jvreynol

Members

View Profile See their activity

Posts
6
Joined
July 3, 2012
Last visited
July 10, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by jvreynol

Ad network traffic, slow internet connection

jvreynol replied to jvreynol's topic in Resolved Malware Removal Logs

Hello: Here's the latest Combofix.txt log... ============================= ComboFix 12-07-08.03 - Jim 07/09/2012 21:02:06.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1756 [GMT -4:00] Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jim\Desktop\CFScript.txt AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-09 16:18 . 2012-07-09 16:18 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CAA97406-A117-4F26-BFBC-0011A665FADD}\offreg.dll 2012-07-07 14:34 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-07-07 14:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-07-07 14:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-07-06 06:09 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CAA97406-A117-4F26-BFBC-0011A665FADD}\mpengine.dll 2012-07-06 02:52 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-07-06 02:48 . 2012-07-07 13:33 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-04 22:35 . 2004-08-13 06:41 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-04 22:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:19 . 2007-06-19 01:59 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2007-06-19 01:59 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2004-08-13 06:41 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2004-08-13 06:41 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2004-08-13 06:41 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2004-02-26 00:35 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2003-07-30 13:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2003-07-30 13:00 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2007-06-19 01:59 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2004-08-13 06:41 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2003-07-30 13:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2003-03-20 22:18 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-31 03:41 . 2006-04-01 01:54 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-05-16 15:08 . 2004-02-06 22:05 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2003-07-30 13:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2003-07-30 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2003-07-30 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 1980-01-01 06:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 1980-01-01 06:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2003-07-30 13:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-07_14.14.10 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-09 12:27 . 2012-07-09 12:27 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat + 2012-07-09 02:18 . 2012-07-09 02:18 16384 c:\windows\Temp\Perflib_Perfdata_2b0.dat + 2012-07-09 02:18 . 2012-07-09 02:18 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat + 2003-07-30 13:00 . 2012-05-11 14:42 67072 c:\windows\SYSTEM32\mshtmled.dll + 2006-11-08 02:03 . 2012-05-11 14:42 55296 c:\windows\SYSTEM32\msfeedsbs.dll - 2006-11-08 02:03 . 2011-11-04 19:20 55296 c:\windows\SYSTEM32\msfeedsbs.dll + 2003-07-30 13:00 . 2012-05-11 14:42 25600 c:\windows\SYSTEM32\jsproxy.dll - 2003-07-30 13:00 . 2011-11-04 19:20 25600 c:\windows\SYSTEM32\jsproxy.dll + 2009-07-15 10:31 . 2012-05-11 14:42 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll - 2009-07-15 10:31 . 2011-11-04 19:20 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll + 2003-07-30 13:00 . 2012-05-11 14:42 67072 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll + 2007-05-09 01:20 . 2012-05-11 14:42 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll - 2007-05-09 01:20 . 2011-11-04 19:20 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll - 2003-07-30 13:00 . 2011-11-04 19:20 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll + 2003-07-30 13:00 . 2012-05-11 14:42 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll - 2006-05-10 05:25 . 2011-11-04 19:20 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll + 2006-05-10 05:25 . 2012-05-11 14:42 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll - 2012-07-03 01:41 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\spcustom.dll - 2012-07-03 01:41 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spmsg.dll - 2012-07-03 01:49 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\spcustom.dll - 2012-07-03 01:49 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\spmsg.dll - 2012-07-03 01:50 . 2012-05-15 13:56 30208 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\w32ksign.dll - 2012-07-03 01:50 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\spcustom.dll - 2012-07-03 01:50 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\spmsg.dll - 2012-07-03 01:42 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\w32ksign.dll - 2012-07-03 01:42 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\spcustom.dll - 2012-07-03 01:42 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\mpsyschk.dll - 2012-07-03 01:42 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spmsg.dll - 2012-07-03 01:49 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\spcustom.dll - 2012-07-03 01:49 . 2012-05-05 03:16 16896 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\mpsyschk.dll - 2012-07-03 01:49 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spmsg.dll + 2002-01-29 07:47 . 2012-04-26 12:28 12288 c:\windows\Microsoft.NET\Framework\v1.0.3705\zh-CHT\System.Drawing.Resources.dll + 2002-01-29 07:47 . 2012-04-26 12:21 12288 c:\windows\Microsoft.NET\Framework\v1.0.3705\zh-CHS\System.Drawing.Resources.dll - 2002-06-18 04:10 . 2011-07-05 20:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll + 2002-06-18 04:10 . 2012-01-13 21:03 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll + 2002-06-18 04:10 . 2012-01-13 21:03 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll - 2002-06-18 04:10 . 2011-07-05 20:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll + 2002-01-29 07:46 . 2012-04-26 12:27 13824 c:\windows\Microsoft.NET\Framework\v1.0.3705\KO\System.Drawing.Resources.dll + 2002-01-25 13:02 . 2012-04-26 12:29 24576 c:\windows\Microsoft.NET\Framework\v1.0.3705\JA\System.Drawing.Resources.dll - 2002-01-25 13:02 . 2002-01-25 13:02 24576 c:\windows\Microsoft.NET\Framework\v1.0.3705\JA\System.Drawing.Resources.dll + 2002-02-18 19:30 . 2012-04-26 12:29 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\IT\System.Drawing.Resources.dll + 2002-02-18 21:05 . 2012-04-26 12:30 13824 c:\windows\Microsoft.NET\Framework\v1.0.3705\FR\System.Drawing.Resources.dll + 2002-02-14 12:15 . 2012-04-26 12:21 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\ES\System.Drawing.Resources.dll + 2002-02-23 04:27 . 2012-04-26 12:27 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\DE\System.Drawing.Resources.dll + 2002-06-21 23:31 . 2012-01-13 21:54 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe - 2002-06-21 23:31 . 2011-07-06 14:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe - 2002-06-21 23:31 . 2011-07-06 14:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe + 2002-06-21 23:31 . 2012-01-13 21:54 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe + 2012-07-07 14:41 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll + 2012-07-07 14:41 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll + 2012-07-07 14:41 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll + 2012-07-07 14:41 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll + 2012-07-07 14:41 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll + 2012-07-07 14:37 . 