shiannte
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by shiannte
-
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=efd6fba95682834ba2e9374d5060c928
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-17 01:19:56
# local_time=2012-07-16 03:19:56 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777189 100 74 1397679 93060631 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=185669
# found=16
# cleaned=16
# scan_time=3461
C:\Program Files\Zwinky_5qEI\Installr\1.bin\5qEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Zwinky_5qEI\Installr\1.bin\5qEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{99127170-8C24-4E44-88F1-D9B20302B823}\RP4\A0000168.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{99127170-8C24-4E44-88F1-D9B20302B823}\RP4\A0000169.dll a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0011.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
ComboFix 12-07-14.01 - Admin 07/16/2012 12:17:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1188 [GMT -10:00]
Running from: c:\documents and settings\Admin\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\My Documents\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-15 04:43 . 2012-07-15 05:14 -------- d-----w- c:\documents and settings\Admin\Application Data\webex
2012-07-14 20:55 . 2012-07-14 20:55 1193472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\mac.dll
2012-07-14 20:53 . 2012-07-14 20:52 173568 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\welsvp.dll
2012-07-14 20:52 . 2012-07-14 20:52 43008 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\wbxtrace.dll
2012-07-14 20:52 . 2012-07-14 20:52 52736 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\raurl.dll
2012-07-14 20:52 . 2012-07-14 20:52 516920 ----a-w- c:\program files\Mozilla Firefox\plugins\atcliun.exe
2012-07-14 20:52 . 2012-07-14 20:52 4004352 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atres.dll
2012-07-14 20:52 . 2012-07-14 20:52 50176 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atpack.dll
2012-07-14 20:52 . 2012-07-14 20:52 8704 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atmemmgr.dll
2012-07-14 20:52 . 2012-07-14 20:52 69120 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atcarmcl.dll
2012-07-14 20:52 . 2012-07-14 20:52 1028096 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\Atwbxui12.dll
2012-07-14 20:52 . 2012-07-14 20:52 9216 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atkbctl.dll
2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\Mozilla Firefox\plugins\ieatgpc.dll
2012-07-14 20:52 . 2012-07-14 20:52 586040 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcext.dll
2012-07-14 20:52 . 2012-07-14 20:52 80184 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcdec.dll
2012-07-14 20:52 . 2012-07-14 20:52 215864 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll
2012-07-12 11:55 . 2012-07-12 11:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2012-07-12 11:50 . 2012-07-15 01:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Epson
2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Leader Technologies
2012-07-02 02:25 . 2012-07-02 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-02 02:24 . 2009-01-25 23:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-02 02:24 . 2012-07-02 02:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-06-30 10:41 . 2012-06-30 10:41 -------- d-----w- c:\documents and settings\Laptop User\Application Data\Malwarebytes
2012-06-30 10:40 . 2012-06-30 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-30 10:40 . 2012-07-03 23:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 10:40 . 2012-07-12 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:36 . 2012-06-30 09:36 -------- d-----w- c:\documents and settings\Laptop User\Application Data\DriverCure
2012-06-30 09:35 . 2012-06-30 09:35 -------- d-----w- c:\documents and settings\Laptop User\Application Data\SpeedMaxPc
2012-06-30 09:35 . 2012-07-01 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-06-28 06:05 . 2012-06-28 06:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-28 06:05 . 2012-06-28 06:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\windows\system32\drivers\N360
2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Norton 360
2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Windows Sidebar
2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\program files\NortonInstaller
2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2012-06-28 01:56 . 2012-06-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3E0405F6ED00096165D151FC4E
2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-06-26 22:25 . 2012-06-26 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2012-06-26 22:19 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-06-26 22:19 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-06-26 22:18 . 2008-04-14 00:12 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-06-26 22:18 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-06-26 22:18 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-06-26 22:18 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-06-26 22:18 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-06-26 22:18 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-06-26 21:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-06-26 21:55 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-06-26 21:55 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2012-06-26 21:55 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-06-26 21:55 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-06-26 21:55 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2012-06-26 21:54 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2012-06-23 23:57 . 2012-06-23 23:57 -------- d-----w- c:\documents and settings\Laptop User\Local Settings\Application Data\IBM
2012-06-23 20:54 . 2012-04-20 19:29 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-06-23 20:54 . 2012-04-20 19:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-23 07:09 . 2012-06-23 07:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-23 07:09 . 2012-06-23 07:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-22 05:43 . 2012-06-22 05:43 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-22 05:43 . 2012-06-22 05:43 472840 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 20:22 . 2012-04-13 06:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 20:22 . 2011-06-07 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 05:43 . 2008-09-26 23:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 09:35 . 2012-06-06 09:35 83424 ----a-w- c:\windows\system32\dwabho.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 15:50 . 2005-09-08 11:03 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-03 01:19 . 2008-07-28 21:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-03 01:19 . 2008-07-28 21:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-03 01:19 . 2008-07-24 23:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-03 01:19 . 2008-07-24 23:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-03 01:19 . 2008-07-24 23:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-03 01:19 . 2009-01-09 20:15 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-03 01:19 . 2008-07-28 21:10 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-03 01:19 . 2008-07-24 23:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-03 01:19 . 2008-07-24 23:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-03 01:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-03 01:19 . 2008-07-28 21:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-03 01:19 . 2008-07-24 23:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-03 01:19 . 2008-07-24 23:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-03 01:18 . 2010-01-19 07:08 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-03 01:18 . 2010-01-19 07:08 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-03 01:18 . 2010-01-19 07:08 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-07-24 23:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2005-06-16 22:19 . 2005-06-16 22:19 2482176 ----a-w- c:\program files\TCTrill.dll
2005-06-11 01:12 . 2005-06-11 01:12 847872 ----a-w- c:\program files\TCTrillS.dll
2005-06-03 18:59 . 2005-06-03 18:59 61440 ----a-w- c:\program files\TCReports.dll
2004-02-12 04:11 . 2004-02-12 04:11 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe
2004-02-12 03:59 . 2004-02-12 03:59 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe
2004-01-27 02:04 . 2004-01-27 02:04 49152 ----a-w- c:\program files\TCAlerts.dll
2003-11-04 22:21 . 2003-11-04 22:21 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll
2003-11-04 22:21 . 2003-11-04 22:21 561152 ----a-w- c:\program files\xp32_207.dll
2003-11-04 22:21 . 2003-11-04 22:21 21776 ----a-w- c:\program files\shfolder.dll
2003-11-04 22:20 . 2003-11-04 22:20 479232 ----a-w- c:\program files\rp32_207.dll
2003-11-04 22:20 . 2003-11-04 22:20 217088 ----a-w- c:\program files\sa32_207.dll
2003-11-04 22:19 . 2003-11-04 22:19 725032 ----a-w- c:\program files\kSAdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 692264 ----a-w- c:\program files\kCPdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 413736 ----a-w- c:\program files\kGRdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 401462 ----a-w- c:\program files\msvcp60.dll
2003-11-04 22:19 . 2003-11-04 22:19 290869 ----a-w- c:\program files\msvcrt.dll
2003-11-04 22:19 . 2003-11-04 22:19 2744361 ----a-w- c:\program files\kFDMdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1982504 ----a-w- c:\program files\kFDdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1937448 ----a-w- c:\program files\kXPdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1794088 ----a-w- c:\program files\kRPdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1597480 ----a-w- c:\program files\kDBdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1486848 ----a-w- c:\program files\owl609v.dll
2003-11-04 22:18 . 2003-11-04 22:18 638976 ----a-w- c:\program files\fd32_207.dll
2003-11-04 22:18 . 2003-11-04 22:18 401728 ----a-w- c:\program files\EQNEDIT.EXE
2003-11-04 22:18 . 2003-11-04 22:18 352256 ----a-w- c:\program files\db32_207.dll
2003-11-04 22:18 . 2003-11-04 22:18 212992 ----a-w- c:\program files\cp32_207.dll
2003-11-04 22:18 . 2003-11-04 22:18 131072 ----a-w- c:\program files\gr32_207.dll
2003-11-04 22:18 . 2003-11-04 22:18 1122304 ----a-w- c:\program files\fm32_207.dll
2003-11-04 22:17 . 2003-11-04 22:17 311296 ----a-w- c:\program files\APE24EXT_MT.dll
2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-06-23 07:09 . 2011-12-28 05:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_01.40.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-15 01:51 . 2012-07-15 01:51 16384 c:\windows\Temp\Perflib_Perfdata_8e4.dat
+ 2012-07-15 01:45 . 2012-07-15 01:45 16384 c:\windows\Temp\Perflib_Perfdata_310.dat
+ 2012-07-15 01:49 . 2012-07-15 01:49 19968 c:\windows\Installer\3bbe3.msi
+ 2011-01-14 17:10 . 2011-01-14 17:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 17:10 . 2011-01-14 17:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-07-21 22:34 . 2011-07-21 22:34 3456000 c:\windows\Installer\26ec878.msp
+ 2011-01-14 17:10 . 2011-01-14 17:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 17:10 . 2011-01-14 17:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 17:10 . 2011-01-14 17:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\umonit.exe" [2007-06-18 200704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008]
"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2007-04-20 181896]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-26 136512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-26 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-26 974848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-12-19 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-11 3349488]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-1-12 679936]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-11-19 13310832]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SymDS.sys [6/27/2012 8:05 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SymEFA.sys [6/27/2012 8:05 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 1:31 AM 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [6/27/2012 8:05 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.sys [6/27/2012 8:05 PM 149624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 1:01 PM 521600]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [9/29/2009 11:29 AM 3397000]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/30/2012 12:40 AM 655944]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [6/27/2012 8:04 PM 138232]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [4/19/2007 9:01 PM 632456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [7/1/2012 4:24 PM 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [7/1/2012 4:24 PM 838136]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [11/19/2010 7:58 PM 846192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2012 4:09 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSXpx86.sys [7/14/2012 12:57 AM 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2012 12:40 AM 22344]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2/6/2012 7:05 PM 6016]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 PM 113120]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [11/19/2010 7:59 PM 1664368]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-02 02:29]
.
2012-07-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-02 02:29]
.
2012-07-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-07-02 02:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\7wgst86i.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-16 12:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\Vid_1713&Pid_01008???????I_03????(!??B\ROOT_H8??????V????????????????????h?????A~(!???????????b@?????????????????@$?|?????$?|??B~??@???E~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:5c,7c,2e,44,07,d1,54,06,ef,30,5f,22,e3,21,18,6d,13,c9,fb,1b,f7,
44,50,70,ec,57,e4,82,0e,d2,30,9b,ee,e8,ae,db,e4,1d,fb,9c,81,e3,64,01,34,ee,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1200)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\IBM\Lotus\Notes\npnotes.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(8088)
c:\program files\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-16 12:28:03
ComboFix-quarantined-files.txt 2012-07-16 22:27
ComboFix2.txt 2012-07-15 01:42
.
Pre-Run: 25,100,419,072 bytes free
Post-Run: 25,097,547,776 bytes free
.
- - End Of File - - 8E82462B56C1E73DEBBD35B0FD508DA0
-
Still no luck at removing the mcafee software.
