:20 479232 ----a-w- c:\program files\rp32_207.dll 2003-11-04 22:20 . 2003-11-04 22:20 217088 ----a-w- c:\program files\sa32_207.dll 2003-11-04 22:19 . 2003-11-04 22:19 725032 ----a-w- c:\program files\kSAdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 692264 ----a-w- c:\program files\kCPdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 413736 ----a-w- c:\program files\kGRdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 401462 ----a-w- c:\program files\msvcp60.dll 2003-11-04 22:19 . 2003-11-04 22:19 290869 ----a-w- c:\program files\msvcrt.dll 2003-11-04 22:19 . 2003-11-04 22:19 2744361 ----a-w- c:\program files\kFDMdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1982504 ----a-w- c:\program files\kFDdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1937448 ----a-w- c:\program files\kXPdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1794088 ----a-w- c:\program files\kRPdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1597480 ----a-w- c:\program files\kDBdg.dll 2003-11-04 22:19 . 2003-11-04 22:19 1486848 ----a-w- c:\program files\owl609v.dll 2003-11-04 22:18 . 2003-11-04 22:18 638976 ----a-w- c:\program files\fd32_207.dll 2003-11-04 22:18 . 2003-11-04 22:18 401728 ----a-w- c:\program files\EQNEDIT.EXE 2003-11-04 22:18 . 2003-11-04 22:18 352256 ----a-w- c:\program files\db32_207.dll 2003-11-04 22:18 . 2003-11-04 22:18 212992 ----a-w- c:\program files\cp32_207.dll 2003-11-04 22:18 . 2003-11-04 22:18 131072 ----a-w- c:\program files\gr32_207.dll 2003-11-04 22:18 . 2003-11-04 22:18 1122304 ----a-w- c:\program files\fm32_207.dll 2003-11-04 22:17 . 2003-11-04 22:17 311296 ----a-w- c:\program files\APE24EXT_MT.dll 2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-06-23 07:09 . 2011-12-28 05:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UMonit"="c:\windows\system32\umonit.exe" [2007-06-18 200704] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008] "NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2007-04-20 181896] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-26 136512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-26 823296] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-26 974848] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-12-19 611712] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-11 3349488] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-1-12 679936] SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-11-19 13310832] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"= "c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"= "c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SymDS.sys [6/27/2012 8:05 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SymEFA.sys [6/27/2012 8:05 PM 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 1:31 AM 821920] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [6/27/2012 8:05 PM 132744] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.sys [6/27/2012 8:05 PM 149624] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 1:01 PM 521600] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [9/29/2009 11:29 AM 3397000] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/30/2012 12:40 AM 655944] R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [6/27/2012 8:04 PM 138232] R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [4/19/2007 9:01 PM 632456] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [7/1/2012 4:24 PM 1122296] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [7/1/2012 4:24 PM 838136] R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [11/19/2010 7:58 PM 846192] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2012 4:09 PM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSXpx86.sys [7/14/2012 12:57 AM 369632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2012 12:40 AM 22344] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112] S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2/6/2012 7:05 PM 6016] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 PM 113120] S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [11/19/2010 7:59 PM 1664368] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 50883511 *Deregistered* - 50883511 . Contents of the 'Scheduled Tasks' folder . 2012-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-02 02:29] . 2012-07-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-02 02:29] . 2012-07-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-07-02 02:29] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF} FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\7wgst86i.default\ . . ------- File Associations ------- . .txt= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKU-Default-Run-Adobe - c:\documents and settings\Laptop User\Local Settings\Application Data\Apple Computer\Adobe\xdlqzl.dll Notify-SDWinLogon - SDWinLogon.dll HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008 AddRemove-FixUstor - c:\windows\temp\fixustor\remove.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-14 15:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run UMonit = c:\windows\system32\umonit.exe?USB\Vid_1713&Pid_01008???????I_03????(!??B\ROOT_H8??????V????????????????????h?????A~(!???????????b@?????????????????@$?|?????$?|??B~??@???E~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:5c,7c,2e,44,07,d1,54,06,ef,30,5f,22,e3,21,18,6d,13,c9,fb,1b,f7, 44,50,70,ec,57,e4,82,0e,d2,30,9b,ee,e8,ae,db,e4,1d,fb,9c,81,e3,64,01,34,ee,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1212) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\program files\IBM\Lotus\Notes\npnotes.dll . Completion time: 2012-07-14 15:42:50 ComboFix-quarantined-files.txt 2012-07-15 01:42 . Pre-Run: 25,248,092,160 bytes free Post-Run: 25,688,604,672 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FA06A307EE655AAE237BCC14DAA8BE16
  5. After following your instructions, I notice that the adware/malware is not playing in the background any more. Thank you!!! 1. I was unable to delete/uninstall one of my anti-virus software programs. I went to control panel and looked to uninstall the McAfee AntiSpyware Enterprise Module, deleted that but not able to delete the entire McAfee itself. 2. Here is my TDSSKiller Log: 01:47:56.0203 4204 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 01:47:57.0296 4204 ============================================================ 01:47:57.0296 4204 Current date / time: 2012/07/12 01:47:57.0296 01:47:57.0296 4204 SystemInfo: 01:47:57.0296 4204 01:47:57.0296 4204 OS Version: 5.1.2600 ServicePack: 3.0 01:47:57.0296 4204 Product type: Workstation 01:47:57.0296 4204 ComputerName: E0460871 01:47:57.0296 4204 UserName: Admin 01:47:57.0296 4204 Windows directory: C:\WINDOWS 01:47:57.0296 4204 System windows directory: C:\WINDOWS 01:47:57.0296 4204 Processor architecture: Intel x86 01:47:57.0296 4204 Number of processors: 2 01:47:57.0296 4204 Page size: 0x1000 01:47:57.0296 4204 Boot type: Normal boot 01:47:57.0296 4204 ============================================================ 01:48:00.0515 4204 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 01:48:00.0531 4204 ============================================================ 01:48:00.0531 4204 \Device\Harddisk0\DR0: 01:48:00.0531 4204 MBR partitions: 01:48:00.0531 4204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x94DB4F4 01:48:00.0531 4204 ============================================================ 01:48:00.0562 4204 C: <-> \Device\Harddisk0\DR0\Partition0 01:48:00.0562 4204 ============================================================ 01:48:00.0562 4204 Initialize success 01:48:00.0562 4204 ============================================================ 01:48:31.0890 1628 ============================================================ 01:48:31.0890 1628 Scan started 01:48:31.0890 1628 Mode: Manual; SigCheck; TDLFS; 01:48:31.0890 1628 ============================================================ 01:48:33.0687 1628 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 01:49:07.0531 1628 61883 - ok 01:49:07.0531 1628 Abiosdsk - ok 01:49:07.0531 1628 abp480n5 - ok 01:49:07.0593 1628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 01:49:07.0906 1628 ACPI - ok 01:49:07.0937 1628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 01:49:08.0203 1628 ACPIEC - ok 01:49:08.0234 1628 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys 01:49:08.0265 1628 adfs - ok 01:49:08.0359 1628 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe 01:49:08.0375 1628 Adobe Version Cue CS4 - ok 01:49:08.0390 1628 adpu160m - ok 01:49:08.0421 1628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 01:49:08.0921 1628 aec - ok 01:49:08.0953 1628 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys 01:49:09.0218 1628 AegisP - ok 01:49:09.0687 1628 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 01:49:10.0078 1628 AFD - ok 01:49:10.0140 1628 Aha154x - ok 01:49:10.0140 1628 aic78u2 - ok 01:49:10.0140 1628 aic78xx - ok 01:49:10.0187 1628 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 01:49:10.0421 1628 Alerter - ok 01:49:10.0437 1628 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 01:49:10.0812 1628 ALG - ok 01:49:10.0812 1628 AliIde - ok 01:49:10.0812 1628 amsint - ok 01:49:10.0875 1628 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 01:49:10.0890 1628 Apple Mobile Device - ok 01:49:10.0937 1628 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 01:49:11.0171 1628 AppMgmt - ok 01:49:11.0187 1628 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 01:49:11.0390 1628 Arp1394 - ok 01:49:11.0390 1628 asc - ok 01:49:11.0390 1628 asc3350p - ok 01:49:11.0406 1628 asc3550 - ok 01:49:11.0468 1628 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 01:49:11.0500 1628 aspnet_state - ok 01:49:11.0515 1628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 01:49:11.0687 1628 AsyncMac - ok 01:49:11.0718 1628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 01:49:12.0015 1628 atapi - ok 01:49:12.0015 1628 Atdisk - ok 01:49:12.0031 1628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 01:49:12.0328 1628 Atmarpc - ok 01:49:12.0359 1628 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 01:49:12.0578 1628 AudioSrv - ok 01:49:12.0609 1628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 01:49:12.0875 1628 audstub - ok 01:49:12.0906 1628 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 01:49:13.0140 1628 Avc - ok 01:49:13.0171 1628 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 01:49:13.0296 1628 b57w2k - ok 01:49:13.0328 1628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 01:49:13.0531 1628 Beep - ok 01:49:13.0656 1628 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys 01:49:13.0703 1628 BHDrvx86 - ok 01:49:13.0750 1628 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 01:49:14.0000 1628 BITS - ok 01:49:14.0062 1628 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe 01:49:14.0109 1628 Bonjour Service - ok 01:49:14.0125 1628 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 01:49:14.0390 1628 Browser - ok 01:49:14.0437 1628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 01:49:14.0687 1628 cbidf2k - ok 01:49:14.0718 1628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 01:49:14.0984 1628 CCDECODE - ok 01:49:15.0015 1628 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys 01:49:15.0046 1628 ccSet_N360 - ok 01:49:15.0046 1628 cd20xrnt - ok 01:49:15.0093 1628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 01:49:15.0359 1628 Cdaudio - ok 01:49:15.0390 1628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 01:49:15.0671 1628 Cdfs - ok 01:49:15.0687 1628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 01:49:15.0921 1628 Cdrom - ok 01:49:15.0921 1628 Changer - ok 01:49:15.0953 1628 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 01:49:16.0296 1628 CiSvc - ok 01:49:16.0343 1628 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 01:49:16.0671 1628 ClipSrv - ok 01:49:16.0750 1628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 01:49:16.0765 1628 clr_optimization_v2.0.50727_32 - ok 01:49:16.0765 1628 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 01:49:17.0125 1628 CmBatt - ok 01:49:17.0125 1628 CmdIde - ok 01:49:17.0125 1628 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 01:49:17.0453 1628 Compbatt - ok 01:49:17.0453 1628 COMSysApp - ok 01:49:17.0468 1628 Cpqarray - ok 01:49:17.0484 1628 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 01:49:17.0718 1628 CryptSvc - ok 01:49:17.0765 1628 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys 01:49:17.0906 1628 CSRBC ( UnsignedFile.Multi.Generic ) - warning 01:49:17.0906 1628 CSRBC - detected UnsignedFile.Multi.Generic (1) 01:49:17.0906 1628 dac2w2k - ok 01:49:17.0906 1628 dac960nt - ok 01:49:17.0953 1628 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 01:49:18.0140 1628 DcomLaunch - ok 01:49:18.0171 1628 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 01:49:18.0359 1628 Dhcp - ok 01:49:18.0500 1628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 01:49:18.0812 1628 Disk - ok 01:49:18.0828 1628 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 01:49:18.0843 1628 DLABMFSM - ok 01:49:18.0859 1628 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 01:49:18.0875 1628 DLABOIOM - ok 01:49:18.0875 1628 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 01:49:18.0890 1628 DLACDBHM - ok 01:49:18.0890 1628 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 01:49:18.0906 1628 DLADResM - ok 01:49:18.0921 1628 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 01:49:18.0937 1628 DLAIFS_M - ok 01:49:18.0953 1628 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 01:49:18.0968 1628 DLAOPIOM - ok 01:49:18.0968 1628 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 01:49:18.0984 1628 DLAPoolM - ok 01:49:18.0984 1628 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 01:49:19.0015 1628 DLARTL_M - ok 01:49:19.0046 1628 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 01:49:19.0078 1628 DLAUDFAM - ok 01:49:19.0078 1628 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 01:49:19.0093 1628 DLAUDF_M - ok 01:49:19.0109 1628 dmadmin - ok 01:49:19.0187 1628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 01:49:19.0593 1628 dmboot - ok 01:49:19.0640 1628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 01:49:19.0968 1628 dmio - ok 01:49:20.0000 1628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 01:49:20.0390 1628 dmload - ok 01:49:20.0421 1628 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 01:49:20.0765 1628 dmserver - ok 01:49:20.0796 1628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 01:49:20.0984 1628 DMusic - ok 01:49:21.0031 1628 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 01:49:21.0281 1628 Dnscache - ok 01:49:21.0390 1628 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 01:49:21.0781 1628 Dot3svc - ok 01:49:21.0781 1628 dpti2o - ok 01:49:21.0781 1628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 01:49:22.0093 1628 drmkaud - ok 01:49:22.0109 1628 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 01:49:22.0125 1628 DRVMCDB - ok 01:49:22.0156 1628 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 01:49:22.0171 1628 DRVNDDM - ok 01:49:22.0203 1628 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 01:49:22.0390 1628 EapHost - ok 01:49:22.0484 1628 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 01:49:22.0515 1628 eeCtrl - ok 01:49:22.0562 1628 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 01:49:22.0656 1628 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 01:49:22.0656 1628 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 01:49:22.0718 1628 EpsonCustomerParticipation (b78436ca173ff723a1eace5cd4900375) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe 01:49:22.0750 1628 EpsonCustomerParticipation - ok 01:49:22.0781 1628 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 01:49:22.0796 1628 EraserUtilRebootDrv - ok 01:49:22.0828 1628 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 01:49:23.0093 1628 ERSvc - ok 01:49:23.0140 1628 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 01:49:23.0343 1628 Eventlog - ok 01:49:23.0375 1628 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 01:49:23.0718 1628 EventSystem - ok 01:49:23.0781 1628 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 01:49:23.0921 1628 EvtEng ( UnsignedFile.Multi.Generic ) - warning 01:49:23.0921 1628 EvtEng - detected UnsignedFile.Multi.Generic (1) 01:49:24.0000 1628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 01:49:24.0265 1628 Fastfat - ok 01:49:24.0312 1628 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 01:49:24.0453 1628 FastUserSwitchingCompatibility - ok 01:49:24.0453 1628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 01:49:24.0671 1628 Fdc - ok 01:49:24.0703 1628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 01:49:24.0968 1628 Fips - ok 01:49:25.0000 1628 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys 01:49:25.0203 1628 fixustor ( UnsignedFile.Multi.Generic ) - warning 01:49:25.0203 1628 fixustor - detected UnsignedFile.Multi.Generic (1) 01:49:25.0296 1628 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 01:49:25.0328 1628 FLEXnet Licensing Service - ok 01:49:25.0328 1628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 01:49:25.0859 1628 Flpydisk - ok 01:49:25.0875 1628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 01:49:26.0312 1628 FltMgr - ok 01:49:26.0390 1628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 01:49:26.0421 1628 FontCache3.0.0.0 - ok 01:49:26.0437 1628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 01:49:26.0921 1628 Fs_Rec - ok 01:49:26.0921 1628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 01:49:27.0171 1628 Ftdisk - ok 01:49:27.0187 1628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 01:49:27.0203 1628 GEARAspiWDM - ok 01:49:27.0234 1628 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe 01:49:27.0250 1628 getPlus® Helper - ok 01:49:27.0281 1628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 01:49:27.0593 1628 Gpc - ok 01:49:27.0625 1628 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys 01:49:27.0890 1628 guardian2 - ok 01:49:27.0890 1628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 01:49:28.0203 1628 HDAudBus - ok 01:49:28.0234 1628 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 01:49:28.0609 1628 helpsvc - ok 01:49:28.0625 1628 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 01:49:28.0984 1628 HidServ - ok 01:49:29.0062 1628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 01:49:29.0390 1628 HidUsb - ok 01:49:29.0421 1628 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 01:49:29.0625 1628 hkmsvc - ok 01:49:29.0625 1628 hpn - ok 01:49:29.0671 1628 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 01:49:30.0046 1628 HPZid412 - ok 01:49:30.0046 1628 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 01:49:30.0656 1628 HPZipr12 - ok 01:49:30.0656 1628 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 01:49:30.0843 1628 HPZius12 - ok 01:49:30.0921 1628 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 01:49:31.0250 1628 HSFHWAZL - ok 01:49:31.0312 1628 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 01:49:31.0468 1628 HSF_DPV - ok 01:49:31.0515 1628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 01:49:31.0718 1628 HTTP - ok 01:49:31.0765 1628 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 01:49:32.0078 1628 HTTPFilter - ok 01:49:32.0078 1628 i2omgmt - ok 01:49:32.0093 1628 i2omp - ok 01:49:32.0140 1628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 01:49:32.0437 1628 i8042prt - ok 01:49:32.0843 1628 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 01:49:33.0437 1628 ialm - ok 01:49:33.0625 1628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 01:49:33.0656 1628 idsvc - ok 01:49:33.0765 1628 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120711.001\IDSxpx86.sys 01:49:33.0796 1628 IDSxpx86 - ok 01:49:33.0890 1628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 01:49:34.0140 1628 Imapi - ok 01:49:34.0171 1628 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 01:49:34.0375 1628 ImapiService - ok 01:49:34.0375 1628 ini910u - ok 01:49:34.0390 1628 IntelIde - ok 01:49:34.0390 1628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 01:49:34.0609 1628 intelppm - ok 01:49:34.0625 1628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 01:49:34.0828 1628 Ip6Fw - ok 01:49:34.0859 1628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 01:49:35.0203 1628 IpFilterDriver - ok 01:49:35.0218 1628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 01:49:35.0453 1628 IpInIp - ok 01:49:35.0484 1628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 01:49:35.0843 1628 IpNat - ok 01:49:35.0921 1628 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe 01:49:35.0953 1628 iPod Service - ok 01:49:35.0968 1628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 01:49:36.0187 1628 IPSec - ok 01:49:36.0203 1628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 01:49:36.0656 1628 IRENUM - ok 01:49:36.0703 1628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 01:49:36.0968 1628 isapnp - ok 01:49:37.0015 1628 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe 01:49:37.0031 1628 JavaQuickStarterService - ok 01:49:37.0062 1628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 01:49:37.0296 1628 Kbdclass - ok 01:49:37.0734 1628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 01:49:38.0015 1628 kbdhid - ok 01:49:38.0062 1628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 01:49:38.0328 1628 kmixer - ok 01:49:38.0343 1628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 01:49:38.0593 1628 KSecDD - ok 01:49:38.0625 1628 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 01:49:38.0906 1628 lanmanserver - ok 01:49:38.0937 1628 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 01:49:39.0156 1628 lanmanworkstation - ok 01:49:39.0156 1628 lbrtfdc - ok 01:49:39.0171 1628 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 01:49:39.0203 1628 LHidFilt - ok 01:49:39.0234 1628 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 01:49:39.0609 1628 LmHosts - ok 01:49:39.0625 1628 LMouFilt (8bd61e1f686d352b318b025524542128) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 01:49:39.0640 1628 LMouFilt - ok 01:49:39.0890 1628 Lotus Notes Diagnostics (986e0f3be701b232b8913de59c7adc7c) C:\Program Files\IBM\Lotus\Notes\nsd.exe 01:49:40.0000 1628 Lotus Notes Diagnostics - ok 01:49:40.0125 1628 Lotus Notes Single Logon (71f607abe2355fabea9fb13e057ac050) C:\Program Files\IBM\Lotus\Notes\nslsvice.exe 01:49:40.0140 1628 Lotus Notes Single Logon - ok 01:49:40.0250 1628 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 01:49:40.0265 1628 MBAMProtector - ok 01:49:40.0343 1628 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 01:49:40.0375 1628 MBAMService - ok 01:49:40.0421 1628 McAfeeFramework (447d4617b99ac0a4ba056713dfe02279) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe 01:49:40.0437 1628 McAfeeFramework - ok 01:49:40.0484 1628 McShield (12bef73e0281ac793865be1a331c67fc) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe 01:49:40.0500 1628 McShield - ok 01:49:40.0531 1628 McTaskManager (d0f500bc9f114c99d32df4dc4c857c94) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe 01:49:40.0546 1628 McTaskManager - ok 01:49:40.0593 1628 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 01:49:40.0625 1628 MDM - ok 01:49:40.0718 1628 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 01:49:41.0031 1628 mdmxsdk - ok 01:49:41.0062 1628 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 01:49:41.0328 1628 Messenger - ok 01:49:41.0343 1628 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys 01:49:41.0359 1628 mfeapfk - ok 01:49:41.0375 1628 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys 01:49:41.0390 1628 mfeavfk - ok 01:49:41.0406 1628 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys 01:49:41.0421 1628 mfebopk - ok 01:49:41.0468 1628 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys 01:49:41.0484 1628 mfehidk - ok 01:49:41.0500 1628 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 01:49:41.0515 1628 mferkdk - ok 01:49:41.0531 1628 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys 01:49:41.0546 1628 mfetdik - ok 01:49:41.0562 1628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 01:49:41.0781 1628 mnmdd - ok 01:49:41.0828 1628 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 01:49:42.0046 1628 mnmsrvc - ok 01:49:42.0078 1628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 01:49:42.0328 1628 Modem - ok 01:49:42.0343 1628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 01:49:42.0609 1628 Mouclass - ok 01:49:42.0625 1628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 01:49:42.0875 1628 mouhid - ok 01:49:42.0906 1628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 01:49:43.0125 1628 MountMgr - ok 01:49:43.0171 1628 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 01:49:43.0187 1628 MozillaMaintenance - ok 01:49:43.0203 1628 mraid35x - ok 01:49:43.0218 1628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 01:49:43.0453 1628 MRxDAV - ok 01:49:43.0500 1628 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 01:49:43.0703 1628 MRxSmb - ok 01:49:43.0734 1628 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 01:49:43.0953 1628 MSDTC - ok 01:49:43.0984 1628 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 01:49:44.0203 1628 MSDV - ok 01:49:44.0218 1628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 01:49:44.0375 1628 Msfs - ok 01:49:44.0375 1628 MSIServer - ok 01:49:44.0390 1628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 01:49:44.0593 1628 MSKSSRV - ok 01:49:44.0593 1628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 01:49:44.0812 1628 MSPCLOCK - ok 01:49:44.0812 1628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 01:49:45.0031 1628 MSPQM - ok 01:49:45.0046 1628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 01:49:45.0234 1628 mssmbios - ok 01:49:45.0265 1628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 01:49:45.0531 1628 MSTEE - ok 01:49:45.0562 1628 Multi-user Cleanup Service (218d58976c01c60657818ed0eac81602) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe 01:49:45.0609 1628 Multi-user Cleanup Service - ok 01:49:45.0640 1628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 01:49:45.0796 1628 Mup - ok 01:49:45.0843 1628 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe 01:49:45.0875 1628 N360 - ok 01:49:45.0906 1628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 01:49:46.0125 1628 NABTSFEC - ok 01:49:46.0171 1628 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 01:49:46.0343 1628 napagent - ok 01:49:46.0421 1628 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120711.018\NAVENG.SYS 01:49:46.0453 1628 NAVENG - ok 01:49:46.0578 1628 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120711.018\NAVEX15.SYS 01:49:46.0625 1628 NAVEX15 - ok 01:49:46.0734 1628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 01:49:47.0015 1628 NDIS - ok 01:49:47.0031 1628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 01:49:47.0359 1628 NdisIP - ok 01:49:47.0390 1628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 01:49:47.0796 1628 NdisTapi - ok 01:49:47.0812 1628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 01:49:48.0093 1628 Ndisuio - ok 01:49:48.0109 1628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 01:49:48.0281 1628 NdisWan - ok 01:49:48.0312 1628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 01:49:48.0640 1628 NDProxy - ok 01:49:48.0671 1628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 01:49:48.0984 1628 NetBIOS - ok 01:49:49.0015 1628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 01:49:49.0234 1628 NetBT - ok 01:49:49.0281 1628 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 01:49:49.0531 1628 NetDDE - ok 01:49:49.0687 1628 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 01:49:49.0968 1628 NetDDEdsdm - ok 01:49:50.0046 1628 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:49:50.0281 1628 Netlogon - ok 01:49:50.0312 1628 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 01:49:50.0609 1628 Netman - ok 01:49:50.0703 1628 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 01:49:50.0734 1628 NetTcpPortSharing - ok 01:49:50.0906 1628 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 01:49:51.0187 1628 NETw4x32 - ok 01:49:51.0296 1628 NGCLIENT (174692e8a5eb4df16d44c1b44f978d3f) C:\Program Files\Symantec\Ghost\ngctw32.exe 01:49:51.0328 1628 NGCLIENT - ok 01:49:51.0468 1628 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 01:49:51.0796 1628 NIC1394 - ok 01:49:51.0859 1628 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 01:49:52.0015 1628 Nla - ok 01:49:52.0031 1628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 01:49:52.0234 1628 Npfs - ok 01:49:52.0265 1628 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS 01:49:52.0562 1628 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning 01:49:52.0562 1628 NSNDIS5 - detected UnsignedFile.Multi.Generic (1) 01:49:52.0609 1628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 01:49:52.0906 1628 Ntfs - ok 01:49:52.0937 1628 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:49:53.0140 1628 NtLmSsp - ok 01:49:53.0187 1628 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 01:49:53.0375 1628 NtmsSvc - ok 01:49:53.0406 1628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 01:49:53.0593 1628 Null - ok 01:49:53.0609 1628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 01:49:53.0828 1628 NwlnkFlt - ok 01:49:53.0828 1628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 01:49:54.0109 1628 NwlnkFwd - ok 01:49:54.0234 1628 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 01:49:54.0265 1628 odserv - ok 01:49:54.0281 1628 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 01:49:54.0500 1628 ohci1394 - ok 01:49:54.0531 1628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 01:49:54.0562 1628 ose - ok 01:49:54.0578 1628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 01:49:54.0812 1628 Parport - ok 01:49:54.0812 1628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 01:49:55.0062 1628 PartMgr - ok 01:49:55.0078 1628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 01:49:55.0296 1628 ParVdm - ok 01:49:55.0312 1628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 01:49:55.0593 1628 PCI - ok 01:49:55.0593 1628 PCIDump - ok 01:49:55.0593 1628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 01:49:56.0078 1628 PCIIde - ok 01:49:56.0093 1628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 01:49:56.0343 1628 Pcmcia - ok 01:49:56.0343 1628 PDCOMP - ok 01:49:56.0343 1628 PDFRAME - ok 01:49:56.0359 1628 PDRELI - ok 01:49:56.0359 1628 PDRFRAME - ok 01:49:56.0359 1628 perc2 - ok 01:49:56.0375 1628 perc2hib - ok 01:49:56.0406 1628 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 01:49:56.0484 1628 PlugPlay - ok 01:49:56.0500 1628 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe 01:49:56.0703 1628 Pml Driver HPZ12 - ok 01:49:56.0718 1628 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:49:56.0890 1628 PolicyAgent - ok 01:49:56.0921 1628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 01:49:57.0187 1628 PptpMiniport - ok 01:49:57.0187 1628 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:49:57.0437 1628 ProtectedStorage - ok 01:49:57.0453 1628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 01:49:57.0640 1628 PSched - ok 01:49:57.0750 1628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 01:49:58.0078 1628 Ptilink - ok 01:49:58.0093 1628 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 01:49:58.0109 1628 PxHelp20 - ok 01:49:58.0125 1628 ql1080 - ok 01:49:58.0125 1628 Ql10wnt - ok 01:49:58.0140 1628 ql12160 - ok 01:49:58.0140 1628 ql1240 - ok 01:49:58.0140 1628 ql1280 - ok 01:49:58.0156 1628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 01:49:58.0421 1628 RasAcd - ok 01:49:58.0609 1628 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 01:49:58.0843 1628 RasAuto - ok 01:49:58.0859 1628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 01:49:59.0093 1628 Rasl2tp - ok 01:49:59.0125 1628 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 01:49:59.0359 1628 RasMan - ok 01:49:59.0359 1628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 01:49:59.0640 1628 RasPppoe - ok 01:49:59.0640 1628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 01:49:59.0875 1628 Raspti - ok 01:49:59.0921 1628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 01:50:00.0156 1628 Rdbss - ok 01:50:00.0218 1628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 01:50:00.0468 1628 RDPCDD - ok 01:50:00.0500 1628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 01:50:00.0765 1628 rdpdr - ok 01:50:00.0796 1628 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 01:50:00.0968 1628 RDPWD - ok 01:50:01.0000 1628 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 01:50:01.0234 1628 RDSessMgr - ok 01:50:01.0250 1628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 01:50:01.0437 1628 redbook - ok 01:50:01.0515 1628 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 01:50:01.0625 1628 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 01:50:01.0625 1628 RegSrvc - detected UnsignedFile.Multi.Generic (1) 01:50:01.0656 1628 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 01:50:02.0000 1628 RemoteAccess - ok 01:50:02.0015 1628 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 01:50:02.0343 1628 RemoteRegistry - ok 01:50:02.0375 1628 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 01:50:02.0625 1628 RpcLocator - ok 01:50:02.0687 1628 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 01:50:02.0812 1628 RpcSs - ok 01:50:02.0843 1628 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 01:50:03.0125 1628 RSVP - ok 01:50:03.0203 1628 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 01:50:03.0328 1628 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning 01:50:03.0328 1628 S24EventMonitor - detected UnsignedFile.Multi.Generic (1) 01:50:03.0359 1628 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys 01:50:03.0515 1628 s24trans ( UnsignedFile.Multi.Generic ) - warning 01:50:03.0515 1628 s24trans - detected UnsignedFile.Multi.Generic (1) 01:50:03.0546 1628 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:50:03.0765 1628 SamSs - ok 01:50:03.0796 1628 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 01:50:03.0984 1628 SCardSvr - ok 01:50:04.0015 1628 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 01:50:04.0218 1628 Schedule - ok 01:50:04.0375 1628 SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe 01:50:04.0421 1628 SDScannerService - ok 01:50:04.0546 1628 SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe 01:50:04.0578 1628 SDUpdateService - ok 01:50:04.0734 1628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 01:50:04.0937 1628 Secdrv - ok 01:50:04.0968 1628 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 01:50:05.0203 1628 seclogon - ok 01:50:05.0250 1628 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 01:50:05.0453 1628 SENS - ok 01:50:05.0546 1628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 01:50:05.0859 1628 serenum - ok 01:50:05.0906 1628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 01:50:06.0125 1628 Serial - ok 01:50:06.0156 1628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 01:50:06.0359 1628 Sfloppy - ok 01:50:06.0421 1628 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 01:50:06.0828 1628 SharedAccess - ok 01:50:06.0890 1628 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 01:50:07.0328 1628 ShellHWDetection - ok 01:50:07.0343 1628 Simbad - ok 01:50:07.0359 1628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 01:50:08.0046 1628 SLIP - ok 01:50:08.0609 1628 SMART Board Service (6dac3f90ef7b3ac349890e4eebacb260) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe 01:50:08.0812 1628 SMART Board Service - ok 01:50:08.0968 1628 SMART Display Controller (63beb15cc3e249bf51134e85dd56535d) C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe 01:50:09.0000 1628 SMART Display Controller - ok 01:50:09.0140 1628 SMART SNMP Agent Service (3bcb934ae0a0fca1c3aa7a3a8088bc68) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe 01:50:09.0187 1628 SMART SNMP Agent Service - ok 01:50:09.0437 1628 Sparrow - ok 01:50:09.0453 1628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 01:50:09.0671 1628 splitter - ok 01:50:09.0687 1628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 01:50:09.0812 1628 Spooler - ok 01:50:09.0843 1628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 01:50:10.0156 1628 sr - ok 01:50:10.0203 1628 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 01:50:10.0421 1628 srservice - ok 01:50:10.0562 1628 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSP.SYS 01:50:10.0593 1628 SRTSP - ok 01:50:10.0609 1628 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS 01:50:10.0640 1628 SRTSPX - ok 01:50:10.0687 1628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 01:50:10.0828 1628 Srv - ok 01:50:10.0843 1628 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 01:50:11.0156 1628 SSDPSRV - ok 01:50:11.0218 1628 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe 01:50:11.0421 1628 STacSV - ok 01:50:11.0578 1628 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 01:50:11.0859 1628 STHDA - ok 01:50:11.0906 1628 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 01:50:12.0140 1628 stisvc - ok 01:50:12.0203 1628 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 01:50:12.0359 1628 stllssvr ( UnsignedFile.Multi.Generic ) - warning 01:50:12.0359 1628 stllssvr - detected UnsignedFile.Multi.Generic (1) 01:50:12.0406 1628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 01:50:12.0921 1628 streamip - ok 01:50:12.0953 1628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 01:50:13.0406 1628 swenum - ok 01:50:13.0453 1628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 01:50:13.0921 1628 swmidi - ok 01:50:13.0921 1628 SwPrv - ok 01:50:13.0937 1628 symc810 - ok 01:50:13.0937 1628 symc8xx - ok 01:50:14.0000 1628 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS 01:50:14.0171 1628 SymDS - ok 01:50:14.0265 1628 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS 01:50:14.0312 1628 SymEFA - ok 01:50:14.0359 1628 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 01:50:14.0375 1628 SymEvent - ok 01:50:14.0390 1628 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS 01:50:14.0406 1628 SymIRON - ok 01:50:14.0437 1628 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMTDI.SYS 01:50:14.0468 1628 SYMTDI - ok 01:50:14.0468 1628 sym_hi - ok 01:50:14.0468 1628 sym_u3 - ok 01:50:14.0500 1628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 01:50:14.0703 1628 sysaudio - ok 01:50:14.0765 1628 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 01:50:15.0062 1628 SysmonLog - ok 01:50:15.0093 1628 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 01:50:15.0265 1628 TapiSrv - ok 01:50:15.0312 1628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 01:50:15.0421 1628 Tcpip - ok 01:50:15.0468 1628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 01:50:15.0781 1628 TDPIPE - ok 01:50:15.0796 1628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 01:50:15.0968 1628 TDTCP - ok 01:50:16.0000 1628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 01:50:16.0234 1628 TermDD - ok 01:50:16.0265 1628 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 01:50:16.0468 1628 TermService - ok 01:50:16.0546 1628 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 01:50:16.0671 1628 Themes - ok 01:50:16.0703 1628 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 01:50:16.0921 1628 TlntSvr - ok 01:50:16.0937 1628 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys 01:50:17.0109 1628 toshidpt - ok 01:50:17.0140 1628 TosIde - ok 01:50:17.0171 1628 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys 01:50:17.0265 1628 tosporte - ok 01:50:17.0281 1628 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 01:50:17.0453 1628 tosrfbd - ok 01:50:17.0484 1628 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 01:50:17.0609 1628 tosrfbnp - ok 01:50:17.0843 1628 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys 01:50:18.0000 1628 Tosrfcom - ok 01:50:18.0000 1628 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 01:50:18.0125 1628 Tosrfhid - ok 01:50:18.0125 1628 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 01:50:18.0250 1628 tosrfnds - ok 01:50:18.0265 1628 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 01:50:18.0437 1628 Tosrfusb - ok 01:50:18.0468 1628 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 01:50:18.0703 1628 TrkWks - ok 01:50:18.0734 1628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 01:50:19.0000 1628 Udfs - ok 01:50:19.0000 1628 ultra - ok 01:50:19.0062 1628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 01:50:19.0234 1628 Update - ok 01:50:19.0265 1628 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 01:50:19.0484 1628 upnphost - ok 01:50:19.0515 1628 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 01:50:19.0718 1628 UPS - ok 01:50:19.0750 1628 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 01:50:20.0109 1628 USBAAPL - ok 01:50:20.0140 1628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 01:50:20.0421 1628 usbaudio - ok 01:50:20.0437 1628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 01:50:20.0687 1628 usbccgp - ok 01:50:20.0703 1628 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys 01:50:20.0859 1628 USBCCID - ok 01:50:20.0890 1628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 01:50:21.0125 1628 usbehci - ok 01:50:21.0140 1628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 01:50:21.0359 1628 usbhub - ok 01:50:21.0390 1628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 01:50:21.0859 1628 usbprint - ok 01:50:21.0906 1628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 01:50:22.0125 1628 usbscan - ok 01:50:22.0156 1628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 01:50:22.0437 1628 USBSTOR - ok 01:50:22.0484 1628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 01:50:22.0718 1628 usbuhci - ok 01:50:22.0765 1628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 01:50:23.0093 1628 VgaSave - ok 01:50:23.0093 1628 ViaIde - ok 01:50:23.0125 1628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 01:50:23.0296 1628 VolSnap - ok 01:50:23.0359 1628 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 01:50:23.0593 1628 VSS - ok 01:50:23.0625 1628 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 01:50:23.0953 1628 W32Time - ok 01:50:23.0984 1628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 01:50:24.0250 1628 Wanarp - ok 01:50:24.0296 1628 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 01:50:24.0328 1628 Wdf01000 - ok 01:50:24.0328 1628 WDICA - ok 01:50:24.0359 1628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 01:50:24.0625 1628 wdmaud - ok 01:50:24.0703 1628 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 01:50:24.0937 1628 WebClient - ok 01:50:25.0031 1628 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 01:50:25.0171 1628 winachsf - ok 01:50:25.0234 1628 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 01:50:25.0453 1628 winmgmt - ok 01:50:25.0546 1628 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 01:50:25.0687 1628 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning 01:50:25.0687 1628 WLANKEEPER - detected UnsignedFile.Multi.Generic (1) 01:50:25.0718 1628 