2012-07-07 14:37 90112 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_45d7c3e0\System.Drawing.Design.dll + 2012-07-07 14:39 . 2012-07-07 14:39 90112 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_1df2e61e\System.Drawing.Design.dll + 2012-07-07 14:36 . 2012-07-07 14:36 61440 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_faaf3c27\CustomMarshalers.dll + 2012-07-07 14:39 . 2012-07-07 14:39 12288 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2012-07-07 14:39 . 2012-07-07 14:39 12288 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2012-07-07 14:39 . 2012-07-07 14:39 13824 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2012-07-07 14:39 . 2012-07-07 14:39 24576 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\System.Drawing.Resources.dll - 2003-08-08 19:42 . 2003-08-08 19:42 24576 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2012-07-07 14:38 . 2012-07-07 14:38 13312 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_it_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2012-07-07 14:39 . 2012-07-07 14:39 13824 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2012-07-07 14:39 . 2012-07-07 14:39 13312 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_es_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2012-07-07 14:39 . 2012-07-07 14:39 13312 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2002-06-12 11:54 . 2012-01-17 05:19 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe - 2002-06-12 11:54 . 2011-07-12 23:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe - 2003-07-30 13:00 . 2009-12-24 06:59 177664 c:\windows\SYSTEM32\wintrust.dll + 2003-07-30 13:00 . 2012-02-29 14:10 177664 c:\windows\SYSTEM32\wintrust.dll - 2003-07-30 13:00 . 2011-11-04 19:20 105984 c:\windows\SYSTEM32\url.dll + 2003-07-30 13:00 . 2012-05-11 14:42 105984 c:\windows\SYSTEM32\url.dll + 2003-07-30 13:00 . 2012-05-11 14:42 206848 c:\windows\SYSTEM32\occache.dll - 2003-07-30 13:00 . 2011-11-04 19:20 206848 c:\windows\SYSTEM32\occache.dll + 2003-07-30 13:00 . 2012-05-11 14:42 611840 c:\windows\SYSTEM32\mstime.dll - 2003-07-30 13:00 . 2011-11-04 19:20 611840 c:\windows\SYSTEM32\mstime.dll + 2006-11-08 02:03 . 2012-05-11 14:42 629760 c:\windows\SYSTEM32\msfeeds.dll + 2003-07-30 13:00 . 2012-02-29 14:10 148480 c:\windows\SYSTEM32\imagehlp.dll + 2003-07-30 13:00 . 2012-05-11 14:42 184320 c:\windows\SYSTEM32\iepeers.dll - 2003-07-30 13:00 . 2011-11-04 19:20 184320 c:\windows\SYSTEM32\iepeers.dll + 2003-07-30 13:00 . 2012-05-11 14:42 387584 c:\windows\SYSTEM32\iedkcs32.dll - 2003-07-30 13:00 . 2011-11-04 19:20 387584 c:\windows\SYSTEM32\iedkcs32.dll - 2003-07-30 13:00 . 2011-11-04 11:24 174080 c:\windows\SYSTEM32\ie4uinit.exe + 2003-07-30 13:00 . 2012-05-11 11:38 174080 c:\windows\SYSTEM32\ie4uinit.exe - 2003-08-08 21:27 . 2012-05-08 22:00 335464 c:\windows\SYSTEM32\FNTCACHE.DAT + 2003-08-08 21:27 . 2012-07-07 16:06 335464 c:\windows\SYSTEM32\FNTCACHE.DAT - 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll + 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll + 2004-02-06 22:05 . 2012-05-16 15:08 916992 c:\windows\SYSTEM32\DLLCACHE\wininet.dll - 2004-02-06 22:05 . 2011-11-04 19:20 916992 c:\windows\SYSTEM32\DLLCACHE\wininet.dll - 2003-07-30 13:00 . 2011-11-04 19:20 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll + 2003-07-30 13:00 . 2012-05-11 14:42 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll - 2011-08-11 00:15 . 2011-06-24 14:10 139656 c:\windows\SYSTEM32\DLLCACHE\rdpwd.sys + 2011-08-11 00:15 . 2012-05-02 13:46 139656 c:\windows\SYSTEM32\DLLCACHE\rdpwd.sys - 2006-10-17 17:04 . 2011-11-04 19:20 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll + 2006-10-17 17:04 . 2012-05-11 14:42 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll + 2006-05-10 05:25 . 2012-05-11 14:42 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll - 2006-05-10 05:25 . 2011-11-04 19:20 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll + 2007-05-09 01:20 . 2012-05-11 14:42 629760 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll + 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\SYSTEM32\DLLCACHE\imagehlp.dll - 2009-07-15 10:31 . 2011-11-04 19:20 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll + 2009-07-15 10:31 . 2012-05-11 14:42 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll + 2003-07-30 13:00 . 2012-05-11 14:42 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll - 2003-07-30 13:00 . 2011-11-04 19:20 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll + 2010-06-09 23:55 . 2012-05-11 14:42 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll - 2010-06-09 23:55 . 2011-11-04 19:20 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll + 2006-11-07 08:27 . 2012-05-11 14:42 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll - 2006-11-07 08:27 . 2011-11-04 19:20 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll - 2006-11-07 08:26 . 2011-11-04 11:24 174080 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe + 2006-11-07 08:26 . 2012-05-11 11:38 174080 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe - 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll + 2011-09-03 10:17 . 2012-05-31 13:22 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll - 2012-07-03 01:41 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\updspapi.dll - 2012-07-03 01:41 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update.exe - 2012-07-03 01:41 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spuninst.exe - 2012-07-03 01:49 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\updspapi.dll - 2012-07-03 01:49 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\update.exe - 2012-07-03 01:49 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\spuninst.exe - 2012-07-03 01:50 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\updspapi.dll - 2012-07-03 01:50 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\update.exe - 2012-07-03 01:50 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\spuninst.exe - 2012-07-03 01:42 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\updspapi.dll - 2012-07-03 01:42 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\update.exe - 2012-07-03 01:42 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spuninst.exe - 2012-07-03 01:49 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\updspapi.dll - 2012-07-03 01:49 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\update.exe - 2012-07-03 01:49 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spuninst.exe - 2002-06-12 11:55 . 2004-07-20 01:54 462848 c:\windows\Microsoft.NET\Framework\v1.0.3705\system.drawing.dll + 2002-06-12 11:55 . 2012-04-26 12:27 462848 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll - 2002-06-12 03:02 . 2011-07-05 20:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll + 2002-06-12 03:02 . 2012-01-13 20:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll - 2002-06-21 23:31 . 2011-07-06 14:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll + 2002-06-21 23:31 . 2012-01-13 21:54 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll + 2012-07-07 14:41 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2699988-IE8\wininet.dll + 2012-07-07 14:41 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll + 2012-07-07 14:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll + 2012-07-07 14:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe + 2012-07-07 14:41 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll + 2012-07-07 14:41 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll + 2012-07-07 14:41 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll + 2012-07-07 14:41 . 