Here is my tdsskiller log:
15:13:12.0437 3728 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:13:12.0921 3728 ============================================================
15:13:12.0921 3728 Current date / time: 2012/07/14 15:13:12.0921
15:13:12.0921 3728 SystemInfo:
15:13:12.0921 3728
15:13:12.0921 3728 OS Version: 5.1.2600 ServicePack: 3.0
15:13:12.0937 3728 Product type: Workstation
15:13:12.0937 3728 ComputerName: E0460871
15:13:12.0937 3728 UserName: Admin
15:13:12.0937 3728 Windows directory: C:\WINDOWS
15:13:12.0937 3728 System windows directory: C:\WINDOWS
15:13:12.0937 3728 Processor architecture: Intel x86
15:13:12.0937 3728 Number of processors: 2
15:13:12.0937 3728 Page size: 0x1000
15:13:12.0937 3728 Boot type: Normal boot
15:13:12.0937 3728 ============================================================
15:13:14.0906 3728 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:13:14.0921 3728 ============================================================
15:13:14.0921 3728 \Device\Harddisk0\DR0:
15:13:14.0921 3728 MBR partitions:
15:13:14.0921 3728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x94DB4F4
15:13:14.0921 3728 ============================================================
15:13:14.0937 3728 C: <-> \Device\Harddisk0\DR0\Partition0
15:13:14.0937 3728 ============================================================
15:13:14.0937 3728 Initialize success
15:13:14.0937 3728 ============================================================
15:13:24.0421 4872 ============================================================
15:13:24.0421 4872 Scan started
15:13:24.0421 4872 Mode: Manual; SigCheck; TDLFS;
15:13:24.0421 4872 ============================================================
15:13:25.0765 4872 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
15:13:33.0328 4872 61883 - ok
15:13:33.0328 4872 Abiosdsk - ok
15:13:33.0343 4872 abp480n5 - ok
15:13:33.0375 4872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:13:33.0531 4872 ACPI - ok
15:13:33.0562 4872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:13:33.0703 4872 ACPIEC - ok
15:13:33.0734 4872 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
15:13:33.0765 4872 adfs - ok
15:13:33.0875 4872 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
15:13:33.0921 4872 Adobe Version Cue CS4 - ok
15:13:33.0937 4872 adpu160m - ok
15:13:33.0968 4872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:13:34.0171 4872 aec - ok
15:13:34.0187 4872 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:13:34.0281 4872 AegisP - ok
15:13:34.0328 4872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:13:34.0390 4872 AFD - ok
15:13:34.0390 4872 Aha154x - ok
15:13:34.0390 4872 aic78u2 - ok
15:13:34.0406 4872 aic78xx - ok
15:13:34.0437 4872 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:13:34.0593 4872 Alerter - ok
15:13:34.0609 4872 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:13:34.0781 4872 ALG - ok
15:13:34.0781 4872 AliIde - ok
15:13:34.0796 4872 amsint - ok
15:13:34.0843 4872 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
15:13:34.0890 4872 Apple Mobile Device - ok
15:13:34.0937 4872 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:13:35.0046 4872 AppMgmt - ok
15:13:35.0062 4872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:13:35.0203 4872 Arp1394 - ok
15:13:35.0218 4872 asc - ok
15:13:35.0218 4872 asc3350p - ok
15:13:35.0218 4872 asc3550 - ok
15:13:35.0328 4872 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:13:35.0375 4872 aspnet_state - ok
15:13:35.0406 4872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:13:35.0546 4872 AsyncMac - ok
15:13:35.0578 4872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:13:35.0703 4872 atapi - ok
15:13:35.0703 4872 Atdisk - ok
15:13:35.0734 4872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:13:35.0843 4872 Atmarpc - ok
15:13:35.0875 4872 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:13:36.0000 4872 AudioSrv - ok
15:13:36.0031 4872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:13:36.0171 4872 audstub - ok
15:13:36.0203 4872 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
15:13:36.0312 4872 Avc - ok
15:13:36.0343 4872 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:13:36.0421 4872 b57w2k - ok
15:13:36.0453 4872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:13:36.0593 4872 Beep - ok
15:13:36.0718 4872 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
15:13:36.0781 4872 BHDrvx86 - ok
15:13:36.0828 4872 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:13:37.0000 4872 BITS - ok
15:13:37.0046 4872 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
15:13:37.0109 4872 Bonjour Service - ok
15:13:37.0125 4872 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:13:37.0265 4872 Browser - ok
15:13:37.0312 4872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:13:37.0453 4872 cbidf2k - ok
15:13:37.0468 4872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:13:37.0593 4872 CCDECODE - ok
15:13:37.0640 4872 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys
15:13:37.0687 4872 ccSet_N360 - ok
15:13:37.0687 4872 cd20xrnt - ok
15:13:37.0718 4872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:13:37.0859 4872 Cdaudio - ok
15:13:37.0906 4872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:13:38.0031 4872 Cdfs - ok
15:13:38.0046 4872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:13:38.0187 4872 Cdrom - ok
15:13:38.0187 4872 Changer - ok
15:13:38.0203 4872 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:13:38.0328 4872 CiSvc - ok
15:13:38.0375 4872 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:13:38.0515 4872 ClipSrv - ok
15:13:38.0593 4872 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:13:38.0625 4872 clr_optimization_v2.0.50727_32 - ok
15:13:38.0656 4872 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:13:38.0765 4872 CmBatt - ok
15:13:38.0781 4872 CmdIde - ok
15:13:38.0781 4872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:13:38.0921 4872 Compbatt - ok
15:13:38.0921 4872 COMSysApp - ok
15:13:38.0937 4872 Cpqarray - ok
15:13:38.0953 4872 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:13:39.0093 4872 CryptSvc - ok
15:13:39.0109 4872 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys
15:13:39.0140 4872 CSRBC ( UnsignedFile.Multi.Generic ) - warning
15:13:39.0140 4872 CSRBC - detected UnsignedFile.Multi.Generic (1)
15:13:39.0140 4872 dac2w2k - ok
15:13:39.0140 4872 dac960nt - ok
15:13:39.0187 4872 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:13:39.0281 4872 DcomLaunch - ok
15:13:39.0312 4872 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:13:39.0421 4872 Dhcp - ok
15:13:39.0421 4872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:13:39.0546 4872 Disk - ok
15:13:39.0578 4872 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
15:13:39.0609 4872 DLABMFSM - ok
15:13:39.0625 4872 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
15:13:39.0656 4872 DLABOIOM - ok
15:13:39.0671 4872 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:13:39.0703 4872 DLACDBHM - ok
15:13:39.0703 4872 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
15:13:39.0734 4872 DLADResM - ok
15:13:39.0750 4872 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
15:13:39.0796 4872 DLAIFS_M - ok
15:13:39.0796 4872 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
15:13:39.0828 4872 DLAOPIOM - ok
15:13:39.0828 4872 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
15:13:39.0875 4872 DLAPoolM - ok
15:13:39.0875 4872 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
15:13:39.0906 4872 DLARTL_M - ok
15:13:39.0937 4872 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
15:13:39.0984 4872 DLAUDFAM - ok
15:13:40.0000 4872 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
15:13:40.0062 4872 DLAUDF_M - ok
15:13:40.0062 4872 dmadmin - ok
15:13:40.0125 4872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:13:40.0281 4872 dmboot - ok
15:13:40.0312 4872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:13:40.0453 4872 dmio - ok
15:13:40.0468 4872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:13:40.0656 4872 dmload - ok
15:13:40.0687 4872 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:13:40.0843 4872 dmserver - ok
15:13:40.0875 4872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:13:41.0031 4872 DMusic - ok
15:13:41.0046 4872 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:13:41.0156 4872 Dnscache - ok
15:13:41.0187 4872 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:13:41.0312 4872 Dot3svc - ok
15:13:41.0312 4872 dpti2o - ok
15:13:41.0328 4872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:13:41.0437 4872 drmkaud - ok
15:13:41.0468 4872 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:13:41.0515 4872 DRVMCDB - ok
15:13:41.0546 4872 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:13:41.0578 4872 DRVNDDM - ok
15:13:41.0625 4872 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:13:41.0750 4872 EapHost - ok
15:13:41.0828 4872 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:13:41.0890 4872 eeCtrl - ok
15:13:41.0937 4872 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
15:13:41.0968 4872 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
15:13:41.0968 4872 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
15:13:42.0031 4872 EpsonCustomerParticipation (b78436ca173ff723a1eace5cd4900375) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
15:13:42.0093 4872 EpsonCustomerParticipation - ok
15:13:42.0125 4872 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:13:42.0156 4872 EraserUtilRebootDrv - ok
15:13:42.0187 4872 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:13:42.0328 4872 ERSvc - ok
15:13:42.0359 4872 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:13:42.0390 4872 Eventlog - ok
15:13:42.0421 4872 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:13:42.0500 4872 EventSystem - ok
15:13:42.0562 4872 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
15:13:42.0656 4872 EvtEng ( UnsignedFile.Multi.Generic ) - warning
15:13:42.0656 4872 EvtEng - detected UnsignedFile.Multi.Generic (1)
15:13:42.0718 4872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:13:42.0859 4872 Fastfat - ok
15:13:42.0890 4872 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:13:43.0000 4872 FastUserSwitchingCompatibility - ok
15:13:43.0015 4872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:13:43.0250 4872 Fdc - ok
15:13:43.0281 4872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:13:43.0500 4872 Fips - ok
15:13:43.0531 4872 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys
15:13:43.0593 4872 fixustor ( UnsignedFile.Multi.Generic ) - warning
15:13:43.0593 4872 fixustor - detected UnsignedFile.Multi.Generic (1)
15:13:43.0687 4872 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:13:43.0781 4872 FLEXnet Licensing Service - ok
15:13:43.0796 4872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:13:44.0000 4872 Flpydisk - ok
15:13:44.0031 4872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:13:44.0156 4872 FltMgr - ok
15:13:44.0234 4872 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:13:44.0265 4872 FontCache3.0.0.0 - ok
15:13:44.0312 4872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:13:44.0453 4872 Fs_Rec - ok
15:13:44.0453 4872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:13:44.0609 4872 Ftdisk - ok
15:13:44.0656 4872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:13:44.0687 4872 GEARAspiWDM - ok
15:13:44.0718 4872 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
15:13:44.0781 4872 getPlus® Helper - ok
15:13:44.0812 4872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:13:44.0953 4872 Gpc - ok
15:13:44.0984 4872 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
15:13:45.0031 4872 guardian2 - ok
15:13:45.0046 4872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:13:45.0171 4872 HDAudBus - ok
15:13:45.0203 4872 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:13:45.0343 4872 helpsvc - ok
15:13:45.0359 4872 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:13:45.0484 4872 HidServ - ok
15:13:45.0500 4872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:13:45.0640 4872 HidUsb - ok
15:13:45.0687 4872 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:13:45.0812 4872 hkmsvc - ok
15:13:45.0812 4872 hpn - ok
15:13:45.0859 4872 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:13:45.0984 4872 HPZid412 - ok
15:13:46.0000 4872 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:13:46.0093 4872 HPZipr12 - ok
15:13:46.0125 4872 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:13:46.0203 4872 HPZius12 - ok
15:13:46.0250 4872 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:13:46.0328 4872 HSFHWAZL - ok
15:13:46.0406 4872 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:13:46.0531 4872 HSF_DPV - ok
15:13:46.0578 4872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:13:46.0687 4872 HTTP - ok
15:13:46.0703 4872 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:13:46.0843 4872 HTTPFilter - ok
15:13:46.0843 4872 i2omgmt - ok
15:13:46.0843 4872 i2omp - ok
15:13:46.0875 4872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:13:47.0140 4872 i8042prt - ok
15:13:47.0500 4872 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:13:47.0781 4872 ialm - ok
15:13:47.0953 4872 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:13:48.0031 4872 idsvc - ok
15:13:48.0156 4872 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSxpx86.sys
15:13:48.0187 4872 IDSxpx86 - ok
15:13:48.0281 4872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:13:48.0500 4872 Imapi - ok
15:13:48.0578 4872 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:13:48.0796 4872 ImapiService - ok
15:13:48.0812 4872 ini910u - ok
15:13:48.0812 4872 IntelIde - ok
15:13:48.0859 4872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:13:49.0046 4872 intelppm - ok
15:13:49.0062 4872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:13:49.0203 4872 Ip6Fw - ok
15:13:49.0234 4872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:13:49.0359 4872 IpFilterDriver - ok
15:13:49.0375 4872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:13:49.0500 4872 IpInIp - ok
15:13:49.0531 4872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:13:49.0671 4872 IpNat - ok
15:13:49.0734 4872 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
15:13:49.0781 4872 iPod Service - ok
15:13:49.0812 4872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:13:49.0921 4872 IPSec - ok
15:13:49.0953 4872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:13:50.0062 4872 IRENUM - ok
15:13:50.0093 4872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:13:50.0234 4872 isapnp - ok
15:13:50.0296 4872 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
15:13:50.0328 4872 JavaQuickStarterService - ok
15:13:50.0343 4872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:13:50.0484 4872 Kbdclass - ok
15:13:50.0515 4872 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:13:50.0625 4872 kbdhid - ok
15:13:50.0671 4872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:13:50.0781 4872 kmixer - ok
15:13:50.0796 4872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:13:50.0875 4872 KSecDD - ok
15:13:50.0921 4872 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:13:50.0984 4872 lanmanserver - ok
15:13:51.0031 4872 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:13:51.0109 4872 lanmanworkstation - ok
15:13:51.0125 4872 lbrtfdc - ok
15:13:51.0156 4872 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:13:51.0187 4872 LHidFilt - ok
15:13:51.0218 4872 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:13:51.0375 4872 LmHosts - ok
15:13:51.0390 4872 LMouFilt (8bd61e1f686d352b318b025524542128) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:13:51.0484 4872 LMouFilt - ok
15:13:51.0734 4872 Lotus Notes Diagnostics (986e0f3be701b232b8913de59c7adc7c) C:\Program Files\IBM\Lotus\Notes\nsd.exe
15:13:51.0937 4872 Lotus Notes Diagnostics - ok
15:13:52.0015 4872 Lotus Notes Single Logon (71f607abe2355fabea9fb13e057ac050) C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
15:13:52.0078 4872 Lotus Notes Single Logon - ok
15:13:52.0171 4872 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
15:13:52.0234 4872 MBAMProtector - ok
15:13:52.0296 4872 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:13:52.0390 4872 MBAMService - ok
15:13:52.0437 4872 McAfeeFramework (447d4617b99ac0a4ba056713dfe02279) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
15:13:52.0468 4872 McAfeeFramework - ok
15:13:52.0500 4872 McShield (12bef73e0281ac793865be1a331c67fc) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
15:13:52.0578 4872 McShield - ok
15:13:52.0609 4872 McTaskManager (d0f500bc9f114c99d32df4dc4c857c94) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
15:13:52.0640 4872 McTaskManager - ok
15:13:52.0687 4872 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:13:52.0734 4872 MDM - ok
15:13:52.0781 4872 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:13:52.0843 4872 mdmxsdk - ok
15:13:52.0875 4872 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:13:53.0000 4872 Messenger - ok
15:13:53.0015 4872 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
15:13:53.0062 4872 mfeapfk - ok
15:13:53.0093 4872 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
15:13:53.0125 4872 mfeavfk - ok
15:13:53.0140 4872 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
15:13:53.0171 4872 mfebopk - ok
15:13:53.0203 4872 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
15:13:53.0250 4872 mfehidk - ok
15:13:53.0250 4872 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
15:13:53.0296 4872 mferkdk - ok
15:13:53.0312 4872 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
15:13:53.0343 4872 mfetdik - ok
15:13:53.0359 4872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:13:53.0515 4872 mnmdd - ok
15:13:53.0546 4872 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:13:53.0687 4872 mnmsrvc - ok
15:13:53.0703 4872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:13:53.0828 4872 Modem - ok
15:13:53.0843 4872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:13:53.0984 4872 Mouclass - ok
15:13:54.0015 4872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:13:54.0171 4872 mouhid - ok
15:13:54.0187 4872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:13:54.0328 4872 MountMgr - ok
15:13:54.0375 4872 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:13:54.0421 4872 MozillaMaintenance - ok
15:13:54.0421 4872 mraid35x - ok
15:13:54.0437 4872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:13:54.0578 4872 MRxDAV - ok
15:13:54.0687 4872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:13:54.0765 4872 MRxSmb - ok
15:13:54.0796 4872 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:13:54.0937 4872 MSDTC - ok
15:13:54.0968 4872 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
15:13:55.0078 4872 MSDV - ok
15:13:55.0093 4872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:13:55.0218 4872 Msfs - ok
15:13:55.0218 4872 MSIServer - ok
15:13:55.0250 4872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:13:55.0375 4872 MSKSSRV - ok
15:13:55.0375 4872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:13:55.0515 4872 MSPCLOCK - ok
15:13:55.0531 4872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:13:55.0640 4872 MSPQM - ok
15:13:55.0671 4872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:13:55.0781 4872 mssmbios - ok
15:13:55.0812 4872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:13:55.0937 4872 MSTEE - ok
15:13:55.0984 4872 Multi-user Cleanup Service (218d58976c01c60657818ed0eac81602) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
15:13:56.0015 4872 Multi-user Cleanup Service - ok
15:13:56.0062 4872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:13:56.0109 4872 Mup - ok
15:13:56.0156 4872 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
15:13:56.0171 4872 N360 - ok
15:13:56.0203 4872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:13:56.0328 4872 NABTSFEC - ok
15:13:56.0390 4872 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:13:56.0515 4872 napagent - ok
15:13:56.0593 4872 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120713.035\NAVENG.SYS
15:13:56.0625 4872 NAVENG - ok
15:13:56.0750 4872 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120713.035\NAVEX15.SYS
15:13:56.0828 4872 NAVEX15 - ok
15:13:56.0953 4872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:13:57.0187 4872 NDIS - ok
15:13:57.0265 4872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:13:57.0390 4872 NdisIP - ok
15:13:57.0421 4872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:13:57.0500 4872 NdisTapi - ok
15:13:57.0515 4872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:13:57.0656 4872 Ndisuio - ok
15:13:57.0656 4872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:13:57.0781 4872 NdisWan - ok
15:13:57.0812 4872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:13:57.0859 4872 NDProxy - ok
15:13:57.0890 4872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:13:58.0031 4872 NetBIOS - ok