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 01:50:25.0906 1628 WmdmPmSN - ok 01:50:25.0968 1628 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 01:50:26.0078 1628 Wmi - ok 01:50:26.0109 1628 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 01:50:26.0281 1628 WmiAcpi - ok 01:50:26.0328 1628 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 01:50:26.0515 1628 WmiApSrv - ok 01:50:26.0625 1628 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 01:50:26.0765 1628 WMPNetworkSvc - ok 01:50:26.0812 1628 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 01:50:27.0062 1628 wscsvc - ok 01:50:27.0109 1628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 01:50:27.0296 1628 WSTCODEC - ok 01:50:27.0296 1628 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 01:50:27.0531 1628 wuauserv - ok 01:50:27.0609 1628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 01:50:27.0765 1628 WudfPf - ok 01:50:27.0765 1628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 01:50:27.0890 1628 WudfRd - ok 01:50:27.0906 1628 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 01:50:28.0046 1628 WudfSvc - ok 01:50:28.0109 1628 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 01:50:28.0390 1628 WZCSVC - ok 01:50:28.0671 1628 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 01:50:29.0000 1628 xmlprov - ok 01:50:29.0031 1628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 01:50:29.0031 1628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 01:50:29.0031 1628 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 01:50:29.0062 1628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 01:50:29.0062 1628 \Device\Harddisk0\DR0 - detected TDSS File System (1) 01:50:29.0078 1628 Boot (0x1200) (6a8375b063e3f895c13c123b5305a0f1) \Device\Harddisk0\DR0\Partition0 01:50:29.0078 1628 \Device\Harddisk0\DR0\Partition0 - ok 01:50:29.0078 1628 ============================================================ 01:50:29.0078 1628 Scan finished 01:50:29.0078 1628 ============================================================ 01:50:29.0187 3772 Detected object count: 12 01:50:29.0187 3772 Actual detected object count: 12 01:50:55.0625 3772 CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0625 3772 CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0625 3772 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0625 3772 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0625 3772 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0625 3772 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0640 3772 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0640 3772 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0640 3772 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0640 3772 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0640 3772 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0640 3772 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0640 3772 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0640 3772 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0640 3772 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0640 3772 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0640 3772 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0640 3772 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:55.0640 3772 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user 01:50:55.0640 3772 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:50:56.0390 3772 \Device\Harddisk0\DR0\# - copied to quarantine 01:50:56.0390 3772 \Device\Harddisk0\DR0 - copied to quarantine 01:50:56.0421 3772 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 01:50:56.0437 3772 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 01:50:56.0453 3772 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 01:50:56.0484 3772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 01:50:56.0500 3772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 01:50:56.0515 3772 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 01:50:56.0531 3772 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 01:50:56.0531 3772 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 01:50:56.0546 3772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 01:50:56.0562 3772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 01:50:56.0562 3772 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 01:50:56.0578 3772 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 01:50:56.0593 3772 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 01:50:56.0625 3772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 01:50:56.0625 3772 \Device\Harddisk0\DR0 - ok 01:50:56.0625 3772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 01:50:56.0625 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 01:50:56.0625 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 01:51:36.0406 5732 Deinitialize success 3. Here is my Malwarebytes' Anti-Malware Log (Nothing to remove): Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.12.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Admin :: E0460871 [administrator] Protection: Enabled 7/12/2012 2:07:40 AM mbam-log-2012-07-12 (02-07-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 270709 Time elapsed: 14 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) 4. Here is my dds log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_33 Run by Admin at 2:25:18 on 2012-07-12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1086 [GMT -10:00] . AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: Norton 360 *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\IBM\Lotus\Notes\nsd.exe C:\Program Files\IBM\Lotus\Notes\nslsvice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\IBM\Lotus\Notes\ntmulti.exe C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\Program Files\Symantec\Ghost\ngctw32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\WINDOWS\system32\umonit.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Symantec\Ghost\ngtray.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SetPoint\SetPoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer, optimized for Bing and MSN uInternet Settings,ProxyOverride = *.local BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DWABrowserHlprObj Class: {2709d830-b643-4e72-9a1e-701cfffcf30c} - c:\windows\system32\dwabho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [uMonit] c:\windows\system32\umonit.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe" mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe" dRun: [Adobe] rundll32.exe "c:\documents and settings\laptop user\local settings\application data\apple computer\adobe\xdlqzl.dll",DllRegisterServer StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://165.248.233.217/iNotes6W.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231532123176 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF} DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://165.248.233.217/dwa7W.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3357F480-C801-4B6D-B320-86F0E362BC60} : DhcpNameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f Hosts: 165.248.100.142 makala1 Hosts: 165.248.101.190 manoa1 Hosts: 165.248.101.62 manana1 Hosts: 165.248.102.38 mauka1 Hosts: 165.248.103.61 mckin1 . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\7wgst86i.default\ FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13130.dll FF - plugin: c:\program files\zwinky_5qei\installr\1.bin\NP5qEISb.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\SymDS.sys [2012-6-27 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys [2012-6-27 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys [2012-6-27 132744] R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys [2012-6-27 149624] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2009-9-29 3397000] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 655944] R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-7-28 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872] R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccSvcHst.exe [2012-6-27 138232] R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-1 1122296] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-1 838136] R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart product drivers\UCService.exe [2010-11-19 846192] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-28 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120711.001\IDSXpx86.sys [2012-7-12 369632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344] R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-12-15 72264] R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-12-15 34152] R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-12-15 168776] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120711.018\NAVENG.SYS [2012-7-12 87928] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120711.018\NAVEX15.SYS [2012-7-12 1589752] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2012-2-6 6016] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120] S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2010-11-19 1664368] . =============== File Associations =============== . .txt= . =============== Created Last 30 ================ . 2012-07-12 11:57:10 711240 ----a-w- c:\windows\isRS-000.tmp 2012-07-12 11:55:29 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes 2012-07-12 11:50:55 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-12 11:23:24 -------- d-----w- c:\documents and settings\admin\application data\Leader Technologies 2012-07-03 09:48:26 0 ----a-w- C:\LOG2F.tmp 2012-07-02 02:25:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-07-02 02:24:45 15224 ----a-w- c:\windows\system32\sdnclean.exe 2012-07-02 02:24:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-06-30 10:40:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-06-30 10:40:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 10:40:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-30 09:35:26 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc 2012-06-29 20:44:31 -------- d-----w- c:\windows\pss 2012-06-29 20:14:06 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-06-28 06:05:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-06-28 06:05:23 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-06-28 06:05:03 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys 2012-06-28 06:05:03 388216 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdi.sys 2012-06-28 06:05:03 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys 2012-06-28 06:05:03 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymDS.sys 2012-06-28 06:05:03 32888 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys 2012-06-28 06:05:03 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys 2012-06-28 06:05:02 574072 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys 2012-06-28 06:05:02 