2009-03-08 08:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll + 2012-07-07 14:41 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll + 2012-07-07 14:41 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll + 2012-07-07 14:41 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll + 2012-07-07 14:41 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll + 2012-07-07 14:41 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe + 2012-07-07 14:39 . 2012-07-07 14:39 851968 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_e66337af\System.Drawing.dll + 2012-07-07 14:37 . 2012-07-07 14:37 847872 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_3b9338da\System.Drawing.dll + 2012-07-07 14:38 . 2012-07-07 14:38 462848 c:\windows\ASSEMBLY\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll - 2008-09-05 02:14 . 2008-09-05 02:14 462848 c:\windows\ASSEMBLY\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll + 2012-07-07 14:34 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll + 2004-01-21 21:20 . 2012-05-11 14:42 1212416 c:\windows\SYSTEM32\urlmon.dll - 2004-01-21 21:20 . 2011-11-04 19:20 1212416 c:\windows\SYSTEM32\urlmon.dll + 2004-07-07 22:37 . 2012-05-11 14:42 6007808 c:\windows\SYSTEM32\mshtml.dll - 2006-10-17 16:57 . 2011-11-04 19:20 2000384 c:\windows\SYSTEM32\iertutil.dll + 2006-10-17 16:57 . 2012-05-11 14:42 2000384 c:\windows\SYSTEM32\iertutil.dll + 2008-10-14 20:07 . 2012-05-15 13:20 1863168 c:\windows\SYSTEM32\DLLCACHE\win32k.sys - 2004-01-21 21:20 . 2011-11-04 19:20 1212416 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll + 2004-01-21 21:20 . 2012-05-11 14:42 1212416 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll + 2008-10-14 20:07 . 2012-05-04 13:12 2192640 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe + 2008-10-14 20:07 . 2012-05-04 12:32 2026496 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe + 2008-10-14 20:07 . 2012-05-04 12:32 2069120 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe + 2008-10-14 20:07 . 2012-05-04 13:16 2148352 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe + 2004-07-07 22:37 . 2012-05-11 14:42 6007808 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll + 2007-05-09 01:20 . 2012-05-11 14:42 2000384 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll - 2007-05-09 01:20 . 2011-11-04 19:20 2000384 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll - 2002-06-12 11:54 . 2004-07-20 01:54 2002944 c:\windows\Microsoft.NET\Framework\v1.0.3705\system.windows.forms.dll + 2002-06-12 11:54 . 2012-01-17 05:19 2002944 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll + 2002-06-12 11:53 . 2012-01-17 05:20 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll - 2002-06-12 11:53 . 2011-07-12 23:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll + 2002-06-12 11:55 . 2012-01-17 05:19 1179648 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.dll - 2002-06-12 11:55 . 2007-12-17 11:59 1179648 c:\windows\Microsoft.NET\Framework\v1.0.3705\system.dll + 2002-06-12 03:03 . 2012-01-13 20:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll - 2002-06-12 03:03 . 2011-07-05 20:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll + 2002-06-12 03:02 . 2012-01-13 20:59 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll + 2002-06-12 11:55 . 2012-01-17 05:19 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll - 2002-06-12 11:55 . 2011-07-12 23:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll + 2012-07-07 14:41 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll + 2012-07-07 14:41 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll + 2012-07-07 14:41 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll + 2008-10-14 20:07 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\I386\ntoskrnl.exe + 2008-10-14 20:07 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\I386\ntkrpamp.exe + 2008-10-14 20:07 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\I386\ntkrnlpa.exe + 2008-10-14 20:07 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\I386\ntkrnlmp.exe + 2012-07-07 14:36 . 2012-07-07 14:36 1855488 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_9d8fa910\System.dll + 2012-07-07 14:37 . 2012-07-07 14:37 2027520 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_e8884a34\System.Xml.dll + 2012-07-07 14:39 . 2012-07-07 14:39 2953216 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_e094bce8\System.Windows.Forms.dll + 2012-07-07 14:37 . 2012-07-07 14:37 2953216 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_bf7b4de4\System.Windows.Forms.dll + 2012-07-07 14:39 . 2012-07-07 14:39 1454080 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_bd399941\System.Design.dll + 2012-07-07 14:36 . 2012-07-07 14:36 1454080 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_7cd32e56\System.Design.dll + 2012-07-07 14:36 . 2012-07-07 14:36 3301376 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_5597fd86\mscorlib.dll + 2012-07-07 14:36 . 2012-07-07 14:36 1179648 c:\windows\ASSEMBLY\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll - 2008-09-05 02:14 . 2008-09-05 02:14 1179648 c:\windows\ASSEMBLY\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll - 2008-09-05 02:14 . 2008-09-05 02:14 2002944 c:\windows\ASSEMBLY\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-07-07 14:36 . 2012-07-07 14:36 2002944 c:\windows\ASSEMBLY\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll - 2012-02-08 22:43 . 2012-02-08 22:43 1200128 c:\windows\ASSEMBLY\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll + 2012-07-07 14:36 . 2012-07-07 14:36 1200128 c:\windows\ASSEMBLY\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll + 2006-11-08 02:03 . 2012-05-12 00:12 11111424 c:\windows\SYSTEM32\ieframe.dll + 2007-05-09 01:20 . 2012-05-12 00:12 11111424 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll + 2012-07-07 14:41 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-07 335872] "AsioReg"="CTASIO.DLL" [2003-02-20 110592] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056] "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939] "CTHelper"="CTHELPER.EXE" [2003-02-20 28672] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\documents and settings\Jim\Start Menu\Programs\Startup\ GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2010-3-26 431608] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\Jim\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2006-05-08 09:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-05-21 12:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2006-04-15 20:14 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] 2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Tray] 2009-04-14 22:37 139264 ----a-w- c:\program files\Upromise\UpromiseTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Update] 2009-04-13 21:50 96136 ----a-w- c:\program files\Upromise\dca-ua.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Support.com\\bin\\tgcmd.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0502010.003\symds.sys [4/23/2012 11:03 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0502010.003\symefa.sys [4/23/2012 11:03 PM 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 8:01 PM 821920] R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0502010.003\ironx86.sys [4/23/2012 11:03 PM 136312] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [4/23/2012 11:03 PM 130008] R2 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/2/2012 10:04 PM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120705.001\IDSXpx86.sys [7/5/2012 11:13 PM 369632] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2009 5:57 PM 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2009 5:57 PM 133104] . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34] . 2012-07-09 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-09-09 13:26] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7170fa92ab76.