15:13:58.0046 4872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:13:58.0187 4872 NetBT - ok
15:13:58.0234 4872 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:13:58.0359 4872 NetDDE - ok
15:13:58.0359 4872 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:13:58.0468 4872 NetDDEdsdm - ok
15:13:58.0500 4872 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:13:58.0640 4872 Netlogon - ok
15:13:58.0687 4872 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:13:58.0812 4872 Netman - ok
15:13:58.0906 4872 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:13:58.0937 4872 NetTcpPortSharing - ok
15:13:59.0156 4872 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
15:13:59.0343 4872 NETw4x32 - ok
15:13:59.0468 4872 NGCLIENT (174692e8a5eb4df16d44c1b44f978d3f) C:\Program Files\Symantec\Ghost\ngctw32.exe
15:13:59.0531 4872 NGCLIENT - ok
15:13:59.0656 4872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:13:59.0812 4872 NIC1394 - ok
15:13:59.0859 4872 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:13:59.0906 4872 Nla - ok
15:13:59.0937 4872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:14:00.0062 4872 Npfs - ok
15:14:00.0093 4872 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
15:14:00.0140 4872 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
15:14:00.0140 4872 NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
15:14:00.0187 4872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:14:00.0359 4872 Ntfs - ok
15:14:00.0406 4872 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:14:00.0500 4872 NtLmSsp - ok
15:14:00.0562 4872 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:14:00.0703 4872 NtmsSvc - ok
15:14:00.0734 4872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:14:00.0859 4872 Null - ok
15:14:00.0875 4872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:14:01.0015 4872 NwlnkFlt - ok
15:14:01.0031 4872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:14:01.0171 4872 NwlnkFwd - ok
15:14:01.0296 4872 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:14:01.0343 4872 odserv - ok
15:14:01.0375 4872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:14:01.0500 4872 ohci1394 - ok
15:14:01.0531 4872 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:14:01.0578 4872 ose - ok
15:14:01.0609 4872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:14:01.0781 4872 Parport - ok
15:14:01.0781 4872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:14:01.0953 4872 PartMgr - ok
15:14:01.0984 4872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:14:02.0171 4872 ParVdm - ok
15:14:02.0250 4872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:14:02.0390 4872 PCI - ok
15:14:02.0406 4872 PCIDump - ok
15:14:02.0406 4872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:14:02.0562 4872 PCIIde - ok
15:14:02.0578 4872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:14:02.0703 4872 Pcmcia - ok
15:14:02.0703 4872 PDCOMP - ok
15:14:02.0718 4872 PDFRAME - ok
15:14:02.0718 4872 PDRELI - ok
15:14:02.0718 4872 PDRFRAME - ok
15:14:02.0734 4872 perc2 - ok
15:14:02.0734 4872 perc2hib - ok
15:14:02.0781 4872 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:14:02.0796 4872 PlugPlay - ok
15:14:02.0828 4872 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
15:14:02.0875 4872 Pml Driver HPZ12 - ok
15:14:02.0890 4872 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:14:03.0000 4872 PolicyAgent - ok
15:14:03.0015 4872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:14:03.0156 4872 PptpMiniport - ok
15:14:03.0171 4872 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:14:03.0265 4872 ProtectedStorage - ok
15:14:03.0281 4872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:14:03.0437 4872 PSched - ok
15:14:03.0453 4872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:14:03.0609 4872 Ptilink - ok
15:14:03.0640 4872 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:14:03.0671 4872 PxHelp20 - ok
15:14:03.0687 4872 ql1080 - ok
15:14:03.0687 4872 Ql10wnt - ok
15:14:03.0687 4872 ql12160 - ok
15:14:03.0687 4872 ql1240 - ok
15:14:03.0703 4872 ql1280 - ok
15:14:03.0718 4872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:14:03.0843 4872 RasAcd - ok
15:14:03.0875 4872 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:14:04.0000 4872 RasAuto - ok
15:14:04.0015 4872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:14:04.0156 4872 Rasl2tp - ok
15:14:04.0187 4872 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:14:04.0296 4872 RasMan - ok
15:14:04.0296 4872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:14:04.0421 4872 RasPppoe - ok
15:14:04.0421 4872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:14:04.0578 4872 Raspti - ok
15:14:04.0656 4872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:14:04.0781 4872 Rdbss - ok
15:14:04.0781 4872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:14:04.0906 4872 RDPCDD - ok
15:14:04.0937 4872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:14:05.0093 4872 rdpdr - ok
15:14:05.0125 4872 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:14:05.0187 4872 RDPWD - ok
15:14:05.0218 4872 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:14:05.0359 4872 RDSessMgr - ok
15:14:05.0390 4872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:14:05.0531 4872 redbook - ok
15:14:05.0593 4872 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
15:14:05.0671 4872 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
15:14:05.0671 4872 RegSrvc - detected UnsignedFile.Multi.Generic (1)
15:14:05.0703 4872 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:14:05.0828 4872 RemoteAccess - ok
15:14:05.0859 4872 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:14:05.0984 4872 RemoteRegistry - ok
15:14:06.0031 4872 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:14:06.0187 4872 RpcLocator - ok
15:14:06.0234 4872 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:14:06.0296 4872 RpcSs - ok
15:14:06.0343 4872 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:14:06.0531 4872 RSVP - ok
15:14:06.0609 4872 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
15:14:06.0703 4872 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
15:14:06.0703 4872 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
15:14:06.0734 4872 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:14:06.0781 4872 s24trans ( UnsignedFile.Multi.Generic ) - warning
15:14:06.0781 4872 s24trans - detected UnsignedFile.Multi.Generic (1)
15:14:06.0812 4872 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:14:06.0953 4872 SamSs - ok
15:14:06.0984 4872 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:14:07.0109 4872 SCardSvr - ok
15:14:07.0140 4872 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:14:07.0281 4872 Schedule - ok
15:14:07.0406 4872 SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
15:14:07.0500 4872 SDScannerService - ok
15:14:07.0578 4872 SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:14:07.0656 4872 SDUpdateService - ok
15:14:07.0781 4872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:14:07.0937 4872 Secdrv - ok
15:14:07.0968 4872 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:14:08.0125 4872 seclogon - ok
15:14:08.0140 4872 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:14:08.0296 4872 SENS - ok
15:14:08.0312 4872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:14:08.0468 4872 serenum - ok
15:14:08.0531 4872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:14:08.0671 4872 Serial - ok
15:14:08.0687 4872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:14:08.0828 4872 Sfloppy - ok
15:14:08.0875 4872 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:14:09.0015 4872 SharedAccess - ok
15:14:09.0046 4872 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:14:09.0093 4872 ShellHWDetection - ok
15:14:09.0093 4872 Simbad - ok
15:14:09.0125 4872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:14:09.0265 4872 SLIP - ok
15:14:09.0718 4872 SMART Board Service (6dac3f90ef7b3ac349890e4eebacb260) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
15:14:09.0968 4872 SMART Board Service - ok
15:14:10.0125 4872 SMART Display Controller (63beb15cc3e249bf51134e85dd56535d) C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
15:14:10.0203 4872 SMART Display Controller - ok
15:14:10.0343 4872 SMART SNMP Agent Service (3bcb934ae0a0fca1c3aa7a3a8088bc68) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
15:14:10.0468 4872 SMART SNMP Agent Service - ok
15:14:10.0578 4872 Sparrow - ok
15:14:10.0609 4872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:14:10.0875 4872 splitter - ok
15:14:10.0937 4872 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:14:10.0984 4872 Spooler - ok
15:14:11.0015 4872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:14:11.0156 4872 sr - ok
15:14:11.0187 4872 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:14:11.0296 4872 srservice - ok
15:14:11.0406 4872 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSP.SYS
15:14:11.0437 4872 SRTSP - ok
15:14:11.0453 4872 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS
15:14:11.0500 4872 SRTSPX - ok
15:14:11.0546 4872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:14:11.0609 4872 Srv - ok
15:14:11.0625 4872 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:14:11.0812 4872 SSDPSRV - ok
15:14:11.0859 4872 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
15:14:11.0921 4872 STacSV - ok
15:14:12.0046 4872 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
15:14:12.0140 4872 STHDA - ok
15:14:12.0218 4872 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:14:12.0390 4872 stisvc - ok
15:14:12.0468 4872 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:14:12.0531 4872 stllssvr ( UnsignedFile.Multi.Generic ) - warning
15:14:12.0531 4872 stllssvr - detected UnsignedFile.Multi.Generic (1)
15:14:12.0578 4872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:14:12.0781 4872 streamip - ok
15:14:12.0843 4872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:14:12.0984 4872 swenum - ok
15:14:13.0015 4872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:14:13.0125 4872 swmidi - ok
15:14:13.0125 4872 SwPrv - ok
15:14:13.0140 4872 symc810 - ok
15:14:13.0140 4872 symc8xx - ok
15:14:13.0203 4872 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS
15:14:13.0250 4872 SymDS - ok
15:14:13.0359 4872 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS
15:14:13.0437 4872 SymEFA - ok
15:14:13.0484 4872 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
15:14:13.0515 4872 SymEvent - ok
15:14:13.0546 4872 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS
15:14:13.0578 4872 SymIRON - ok
15:14:13.0609 4872 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMTDI.SYS
15:14:13.0656 4872 SYMTDI - ok
15:14:13.0656 4872 sym_hi - ok
15:14:13.0671 4872 sym_u3 - ok
15:14:13.0687 4872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:14:13.0828 4872 sysaudio - ok
15:14:13.0875 4872 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:14:14.0000 4872 SysmonLog - ok
15:14:14.0031 4872 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:14:14.0156 4872 TapiSrv - ok
15:14:14.0218 4872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:14:14.0265 4872 Tcpip - ok
15:14:14.0328 4872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:14:14.0437 4872 TDPIPE - ok
15:14:14.0468 4872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:14:14.0609 4872 TDTCP - ok
15:14:14.0640 4872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:14:14.0765 4872 TermDD - ok
15:14:14.0781 4872 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:14:14.0906 4872 TermService - ok
15:14:14.0953 4872 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:14:14.0984 4872 Themes - ok
15:14:15.0015 4872 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:14:15.0140 4872 TlntSvr - ok
15:14:15.0156 4872 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
15:14:15.0250 4872 toshidpt - ok
15:14:15.0250 4872 TosIde - ok
15:14:15.0250 4872 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
15:14:15.0296 4872 tosporte - ok
15:14:15.0312 4872 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
15:14:15.0359 4872 tosrfbd - ok
15:14:15.0375 4872 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
15:14:15.0437 4872 tosrfbnp - ok
15:14:15.0453 4872 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
15:14:15.0515 4872 Tosrfcom - ok
15:14:15.0546 4872 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
15:14:15.0578 4872 Tosrfhid - ok
15:14:15.0593 4872 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
15:14:15.0656 4872 tosrfnds - ok
15:14:15.0671 4872 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
15:14:15.0734 4872 Tosrfusb - ok
15:14:15.0765 4872 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:14:15.0906 4872 TrkWks - ok
15:14:15.0921 4872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:14:16.0062 4872 Udfs - ok
15:14:16.0062 4872 ultra - ok
15:14:16.0125 4872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:14:16.0296 4872 Update - ok
15:14:16.0328 4872 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:14:16.0468 4872 upnphost - ok
15:14:16.0484 4872 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:14:16.0687 4872 UPS - ok
15:14:16.0703 4872 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:14:16.0796 4872 USBAAPL - ok
15:14:16.0828 4872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:14:16.0968 4872 usbaudio - ok
15:14:17.0015 4872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:14:17.0156 4872 usbccgp - ok
15:14:17.0187 4872 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
15:14:17.0234 4872 USBCCID - ok
15:14:17.0265 4872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:14:17.0390 4872 usbehci - ok
15:14:17.0421 4872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:14:17.0546 4872 usbhub - ok
15:14:17.0578 4872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:14:17.0703 4872 usbprint - ok
15:14:17.0734 4872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:14:17.0859 4872 usbscan - ok
15:14:17.0906 4872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:14:18.0062 4872 USBSTOR - ok
15:14:18.0078 4872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:14:18.0187 4872 usbuhci - ok
15:14:18.0218 4872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:14:18.0359 4872 VgaSave - ok
15:14:18.0359 4872 ViaIde - ok
15:14:18.0375 4872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:14:18.0515 4872 VolSnap - ok
15:14:18.0562 4872 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:14:18.0750 4872 VSS - ok
15:14:18.0781 4872 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:14:18.0921 4872 W32Time - ok
15:14:18.0937 4872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:14:19.0062 4872 Wanarp - ok
15:14:19.0109 4872 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:14:19.0156 4872 Wdf01000 - ok
15:14:19.0171 4872 WDICA - ok
15:14:19.0203 4872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:14:19.0328 4872 wdmaud - ok
15:14:19.0359 4872 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:14:19.0484 4872 WebClient - ok
15:14:19.0562 4872 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:14:19.0640 4872 winachsf - ok
15:14:19.0687 4872 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:14:19.0812 4872 winmgmt - ok
15:14:19.0906 4872 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
15:14:19.0953 4872 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
15:14:19.0953 4872 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
15:14:20.0000 4872 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:14:20.0078 4872 WmdmPmSN - ok
15:14:20.0171 4872 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:14:20.0234 4872 Wmi - ok
15:14:20.0281 4872 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:14:20.0390 4872 WmiAcpi - ok
15:14:20.0437 4872 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:14:20.0625 4872 WmiApSrv - ok
15:14:20.0718 4872 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:14:20.0828 4872 WMPNetworkSvc - ok
15:14:20.0875 4872 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:14:20.0984 4872 wscsvc - ok
15:14:21.0031 4872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:14:21.0187 4872 WSTCODEC - ok
15:14:21.0203 4872 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:14:21.0343 4872 wuauserv - ok
15:14:21.0437 4872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:14:21.0531 4872 WudfPf - ok
15:14:21.0531 4872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:14:21.0593 4872 WudfRd - ok
15:14:21.0609 4872 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:14:21.0656 4872 WudfSvc - ok
15:14:21.0718 4872 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:14:21.0890 4872 WZCSVC - ok
15:14:21.0921 4872 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:14:22.0109 4872 xmlprov - ok
15:14:22.0140 4872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:14:22.0546 4872 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:14:22.0546 4872 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:14:22.0546 4872 Boot (0x1200) (6a8375b063e3f895c13c123b5305a0f1) \Device\Harddisk0\DR0\Partition0
15:14:22.0546 4872 \Device\Harddisk0\DR0\Partition0 - ok
15:14:22.0562 4872 ============================================================
15:14:22.0562 4872 Scan finished
15:14:22.0562 4872 ============================================================
15:14:22.0671 4008 Detected object count: 11
15:14:22.0671 4008 Actual detected object count: 11
15:16:34.0765 4008 CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0765 4008 CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0765 4008 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0765 4008 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0765 4008 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0765 4008 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0781 4008 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0781 4008 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0781 4008 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0781 4008 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0781 4008 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0781 4008 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0781 4008 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0781 4008 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0781 4008 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0781 4008 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0781 4008 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0781 4008 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0781 4008 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:34.0781 4008 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:34.0843 4008 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:16:34.0859 4008 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:16:35.0015 4008 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:16:35.0109 4008 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:16:35.0562 4008 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:16:35.0640 4008 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:16:35.0640 4008 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:16:35.0671 4008 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:16:35.0718 4008 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:16:35.0750 4008 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:16:35.0781 4008 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:16:35.0796 4008 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:16:36.0000 4008 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:16:36.0078 4008 \Device\Harddisk0\DR0\TDLFS - deleted
15:16:36.0078 4008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
15:17:23.0406 0160 Deinitialize success
Here is the combofix log:
ComboFix 12-07-14.01 - Admin 07/14/2012 15:32:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1161 [GMT -10:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Laptop User\WINDOWS
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-14 20:55 . 2012-07-14 20:55 1193472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\mac.dll
2012-07-14 20:53 . 2012-07-14 20:52 173568 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\welsvp.dll
2012-07-14 20:52 . 2012-07-14 20:52 43008 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\wbxtrace.dll
2012-07-14 20:52 . 2012-07-14 20:52 52736 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\raurl.dll
2012-07-14 20:52 . 2012-07-14 20:52 516920 ----a-w- c:\program files\Mozilla Firefox\plugins\atcliun.exe
2012-07-14 20:52 . 2012-07-14 20:52 4004352 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atres.dll
2012-07-14 20:52 . 2012-07-14 20:52 50176 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atpack.dll
2012-07-14 20:52 . 2012-07-14 20:52 8704 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atmemmgr.dll
2012-07-14 20:52 . 2012-07-14 20:52 69120 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atcarmcl.dll