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys 2012-06-28 06:05:02 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys 2012-06-28 06:04:42 4782 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymVTcer.dat 2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\n360\0602010.005 2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\N360 2012-06-28 06:04:40 -------- d-----w- c:\program files\Norton 360 2012-06-28 06:02:35 -------- d-----w- c:\program files\NortonInstaller 2012-06-28 06:02:35 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2012-06-28 01:56:43 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3E0405F6ED00096165D151FC4E 2012-06-26 22:25:04 73 ----a-w- c:\windows\system32\ssprs.dll 2012-06-26 22:25:04 205 ----a-w- c:\windows\system32\lsprst7.dll 2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\sysprs7.dll 2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth2.dll 2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth1.dll 2012-06-26 22:25:04 -------- d-----w- c:\documents and settings\all users\application data\Minnetonka Audio Software 2012-06-26 22:19:12 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2012-06-26 22:19:03 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2012-06-26 22:18:57 16384 ----a-w- c:\windows\system32\ipsink.ax 2012-06-26 22:18:57 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2012-06-26 22:18:50 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2012-06-26 22:18:42 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2012-06-26 22:18:31 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2012-06-26 22:18:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2012-06-26 21:55:49 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2012-06-26 21:55:48 51200 ----a-w- c:\windows\system32\drivers\msdv.sys 2012-06-26 21:55:48 43008 ----a-w- c:\windows\system32\ksxbar.ax 2012-06-26 21:55:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax 2012-06-26 21:55:47 61952 ----a-w- c:\windows\system32\kstvtune.ax 2012-06-26 21:55:24 38912 ----a-w- c:\windows\system32\drivers\avc.sys 2012-06-26 21:54:58 48128 ----a-w- c:\windows\system32\drivers\61883.sys 2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\ieencode.dll 2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2012-06-23 07:09:15 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-23 07:09:15 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-22 05:43:54 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-22 05:43:54 472840 ----a-w- c:\windows\system32\deployJava1.dll . ==================== Find3M ==================== . 2012-06-28 20:22:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-28 20:22:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-22 05:43:37 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-06 09:35:52 83424 ----a-w- c:\windows\system32\dwabho.dll 2005-06-16 22:19:22 2482176 ----a-w- c:\program files\TCTrill.dll 2005-06-11 01:12:16 847872 ----a-w- c:\program files\TCTrillS.dll 2005-06-03 18:59:54 61440 ----a-w- c:\program files\TCReports.dll 2004-02-12 04:11:40 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe 2004-02-12 03:59:34 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe 2004-01-27 02:04:08 49152 ----a-w- c:\program files\TCAlerts.dll 2003-11-04 22:21:00 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll 2003-11-04 22:21:00 561152 ----a-w- c:\program files\xp32_207.dll 2003-11-04 22:21:00 21776 ----a-w- c:\program files\shfolder.dll 2003-11-04 22:20:00 479232 ----a-w- c:\program files\rp32_207.dll 2003-11-04 22:20:00 217088 ----a-w- c:\program files\sa32_207.dll 2003-11-04 22:19:00 725032 ----a-w- c:\program files\kSAdg.dll 2003-11-04 22:19:00 692264 ----a-w- c:\program files\kCPdg.dll 2003-11-04 22:19:00 413736 ----a-w- c:\program files\kGRdg.dll 2003-11-04 22:19:00 401462 ----a-w- c:\program files\msvcp60.dll 2003-11-04 22:19:00 290869 ----a-w- c:\program files\msvcrt.dll 2003-11-04 22:19:00 2744361 ----a-w- c:\program files\kFDMdg.dll 2003-11-04 22:19:00 1982504 ----a-w- c:\program files\kFDdg.dll 2003-11-04 22:19:00 1937448 ----a-w- c:\program files\kXPdg.dll 2003-11-04 22:19:00 1794088 ----a-w- c:\program files\kRPdg.dll 2003-11-04 22:19:00 1597480 ----a-w- c:\program files\kDBdg.dll 2003-11-04 22:19:00 1486848 ----a-w- c:\program files\owl609v.dll 2003-11-04 22:18:00 638976 ----a-w- c:\program files\fd32_207.dll 2003-11-04 22:18:00 401728 ----a-w- c:\program files\EQNEDIT.EXE 2003-11-04 22:18:00 352256 ----a-w- c:\program files\db32_207.dll 2003-11-04 22:18:00 212992 ----a-w- c:\program files\cp32_207.dll 2003-11-04 22:18:00 131072 ----a-w- c:\program files\gr32_207.dll 2003-11-04 22:18:00 1122304 ----a-w- c:\program files\fm32_207.dll 2003-11-04 22:17:00 311296 ----a-w- c:\program files\APE24EXT_MT.dll . ============= FINISH: 2:26:11.25 ===============
  6. Ok thank you! I would really appreciate your help with this issue. Here is my new DDS log file and Attach File. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_33 Run by Laptop User at 23:43:01 on 2012-07-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.579 [GMT -10:00] . AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: Norton 360 *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\IBM\Lotus\Notes\nsd.exe C:\Program Files\IBM\Lotus\Notes\nslsvice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\IBM\Lotus\Notes\ntmulti.exe C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\Program Files\Symantec\Ghost\ngctw32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\umonit.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Symantec\Ghost\ngtray.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files\WebEx\Productivity Tools\PTIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\WebEx\Productivity Tools\ptSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe . ============== Pseudo HJT Report =============== . BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DWABrowserHlprObj Class: {2709d830-b643-4e72-9a1e-701cfffcf30c} - c:\windows\system32\dwabho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe uRun: [Epson Stylus NX330(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihaa.exe /fu "c:\docume~1\laptop~1\locals~1\temp\E_S24F.tmp" /EF "HKCU" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [uMonit] c:\windows\system32\umonit.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe" mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe" dRun: [Adobe] rundll32.exe "c:\documents and settings\laptop user\local settings\application data\apple computer\adobe\xdlqzl.dll",DllRegisterServer StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://165.248.233.217/iNotes6W.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231532123176 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF} DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://165.248.233.217/dwa7W.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc.cab Notify: igfxcui - igfxdev.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f Hosts: 165.248.100.142 makala1 Hosts: 165.248.101.190 manoa1 Hosts: 165.248.101.62 manana1 Hosts: 165.248.102.38 mauka1 Hosts: 165.248.103.61 mckin1 . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\laptop user\application data\mozilla\firefox\profiles\165tp9u2.default\ FF - prefs.js: browser.startup.homepage - hxxp://165.248.233.217/mail/skeough.nsf FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13130.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\NPQTW32.DLL FF - plugin: c:\program files\zwinky_5qei\installr\1.bin\NP5qEISb.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\SymDS.sys [2012-6-27 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys [2012-6-27 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys [2012-6-27 132744] R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys [2012-6-27 149624] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2009-9-29 3397000] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 654408] R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-7-28 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872] R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccSvcHst.exe [2012-6-27 138232] R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-1 1122296] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-1 838136] R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart product drivers\UCService.exe [2010-11-19 846192] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-28 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120702.001\IDSXpx86.sys [2012-7-2 369632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344] R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-12-15 72264] R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-12-15 34152] R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-12-15 168776] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120702.002\NAVENG.SYS [2012-7-2 87928] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120702.002\NAVEX15.SYS [2012-7-2 1589752] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2012-2-6 6016] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120] S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2010-11-19 1664368] . =============== File Associations =============== . .txt= . =============== Created Last 30 ================ . 