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 21:56] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 21:56] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1093819779-2537581792-1553126955-1008Core.job - c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-07 14:27] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1093819779-2537581792-1553126955-1008UA.job - c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-07 14:27] . 2012-07-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . 2012-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08] . 2004-10-19 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-19 22:38] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: kyw1060.com\www Trusted Zone: mcafee.com Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: phillies.com\www Trusted Zone: windowsupdate.com TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.126.199.53:81/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\bl6vfl0c.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-09 21:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1093819779-2537581792-1553126955-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(5788) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-07-09 21:20:07 ComboFix-quarantined-files.txt 2012-07-10 01:19 . Pre-Run: 7,392,165,888 bytes free Post-Run: 7,366,688,768 bytes free . - - End Of File - - 9298674DE200920B69320342B6111242
Ad network traffic, slow internet connection

jvreynol replied to jvreynol's topic in Resolved Malware Removal Logs

OK. Completed step 1. Here's the combo fix log for step 2. ============================ ComboFix 12-07-07.02 - Jim 07/07/2012 9:49.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1845 [GMT -4:00] Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jim\Application Data\PriceGong c:\documents and settings\Jim\Application Data\PriceGong\Data\1.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\a.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\b.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\c.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\d.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\e.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\f.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\g.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\h.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\i.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\J.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\k.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\l.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\m.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\n.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\o.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\p.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\q.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\r.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\s.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\t.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\u.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\v.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\w.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\x.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\y.xml c:\documents and settings\Jim\Application Data\PriceGong\Data\z.xml . . ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-07-06 06:09 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CAA97406-A117-4F26-BFBC-0011A665FADD}\mpengine.dll 2012-07-06 02:52 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-07-06 02:48 . 2012-07-07 13:33 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-04 22:35 . 2004-08-13 06:41 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-04 22:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:19 . 2007-06-19 01:59 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2007-06-19 01:59 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2004-08-13 06:41 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2004-08-13 06:41 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2004-08-13 06:41 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2004-02-26 00:35 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2003-07-30 13:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2003-07-30 13:00 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2007-06-19 01:59 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2004-08-13 06:41 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2003-07-30 13:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 03:41 . 2006-04-01 01:54 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-07 335872] "AsioReg"="CTASIO.DLL" [2003-02-20 110592] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056] "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939] "CTHelper"="CTHELPER.EXE" [2003-02-20 28672] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\documents and settings\Jim\Start Menu\Programs\Startup\ GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2010-3-26 431608] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\Jim\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2006-05-08 09:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-05-21 12:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2006-04-15 20:14 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] 2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Tray] 2009-04-14 22:37 139264 ----a-w- c:\program files\Upromise\UpromiseTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Update] 2009-04-13 21:50 96136 ----a-w- c:\program files\Upromise\dca-ua.exe . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 37158808 *Deregistered* - 37158808 . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34] . 2012-07-06 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-09-09 13:26] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7170fa92ab76.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 21:56] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 21:56] . 2012-07-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . 2012-07-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08] . 2004-10-19 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-19 22:38] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: kyw1060.com\www Trusted Zone: mcafee.com Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: phillies.com\www Trusted Zone: windowsupdate.com TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.126.199.53:81/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\bl6vfl0c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q= FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyoApz4U8&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 606540c60000000000000007e9484568 FF - user.js: extensions.incredibar_i.hardId - 606540c60000000000000007e9484568 FF - user.js: extensions.incredibar_i.instlDay - 15341 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2711:23 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyoApz4U8 FF - user.js: extensions.incredibar_i.upn2n - 92260656017641888 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10589 FF - user.js: extensions.incredibar_i.ppd - . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe MSConfigStartUp-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr_.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-07 10:14 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NETFramework] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Abiosdsk] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\abp480n5] "ImagePath"="\SystemRoot\System32\DRIVERS\ABP480N5.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ACPI] "ImagePath"="System32\DRIVERS\ACPI.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ACPIEC] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\adpu160m] "ImagePath"="\SystemRoot\System32\DRIVERS\adpu160m.