2012-07-14 20:52 . 2012-07-14 20:52 1028096 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\Atwbxui12.dll
2012-07-14 20:52 . 2012-07-14 20:52 9216 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atkbctl.dll
2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\Mozilla Firefox\plugins\ieatgpc.dll
2012-07-14 20:52 . 2012-07-14 20:52 586040 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcext.dll
2012-07-14 20:52 . 2012-07-14 20:52 80184 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcdec.dll
2012-07-14 20:52 . 2012-07-14 20:52 215864 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll
2012-07-12 11:55 . 2012-07-12 11:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2012-07-12 11:50 . 2012-07-15 01:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Epson
2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Leader Technologies
2012-07-02 02:25 . 2012-07-02 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-02 02:24 . 2009-01-25 23:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-02 02:24 . 2012-07-02 02:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-06-30 10:41 . 2012-06-30 10:41 -------- d-----w- c:\documents and settings\Laptop User\Application Data\Malwarebytes
2012-06-30 10:40 . 2012-06-30 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-30 10:40 . 2012-07-03 23:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 10:40 . 2012-07-12 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:36 . 2012-06-30 09:36 -------- d-----w- c:\documents and settings\Laptop User\Application Data\DriverCure
2012-06-30 09:35 . 2012-06-30 09:35 -------- d-----w- c:\documents and settings\Laptop User\Application Data\SpeedMaxPc
2012-06-30 09:35 . 2012-07-01 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-06-28 06:05 . 2012-06-28 06:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-28 06:05 . 2012-06-28 06:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\windows\system32\drivers\N360
2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Norton 360
2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Windows Sidebar
2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\program files\NortonInstaller
2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2012-06-28 01:56 . 2012-06-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3E0405F6ED00096165D151FC4E
2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-06-26 22:25 . 2012-06-26 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2012-06-26 22:19 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-06-26 22:19 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-06-26 22:18 . 2008-04-14 00:12 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-06-26 22:18 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-06-26 22:18 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-06-26 22:18 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-06-26 22:18 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-06-26 22:18 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-06-26 21:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-06-26 21:55 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-06-26 21:55 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2012-06-26 21:55 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-06-26 21:55 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-06-26 21:55 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2012-06-26 21:54 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2012-06-23 23:57 . 2012-06-23 23:57 -------- d-----w- c:\documents and settings\Laptop User\Local Settings\Application Data\IBM
2012-06-23 20:54 . 2012-04-20 19:29 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-06-23 20:54 . 2012-04-20 19:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-23 07:09 . 2012-06-23 07:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-23 07:09 . 2012-06-23 07:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-22 05:43 . 2012-06-22 05:43 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-22 05:43 . 2012-06-22 05:43 472840 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 20:22 . 2012-04-13 06:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 20:22 . 2011-06-07 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 05:43 . 2008-09-26 23:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 09:35 . 2012-06-06 09:35 83424 ----a-w- c:\windows\system32\dwabho.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 15:50 . 2005-09-08 11:03 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-03 01:19 . 2008-07-28 21:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-03 01:19 . 2008-07-28 21:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-03 01:19 . 2008-07-24 23:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-03 01:19 . 2008-07-24 23:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-03 01:19 . 2008-07-24 23:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-03 01:19 . 2009-01-09 20:15 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-03 01:19 . 2008-07-28 21:10 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-03 01:19 . 2008-07-24 23:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-03 01:19 . 2008-07-24 23:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-03 01:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-03 01:19 . 2008-07-28 21:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-03 01:19 . 2008-07-24 23:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-03 01:19 . 2008-07-24 23:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-03 01:18 . 2010-01-19 07:08 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-03 01:18 . 2010-01-19 07:08 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-03 01:18 . 2010-01-19 07:08 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-07-24 23:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2005-06-16 22:19 . 2005-06-16 22:19 2482176 ----a-w- c:\program files\TCTrill.dll
2005-06-11 01:12 . 2005-06-11 01:12 847872 ----a-w- c:\program files\TCTrillS.dll
2005-06-03 18:59 . 2005-06-03 18:59 61440 ----a-w- c:\program files\TCReports.dll
2004-02-12 04:11 . 2004-02-12 04:11 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe
2004-02-12 03:59 . 2004-02-12 03:59 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe
2004-01-27 02:04 . 2004-01-27 02:04 49152 ----a-w- c:\program files\TCAlerts.dll
2003-11-04 22:21 . 2003-11-04 22:21 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll
2003-11-04 22:21 . 2003-11-04 22:21 561152 ----a-w- c:\program files\xp32_207.dll
2003-11-04 22:21 . 2003-11-04 22:21 21776 ----a-w- c:\program files\shfolder.dll
2003-11-04 22:20 . 2003-11-04 22:20 479232 ----a-w- c:\program files\rp32_207.dll
2003-11-04 22:20 . 2003-11-04 22:20 217088 ----a-w- c:\program files\sa32_207.dll
2003-11-04 22:19 . 2003-11-04 22:19 725032 ----a-w- c:\program files\kSAdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 692264 ----a-w- c:\program files\kCPdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 413736 ----a-w- c:\program files\kGRdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 401462 ----a-w- c:\program files\msvcp60.dll
2003-11-04 22:19 . 2003-11-04 22:19 290869 ----a-w- c:\program files\msvcrt.dll
2003-11-04 22:19 . 2003-11-04 22:19 2744361 ----a-w- c:\program files\kFDMdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1982504 ----a-w- c:\program files\kFDdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1937448 ----a-w- c:\program files\kXPdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1794088 ----a-w- c:\program files\kRPdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1597480 ----a-w- c:\program files\kDBdg.dll
2003-11-04 22:19 . 2003-11-04 22:19 1486848 ----a-w- c:\program files\owl609v.dll
2003-11-04 22:18 . 2003-11-04 22:18 638976 ----a-w- c:\program files\fd32_207.dll
2003-11-04 22:18 . 2003-11-04 22:18 401728 ----a-w- c:\program files\EQNEDIT.EXE
2003-11-04 22:18 . 2003-11-04 22:18 352256 ----a-w- c:\program files\db32_207.dll
2003-11-04 22:18 . 2003-11-04 22:18 212992 ----a-w- c:\program files\cp32_207.dll
2003-11-04 22:18 . 2003-11-04 22:18 131072 ----a-w- c:\program files\gr32_207.dll
2003-11-04 22:18 . 2003-11-04 22:18 1122304 ----a-w- c:\program files\fm32_207.dll
2003-11-04 22:17 . 2003-11-04 22:17 311296 ----a-w- c:\program files\APE24EXT_MT.dll
2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-06-23 07:09 . 2011-12-28 05:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\umonit.exe" [2007-06-18 200704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008]
"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2007-04-20 181896]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-26 136512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-26 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-26 974848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-12-19 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-11 3349488]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-1-12 679936]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-11-19 13310832]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SymDS.sys [6/27/2012 8:05 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SymEFA.sys [6/27/2012 8:05 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 1:31 AM 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [6/27/2012 8:05 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.sys [6/27/2012 8:05 PM 149624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 1:01 PM 521600]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [9/29/2009 11:29 AM 3397000]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/30/2012 12:40 AM 655944]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [6/27/2012 8:04 PM 138232]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [4/19/2007 9:01 PM 632456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [7/1/2012 4:24 PM 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [7/1/2012 4:24 PM 838136]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [11/19/2010 7:58 PM 846192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2012 4:09 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSXpx86.sys [7/14/2012 12:57 AM 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2012 12:40 AM 22344]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2/6/2012 7:05 PM 6016]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 PM 113120]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [11/19/2010 7:59 PM 1664368]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 50883511
*Deregistered* - 50883511
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-02 02:29]
.
2012-07-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-02 02:29]
.
2012-07-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-07-02 02:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\7wgst86i.default\
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-Run-Adobe - c:\documents and settings\Laptop User\Local Settings\Application Data\Apple Computer\Adobe\xdlqzl.dll
Notify-SDWinLogon - SDWinLogon.dll
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
AddRemove-FixUstor - c:\windows\temp\fixustor\remove.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 15:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\Vid_1713&Pid_01008???????I_03????(!??B\ROOT_H8??????V????????????????????h?????A~(!???????????b@?????????????????@$?|?????$?|??B~??@???E~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:5c,7c,2e,44,07,d1,54,06,ef,30,5f,22,e3,21,18,6d,13,c9,fb,1b,f7,
44,50,70,ec,57,e4,82,0e,d2,30,9b,ee,e8,ae,db,e4,1d,fb,9c,81,e3,64,01,34,ee,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1212)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\IBM\Lotus\Notes\npnotes.dll
.
Completion time: 2012-07-14 15:42:50
ComboFix-quarantined-files.txt 2012-07-15 01:42
.
Pre-Run: 25,248,092,160 bytes free
Post-Run: 25,688,604,672 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FA06A307EE655AAE237BCC14DAA8BE16
-
After following your instructions, I notice that the adware/malware is not playing in the background any more. Thank you!!!
1. I was unable to delete/uninstall one of my anti-virus software programs. I went to control panel and looked to uninstall the McAfee AntiSpyware Enterprise Module, deleted that but not able to delete the entire McAfee itself.
2. Here is my TDSSKiller Log:
01:47:56.0203 4204 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
01:47:57.0296 4204 ============================================================
01:47:57.0296 4204 Current date / time: 2012/07/12 01:47:57.0296
01:47:57.0296 4204 SystemInfo:
01:47:57.0296 4204
01:47:57.0296 4204 OS Version: 5.1.2600 ServicePack: 3.0
01:47:57.0296 4204 Product type: Workstation
01:47:57.0296 4204 ComputerName: E0460871
01:47:57.0296 4204 UserName: Admin
01:47:57.0296 4204 Windows directory: C:\WINDOWS
01:47:57.0296 4204 System windows directory: C:\WINDOWS
01:47:57.0296 4204 Processor architecture: Intel x86
01:47:57.0296 4204 Number of processors: 2
01:47:57.0296 4204 Page size: 0x1000
01:47:57.0296 4204 Boot type: Normal boot
01:47:57.0296 4204 ============================================================
01:48:00.0515 4204 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:48:00.0531 4204 ============================================================
01:48:00.0531 4204 \Device\Harddisk0\DR0:
01:48:00.0531 4204 MBR partitions:
01:48:00.0531 4204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x94DB4F4
01:48:00.0531 4204 ============================================================
01:48:00.0562 4204 C: <-> \Device\Harddisk0\DR0\Partition0
01:48:00.0562 4204 ============================================================
01:48:00.0562 4204 Initialize success
01:48:00.0562 4204 ============================================================
01:48:31.0890 1628 ============================================================
01:48:31.0890 1628 Scan started
01:48:31.0890 1628 Mode: Manual; SigCheck; TDLFS;
01:48:31.0890 1628 ============================================================
01:48:33.0687 1628 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
01:49:07.0531 1628 61883 - ok
01:49:07.0531 1628 Abiosdsk - ok
01:49:07.0531 1628 abp480n5 - ok
01:49:07.0593 1628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:49:07.0906 1628 ACPI - ok
01:49:07.0937 1628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:49:08.0203 1628 ACPIEC - ok
01:49:08.0234 1628 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
01:49:08.0265 1628 adfs - ok
01:49:08.0359 1628 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
01:49:08.0375 1628 Adobe Version Cue CS4 - ok
01:49:08.0390 1628 adpu160m - ok
01:49:08.0421 1628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:49:08.0921 1628 aec - ok
01:49:08.0953 1628 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
01:49:09.0218 1628 AegisP - ok
01:49:09.0687 1628 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:49:10.0078 1628 AFD - ok
01:49:10.0140 1628 Aha154x - ok
01:49:10.0140 1628 aic78u2 - ok
01:49:10.0140 1628 aic78xx - ok
01:49:10.0187 1628 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:49:10.0421 1628 Alerter - ok
01:49:10.0437 1628 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:49:10.0812 1628 ALG - ok
01:49:10.0812 1628 AliIde - ok
01:49:10.0812 1628 amsint - ok
01:49:10.0875 1628 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
01:49:10.0890 1628 Apple Mobile Device - ok
01:49:10.0937 1628 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
01:49:11.0171 1628 AppMgmt - ok
01:49:11.0187 1628 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:49:11.0390 1628 Arp1394 - ok
01:49:11.0390 1628 asc - ok
01:49:11.0390 1628 asc3350p - ok
01:49:11.0406 1628 asc3550 - ok
01:49:11.0468 1628 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:49:11.0500 1628 aspnet_state - ok
01:49:11.0515 1628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:49:11.0687 1628 AsyncMac - ok
01:49:11.0718 1628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:49:12.0015 1628 atapi - ok
01:49:12.0015 1628 Atdisk - ok
01:49:12.0031 1628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:49:12.0328 1628 Atmarpc - ok
01:49:12.0359 1628 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:49:12.0578 1628 AudioSrv - ok
01:49:12.0609 1628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:49:12.0875 1628 audstub - ok
01:49:12.0906 1628 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
01:49:13.0140 1628 Avc - ok
01:49:13.0171 1628 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
01:49:13.0296 1628 b57w2k - ok
01:49:13.0328 1628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:49:13.0531 1628 Beep - ok
01:49:13.0656 1628 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
01:49:13.0703 1628 BHDrvx86 - ok
01:49:13.0750 1628 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:49:14.0000 1628 BITS - ok
01:49:14.0062 1628 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
01:49:14.0109 1628 Bonjour Service - ok
01:49:14.0125 1628 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:49:14.0390 1628 Browser - ok
01:49:14.0437 1628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:49:14.0687 1628 cbidf2k - ok
01:49:14.0718 1628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:49:14.0984 1628 CCDECODE - ok
01:49:15.0015 1628 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys
01:49:15.0046 1628 ccSet_N360 - ok
01:49:15.0046 1628 cd20xrnt - ok
01:49:15.0093 1628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:49:15.0359 1628 Cdaudio - ok
01:49:15.0390 1628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:49:15.0671 1628 Cdfs - ok
01:49:15.0687 1628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:49:15.0921 1628 Cdrom - ok
01:49:15.0921 1628 Changer - ok
01:49:15.0953 1628 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:49:16.0296 1628 CiSvc - ok
01:49:16.0343 1628 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:49:16.0671 1628 ClipSrv - ok
01:49:16.0750 1628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:49:16.0765 1628 clr_optimization_v2.0.50727_32 - ok
01:49:16.0765 1628 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:49:17.0125 1628 CmBatt - ok
01:49:17.0125 1628 CmdIde - ok
01:49:17.0125 1628 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:49:17.0453 1628 Compbatt - ok
01:49:17.0453 1628 COMSysApp - ok
01:49:17.0468 1628 Cpqarray - ok
01:49:17.0484 1628 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:49:17.0718 1628 CryptSvc - ok
01:49:17.0765 1628 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys
01:49:17.0906 1628 CSRBC ( UnsignedFile.Multi.Generic ) - warning
01:49:17.0906 1628 CSRBC - detected UnsignedFile.Multi.Generic (1)
01:49:17.0906 1628 dac2w2k - ok
01:49:17.0906 1628 dac960nt - ok
01:49:17.0953 1628 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:49:18.0140 1628 DcomLaunch - ok
01:49:18.0171 1628 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:49:18.0359 1628 Dhcp - ok
01:49:18.0500 1628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:49:18.0812 1628 Disk - ok
01:49:18.0828 1628 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
01:49:18.0843 1628 DLABMFSM - ok
01:49:18.0859 1628 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
01:49:18.0875 1628 DLABOIOM - ok
01:49:18.0875 1628 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
01:49:18.0890 1628 DLACDBHM - ok
01:49:18.0890 1628 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
01:49:18.0906 1628 DLADResM - ok
01:49:18.0921 1628 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
01:49:18.0937 1628 DLAIFS_M - ok
01:49:18.0953 1628 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
01:49:18.0968 1628 DLAOPIOM - ok
01:49:18.0968 1628 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
01:49:18.0984 1628 DLAPoolM - ok
01:49:18.0984 1628 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
01:49:19.0015 1628 DLARTL_M - ok
01:49:19.0046 1628 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
01:49:19.0078 1628 DLAUDFAM - ok
01:49:19.0078 1628 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
01:49:19.0093 1628 DLAUDF_M - ok
01:49:19.0109 1628 dmadmin - ok
01:49:19.0187 1628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:49:19.0593 1628 dmboot - ok
01:49:19.0640 1628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:49:19.0968 1628 dmio - ok
01:49:20.0000 1628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:49:20.0390 1628 dmload - ok
01:49:20.0421 1628 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:49:20.0765 1628 dmserver - ok
01:49:20.0796 1628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:49:20.0984 1628 DMusic - ok
01:49:21.0031 1628 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:49:21.0281 1628 Dnscache - ok
01:49:21.0390 1628 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:49:21.0781 1628 Dot3svc - ok
01:49:21.0781 1628 dpti2o - ok
01:49:21.0781 1628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:49:22.0093 1628 drmkaud - ok