2012-07-03 09:39:15 1324 ----a-w- c:\windows\system32\d3d9caps.tmp 2012-07-02 02:25:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-07-02 02:24:45 15224 ----a-w- c:\windows\system32\sdnclean.exe 2012-07-02 02:24:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-06-30 10:41:06 -------- d-----w- c:\documents and settings\laptop user\application data\Malwarebytes 2012-06-30 10:40:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-06-30 10:40:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 10:40:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-30 09:36:00 -------- d-----w- c:\documents and settings\laptop user\application data\DriverCure 2012-06-30 09:35:59 -------- d-----w- c:\documents and settings\laptop user\application data\SpeedMaxPc 2012-06-30 09:35:26 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc 2012-06-29 20:44:31 -------- d-----w- c:\windows\pss 2012-06-29 20:14:06 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-06-28 06:05:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-06-28 06:05:23 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-06-28 06:05:03 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys 2012-06-28 06:05:03 388216 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdi.sys 2012-06-28 06:05:03 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys 2012-06-28 06:05:03 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymDS.sys 2012-06-28 06:05:03 32888 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys 2012-06-28 06:05:03 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys 2012-06-28 06:05:02 574072 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys 2012-06-28 06:05:02 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys 2012-06-28 06:05:02 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys 2012-06-28 06:04:42 4782 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymVTcer.dat 2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\n360\0602010.005 2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\N360 2012-06-28 06:04:40 -------- d-----w- c:\program files\Norton 360 2012-06-28 06:02:35 -------- d-----w- c:\program files\NortonInstaller 2012-06-28 06:02:35 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2012-06-28 01:56:43 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3E0405F6ED00096165D151FC4E 2012-06-26 22:25:04 73 ----a-w- c:\windows\system32\ssprs.dll 2012-06-26 22:25:04 205 ----a-w- c:\windows\system32\lsprst7.dll 2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\sysprs7.dll 2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth2.dll 2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth1.dll 2012-06-26 22:25:04 -------- d-----w- c:\documents and settings\all users\application data\Minnetonka Audio Software 2012-06-26 22:19:12 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2012-06-26 22:19:03 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2012-06-26 22:18:57 16384 ----a-w- c:\windows\system32\ipsink.ax 2012-06-26 22:18:57 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2012-06-26 22:18:50 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2012-06-26 22:18:42 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2012-06-26 22:18:31 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2012-06-26 22:18:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2012-06-26 21:55:49 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2012-06-26 21:55:48 51200 ----a-w- c:\windows\system32\drivers\msdv.sys 2012-06-26 21:55:48 43008 ----a-w- c:\windows\system32\ksxbar.ax 2012-06-26 21:55:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax 2012-06-26 21:55:47 61952 ----a-w- c:\windows\system32\kstvtune.ax 2012-06-26 21:55:24 38912 ----a-w- c:\windows\system32\drivers\avc.sys 2012-06-26 21:54:58 48128 ----a-w- c:\windows\system32\drivers\61883.sys 2012-06-23 23:57:19 -------- d-----w- c:\documents and settings\laptop user\local settings\application data\IBM 2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\ieencode.dll 2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2012-06-23 07:09:15 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-23 07:09:15 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-22 05:43:54 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-22 05:43:54 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-12 10:18:36 -------- d-----w- c:\documents and settings\laptop user\application data\Leader Technologies 2012-06-12 07:19:13 -------- d-----w- c:\program files\LTCM Client 2012-06-12 07:09:08 77824 ----a-w- c:\windows\system32\EBAPI.dll 2012-06-12 07:09:08 65536 ----a-w- c:\windows\system32\EEBUtil.dll 2012-06-12 07:09:08 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll 2012-06-12 07:09:08 135168 ----a-w- c:\windows\system32\EEBAPI.dll 2012-06-12 07:09:08 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll 2012-06-12 07:05:32 475496 ----a-w- c:\windows\system32\ensppmon.dll 2012-06-12 07:05:32 475496 ----a-w- c:\windows\system32\enppmon.dll 2012-06-12 07:05:32 457780 ----a-w- c:\windows\system32\ensppui.dll 2012-06-12 07:05:32 457780 ----a-w- c:\windows\system32\enppui.dll 2012-06-12 07:05:32 249344 ----a-w- c:\windows\system32\enspres.dll 2012-06-12 07:05:32 249344 ----a-w- c:\windows\system32\enpres.dll 2012-06-12 07:05:32 -------- d-----w- c:\program files\EpsonNet 2012-06-12 07:05:13 -------- d-----w- c:\program files\common files\EPSON 2012-06-12 07:05:00 -------- d-----w- c:\program files\Epson America Inc 2012-06-12 07:04:24 93696 ----a-w- c:\windows\system32\E_FLBHAA.DLL 2012-06-12 07:04:24 63488 ----a-w- c:\windows\system32\E_FD4BHAA.DLL 2012-06-12 07:04:01 -------- d-----w- c:\documents and settings\all users\application data\EPSON 2012-06-12 07:03:12 -------- d-----w- c:\program files\Epson Software 2012-06-12 07:02:32 342016 ----a-w- c:\windows\system32\eswiaud.dll 2012-06-12 07:02:32 132560 ----a-w- c:\windows\system32\esdevapp.exe 2012-06-12 07:02:32 12800 ----a-w- c:\windows\system32\escdev.dll 2012-06-12 07:02:21 -------- d-----w- c:\program files\epson 2012-06-12 01:59:27 -------- d-----w- c:\program files\common files\The Neat Company 2012-06-12 01:53:35 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-06-12 01:53:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-06-12 01:34:43 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2012-06-12 01:34:43 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2012-06-12 01:31:20 -------- d-----w- c:\documents and settings\laptop user\local settings\application data\IsolatedStorage 2012-06-12 01:30:23 45056 ----a-w- c:\windows\system32\midrv74P.dll 2012-06-12 01:29:08 -------- d-----w- c:\program files\common files\Intuit 2012-06-12 01:29:01 -------- d-----w- c:\program files\common files\NeatReceipts 2012-06-12 01:28:36 -------- d-----w- c:\documents and settings\all users\application data\The Neat Company 2012-06-12 01:27:50 -------- d-----w- c:\program files\NeatWorks 2012-06-06 09:35:52 83424 ----a-w- c:\windows\system32\dwabho.dll 2012-06-03 23:05:02 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-06-03 23:05:02 -------- d-----w- c:\windows\system32\wbem\Repository . ==================== Find3M ==================== . 2012-06-28 20:22:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-28 20:22:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-22 05:43:37 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2005-06-16 22:19:22 2482176 ----a-w- c:\program files\TCTrill.dll 2005-06-11 01:12:16 847872 ----a-w- c:\program files\TCTrillS.dll 2005-06-03 18:59:54 61440 ----a-w- c:\program files\TCReports.dll 2004-02-12 04:11:40 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe 2004-02-12 03:59:34 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe 2004-01-27 02:04:08 49152 ----a-w- c:\program files\TCAlerts.dll 2003-11-04 22:21:00 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll 2003-11-04 22:21:00 561152 ----a-w- c:\program files\xp32_207.dll 2003-11-04 22:21:00 21776 ----a-w- c:\program files\shfolder.dll 2003-11-04 22:20:00 479232 ----a-w- c:\program files\rp32_207.dll 2003-11-04 22:20:00 217088 ----a-w- c:\program files\sa32_207.dll 2003-11-04 22:19:00 725032 ----a-w- c:\program files\kSAdg.dll 2003-11-04 22:19:00 692264 ----a-w- c:\program files\kCPdg.dll 2003-11-04 22:19:00 413736 ----a-w- c:\program files\kGRdg.dll 2003-11-04 22:19:00 401462 ----a-w- c:\program files\msvcp60.dll 2003-11-04 22:19:00 290869 ----a-w- c:\program files\msvcrt.dll 2003-11-04 22:19:00 2744361 ----a-w- c:\program files\kFDMdg.dll 2003-11-04 22:19:00 1982504 ----a-w- c:\program files\kFDdg.dll 2003-11-04 22:19:00 1937448 ----a-w- c:\program files\kXPdg.dll 2003-11-04 22:19:00 1794088 ----a-w- c:\program files\kRPdg.dll 2003-11-04 22:19:00 1597480 ----a-w- c:\program files\kDBdg.dll 2003-11-04 22:19:00 1486848 ----a-w- c:\program files\owl609v.dll 2003-11-04 22:18:00 638976 ----a-w- c:\program files\fd32_207.dll 2003-11-04 22:18:00 401728 ----a-w- c:\program files\EQNEDIT.EXE 2003-11-04 22:18:00 352256 ----a-w- c:\program files\db32_207.dll 2003-11-04 22:18:00 212992 ----a-w- c:\program files\cp32_207.dll 2003-11-04 22:18:00 131072 ----a-w- c:\program files\gr32_207.dll 2003-11-04 22:18:00 1122304 ----a-w- c:\program files\fm32_207.dll 2003-11-04 22:17:00 311296 ----a-w- c:\program files\APE24EXT_MT.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Hitachi_HTS722080K9A300 rev.DCBOCA1H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A2434B1]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a24a93c]; MOV EAX, [0x8a24aab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A67AAB8] 3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8A555030] \Driver\atapi[0x8A621C80] -> IRP_MJ_CREATE -> 0x8A2434B1 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8A2432E2 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 23:44:32.43 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 7/24/2008 1:44:09 PM System Uptime: 7/2/2012 11:33:01 PM (0 hours ago) . Motherboard: Dell Inc. | | Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 74 GiB total, 23.964 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Hosts File Hijack ====================== . Hosts: 165.248.100.142 makala1 Hosts: 165.248.101.190 manoa1 Hosts: 165.248.101.62 manana1 Hosts: 165.248.102.38 mauka1 Hosts: 165.248.103.61 mckin1 Hosts: 165.248.105.228 milh1 Hosts: 165.248.106.150 milike1 Hosts: 165.248.106.10 milmka Hosts: 165.248.107.136 miluka1 Hosts: 165.248.108.209 moanae1 Hosts: 165.248.108.37 milwaena Hosts: 165.248.109.187 moahs1 Hosts: 165.248.10.9 isped2 Hosts: 165.248.10.11 sra5 Hosts: 165.248.10.12 sra4 Hosts: 165.248.10.13 darkwing Hosts: 165.248.10.134 isped14 Hosts: 165.248.10.136 isped15 Hosts: 165.248.10.144 lilinote Hosts: 165.248.10.145 rep1 Hosts: 165.248.10.146 mta1 Hosts: 165.248.10.147 route1 Hosts: 165.248.10.148 maui1 Hosts: 165.248.10.149 maui2 Hosts: 165.248.10.15 sraserv2 Hosts: 165.248.10.151 rep2 Hosts: 165.248.10.158 isped2icm Hosts: 165.248.10.159 isped3icm Hosts: 165.248.10.160 isped6 Hosts: 165.248.10.162 isped7 Hosts: 165.248.10.169 isped5 Hosts: 165.248.10.17 sraserv3 Hosts: 165.248.10.170 app1 Hosts: 165.248.10.173 isped3 Hosts: 165.248.10.18 test1 Hosts: 165.248.10.19 sraserv1 Hosts: 165.248.10.190 srasun Hosts: 165.248.10.21 sra1 Hosts: 165.248.10.22 sra2 Hosts: 165.248.10.24 beta2 Hosts: 165.248.10.25 r5 Hosts: 165.248.10.254 irmb1 Hosts: 165.248.10.26 sugar Hosts: 165.248.10.26 isped4 Hosts: 165.248.10.28 sametime Hosts: 165.248.10.29 diis Hosts: 165.248.10.30 049sphere Hosts: 165.248.10.35 isped8 Hosts: 165.248.10.43 isped12 Hosts: 165.248.10.53 isped9 Hosts: 165.248.10.56 isped1 Hosts: 165.248.10.58 isped10 Hosts: 165.248.10.59 isped10pn Hosts: 165.248.10.7 decs1 Hosts: 165.248.10.84 npump1 Hosts: 165.248.111.126 moanai1 Hosts: 165.248.112.158 mokulele1 Hosts: 165.248.113.14 momil1 Hosts: 165.248.113.190 nanaika1 Hosts: 165.248.114.147 nanak1 Hosts: 165.248.115.50 nanakhi1 Hosts: 165.248.117.235 noelani Hosts: 165.248.117.62 niuv1 Hosts: 165.248.118.190 nuuanu1 Hosts: 165.248.119.67 palolo1 Hosts: 165.248.11.11 hondo1 Hosts: 165.248.11.138 cendo2 Hosts: 165.248.11.151 cendo1 Hosts: 165.248.120.122 pauoa1 Hosts: 165.248.121.126 pccomp1 Hosts: 165.248.123.190 pearlh1 Hosts: 165.248.124.22 pearlhk1 Hosts: 165.248.124.210 pridge1 Hosts: 165.248.125.190 pohakea1 Hosts: 165.248.127.143 radford Hosts: 165.248.127.62 puuhale1 Hosts: 165.248.129.6 redhill1 Hosts: 165.248.12.205 kahukuhi Hosts: 165.248.12.206 kalaheo Hosts: 165.248.12.207 