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aeaudio] "ImagePath"="system32\drivers\aeaudio.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aec] "ImagePath"="system32\drivers\aec.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\agp440] "ImagePath"="\SystemRoot\System32\DRIVERS\agp440.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\agpCPQ] "ImagePath"="\SystemRoot\System32\DRIVERS\agpCPQ.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Aha154x] "ImagePath"="\SystemRoot\System32\DRIVERS\aha154x.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aic78u2] "ImagePath"="\SystemRoot\System32\DRIVERS\aic78u2.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aic78xx] "ImagePath"="\SystemRoot\System32\DRIVERS\aic78xx.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AliIde] "ImagePath"="\SystemRoot\System32\DRIVERS\aliide.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\alim1541] "ImagePath"="\SystemRoot\System32\DRIVERS\alim1541.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\amdagp] "ImagePath"="\SystemRoot\System32\DRIVERS\amdagp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\amsint] "ImagePath"="\SystemRoot\System32\DRIVERS\amsint.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AOL ACS] "ImagePath"="c:\progra~1\COMMON~1\AOL\ACS\acsd.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Apple Mobile Device] "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Arp1394] "ImagePath"="System32\DRIVERS\arp1394.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc] "ImagePath"="\SystemRoot\System32\DRIVERS\asc.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc3350p] "ImagePath"="\SystemRoot\System32\DRIVERS\asc3350p.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc3550] "ImagePath"="\SystemRoot\System32\DRIVERS\asc3550.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASP.NET] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASP.NET_1.1.4322] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASP.NET_2.0.50727] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\atapi] "ImagePath"="System32\DRIVERS\atapi.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Atdisk] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ati HotKey Poller] "ImagePath"="%SystemRoot%\System32\Ati2evxx.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ati2mtag] "ImagePath"="System32\DRIVERS\ati2mtag.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\atinevxx] "ImagePath"="System32\DRIVERS\atinevxx.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ATITUNEP] "ImagePath"="System32\DRIVERS\atineuxx.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ativraxx] "ImagePath"="System32\DRIVERS\atinraxx.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ATIXSAudio] "ImagePath"="System32\DRIVERS\atinesxx.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Atmarpc] "ImagePath"="System32\DRIVERS\atmarpc.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\audstub] "ImagePath"="System32\DRIVERS\audstub.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BCMModem] "ImagePath"="System32\DRIVERS\BCMSM.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Beep] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BHDrvx86] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Bonjour Service] "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bvrp_pci] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme] "ImagePath"="\??\c:\docume~1\Jim\LOCALS~1\Temp\catchme.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cbidf] "ImagePath"="\SystemRoot\System32\DRIVERS\cbidf2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cbidf2k] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CCDECODE] "ImagePath"="System32\DRIVERS\CCDECODE.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cd20xrnt] "ImagePath"="\SystemRoot\System32\DRIVERS\cd20xrnt.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cdaudio] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cdfs] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cdrom] "ImagePath"="System32\DRIVERS\cdrom.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Changer] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\clr_optimization_v2.0.50727_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CmdIde] "ImagePath"="\SystemRoot\System32\DRIVERS\cmdide.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ContentFilter] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ContentIndex] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cpqarray] "ImagePath"="\SystemRoot\System32\DRIVERS\cpqarray.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Creative Service for CDROM Access] "ImagePath"="c:\windows\System32\CTsvcCDA.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ctac32k] "ImagePath"="System32\drivers\ctac32k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ctaud2k] "ImagePath"="system32\drivers\ctaud2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ctdvda2k] "ImagePath"="System32\drivers\ctdvda2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ctprxy2k] "ImagePath"="System32\drivers\ctprxy2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ctsfm2k] "ImagePath"="System32\drivers\ctsfm2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dac2w2k] "ImagePath"="\SystemRoot\System32\DRIVERS\dac2w2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dac960nt] "ImagePath"="\SystemRoot\System32\DRIVERS\dac960nt.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DgiVecp] "ImagePath"="\??\c:\windows\system32\Drivers\DgiVecp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Disk] "ImagePath"="System32\DRIVERS\disk.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dpti2o] "ImagePath"="\SystemRoot\System32\DRIVERS\dpti2o.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\drvmcdb] "ImagePath"="system32\drivers\drvmcdb.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\drvncdb] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\drvnddm] "ImagePath"="system32\drivers\drvnddm.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DSBrokerService] "ImagePath"="\"c:\program files\DellSupport\brkrsvc.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DSproct] "ImagePath"="\??\c:\program files\DellSupport\GTAction\triggers\DSproct.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dsunidrv] "ImagePath"="system32\DRIVERS\dsunidrv.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\E100B] "ImagePath"="System32\DRIVERS\e100b325.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\eeCtrl] "ImagePath"="\??\c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ehSched] "ImagePath"="c:\windows\ehome\ehSched.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EL90XBC] "ImagePath"="System32\DRIVERS\el90xbc5.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\emupia] "ImagePath"="System32\drivers\emupia2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EraserUtilRebootDrv] "ImagePath"="\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EUSBMSD] "ImagePath"="System32\DRIVERS\EUSBMSD.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystem] "ServiceDll"="c:\windows\System32\es.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fastfat] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc] "ImagePath"="System32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fips] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk] "ImagePath"="System32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FontCache3.0.0.0] "ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fs_Rec] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ftdisk] "ImagePath"="System32\DRIVERS\ftdisk.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GEARAspiWDM] "ImagePath"="System32\Drivers\GEARAspiWDM.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Gpc] "ImagePath"="System32\DRIVERS\msgpc.