01:49:22.0109 1628 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
01:49:22.0125 1628 DRVMCDB - ok
01:49:22.0156 1628 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
01:49:22.0171 1628 DRVNDDM - ok
01:49:22.0203 1628 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:49:22.0390 1628 EapHost - ok
01:49:22.0484 1628 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
01:49:22.0515 1628 eeCtrl - ok
01:49:22.0562 1628 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
01:49:22.0656 1628 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
01:49:22.0656 1628 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
01:49:22.0718 1628 EpsonCustomerParticipation (b78436ca173ff723a1eace5cd4900375) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
01:49:22.0750 1628 EpsonCustomerParticipation - ok
01:49:22.0781 1628 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:49:22.0796 1628 EraserUtilRebootDrv - ok
01:49:22.0828 1628 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:49:23.0093 1628 ERSvc - ok
01:49:23.0140 1628 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:49:23.0343 1628 Eventlog - ok
01:49:23.0375 1628 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:49:23.0718 1628 EventSystem - ok
01:49:23.0781 1628 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
01:49:23.0921 1628 EvtEng ( UnsignedFile.Multi.Generic ) - warning
01:49:23.0921 1628 EvtEng - detected UnsignedFile.Multi.Generic (1)
01:49:24.0000 1628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:49:24.0265 1628 Fastfat - ok
01:49:24.0312 1628 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:49:24.0453 1628 FastUserSwitchingCompatibility - ok
01:49:24.0453 1628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:49:24.0671 1628 Fdc - ok
01:49:24.0703 1628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:49:24.0968 1628 Fips - ok
01:49:25.0000 1628 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys
01:49:25.0203 1628 fixustor ( UnsignedFile.Multi.Generic ) - warning
01:49:25.0203 1628 fixustor - detected UnsignedFile.Multi.Generic (1)
01:49:25.0296 1628 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:49:25.0328 1628 FLEXnet Licensing Service - ok
01:49:25.0328 1628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:49:25.0859 1628 Flpydisk - ok
01:49:25.0875 1628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:49:26.0312 1628 FltMgr - ok
01:49:26.0390 1628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:49:26.0421 1628 FontCache3.0.0.0 - ok
01:49:26.0437 1628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:49:26.0921 1628 Fs_Rec - ok
01:49:26.0921 1628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:49:27.0171 1628 Ftdisk - ok
01:49:27.0187 1628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:49:27.0203 1628 GEARAspiWDM - ok
01:49:27.0234 1628 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
01:49:27.0250 1628 getPlus® Helper - ok
01:49:27.0281 1628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:49:27.0593 1628 Gpc - ok
01:49:27.0625 1628 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
01:49:27.0890 1628 guardian2 - ok
01:49:27.0890 1628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:49:28.0203 1628 HDAudBus - ok
01:49:28.0234 1628 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:49:28.0609 1628 helpsvc - ok
01:49:28.0625 1628 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
01:49:28.0984 1628 HidServ - ok
01:49:29.0062 1628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:49:29.0390 1628 HidUsb - ok
01:49:29.0421 1628 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:49:29.0625 1628 hkmsvc - ok
01:49:29.0625 1628 hpn - ok
01:49:29.0671 1628 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:49:30.0046 1628 HPZid412 - ok
01:49:30.0046 1628 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:49:30.0656 1628 HPZipr12 - ok
01:49:30.0656 1628 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:49:30.0843 1628 HPZius12 - ok
01:49:30.0921 1628 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
01:49:31.0250 1628 HSFHWAZL - ok
01:49:31.0312 1628 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
01:49:31.0468 1628 HSF_DPV - ok
01:49:31.0515 1628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:49:31.0718 1628 HTTP - ok
01:49:31.0765 1628 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:49:32.0078 1628 HTTPFilter - ok
01:49:32.0078 1628 i2omgmt - ok
01:49:32.0093 1628 i2omp - ok
01:49:32.0140 1628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:49:32.0437 1628 i8042prt - ok
01:49:32.0843 1628 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
01:49:33.0437 1628 ialm - ok
01:49:33.0625 1628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:49:33.0656 1628 idsvc - ok
01:49:33.0765 1628 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120711.001\IDSxpx86.sys
01:49:33.0796 1628 IDSxpx86 - ok
01:49:33.0890 1628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:49:34.0140 1628 Imapi - ok
01:49:34.0171 1628 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:49:34.0375 1628 ImapiService - ok
01:49:34.0375 1628 ini910u - ok
01:49:34.0390 1628 IntelIde - ok
01:49:34.0390 1628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:49:34.0609 1628 intelppm - ok
01:49:34.0625 1628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:49:34.0828 1628 Ip6Fw - ok
01:49:34.0859 1628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:49:35.0203 1628 IpFilterDriver - ok
01:49:35.0218 1628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:49:35.0453 1628 IpInIp - ok
01:49:35.0484 1628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:49:35.0843 1628 IpNat - ok
01:49:35.0921 1628 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
01:49:35.0953 1628 iPod Service - ok
01:49:35.0968 1628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:49:36.0187 1628 IPSec - ok
01:49:36.0203 1628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:49:36.0656 1628 IRENUM - ok
01:49:36.0703 1628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:49:36.0968 1628 isapnp - ok
01:49:37.0015 1628 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
01:49:37.0031 1628 JavaQuickStarterService - ok
01:49:37.0062 1628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:49:37.0296 1628 Kbdclass - ok
01:49:37.0734 1628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:49:38.0015 1628 kbdhid - ok
01:49:38.0062 1628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:49:38.0328 1628 kmixer - ok
01:49:38.0343 1628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:49:38.0593 1628 KSecDD - ok
01:49:38.0625 1628 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:49:38.0906 1628 lanmanserver - ok
01:49:38.0937 1628 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:49:39.0156 1628 lanmanworkstation - ok
01:49:39.0156 1628 lbrtfdc - ok
01:49:39.0171 1628 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
01:49:39.0203 1628 LHidFilt - ok
01:49:39.0234 1628 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:49:39.0609 1628 LmHosts - ok
01:49:39.0625 1628 LMouFilt (8bd61e1f686d352b318b025524542128) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
01:49:39.0640 1628 LMouFilt - ok
01:49:39.0890 1628 Lotus Notes Diagnostics (986e0f3be701b232b8913de59c7adc7c) C:\Program Files\IBM\Lotus\Notes\nsd.exe
01:49:40.0000 1628 Lotus Notes Diagnostics - ok
01:49:40.0125 1628 Lotus Notes Single Logon (71f607abe2355fabea9fb13e057ac050) C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
01:49:40.0140 1628 Lotus Notes Single Logon - ok
01:49:40.0250 1628 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
01:49:40.0265 1628 MBAMProtector - ok
01:49:40.0343 1628 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:49:40.0375 1628 MBAMService - ok
01:49:40.0421 1628 McAfeeFramework (447d4617b99ac0a4ba056713dfe02279) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
01:49:40.0437 1628 McAfeeFramework - ok
01:49:40.0484 1628 McShield (12bef73e0281ac793865be1a331c67fc) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
01:49:40.0500 1628 McShield - ok
01:49:40.0531 1628 McTaskManager (d0f500bc9f114c99d32df4dc4c857c94) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
01:49:40.0546 1628 McTaskManager - ok
01:49:40.0593 1628 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
01:49:40.0625 1628 MDM - ok
01:49:40.0718 1628 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:49:41.0031 1628 mdmxsdk - ok
01:49:41.0062 1628 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:49:41.0328 1628 Messenger - ok
01:49:41.0343 1628 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
01:49:41.0359 1628 mfeapfk - ok
01:49:41.0375 1628 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
01:49:41.0390 1628 mfeavfk - ok
01:49:41.0406 1628 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
01:49:41.0421 1628 mfebopk - ok
01:49:41.0468 1628 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
01:49:41.0484 1628 mfehidk - ok
01:49:41.0500 1628 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
01:49:41.0515 1628 mferkdk - ok
01:49:41.0531 1628 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
01:49:41.0546 1628 mfetdik - ok
01:49:41.0562 1628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:49:41.0781 1628 mnmdd - ok
01:49:41.0828 1628 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
01:49:42.0046 1628 mnmsrvc - ok
01:49:42.0078 1628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:49:42.0328 1628 Modem - ok
01:49:42.0343 1628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:49:42.0609 1628 Mouclass - ok
01:49:42.0625 1628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:49:42.0875 1628 mouhid - ok
01:49:42.0906 1628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:49:43.0125 1628 MountMgr - ok
01:49:43.0171 1628 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:49:43.0187 1628 MozillaMaintenance - ok
01:49:43.0203 1628 mraid35x - ok
01:49:43.0218 1628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:49:43.0453 1628 MRxDAV - ok
01:49:43.0500 1628 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:49:43.0703 1628 MRxSmb - ok
01:49:43.0734 1628 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
01:49:43.0953 1628 MSDTC - ok
01:49:43.0984 1628 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
01:49:44.0203 1628 MSDV - ok
01:49:44.0218 1628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:49:44.0375 1628 Msfs - ok
01:49:44.0375 1628 MSIServer - ok
01:49:44.0390 1628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:49:44.0593 1628 MSKSSRV - ok
01:49:44.0593 1628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:49:44.0812 1628 MSPCLOCK - ok
01:49:44.0812 1628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:49:45.0031 1628 MSPQM - ok
01:49:45.0046 1628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:49:45.0234 1628 mssmbios - ok
01:49:45.0265 1628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:49:45.0531 1628 MSTEE - ok
01:49:45.0562 1628 Multi-user Cleanup Service (218d58976c01c60657818ed0eac81602) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
01:49:45.0609 1628 Multi-user Cleanup Service - ok
01:49:45.0640 1628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:49:45.0796 1628 Mup - ok
01:49:45.0843 1628 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
01:49:45.0875 1628 N360 - ok
01:49:45.0906 1628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:49:46.0125 1628 NABTSFEC - ok
01:49:46.0171 1628 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:49:46.0343 1628 napagent - ok
01:49:46.0421 1628 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120711.018\NAVENG.SYS
01:49:46.0453 1628 NAVENG - ok
01:49:46.0578 1628 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120711.018\NAVEX15.SYS
01:49:46.0625 1628 NAVEX15 - ok
01:49:46.0734 1628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:49:47.0015 1628 NDIS - ok
01:49:47.0031 1628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:49:47.0359 1628 NdisIP - ok
01:49:47.0390 1628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:49:47.0796 1628 NdisTapi - ok
01:49:47.0812 1628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:49:48.0093 1628 Ndisuio - ok
01:49:48.0109 1628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:49:48.0281 1628 NdisWan - ok
01:49:48.0312 1628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:49:48.0640 1628 NDProxy - ok
01:49:48.0671 1628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:49:48.0984 1628 NetBIOS - ok
01:49:49.0015 1628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:49:49.0234 1628 NetBT - ok
01:49:49.0281 1628 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:49:49.0531 1628 NetDDE - ok
01:49:49.0687 1628 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:49:49.0968 1628 NetDDEdsdm - ok
01:49:50.0046 1628 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:49:50.0281 1628 Netlogon - ok
01:49:50.0312 1628 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:49:50.0609 1628 Netman - ok
01:49:50.0703 1628 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:49:50.0734 1628 NetTcpPortSharing - ok
01:49:50.0906 1628 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
01:49:51.0187 1628 NETw4x32 - ok
01:49:51.0296 1628 NGCLIENT (174692e8a5eb4df16d44c1b44f978d3f) C:\Program Files\Symantec\Ghost\ngctw32.exe
01:49:51.0328 1628 NGCLIENT - ok
01:49:51.0468 1628 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:49:51.0796 1628 NIC1394 - ok
01:49:51.0859 1628 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:49:52.0015 1628 Nla - ok
01:49:52.0031 1628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:49:52.0234 1628 Npfs - ok
01:49:52.0265 1628 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
01:49:52.0562 1628 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
01:49:52.0562 1628 NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
01:49:52.0609 1628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:49:52.0906 1628 Ntfs - ok
01:49:52.0937 1628 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:49:53.0140 1628 NtLmSsp - ok
01:49:53.0187 1628 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:49:53.0375 1628 NtmsSvc - ok
01:49:53.0406 1628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:49:53.0593 1628 Null - ok
01:49:53.0609 1628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:49:53.0828 1628 NwlnkFlt - ok
01:49:53.0828 1628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:49:54.0109 1628 NwlnkFwd - ok
01:49:54.0234 1628 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:49:54.0265 1628 odserv - ok
01:49:54.0281 1628 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:49:54.0500 1628 ohci1394 - ok
01:49:54.0531 1628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:49:54.0562 1628 ose - ok
01:49:54.0578 1628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
01:49:54.0812 1628 Parport - ok
01:49:54.0812 1628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:49:55.0062 1628 PartMgr - ok
01:49:55.0078 1628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:49:55.0296 1628 ParVdm - ok
01:49:55.0312 1628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:49:55.0593 1628 PCI - ok
01:49:55.0593 1628 PCIDump - ok
01:49:55.0593 1628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:49:56.0078 1628 PCIIde - ok
01:49:56.0093 1628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
01:49:56.0343 1628 Pcmcia - ok
01:49:56.0343 1628 PDCOMP - ok
01:49:56.0343 1628 PDFRAME - ok
01:49:56.0359 1628 PDRELI - ok
01:49:56.0359 1628 PDRFRAME - ok
01:49:56.0359 1628 perc2 - ok
01:49:56.0375 1628 perc2hib - ok
01:49:56.0406 1628 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:49:56.0484 1628 PlugPlay - ok
01:49:56.0500 1628 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
01:49:56.0703 1628 Pml Driver HPZ12 - ok
01:49:56.0718 1628 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:49:56.0890 1628 PolicyAgent - ok
01:49:56.0921 1628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:49:57.0187 1628 PptpMiniport - ok
01:49:57.0187 1628 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:49:57.0437 1628 ProtectedStorage - ok
01:49:57.0453 1628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:49:57.0640 1628 PSched - ok
01:49:57.0750 1628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:49:58.0078 1628 Ptilink - ok
01:49:58.0093 1628 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:49:58.0109 1628 PxHelp20 - ok
01:49:58.0125 1628 ql1080 - ok
01:49:58.0125 1628 Ql10wnt - ok
01:49:58.0140 1628 ql12160 - ok
01:49:58.0140 1628 ql1240 - ok
01:49:58.0140 1628 ql1280 - ok
01:49:58.0156 1628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:49:58.0421 1628 RasAcd - ok
01:49:58.0609 1628 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:49:58.0843 1628 RasAuto - ok
01:49:58.0859 1628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:49:59.0093 1628 Rasl2tp - ok
01:49:59.0125 1628 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:49:59.0359 1628 RasMan - ok
01:49:59.0359 1628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:49:59.0640 1628 RasPppoe - ok
01:49:59.0640 1628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:49:59.0875 1628 Raspti - ok
01:49:59.0921 1628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:50:00.0156 1628 Rdbss - ok
01:50:00.0218 1628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:50:00.0468 1628 RDPCDD - ok
01:50:00.0500 1628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:50:00.0765 1628 rdpdr - ok
01:50:00.0796 1628 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
01:50:00.0968 1628 RDPWD - ok
01:50:01.0000 1628 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:50:01.0234 1628 RDSessMgr - ok
01:50:01.0250 1628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:50:01.0437 1628 redbook - ok
01:50:01.0515 1628 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
01:50:01.0625 1628 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
01:50:01.0625 1628 RegSrvc - detected UnsignedFile.Multi.Generic (1)
01:50:01.0656 1628 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:50:02.0000 1628 RemoteAccess - ok
01:50:02.0015 1628 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
01:50:02.0343 1628 RemoteRegistry - ok
01:50:02.0375 1628 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
01:50:02.0625 1628 RpcLocator - ok
01:50:02.0687 1628 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:50:02.0812 1628 RpcSs - ok
01:50:02.0843 1628 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
01:50:03.0125 1628 RSVP - ok
01:50:03.0203 1628 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
01:50:03.0328 1628 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
01:50:03.0328 1628 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
01:50:03.0359 1628 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
01:50:03.0515 1628 s24trans ( UnsignedFile.Multi.Generic ) - warning
01:50:03.0515 1628 s24trans - detected UnsignedFile.Multi.Generic (1)
01:50:03.0546 1628 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:50:03.0765 1628 SamSs - ok
01:50:03.0796 1628 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:50:03.0984 1628 SCardSvr - ok
01:50:04.0015 1628 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:50:04.0218 1628 Schedule - ok
01:50:04.0375 1628 SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
01:50:04.0421 1628 SDScannerService - ok
01:50:04.0546 1628 SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
01:50:04.0578 1628 SDUpdateService - ok
01:50:04.0734 1628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:50:04.0937 1628 Secdrv - ok
01:50:04.0968 1628 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:50:05.0203 1628 seclogon - ok
01:50:05.0250 1628 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:50:05.0453 1628 SENS - ok
01:50:05.0546 1628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:50:05.0859 1628 serenum - ok
01:50:05.0906 1628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:50:06.0125 1628 Serial - ok
01:50:06.0156 1628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:50:06.0359 1628 Sfloppy - ok
01:50:06.0421 1628 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:50:06.0828 1628 SharedAccess - ok
01:50:06.0890 1628 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:50:07.0328 1628 ShellHWDetection - ok
01:50:07.0343 1628 Simbad - ok
01:50:07.0359 1628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:50:08.0046 1628 SLIP - ok
01:50:08.0609 1628 SMART Board Service (6dac3f90ef7b3ac349890e4eebacb260) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
01:50:08.0812 1628 SMART Board Service - ok
01:50:08.0968 1628 SMART Display Controller (63beb15cc3e249bf51134e85dd56535d) C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
01:50:09.0000 1628 SMART Display Controller - ok
01:50:09.0140 1628 SMART SNMP Agent Service (3bcb934ae0a0fca1c3aa7a3a8088bc68) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
01:50:09.0187 1628 SMART SNMP Agent Service - ok
01:50:09.0437 1628 Sparrow - ok
01:50:09.0453 1628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:50:09.0671 1628 splitter - ok