king Hosts: 165.248.12.208 maunawili Hosts: 165.248.12.222 windo1 Hosts: 165.248.130.62 rsvlt1 Hosts: 165.248.131.190 slake1 Hosts: 165.248.131.62 royal1 Hosts: 165.248.132.79 ascott1 Hosts: 165.248.133.17 shafter1 Hosts: 165.248.133.217 solomon1 Hosts: 165.248.134.190 stvson1 Hosts: 165.248.136.254 wahiawai1 Hosts: 165.248.136.62 wahiawa1 Hosts: 165.248.138.16 waialae1 Hosts: 165.248.138.141 waialuae1 Hosts: 165.248.13.190 hawsped1 Hosts: 165.248.13.80 hawdo1 Hosts: 165.248.140.126 waianae1 Hosts: 165.248.141.62 waianah1 Hosts: 165.248.142.143 waianai1 Hosts: 165.248.143.147 waiau1 Hosts: 165.248.144.62 waikiki1 Hosts: 165.248.145.126 waimalu1 Hosts: 165.248.145.220 waiman1 Hosts: 165.248.146.190 waipel1 Hosts: 165.248.149.25 waipin1 Hosts: 165.248.149.33 waipc1 Hosts: 165.248.14.11 mauido1 Hosts: 165.248.14.190 mlsc1 Hosts: 165.248.14.203 kauaido1 Hosts: 165.248.150.15 washint1 Hosts: 165.248.151.126 webling1 Hosts: 165.248.152.100 wheelm1 Hosts: 165.248.151.146 wheele1 Hosts: 165.248.153.190 wilson1 Hosts: 165.248.154.60 anuenue1 Hosts: 165.248.155.16 holomua Hosts: 165.248.158.94 waikele1 Hosts: 165.248.160.16 milmid1 Hosts: 165.248.164.158 haaheo1 Hosts: 165.248.165.100 hiloh1 Hosts: 165.248.167.190 hilou1 Hosts: 165.248.168.144 honau1 Hosts: 165.248.169.62 honokh1 Hosts: 165.248.170.126 hookena Hosts: 165.248.171.126 kahakai1 Hosts: 165.248.171.189 kalania1 Hosts: 165.248.173.207 keaaum1 Hosts: 165.248.174.126 keaau1 Hosts: 165.248.174.254 kealake1 Hosts: 165.248.175.140 kealaki1 Hosts: 165.248.176.190 keauk1 Hosts: 165.248.176.254 keone1 Hosts: 165.248.177.79 kohalah1 Hosts: 165.248.178.126 konaw1 Hosts: 165.248.179.62 konawh1 Hosts: 165.248.180.201 laupah1 Hosts: 165.248.181.207 naalehu1 Hosts: 165.248.181.79 mtview1 Hosts: 165.248.182.126 paauilo1 Hosts: 165.248.182.254 pahoae1 Hosts: 165.248.184.126 waiakeae1 Hosts: 165.248.185.100 waiakeah1 Hosts: 165.248.186.185 waiakeai1 Hosts: 165.248.187.190 waiakeaw1 Hosts: 165.248.187.30 kapoleih1 Hosts: 165.248.189.249 waikolo1 Hosts: 165.248.189.62 waimeae1 Hosts: 165.248.190.62 konawm1 Hosts: 165.248.191.126 honoke1 Hosts: 165.248.191.190 kohalae1 Hosts: 165.248.192.15 kohalam1 Hosts: 165.248.192.165 hiloi1 Hosts: 165.248.193.60 kealakh1 Hosts: 165.248.195.190 pahoah1 Hosts: 165.248.198.60 keaauh2 Hosts: 165.248.198.62 keaauh1 Hosts: 165.248.199.126 baldwin1 Hosts: 165.248.1.173 lili1 Hosts: 165.248.200.190 haiku1 Hosts: 165.248.201.146 iao1 Hosts: 165.248.201.62 hana1 Hosts: 165.248.202.190 kahului Hosts: 165.248.203.16 kalama1 Hosts: 165.248.203.221 jarret1 Hosts: 165.248.204.62 kamiii Hosts: 165.248.205.126 kihei1 Hosts: 165.248.206.126 kula Hosts: 165.248.207.62 lahaina1 Hosts: 165.248.207.126 lahainal1 Hosts: 165.248.208.254 lokela1 Hosts: 165.248.208.62 lihikai1 Hosts: 165.248.209.190 makawao1 Hosts: 165.248.210.84 mauihs1 Hosts: 165.248.211.203 mauiw1 Hosts: 165.248.212.140 nahiena1 Hosts: 165.248.213.190 pukala1 Hosts: 165.248.213.62 paia1 Hosts: 165.248.214.190 wailuku1 Hosts: 165.248.214.62 waihee Hosts: 165.248.215.100 kklike Hosts: 165.248.215.99 kklike2 Hosts: 165.248.216.62 kamalii1 Hosts: 165.248.219.61 kapomid1 Hosts: 165.248.225.190 kiloh1 Hosts: 165.248.225.26 kaunaka1 Hosts: 165.248.226.190 maunal1 Hosts: 165.248.226.62 kualapuu Hosts: 165.248.227.62 molokah1 Hosts: 165.248.229.16 lanai1 Hosts: 165.248.231.139 hanalei1 Hosts: 165.248.232.62 kalahe1 Hosts: 165.248.233.17 kapaa1 Hosts: 165.248.233.217 kapaah1 Hosts: 165.248.236.232 kaumu1 Hosts: 165.248.236.62 kauaihi1 Hosts: 165.248.238.126 kilauea1 Hosts: 165.248.238.159 koloa1 Hosts: 165.248.239.114 waimeac1 Hosts: 165.248.240.83 waimeah1 Hosts: 165.248.241.22 wilcox Hosts: 165.248.241.82 eleele1 Hosts: 165.248.242.11 kapaam1 Hosts: 165.248.243.126 kekaha1 Hosts: 165.248.244.251 kamaka1 Hosts: 165.248.24.89 leedo1 Hosts: 165.248.89.21 kokoh1 Hosts: 165.248.2.125 telesch1 Hosts: 165.248.2.20 atr1 Hosts: 165.248.2.55 hcps1 Hosts: 165.248.2.56 cai1 Hosts: 165.248.31.253 mcsa Hosts: 165.248.33.254 jeffers1 Hosts: 165.248.34.62 olomana1 Hosts: 165.248.36.20 ahuim1 Hosts: 165.248.36.190 aieael1 Hosts: 165.248.38.62 aieah1 Hosts: 165.248.39.145 ainaha1 Hosts: 165.248.3.11 ois3 Hosts: 165.248.3.126 felix1 Hosts: 165.248.3.144 eval1 Hosts: 165.248.40.254 aliame1 Hosts: 165.248.40.62 alawai1 Hosts: 165.248.41.126 aliami1 Hosts: 165.248.42.126 alii1 Hosts: 165.248.43.78 august1 Hosts: 165.248.44.20 campb1 Hosts: 165.248.45.151 castle1 Hosts: 165.248.47.62 central1 Hosts: 165.248.48.3 dole2 Hosts: 165.248.48.4 dole3 Hosts: 165.248.49.144 ewa1 Hosts: 165.248.49.62 ewab1 Hosts: 165.248.10.6 facil1 Hosts: 165.248.50.62 farrin1 Hosts: 165.248.51.150 fern1 Hosts: 165.248.52.16 hahaione Hosts: 165.248.53.170 haleiwa1 Hosts: 165.248.55.126 helemano Hosts: 165.248.55.18 heeia1 Hosts: 165.248.56.196 highl1 Hosts: 165.248.55.230 hickam1 Hosts: 165.248.58.62 honowai1 Hosts: 165.248.59.95 ilima1 Hosts: 165.248.5.208 foodsrv Hosts: 165.248.60.184 iroq1 Hosts: 165.248.62.13 jeffers2 Hosts: 165.248.63.62 kmanu1 Hosts: 165.248.63.76 kaala1 Hosts: 165.248.64.126 kaewai1 Hosts: 165.248.64.209 kahala Hosts: 165.248.68.62 kailuae1 Hosts: 165.248.70.80 kaimiloa Hosts: 165.248.71.16 kaimuh1 Hosts: 165.248.72.123 kaimum1 Hosts: 165.248.73.254 kaiser1 Hosts: 165.248.74.210 kaiula1 Hosts: 165.248.76.90 kalaka1 Hosts: 165.248.77.15 kalanih1 Hosts: 165.248.78.207 kalihi Hosts: 165.248.78.62 kalei1 Hosts: 165.248.79.76 kalkai1 Hosts: 165.248.7.80 nssb1 Hosts: 165.248.80.189 kalihiw1 Hosts: 165.248.80.62 kaluka1 Hosts: 165.248.81.16 kamaile Hosts: 165.248.82.120 kaneohe1 Hosts: 165.248.82.62 kamilo1 Hosts: 165.248.83.145 kapalama Hosts: 165.248.83.62 kanoela1 Hosts: 165.248.84.78 leedo2 Hosts: 165.248.84.79 kapolei Hosts: 165.248.85.253 kauluw1 Hosts: 165.248.85.80 kapuna1 Hosts: 165.248.86.80 kawana1 Hosts: 165.248.88.190 kipapa1 Hosts: 165.248.8.254 spms1 Hosts: 165.248.90.207 lanak1 Hosts: 165.248.90.25 laie1 Hosts: 165.248.91.254 lehua1 Hosts: 165.248.92.190 leihoku1 Hosts: 165.248.93.21 leilehua1 Hosts: 165.248.93.73 wahcsa1 Hosts: 165.248.35.16 rise1 Hosts: 165.248.95.93 likel1 Hosts: 165.248.96.190 lincoln1 Hosts: 165.248.96.62 linapu1 Hosts: 165.248.97.144 maemae Hosts: 165.248.97.51 lunal1 Hosts: 165.248.98.80 maili1 Hosts: 165.248.99.254 mkilo1 Hosts: 165.248.99.59 makaha1 Hosts: 165.248.147.151 waipah1 Hosts: 165.248.10.146 smtp1 Hosts: 165.248.116.85 nimitz1 Hosts: 165.248.118.207 pces1 Hosts: 165.248.139.27 waialuah1 Hosts: 165.248.126.55 pope1 Hosts: 165.248.145.239 waiman2 Hosts: 165.248.43.157 barbers1 Hosts: 165.248.14.203 kauaido1 Hosts: 165.248.10.96 mushroom . ==== Installed Programs ====================== . Acrobat.com Adobe Acrobat 4.0 Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.1 - CPSID_83708 Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Template Projects & Footage Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles AE CS4 Adobe Color Video Profiles CS CS4 Adobe Contribute CS4 Adobe Creative Suite 4 Master Collection Adobe CS4 American English Speech Analysis Models Adobe CS4 French Speech Analysis Models Adobe CS4 German Speech Analysis Models Adobe CS4 International English Speech Analysis Models Adobe CS4 Italian Speech Analysis Models Adobe CS4 Japanese Speech Analysis Models Adobe CS4 Korean Speech Analysis Models Adobe CS4 Spanish Speech Analysis Models Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe Encore CS4 Library Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Reader X (10.1.0) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe Soundbooth CS4 Adobe Soundbooth CS4 Codecs Adobe Type Support CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AiO_Scan_CDA AiOSoftwareNPI Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Media Card Companion Bluetooth Stack for Windows by Toshiba Bonjour Broadcom Gigabit Integrated Controller BufferChm Camtasia Studio 3 CDDRV_Installer Cisco WebEx Meetings Conexant HDA D330 MDC V.92 Modem Connect Critical Update for Windows Media Player 11 (KB959772) CustomerResearchQFolder Dell Resource CD Destinations DeviceManagementQFolder DocProc DocProcQFolder Epson Connect Epson Customer Participation Epson Event Manager EPSON NX330 Series Printer Uninstall EPSON Scan EpsonNet Print eSupportQFolder Fax_CDA Generic color icon driver Genesys USB Mass Storage Device Geo CS Test Gen getPlus® for Adobe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Software Update HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant InstantShareDevicesMFC Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software iTunes Java Auto Updater Java 6 Update 33 Java 6 Update 7 Jing KhalSetup kuler Lotus Notes 8.5.1 LTCM Client Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch McAfee AntiSpyware Enterprise Module mCore mDriver mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable mIWA mLogView mMHouse Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service mPfMgr mPfWiz mProSafe mSCfg mSSO MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser mWlsSafe mWMI mZConfig Neat ADF Scanner Driver Neat Mobile Scanner (Silver) Driver Neat Mobile Scanner 2008 Driver Neat Mobile Scanner Driver NeatWorks NeatWorks Core Files Netscape Navigator 4.08 Network Stumbler 0.4.0 (remove only) NewCopy_CDA Norton 360 OCR Software by I.R.I.S 7.0 Oracle JInitiator 1.3.1.28 Oracle JInitiator 1.3.1.30 Oz776 SCR Driver V1.1.4.2 PanoStandAlone PDF Settings CS4 Photoshop Camera Raw Pixel Bender Toolkit ProductContextNPI QuickTime Readme Roxio Activation Module Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 Roxio Update Manager Safari Scan ScannerCopy Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2482017) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) SetPoint SigmaTel Audio SMART Notebook SMART Product Drivers SMART Product Update SnagIt 8 SolutionCenter Sonic CinePlayer Decoder Pack Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy Status Suite Shared Configuration CS4 Symantec Ghost Console Client Toolbox TrayApp Unload Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) WebEx Productivity Tools WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ZipGenius 6 (6.0.3.1140) . ==== Event Viewer Messages From Past Week ======== . 6/29/2012 12:44:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. . ==== End Of File ===========================
  7. When I noticed the problem, I downloaded MalwareBytes and Spybot. I removed what I could however the problem still persists. Malwarebytes keep notifying me that it has blocked access to a potentially malicious website 206.161.121.3 (type: outgoing). This is driving me nuts because I cannot locate the program or process that is doing this. Please help
  8. Every time I start my computer, ads play in the background somewhere. No programs are open but something is running behind the scenes as I hear all kinds of commercials/ads through the speakers. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.