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gupdate] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gupdatem] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gusvc] "ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ha10kx2k] "ImagePath"="System32\drivers\ha10kx2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hap16v2k] "ImagePath"="System32\drivers\hap16v2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidIr] "ImagePath"="System32\DRIVERS\hidir.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidUsb] "ImagePath"="System32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hkmsvc] "ServiceDll"="%SystemRoot%\System32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpn] "ImagePath"="\SystemRoot\System32\DRIVERS\hpn.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omgmt] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omp] "ImagePath"="\SystemRoot\System32\DRIVERS\i2omp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i8042prt] "ImagePath"="System32\DRIVERS\i8042prt.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IDriverT] "ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\idsvc] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IDSxpx86] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120705.001\IDSxpx86.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ILADFtmi] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Imapi] "ImagePath"="System32\DRIVERS\imapi.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\inetaccs] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ini910u] "ImagePath"="\SystemRoot\System32\DRIVERS\ini910u.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Inport] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelIde] "ImagePath"="\SystemRoot\System32\DRIVERS\intelide.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\intelppm] "ImagePath"="System32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ip6Fw] "ImagePath"="system32\drivers\ip6fw.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpFilterDriver] "ImagePath"="System32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpInIp] "ImagePath"="System32\DRIVERS\ipinip.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpNat] "ImagePath"="System32\DRIVERS\ipnat.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IrBus] "ImagePath"="System32\DRIVERS\IrBus.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IRENUM] "ImagePath"="System32\DRIVERS\irenum.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ISAPISearch] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\isapnp] "ImagePath"="System32\DRIVERS\isapnp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\JavaQuickStarterService] "ImagePath"="\"c:\program files\Java\jre7\bin\jqs.exe\" -service -config \"c:\program files\Java\jre7\lib\deploy\jqs\jqs.conf\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kbdclass] "ImagePath"="System32\DRIVERS\kbdclass.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\kbdhid] "ImagePath"="System32\DRIVERS\kbdhid.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\KSecDD] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lbrtfdc] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ldap] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LexBceS] "ImagePath"="c:\windows\system32\LEXBCES.EXE" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LicenseService] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MDM] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmdd] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvc] "ImagePath"="c:\windows\System32\mnmsrvc.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Modem] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MODEMCSA] "ImagePath"="system32\drivers\MODEMCSA.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mouclass] "ImagePath"="System32\DRIVERS\mouclass.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mouhid] "ImagePath"="System32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MountMgr] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mraid35x] "ImagePath"="\SystemRoot\System32\DRIVERS\mraid35x.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxDAV] "ImagePath"="System32\DRIVERS\mrxdav.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxSmb] "ImagePath"="System32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSCSPTISRV] "ImagePath"="\"c:\program files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC] "ImagePath"="c:\windows\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Msfs] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mssmbios] "ImagePath"="System32\DRIVERS\mssmbios.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSSQL$MICROSOFTBCM] "ImagePath"="c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSSQLServerADHelper] "ImagePath"="c:\program files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mup] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MVDCODEC] "ImagePath"="System32\DRIVERS\atinmdxx.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NABTSFEC] "ImagePath"="System32\DRIVERS\NABTSFEC.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\napagent] "ServiceDll"="%SystemRoot%\System32\qagentrt.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAVENG] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120706.036\NAVENG.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAVEX15] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120706.036\NAVEX15.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDIS] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisIP] "ImagePath"="System32\DRIVERS\NdisIP.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisTapi] "ImagePath"="System32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ndisuio] "ImagePath"="System32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisWan] "ImagePath"="System32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDProxy] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBIOS] "ImagePath"="System32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetSvc] "ImagePath"="c:\program files\Intel\NCS\Sync\NetSvc.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetTcpPortSharing] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIC1394] "ImagePath"="System32\DRIVERS\nic1394.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Npfs] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ntfs] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtLmSsp] "ImagePath"="%SystemRoot%\System32\lsass.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Null] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nv] "ImagePath"="System32\DRIVERS\nv4_mini.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFlt] "ImagePath"="System32\DRIVERS\nwlnkflt.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFwd] "ImagePath"="System32\DRIVERS\nwlnkfwd.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ohci1394] "ImagePath"="System32\DRIVERS\ohci1394.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\omci] "ImagePath"="System32\DRIVERS\omci.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ossrv] "ImagePath"="system32\drivers\ctoss2k.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Outlook] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\P3] "ImagePath"="System32\DRIVERS\p3.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PACSPTISVR] "ImagePath"="\"c:\program files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Parport] "ImagePath"="System32\DRIVERS\parport.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PartMgr] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ParVdm] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCDCODEC] "ImagePath"="System32\DRIVERS\atinpdxx.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCI] "ImagePath"="System32\DRIVERS\pci.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIDump] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIIde] "ImagePath"="System32\DRIVERS\pciide.