01:50:09.0687 1628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:50:09.0812 1628 Spooler - ok
01:50:09.0843 1628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:50:10.0156 1628 sr - ok
01:50:10.0203 1628 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:50:10.0421 1628 srservice - ok
01:50:10.0562 1628 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSP.SYS
01:50:10.0593 1628 SRTSP - ok
01:50:10.0609 1628 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS
01:50:10.0640 1628 SRTSPX - ok
01:50:10.0687 1628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:50:10.0828 1628 Srv - ok
01:50:10.0843 1628 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:50:11.0156 1628 SSDPSRV - ok
01:50:11.0218 1628 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
01:50:11.0421 1628 STacSV - ok
01:50:11.0578 1628 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
01:50:11.0859 1628 STHDA - ok
01:50:11.0906 1628 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:50:12.0140 1628 stisvc - ok
01:50:12.0203 1628 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
01:50:12.0359 1628 stllssvr ( UnsignedFile.Multi.Generic ) - warning
01:50:12.0359 1628 stllssvr - detected UnsignedFile.Multi.Generic (1)
01:50:12.0406 1628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:50:12.0921 1628 streamip - ok
01:50:12.0953 1628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:50:13.0406 1628 swenum - ok
01:50:13.0453 1628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:50:13.0921 1628 swmidi - ok
01:50:13.0921 1628 SwPrv - ok
01:50:13.0937 1628 symc810 - ok
01:50:13.0937 1628 symc8xx - ok
01:50:14.0000 1628 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS
01:50:14.0171 1628 SymDS - ok
01:50:14.0265 1628 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS
01:50:14.0312 1628 SymEFA - ok
01:50:14.0359 1628 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
01:50:14.0375 1628 SymEvent - ok
01:50:14.0390 1628 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS
01:50:14.0406 1628 SymIRON - ok
01:50:14.0437 1628 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMTDI.SYS
01:50:14.0468 1628 SYMTDI - ok
01:50:14.0468 1628 sym_hi - ok
01:50:14.0468 1628 sym_u3 - ok
01:50:14.0500 1628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:50:14.0703 1628 sysaudio - ok
01:50:14.0765 1628 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:50:15.0062 1628 SysmonLog - ok
01:50:15.0093 1628 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:50:15.0265 1628 TapiSrv - ok
01:50:15.0312 1628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:50:15.0421 1628 Tcpip - ok
01:50:15.0468 1628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:50:15.0781 1628 TDPIPE - ok
01:50:15.0796 1628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:50:15.0968 1628 TDTCP - ok
01:50:16.0000 1628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:50:16.0234 1628 TermDD - ok
01:50:16.0265 1628 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:50:16.0468 1628 TermService - ok
01:50:16.0546 1628 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:50:16.0671 1628 Themes - ok
01:50:16.0703 1628 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
01:50:16.0921 1628 TlntSvr - ok
01:50:16.0937 1628 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
01:50:17.0109 1628 toshidpt - ok
01:50:17.0140 1628 TosIde - ok
01:50:17.0171 1628 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
01:50:17.0265 1628 tosporte - ok
01:50:17.0281 1628 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
01:50:17.0453 1628 tosrfbd - ok
01:50:17.0484 1628 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
01:50:17.0609 1628 tosrfbnp - ok
01:50:17.0843 1628 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
01:50:18.0000 1628 Tosrfcom - ok
01:50:18.0000 1628 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
01:50:18.0125 1628 Tosrfhid - ok
01:50:18.0125 1628 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
01:50:18.0250 1628 tosrfnds - ok
01:50:18.0265 1628 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
01:50:18.0437 1628 Tosrfusb - ok
01:50:18.0468 1628 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:50:18.0703 1628 TrkWks - ok
01:50:18.0734 1628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:50:19.0000 1628 Udfs - ok
01:50:19.0000 1628 ultra - ok
01:50:19.0062 1628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:50:19.0234 1628 Update - ok
01:50:19.0265 1628 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:50:19.0484 1628 upnphost - ok
01:50:19.0515 1628 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:50:19.0718 1628 UPS - ok
01:50:19.0750 1628 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:50:20.0109 1628 USBAAPL - ok
01:50:20.0140 1628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
01:50:20.0421 1628 usbaudio - ok
01:50:20.0437 1628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:50:20.0687 1628 usbccgp - ok
01:50:20.0703 1628 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
01:50:20.0859 1628 USBCCID - ok
01:50:20.0890 1628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:50:21.0125 1628 usbehci - ok
01:50:21.0140 1628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:50:21.0359 1628 usbhub - ok
01:50:21.0390 1628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:50:21.0859 1628 usbprint - ok
01:50:21.0906 1628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:50:22.0125 1628 usbscan - ok
01:50:22.0156 1628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:50:22.0437 1628 USBSTOR - ok
01:50:22.0484 1628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:50:22.0718 1628 usbuhci - ok
01:50:22.0765 1628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:50:23.0093 1628 VgaSave - ok
01:50:23.0093 1628 ViaIde - ok
01:50:23.0125 1628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:50:23.0296 1628 VolSnap - ok
01:50:23.0359 1628 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:50:23.0593 1628 VSS - ok
01:50:23.0625 1628 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:50:23.0953 1628 W32Time - ok
01:50:23.0984 1628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:50:24.0250 1628 Wanarp - ok
01:50:24.0296 1628 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:50:24.0328 1628 Wdf01000 - ok
01:50:24.0328 1628 WDICA - ok
01:50:24.0359 1628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:50:24.0625 1628 wdmaud - ok
01:50:24.0703 1628 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:50:24.0937 1628 WebClient - ok
01:50:25.0031 1628 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
01:50:25.0171 1628 winachsf - ok
01:50:25.0234 1628 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:50:25.0453 1628 winmgmt - ok
01:50:25.0546 1628 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
01:50:25.0687 1628 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
01:50:25.0687 1628 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
01:50:25.0718 1628 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
01:50:25.0906 1628 WmdmPmSN - ok
01:50:25.0968 1628 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
01:50:26.0078 1628 Wmi - ok
01:50:26.0109 1628 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
01:50:26.0281 1628 WmiAcpi - ok
01:50:26.0328 1628 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:50:26.0515 1628 WmiApSrv - ok
01:50:26.0625 1628 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
01:50:26.0765 1628 WMPNetworkSvc - ok
01:50:26.0812 1628 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:50:27.0062 1628 wscsvc - ok
01:50:27.0109 1628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:50:27.0296 1628 WSTCODEC - ok
01:50:27.0296 1628 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:50:27.0531 1628 wuauserv - ok
01:50:27.0609 1628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:50:27.0765 1628 WudfPf - ok
01:50:27.0765 1628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:50:27.0890 1628 WudfRd - ok
01:50:27.0906 1628 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
01:50:28.0046 1628 WudfSvc - ok
01:50:28.0109 1628 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:50:28.0390 1628 WZCSVC - ok
01:50:28.0671 1628 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:50:29.0000 1628 xmlprov - ok
01:50:29.0031 1628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:50:29.0031 1628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
01:50:29.0031 1628 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
01:50:29.0062 1628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
01:50:29.0062 1628 \Device\Harddisk0\DR0 - detected TDSS File System (1)
01:50:29.0078 1628 Boot (0x1200) (6a8375b063e3f895c13c123b5305a0f1) \Device\Harddisk0\DR0\Partition0
01:50:29.0078 1628 \Device\Harddisk0\DR0\Partition0 - ok
01:50:29.0078 1628 ============================================================
01:50:29.0078 1628 Scan finished
01:50:29.0078 1628 ============================================================
01:50:29.0187 3772 Detected object count: 12
01:50:29.0187 3772 Actual detected object count: 12
01:50:55.0625 3772 CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0625 3772 CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0625 3772 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0625 3772 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0625 3772 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0625 3772 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0640 3772 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0640 3772 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0640 3772 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0640 3772 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0640 3772 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0640 3772 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0640 3772 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0640 3772 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0640 3772 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0640 3772 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0640 3772 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0640 3772 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:55.0640 3772 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
01:50:55.0640 3772 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:50:56.0390 3772 \Device\Harddisk0\DR0\# - copied to quarantine
01:50:56.0390 3772 \Device\Harddisk0\DR0 - copied to quarantine
01:50:56.0421 3772 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
01:50:56.0437 3772 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
01:50:56.0453 3772 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
01:50:56.0484 3772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
01:50:56.0500 3772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
01:50:56.0515 3772 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
01:50:56.0531 3772 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
01:50:56.0531 3772 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
01:50:56.0546 3772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
01:50:56.0562 3772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
01:50:56.0562 3772 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
01:50:56.0578 3772 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
01:50:56.0593 3772 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
01:50:56.0625 3772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
01:50:56.0625 3772 \Device\Harddisk0\DR0 - ok
01:50:56.0625 3772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
01:50:56.0625 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
01:50:56.0625 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
01:51:36.0406 5732 Deinitialize success
3. Here is my Malwarebytes' Anti-Malware Log (Nothing to remove):
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.12.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Admin :: E0460871 [administrator]
Protection: Enabled
7/12/2012 2:07:40 AM
mbam-log-2012-07-12 (02-07-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270709
Time elapsed: 14 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
4. Here is my dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_33
Run by Admin at 2:25:18 on 2012-07-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1086 [GMT -10:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DWABrowserHlprObj Class: {2709d830-b643-4e72-9a1e-701cfffcf30c} - c:\windows\system32\dwabho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [uMonit] c:\windows\system32\umonit.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [Adobe] rundll32.exe "c:\documents and settings\laptop user\local settings\application data\apple computer\adobe\xdlqzl.dll",DllRegisterServer
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://165.248.233.217/iNotes6W.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231532123176
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://165.248.233.217/dwa7W.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3357F480-C801-4B6D-B320-86F0E362BC60} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
Hosts: 165.248.100.142 makala1
Hosts: 165.248.101.190 manoa1
Hosts: 165.248.101.62 manana1
Hosts: 165.248.102.38 mauka1
Hosts: 165.248.103.61 mckin1
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\7wgst86i.default\
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13130.dll
FF - plugin: c:\program files\zwinky_5qei\installr\1.bin\NP5qEISb.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\SymDS.sys [2012-6-27 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys [2012-6-27 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys [2012-6-27 132744]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys [2012-6-27 149624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2009-9-29 3397000]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 655944]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-7-28 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccSvcHst.exe [2012-6-27 138232]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-1 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-1 838136]
R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart product drivers\UCService.exe [2010-11-19 846192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-28 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120711.001\IDSXpx86.sys [2012-7-12 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-12-15 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-12-15 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-12-15 168776]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120711.018\NAVENG.SYS [2012-7-12 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120711.018\NAVEX15.SYS [2012-7-12 1589752]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2012-2-6 6016]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2010-11-19 1664368]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-07-12 11:57:10 711240 ----a-w- c:\windows\isRS-000.tmp
2012-07-12 11:55:29 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes
2012-07-12 11:50:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-12 11:23:24 -------- d-----w- c:\documents and settings\admin\application data\Leader Technologies
2012-07-03 09:48:26 0 ----a-w- C:\LOG2F.tmp
2012-07-02 02:25:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-02 02:24:45 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-02 02:24:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-06-30 10:40:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-30 10:40:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 10:40:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:35:26 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-06-29 20:44:31 -------- d-----w- c:\windows\pss
2012-06-29 20:14:06 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-06-28 06:05:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-28 06:05:23 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-28 06:05:03 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys
2012-06-28 06:05:03 388216 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdi.sys
2012-06-28 06:05:03 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys
2012-06-28 06:05:03 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymDS.sys
2012-06-28 06:05:03 32888 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys
2012-06-28 06:05:03 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys
2012-06-28 06:05:02 574072 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys
2012-06-28 06:05:02 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys
2012-06-28 06:05:02 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys
2012-06-28 06:04:42 4782 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymVTcer.dat
2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\n360\0602010.005
2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\N360
2012-06-28 06:04:40 -------- d-----w- c:\program files\Norton 360
2012-06-28 06:02:35 -------- d-----w- c:\program files\NortonInstaller
2012-06-28 06:02:35 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-06-28 01:56:43 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3E0405F6ED00096165D151FC4E
2012-06-26 22:25:04 73 ----a-w- c:\windows\system32\ssprs.dll
2012-06-26 22:25:04 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-06-26 22:25:04 -------- d-----w- c:\documents and settings\all users\application data\Minnetonka Audio Software
2012-06-26 22:19:12 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-06-26 22:19:03 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-06-26 22:18:57 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-06-26 22:18:57 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-06-26 22:18:50 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-06-26 22:18:42 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-06-26 22:18:31 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-06-26 22:18:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-06-26 21:55:49 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-06-26 21:55:48 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2012-06-26 21:55:48 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-06-26 21:55:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-06-26 21:55:47 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-06-26 21:55:24 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2012-06-26 21:54:58 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2012-06-23 07:09:15 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-23 07:09:15 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-22 05:43:54 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-22 05:43:54 472840 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2012-06-28 20:22:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 20:22:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 05:43:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-06 09:35:52 83424 ----a-w- c:\windows\system32\dwabho.dll
2005-06-16 22:19:22 2482176 ----a-w- c:\program files\TCTrill.dll
2005-06-11 01:12:16 847872 ----a-w- c:\program files\TCTrillS.dll
2005-06-03 18:59:54 61440 ----a-w- c:\program files\TCReports.dll
2004-02-12 04:11:40 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe
2004-02-12 03:59:34 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe
2004-01-27 02:04:08 49152 ----a-w- c:\program files\TCAlerts.dll
2003-11-04 22:21:00 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll
2003-11-04 22:21:00 561152 ----a-w- c:\program files\xp32_207.dll
2003-11-04 22:21:00 21776 ----a-w- c:\program files\shfolder.dll
2003-11-04 22:20:00 479232 ----a-w- c:\program files\rp32_207.dll
2003-11-04 22:20:00 217088 ----a-w- c:\program files\sa32_207.dll
2003-11-04 22:19:00 725032 ----a-w- c:\program files\kSAdg.dll
2003-11-04 22:19:00 692264 ----a-w- c:\program files\kCPdg.dll
2003-11-04 22:19:00 413736 ----a-w- c:\program files\kGRdg.dll
2003-11-04 22:19:00 401462 ----a-w- c:\program files\msvcp60.dll
2003-11-04 22:19:00 290869 ----a-w- c:\program files\msvcrt.dll
2003-11-04 22:19:00 2744361 ----a-w- c:\program files\kFDMdg.dll
2003-11-04 22:19:00 1982504 ----a-w- c:\program files\kFDdg.dll
2003-11-04 22:19:00 1937448 ----a-w- c:\program files\kXPdg.dll
2003-11-04 22:19:00 1794088 ----a-w- c:\program files\kRPdg.dll
2003-11-04 22:19:00 1597480 ----a-w- c:\program files\kDBdg.dll
2003-11-04 22:19:00 1486848 ----a-w- c:\program files\owl609v.dll
2003-11-04 22:18:00 638976 ----a-w- c:\program files\fd32_207.dll
2003-11-04 22:18:00 401728 ----a-w- c:\program files\EQNEDIT.EXE
2003-11-04 22:18:00 352256 ----a-w- c:\program files\db32_207.dll
2003-11-04 22:18:00 212992 ----a-w- c:\program files\cp32_207.dll
2003-11-04 22:18:00 131072 ----a-w- c:\program files\gr32_207.dll
2003-11-04 22:18:00 1122304 ----a-w- c:\program files\fm32_207.dll
2003-11-04 22:17:00 311296 ----a-w- c:\program files\APE24EXT_MT.dll
.
============= FINISH: 2:26:11.25 ===============
-
Ok thank you! I would really appreciate your help with this issue.
Here is my new DDS log file and Attach File.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_33
Run by Laptop User at 23:43:01 on 2012-07-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.579 [GMT -10:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
.
============== Pseudo HJT Report ===============
.
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DWABrowserHlprObj Class: {2709d830-b643-4e72-9a1e-701cfffcf30c} - c:\windows\system32\dwabho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
uRun: [Epson Stylus NX330(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihaa.exe /fu "c:\docume~1\laptop~1\locals~1\temp\E_S24F.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [uMonit] c:\windows\system32\umonit.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [Adobe] rundll32.exe "c:\documents and settings\laptop user\local settings\application data\apple computer\adobe\xdlqzl.dll",DllRegisterServer
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://165.248.233.217/iNotes6W.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231532123176
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://165.248.233.217/dwa7W.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc.cab
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
Hosts: 165.248.100.142 makala1
Hosts: 165.248.101.190 manoa1
Hosts: 165.248.101.62 manana1
Hosts: 165.248.102.38 mauka1
Hosts: 165.248.103.61 mckin1
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laptop user\application data\mozilla\firefox\profiles\165tp9u2.default\
FF - prefs.js: browser.startup.homepage - hxxp://165.248.233.217/mail/skeough.nsf
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13130.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPQTW32.DLL
FF - plugin: c:\program files\zwinky_5qei\installr\1.bin\NP5qEISb.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\SymDS.sys [2012-6-27 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys [2012-6-27 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys [2012-6-27 132744]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys [2012-6-27 149624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2009-9-29 3397000]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 654408]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-7-28 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccSvcHst.exe [2012-6-27 138232]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-1 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-1 838136]
R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart product drivers\UCService.exe [2010-11-19 846192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-28 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120702.001\IDSXpx86.sys [2012-7-2 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-12-15 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-12-15 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-12-15 168776]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120702.002\NAVENG.SYS [2012-7-2 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120702.002\NAVEX15.SYS [2012-7-2 1589752]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2012-2-6 6016]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2010-11-19 1664368]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-07-03 09:39:15 1324 ----a-w- c:\windows\system32\d3d9caps.tmp
2012-07-02 02:25:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-02 02:24:45 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-02 02:24:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-06-30 10:41:06 -------- d-----w- c:\documents and settings\laptop user\application data\Malwarebytes
2012-06-30 10:40:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-30 10:40:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 10:40:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:36:00 -------- d-----w- c:\documents and settings\laptop user\application data\DriverCure
2012-06-30 09:35:59 -------- d-----w- c:\documents and settings\laptop user\application data\SpeedMaxPc
2012-06-30 09:35:26 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-06-29 20:44:31 -------- d-----w- c:\windows\pss
2012-06-29 20:14:06 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-06-28 06:05:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-28 06:05:23 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-28 06:05:03 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys
2012-06-28 06:05:03 388216 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdi.sys
2012-06-28 06:05:03 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys
2012-06-28 06:05:03 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymDS.sys
2012-06-28 06:05:03 32888 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys
2012-06-28 06:05:03 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys
2012-06-28 06:05:02 574072 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys
2012-06-28 06:05:02 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys
2012-06-28 06:05:02 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys
2012-06-28 06:04:42 4782 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymVTcer.dat
2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\n360\0602010.005
2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\N360
2012-06-28 06:04:40 -------- d-----w- c:\program files\Norton 360
2012-06-28 06:02:35 -------- d-----w- c:\program files\NortonInstaller
2012-06-28 06:02:35 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-06-28 01:56:43 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3E0405F6ED00096165D151FC4E
2012-06-26 22:25:04 73 ----a-w- c:\windows\system32\ssprs.dll
2012-06-26 22:25:04 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-06-26 22:25:04 -------- d-----w- c:\documents and settings\all users\application data\Minnetonka Audio Software
2012-06-26 22:19:12 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-06-26 22:19:03 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-06-26 22:18:57 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-06-26 22:18:57 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-06-26 22:18:50 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-06-26 22:18:42 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-06-26 22:18:31 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-06-26 22:18:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-06-26 21:55:49 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-06-26 21:55:48 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2012-06-26 21:55:48 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-06-26 21:55:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-06-26 21:55:47 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-06-26 21:55:24 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2012-06-26 21:54:58 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2012-06-23 23:57:19 -------- d-----w- c:\documents and settings\laptop user\local settings\application data\IBM
2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2012-06-23 07:09:15 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-23 07:09:15 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-22 05:43:54 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-22 05:43:54 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 10:18:36 -------- d-----w- c:\documents and settings\laptop user\application data\Leader Technologies
2012-06-12 07:19:13 -------- d-----w- c:\program files\LTCM Client
2012-06-12 07:09:08 77824 ----a-w- c:\windows\system32\EBAPI.dll
2012-06-12 07:09:08 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2012-06-12 07:09:08 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2012-06-12 07:09:08 135168 ----a-w- c:\windows\system32\EEBAPI.dll
2012-06-12 07:09:08 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2012-06-12 07:05:32 475496 ----a-w- c:\windows\system32\ensppmon.dll
2012-06-12 07:05:32 475496 ----a-w- c:\windows\system32\enppmon.dll
2012-06-12 07:05:32 457780 ----a-w- c:\windows\system32\ensppui.dll
2012-06-12 07:05:32 457780 ----a-w- c:\windows\system32\enppui.dll
2012-06-12 07:05:32 249344 ----a-w- c:\windows\system32\enspres.dll
2012-06-12 07:05:32 249344 ----a-w- c:\windows\system32\enpres.dll
2012-06-12 07:05:32 -------- d-----w- c:\program files\EpsonNet
2012-06-12 07:05:13 -------- d-----w- c:\program files\common files\EPSON
2012-06-12 07:05:00 -------- d-----w- c:\program files\Epson America Inc
2012-06-12 07:04:24 93696 ----a-w- c:\windows\system32\E_FLBHAA.DLL
2012-06-12 07:04:24 63488 ----a-w- c:\windows\system32\E_FD4BHAA.DLL
2012-06-12 07:04:01 -------- d-----w- c:\documents and settings\all users\application data\EPSON
2012-06-12 07:03:12 -------- d-----w- c:\program files\Epson Software
2012-06-12 07:02:32 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-06-12 07:02:32 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-06-12 07:02:32 12800 ----a-w- c:\windows\system32\escdev.dll
2012-06-12 07:02:21 -------- d-----w- c:\program files\epson
2012-06-12 01:59:27 -------- d-----w- c:\program files\common files\The Neat Company
2012-06-12 01:53:35 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-06-12 01:53:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-12 01:34:43 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-06-12 01:34:43 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2012-06-12 01:31:20 -------- d-----w- c:\documents and settings\laptop user\local settings\application data\IsolatedStorage
2012-06-12 01:30:23 45056 ----a-w- c:\windows\system32\midrv74P.dll
2012-06-12 01:29:08 -------- d-----w- c:\program files\common files\Intuit
2012-06-12 01:29:01 -------- d-----w- c:\program files\common files\NeatReceipts
2012-06-12 01:28:36 -------- d-----w- c:\documents and settings\all users\application data\The Neat Company
2012-06-12 01:27:50 -------- d-----w- c:\program files\NeatWorks
2012-06-06 09:35:52 83424 ----a-w- c:\windows\system32\dwabho.dll
2012-06-03 23:05:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-03 23:05:02 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-06-28 20:22:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 20:22:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 05:43:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2005-06-16 22:19:22 2482176 ----a-w- c:\program files\TCTrill.dll
2005-06-11 01:12:16 847872 ----a-w- c:\program files\TCTrillS.dll
2005-06-03 18:59:54 61440 ----a-w- c:\program files\TCReports.dll
2004-02-12 04:11:40 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe
2004-02-12 03:59:34 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe
2004-01-27 02:04:08 49152 ----a-w- c:\program files\TCAlerts.dll
2003-11-04 22:21:00 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll
2003-11-04 22:21:00 561152 ----a-w- c:\program files\xp32_207.dll
2003-11-04 22:21:00 21776 ----a-w- c:\program files\shfolder.dll
2003-11-04 22:20:00 479232 ----a-w- c:\program files\rp32_207.dll
2003-11-04 22:20:00 217088 ----a-w- c:\program files\sa32_207.dll
2003-11-04 22:19:00 725032 ----a-w- c:\program files\kSAdg.dll
2003-11-04 22:19:00 692264 ----a-w- c:\program files\kCPdg.dll
2003-11-04 22:19:00 413736 ----a-w- c:\program files\kGRdg.dll
2003-11-04 22:19:00 401462 ----a-w- c:\program files\msvcp60.dll
2003-11-04 22:19:00 290869 ----a-w- c:\program files\msvcrt.dll
2003-11-04 22:19:00 2744361 ----a-w- c:\program files\kFDMdg.dll
2003-11-04 22:19:00 1982504 ----a-w- c:\program files\kFDdg.dll
2003-11-04 22:19:00 1937448 ----a-w- c:\program files\kXPdg.dll
2003-11-04 22:19:00 1794088 ----a-w- c:\program files\kRPdg.dll
2003-11-04 22:19:00 1597480 ----a-w- c:\program files\kDBdg.dll
2003-11-04 22:19:00 1486848 ----a-w- c:\program files\owl609v.dll
2003-11-04 22:18:00 638976 ----a-w- c:\program files\fd32_207.dll
2003-11-04 22:18:00 401728 ----a-w- c:\program files\EQNEDIT.EXE
2003-11-04 22:18:00 352256 ----a-w- c:\program files\db32_207.dll
2003-11-04 22:18:00 212992 ----a-w- c:\program files\cp32_207.dll
2003-11-04 22:18:00 131072 ----a-w- c:\program files\gr32_207.dll
2003-11-04 22:18:00 1122304 ----a-w- c:\program files\fm32_207.dll