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pcmcia] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDCOMP] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDFRAME] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRELI] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRFRAME] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2] "ImagePath"="\SystemRoot\System32\DRIVERS\perc2.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2hib] "ImagePath"="\SystemRoot\System32\DRIVERS\perc2hib.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfDisk] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfNet] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfOS] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfProc] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PfModNT] "ImagePath"="\??\c:\windows\System32\drivers\PfModNT.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PptpMiniport] "ImagePath"="System32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Processor] "ImagePath"="System32\DRIVERS\processr.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSched] "ImagePath"="System32\DRIVERS\psched.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ptilink] "ImagePath"="System32\DRIVERS\ptilink.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PxHelp20] "ImagePath"="System32\DRIVERS\PxHelp20.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1080] "ImagePath"="\SystemRoot\System32\DRIVERS\ql1080.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ql10wnt] "ImagePath"="\SystemRoot\System32\DRIVERS\ql10wnt.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql12160] "ImagePath"="\SystemRoot\System32\DRIVERS\ql12160.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1240] "ImagePath"="\SystemRoot\System32\DRIVERS\ql1240.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1280] "ImagePath"="\SystemRoot\System32\DRIVERS\ql1280.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rasl2tp] "ImagePath"="System32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasPppoe] "ImagePath"="System32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Raspti] "ImagePath"="System32\DRIVERS\raspti.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rdbss] "ImagePath"="System32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPDD] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rdpdr] "ImagePath"="System32\DRIVERS\rdpdr.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPNP] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPWD] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDSessMgr] "ImagePath"="c:\windows\system32\sessmgr.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\redbook] "ImagePath"="System32\DRIVERS\redbook.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcLocator] "ImagePath"="%SystemRoot%\System32\locator.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RSVP] "ImagePath"="%SystemRoot%\System32\rsvp.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ScsiPort] "ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Secdrv] "ImagePath"="System32\DRIVERS\secdrv.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\serenum] "ImagePath"="System32\DRIVERS\serenum.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Serial] "ImagePath"="System32\DRIVERS\serial.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sfloppy] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Simbad] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sisagp] "ImagePath"="\SystemRoot\System32\DRIVERS\sisagp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SLIP] "ImagePath"="System32\DRIVERS\SLIP.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\smwdm] "ImagePath"="system32\drivers\smwdm.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sparrow] "ImagePath"="\SystemRoot\System32\DRIVERS\sparrow.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sprtsvc_dellsupportcenter] "ImagePath"="c:\program files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SPTISRV] "ImagePath"="\"c:\program files\Common Files\Sony Shared\AVLib\SPTISRV.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SQLAgent$MICROSOFTBCM] "ImagePath"="c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sr] "ImagePath"="System32\DRIVERS\sr.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srservice] "ServiceDll"="%SystemRoot%\system32\srsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SRTSP] "ImagePath"="\SystemRoot\System32\Drivers\N360\0502010.003\SRTSP.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SRTSPX] "ImagePath"="\SystemRoot\system32\drivers\N360\0502010.003\SRTSPX.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sscdbhk5] "ImagePath"="system32\drivers\sscdbhk5.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSPORT] "ImagePath"="\??\c:\windows\system32\Drivers\SSPORT.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ssrtln] "ImagePath"="system32\drivers\ssrtln.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSScsiSV] "ImagePath"="c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\streamip] "ImagePath"="System32\DRIVERS\StreamIP.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swenum] "ImagePath"="System32\DRIVERS\swenum.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrv] "ImagePath"="c:\windows\System32\dllhost.exe /Processid:{31124A66-23E8-4EF6-B153-51C109B001D1}" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swwd] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc810] "ImagePath"="\SystemRoot\System32\DRIVERS\symc810.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc8xx] "ImagePath"="\SystemRoot\System32\DRIVERS\symc8xx.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SymDS] "ImagePath"="system32\drivers\N360\0502010.003\SYMDS.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SymEFA] "ImagePath"="system32\drivers\N360\0502010.003\SYMEFA.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SymEvent] "ImagePath"="\??\c:\windows\system32\Drivers\SYMEVENT.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SYMFW] "ImagePath"="\SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SYMIDS] "ImagePath"="\SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SymIRON] "ImagePath"="\SystemRoot\system32\drivers\N360\0502010.003\Ironx86.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SYMNDIS] "ImagePath"="\SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SYMTDI] "ImagePath"="\SystemRoot\System32\Drivers\N360\0502010.003\SYMTDI.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_hi] "ImagePath"="\SystemRoot\System32\DRIVERS\sym_hi.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_u3] "ImagePath"="\SystemRoot\System32\DRIVERS\sym_u3.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip] "ImagePath"="System32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDPIPE] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDTCP] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermDD] "ImagePath"="System32\DRIVERS\termdd.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnboio] "ImagePath"="system32\dla\tfsnboio.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsncofs] "ImagePath"="system32\dla\tfsncofs.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsndrct] "ImagePath"="system32\dla\tfsndrct.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsndres] "ImagePath"="system32\dla\tfsndres.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnifs] "ImagePath"="system32\dla\tfsnifs.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnopio] "ImagePath"="system32\dla\tfsnopio.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnpool] "ImagePath"="system32\dla\tfsnpool.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnudf] "ImagePath"="system32\dla\tfsnudf.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnudfa] "ImagePath"="system32\dla\tfsnudfa.