2003-11-04 22:17:00 311296 ----a-w- c:\program files\APE24EXT_MT.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS722080K9A300 rev.DCBOCA1H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A2434B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a24a93c]; MOV EAX, [0x8a24aab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A67AAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8A555030]
\Driver\atapi[0x8A621C80] -> IRP_MJ_CREATE -> 0x8A2434B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2432E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:44:32.43 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2008 1:44:09 PM
System Uptime: 7/2/2012 11:33:01 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 23.964 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 165.248.100.142 makala1
Hosts: 165.248.101.190 manoa1
Hosts: 165.248.101.62 manana1
Hosts: 165.248.102.38 mauka1
Hosts: 165.248.103.61 mckin1
Hosts: 165.248.105.228 milh1
Hosts: 165.248.106.150 milike1
Hosts: 165.248.106.10 milmka
Hosts: 165.248.107.136 miluka1
Hosts: 165.248.108.209 moanae1
Hosts: 165.248.108.37 milwaena
Hosts: 165.248.109.187 moahs1
Hosts: 165.248.10.9 isped2
Hosts: 165.248.10.11 sra5
Hosts: 165.248.10.12 sra4
Hosts: 165.248.10.13 darkwing
Hosts: 165.248.10.134 isped14
Hosts: 165.248.10.136 isped15
Hosts: 165.248.10.144 lilinote
Hosts: 165.248.10.145 rep1
Hosts: 165.248.10.146 mta1
Hosts: 165.248.10.147 route1
Hosts: 165.248.10.148 maui1
Hosts: 165.248.10.149 maui2
Hosts: 165.248.10.15 sraserv2
Hosts: 165.248.10.151 rep2
Hosts: 165.248.10.158 isped2icm
Hosts: 165.248.10.159 isped3icm
Hosts: 165.248.10.160 isped6
Hosts: 165.248.10.162 isped7
Hosts: 165.248.10.169 isped5
Hosts: 165.248.10.17 sraserv3
Hosts: 165.248.10.170 app1
Hosts: 165.248.10.173 isped3
Hosts: 165.248.10.18 test1
Hosts: 165.248.10.19 sraserv1
Hosts: 165.248.10.190 srasun
Hosts: 165.248.10.21 sra1
Hosts: 165.248.10.22 sra2
Hosts: 165.248.10.24 beta2
Hosts: 165.248.10.25 r5
Hosts: 165.248.10.254 irmb1
Hosts: 165.248.10.26 sugar
Hosts: 165.248.10.26 isped4
Hosts: 165.248.10.28 sametime
Hosts: 165.248.10.29 diis
Hosts: 165.248.10.30 049sphere
Hosts: 165.248.10.35 isped8
Hosts: 165.248.10.43 isped12
Hosts: 165.248.10.53 isped9
Hosts: 165.248.10.56 isped1
Hosts: 165.248.10.58 isped10
Hosts: 165.248.10.59 isped10pn
Hosts: 165.248.10.7 decs1
Hosts: 165.248.10.84 npump1
Hosts: 165.248.111.126 moanai1
Hosts: 165.248.112.158 mokulele1
Hosts: 165.248.113.14 momil1
Hosts: 165.248.113.190 nanaika1
Hosts: 165.248.114.147 nanak1
Hosts: 165.248.115.50 nanakhi1
Hosts: 165.248.117.235 noelani
Hosts: 165.248.117.62 niuv1
Hosts: 165.248.118.190 nuuanu1
Hosts: 165.248.119.67 palolo1
Hosts: 165.248.11.11 hondo1
Hosts: 165.248.11.138 cendo2
Hosts: 165.248.11.151 cendo1
Hosts: 165.248.120.122 pauoa1
Hosts: 165.248.121.126 pccomp1
Hosts: 165.248.123.190 pearlh1
Hosts: 165.248.124.22 pearlhk1
Hosts: 165.248.124.210 pridge1
Hosts: 165.248.125.190 pohakea1
Hosts: 165.248.127.143 radford
Hosts: 165.248.127.62 puuhale1
Hosts: 165.248.129.6 redhill1
Hosts: 165.248.12.205 kahukuhi
Hosts: 165.248.12.206 kalaheo
Hosts: 165.248.12.207 king
Hosts: 165.248.12.208 maunawili
Hosts: 165.248.12.222 windo1
Hosts: 165.248.130.62 rsvlt1
Hosts: 165.248.131.190 slake1
Hosts: 165.248.131.62 royal1
Hosts: 165.248.132.79 ascott1
Hosts: 165.248.133.17 shafter1
Hosts: 165.248.133.217 solomon1
Hosts: 165.248.134.190 stvson1
Hosts: 165.248.136.254 wahiawai1
Hosts: 165.248.136.62 wahiawa1
Hosts: 165.248.138.16 waialae1
Hosts: 165.248.138.141 waialuae1
Hosts: 165.248.13.190 hawsped1
Hosts: 165.248.13.80 hawdo1
Hosts: 165.248.140.126 waianae1
Hosts: 165.248.141.62 waianah1
Hosts: 165.248.142.143 waianai1
Hosts: 165.248.143.147 waiau1
Hosts: 165.248.144.62 waikiki1
Hosts: 165.248.145.126 waimalu1
Hosts: 165.248.145.220 waiman1
Hosts: 165.248.146.190 waipel1
Hosts: 165.248.149.25 waipin1
Hosts: 165.248.149.33 waipc1
Hosts: 165.248.14.11 mauido1
Hosts: 165.248.14.190 mlsc1
Hosts: 165.248.14.203 kauaido1
Hosts: 165.248.150.15 washint1
Hosts: 165.248.151.126 webling1
Hosts: 165.248.152.100 wheelm1
Hosts: 165.248.151.146 wheele1
Hosts: 165.248.153.190 wilson1
Hosts: 165.248.154.60 anuenue1
Hosts: 165.248.155.16 holomua
Hosts: 165.248.158.94 waikele1
Hosts: 165.248.160.16 milmid1
Hosts: 165.248.164.158 haaheo1
Hosts: 165.248.165.100 hiloh1
Hosts: 165.248.167.190 hilou1
Hosts: 165.248.168.144 honau1
Hosts: 165.248.169.62 honokh1
Hosts: 165.248.170.126 hookena
Hosts: 165.248.171.126 kahakai1
Hosts: 165.248.171.189 kalania1
Hosts: 165.248.173.207 keaaum1
Hosts: 165.248.174.126 keaau1
Hosts: 165.248.174.254 kealake1
Hosts: 165.248.175.140 kealaki1
Hosts: 165.248.176.190 keauk1
Hosts: 165.248.176.254 keone1
Hosts: 165.248.177.79 kohalah1
Hosts: 165.248.178.126 konaw1
Hosts: 165.248.179.62 konawh1
Hosts: 165.248.180.201 laupah1
Hosts: 165.248.181.207 naalehu1
Hosts: 165.248.181.79 mtview1
Hosts: 165.248.182.126 paauilo1
Hosts: 165.248.182.254 pahoae1
Hosts: 165.248.184.126 waiakeae1
Hosts: 165.248.185.100 waiakeah1
Hosts: 165.248.186.185 waiakeai1
Hosts: 165.248.187.190 waiakeaw1
Hosts: 165.248.187.30 kapoleih1
Hosts: 165.248.189.249 waikolo1
Hosts: 165.248.189.62 waimeae1
Hosts: 165.248.190.62 konawm1
Hosts: 165.248.191.126 honoke1
Hosts: 165.248.191.190 kohalae1
Hosts: 165.248.192.15 kohalam1
Hosts: 165.248.192.165 hiloi1
Hosts: 165.248.193.60 kealakh1
Hosts: 165.248.195.190 pahoah1
Hosts: 165.248.198.60 keaauh2
Hosts: 165.248.198.62 keaauh1
Hosts: 165.248.199.126 baldwin1
Hosts: 165.248.1.173 lili1
Hosts: 165.248.200.190 haiku1
Hosts: 165.248.201.146 iao1
Hosts: 165.248.201.62 hana1
Hosts: 165.248.202.190 kahului
Hosts: 165.248.203.16 kalama1
Hosts: 165.248.203.221 jarret1
Hosts: 165.248.204.62 kamiii
Hosts: 165.248.205.126 kihei1
Hosts: 165.248.206.126 kula
Hosts: 165.248.207.62 lahaina1
Hosts: 165.248.207.126 lahainal1
Hosts: 165.248.208.254 lokela1
Hosts: 165.248.208.62 lihikai1
Hosts: 165.248.209.190 makawao1
Hosts: 165.248.210.84 mauihs1
Hosts: 165.248.211.203 mauiw1
Hosts: 165.248.212.140 nahiena1
Hosts: 165.248.213.190 pukala1
Hosts: 165.248.213.62 paia1
Hosts: 165.248.214.190 wailuku1
Hosts: 165.248.214.62 waihee
Hosts: 165.248.215.100 kklike
Hosts: 165.248.215.99 kklike2
Hosts: 165.248.216.62 kamalii1
Hosts: 165.248.219.61 kapomid1
Hosts: 165.248.225.190 kiloh1
Hosts: 165.248.225.26 kaunaka1
Hosts: 165.248.226.190 maunal1
Hosts: 165.248.226.62 kualapuu
Hosts: 165.248.227.62 molokah1
Hosts: 165.248.229.16 lanai1
Hosts: 165.248.231.139 hanalei1
Hosts: 165.248.232.62 kalahe1
Hosts: 165.248.233.17 kapaa1
Hosts: 165.248.233.217 kapaah1
Hosts: 165.248.236.232 kaumu1
Hosts: 165.248.236.62 kauaihi1
Hosts: 165.248.238.126 kilauea1
Hosts: 165.248.238.159 koloa1
Hosts: 165.248.239.114 waimeac1
Hosts: 165.248.240.83 waimeah1
Hosts: 165.248.241.22 wilcox
Hosts: 165.248.241.82 eleele1
Hosts: 165.248.242.11 kapaam1
Hosts: 165.248.243.126 kekaha1
Hosts: 165.248.244.251 kamaka1
Hosts: 165.248.24.89 leedo1
Hosts: 165.248.89.21 kokoh1
Hosts: 165.248.2.125 telesch1
Hosts: 165.248.2.20 atr1
Hosts: 165.248.2.55 hcps1
Hosts: 165.248.2.56 cai1
Hosts: 165.248.31.253 mcsa
Hosts: 165.248.33.254 jeffers1
Hosts: 165.248.34.62 olomana1
Hosts: 165.248.36.20 ahuim1
Hosts: 165.248.36.190 aieael1
Hosts: 165.248.38.62 aieah1
Hosts: 165.248.39.145 ainaha1
Hosts: 165.248.3.11 ois3
Hosts: 165.248.3.126 felix1
Hosts: 165.248.3.144 eval1
Hosts: 165.248.40.254 aliame1
Hosts: 165.248.40.62 alawai1
Hosts: 165.248.41.126 aliami1
Hosts: 165.248.42.126 alii1
Hosts: 165.248.43.78 august1
Hosts: 165.248.44.20 campb1
Hosts: 165.248.45.151 castle1
Hosts: 165.248.47.62 central1
Hosts: 165.248.48.3 dole2
Hosts: 165.248.48.4 dole3
Hosts: 165.248.49.144 ewa1
Hosts: 165.248.49.62 ewab1
Hosts: 165.248.10.6 facil1
Hosts: 165.248.50.62 farrin1
Hosts: 165.248.51.150 fern1
Hosts: 165.248.52.16 hahaione
Hosts: 165.248.53.170 haleiwa1
Hosts: 165.248.55.126 helemano
Hosts: 165.248.55.18 heeia1
Hosts: 165.248.56.196 highl1
Hosts: 165.248.55.230 hickam1
Hosts: 165.248.58.62 honowai1
Hosts: 165.248.59.95 ilima1
Hosts: 165.248.5.208 foodsrv
Hosts: 165.248.60.184 iroq1
Hosts: 165.248.62.13 jeffers2
Hosts: 165.248.63.62 kmanu1
Hosts: 165.248.63.76 kaala1
Hosts: 165.248.64.126 kaewai1
Hosts: 165.248.64.209 kahala
Hosts: 165.248.68.62 kailuae1
Hosts: 165.248.70.80 kaimiloa
Hosts: 165.248.71.16 kaimuh1
Hosts: 165.248.72.123 kaimum1
Hosts: 165.248.73.254 kaiser1
Hosts: 165.248.74.210 kaiula1
Hosts: 165.248.76.90 kalaka1
Hosts: 165.248.77.15 kalanih1
Hosts: 165.248.78.207 kalihi
Hosts: 165.248.78.62 kalei1
Hosts: 165.248.79.76 kalkai1
Hosts: 165.248.7.80 nssb1
Hosts: 165.248.80.189 kalihiw1
Hosts: 165.248.80.62 kaluka1
Hosts: 165.248.81.16 kamaile
Hosts: 165.248.82.120 kaneohe1
Hosts: 165.248.82.62 kamilo1
Hosts: 165.248.83.145 kapalama
Hosts: 165.248.83.62 kanoela1
Hosts: 165.248.84.78 leedo2
Hosts: 165.248.84.79 kapolei
Hosts: 165.248.85.253 kauluw1
Hosts: 165.248.85.80 kapuna1
Hosts: 165.248.86.80 kawana1
Hosts: 165.248.88.190 kipapa1
Hosts: 165.248.8.254 spms1
Hosts: 165.248.90.207 lanak1
Hosts: 165.248.90.25 laie1
Hosts: 165.248.91.254 lehua1
Hosts: 165.248.92.190 leihoku1
Hosts: 165.248.93.21 leilehua1
Hosts: 165.248.93.73 wahcsa1
Hosts: 165.248.35.16 rise1
Hosts: 165.248.95.93 likel1
Hosts: 165.248.96.190 lincoln1
Hosts: 165.248.96.62 linapu1
Hosts: 165.248.97.144 maemae
Hosts: 165.248.97.51 lunal1
Hosts: 165.248.98.80 maili1
Hosts: 165.248.99.254 mkilo1
Hosts: 165.248.99.59 makaha1
Hosts: 165.248.147.151 waipah1
Hosts: 165.248.10.146 smtp1
Hosts: 165.248.116.85 nimitz1
Hosts: 165.248.118.207 pces1
Hosts: 165.248.139.27 waialuah1
Hosts: 165.248.126.55 pope1
Hosts: 165.248.145.239 waiman2
Hosts: 165.248.43.157 barbers1
Hosts: 165.248.14.203 kauaido1
Hosts: 165.248.10.96 mushroom
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 4.0
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.0)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Media Card Companion
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Gigabit Integrated Controller
BufferChm
Camtasia Studio 3
CDDRV_Installer
Cisco WebEx Meetings
Conexant HDA D330 MDC V.92 Modem
Connect
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell Resource CD
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Epson Connect
Epson Customer Participation
Epson Event Manager
EPSON NX330 Series Printer Uninstall
EPSON Scan
EpsonNet Print
eSupportQFolder
Fax_CDA
Generic color icon driver
Genesys USB Mass Storage Device
Geo CS Test Gen
getPlus® for Adobe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
iTunes
Java Auto Updater
Java 6 Update 33
Java 6 Update 7
Jing
KhalSetup
kuler
Lotus Notes 8.5.1
LTCM Client
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
McAfee AntiSpyware Enterprise Module
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
Neat ADF Scanner Driver
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
NeatWorks
NeatWorks Core Files
Netscape Navigator 4.08
Network Stumbler 0.4.0 (remove only)
NewCopy_CDA
Norton 360
OCR Software by I.R.I.S 7.0
Oracle JInitiator 1.3.1.28
Oracle JInitiator 1.3.1.30
Oz776 SCR Driver V1.1.4.2
PanoStandAlone
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
ProductContextNPI
QuickTime
Readme
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SetPoint
SigmaTel Audio
SMART Notebook
SMART Product Drivers
SMART Product Update
SnagIt 8
SolutionCenter
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Suite Shared Configuration CS4
Symantec Ghost Console Client
Toolbox
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebEx Productivity Tools
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZipGenius 6 (6.0.3.1140)
.
==== Event Viewer Messages From Past Week ========
.
6/29/2012 12:44:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
.
==== End Of File ===========================
-
When I noticed the problem, I downloaded MalwareBytes and Spybot. I removed what I could however the problem still persists. Malwarebytes keep notifying me that it has blocked access to a potentially malicious website 206.161.121.3 (type: outgoing). This is driving me nuts because I cannot locate the program or process that is doing this. Please help
-
Every time I start my computer, ads play in the background somewhere. No programs are open but something is running behind the scenes as I hear all kinds of commercials/ads through the speakers.
Help
in Resolved Malware Removal Logs
Posted
Back to normal
Thank you sooooo much for all of your help!