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TlntSvr] "ImagePath"="c:\windows\System32\tlntsvr.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TosIde] "ImagePath"="\SystemRoot\System32\DRIVERS\toside.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TSDDD] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Udfs] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ultra] "ImagePath"="\SystemRoot\System32\DRIVERS\ultra.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UMWdf] "ImagePath"="c:\windows\system32\wdfmgr.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Update] "ImagePath"="System32\DRIVERS\update.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usb] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBAAPL] "ImagePath"="System32\Drivers\usbaapl.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbccgp] "ImagePath"="System32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbehci] "ImagePath"="System32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbhub] "ImagePath"="System32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbprint] "ImagePath"="System32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbscan] "ImagePath"="System32\DRIVERS\usbscan.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBSTOR] "ImagePath"="System32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbuhci] "ImagePath"="System32\DRIVERS\usbuhci.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\viaagp] "ImagePath"="\SystemRoot\System32\DRIVERS\viaagp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ViaIde] "ImagePath"="\SystemRoot\System32\DRIVERS\viaide.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VolSnap] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VxD] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\w32time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W3SVC] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wanarp] "ImagePath"="System32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wanatw] "ImagePath"="System32\DRIVERS\wanatw4.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WANMiniportService] "ImagePath"="\"c:\windows\wanmpsvc.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WDICA] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinDefend] "ImagePath"="\"c:\program files\Windows Defender\MsMpEng.exe\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinTrust] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMConnectCDS] "ImagePath"="c:\program files\Windows Media Connect 2\wmccds.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMDM PMSP Service] "ImagePath"="c:\windows\System32\MsPMSPSv.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSN] "ServiceDll"="c:\windows\system32\mspmsnsv.dll" -- . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApRpl] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrv] "ImagePath"="c:\windows\System32\wbem\wmiapsrv.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WpdUsb] "ImagePath"="System32\Drivers\wpdusb.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WS2IFSL] "ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WSTCODEC] "ImagePath"="System32\DRIVERS\WSTCODEC.SYS" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv] "ServiceDll"="c:\windows\system32\wuauserv.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{17EF01C9-1C47-4CA4-ACF6-0A5EA2E949EC}] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{6DCA1335-2A4E-4A19-8A3E-D37C25D931A8}] . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{CE910A3A-E4CB-42EF-B86F-01A2AE78491A}] . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1093819779-2537581792-1553126955-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2012-07-07 10:19:00 ComboFix-quarantined-files.txt 2012-07-07 14:18 . Pre-Run: 5,734,383,616 bytes free Post-Run: 7,126,237,184 bytes free . - - End Of File - - 413B84DF0CEC6A246662D95B7593A3AC
Ad network traffic, slow internet connection

jvreynol replied to jvreynol's topic in Resolved Malware Removal Logs

============= DDS Logs - DDS.txt =============== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0 Run by Jim at 5:05:18 on 2012-07-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1912 [GMT -4:00] . AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* . ============== Running Processes =============== . C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Support.com\bin\tgcmd.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll TB: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll TB: !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {00000000-0000-0000-0000-000000000000} - No File TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 2.8; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ATIModeChange] Ati2mdxx.exe mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL mRun: [updReg] c:\windows\UpdReg.EXE mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe" mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [CTHelper] CTHELPER.EXE mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\jim\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: kyw1060.com\www Trusted Zone: mcafee.com Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: phillies.com\www Trusted Zone: windowsupdate.com DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1077755673359 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1077755629062 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.126.199.53:81/activex/AMC.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CE910A3A-E4CB-42EF-B86F-01A2AE78491A} : DhcpNameServer = 192.168.1.1 Notify: WRNotifier - WRLogonNTF.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\bl6vfl0c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q= FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\1.2.567.20382\npCIDetect5.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn . ---- FIREFOX POLICIES ---- . FF - user.js: browser.search.selectedEngine - Search FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q= FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyoApz4U8&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 606540c60000000000000007e9484568 FF - user.js: extensions.incredibar_i.hardId - 606540c60000000000000007e9484568 FF - user.js: extensions.incredibar_i.instlDay - 15341 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2711:23:06 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyoApz4U8 FF - user.js: extensions.incredibar_i.upn2n - 92260656017641888 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10589 FF - user.js: extensions.incredibar_i.ppd - . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-4-23 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-4-23 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-18 821920] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-4-23 136312] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-4-23 130008] R2 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-2 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120705.001\IDSXpx86.sys [2012-7-5 369632] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120705.018\NAVENG.SYS [2012-7-6 87928] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120705.018\NAVEX15.SYS [2012-7-6 1589752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104] . =============== Created Last 30 ================ . 2012-07-06 06:09:13 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{caa97406-a117-4f26-bfbc-0011a665fadd}\mpengine.dll 2012-07-06 02:48:53 -------- d-----w- C:\TDSSKiller_Quarantine . ==================== Find3M ==================== . 2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui . ============= FINISH: 5:07:52.62 =============== ========== Attach.txt ========== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 11/15/2003 3:55:47 PM System Uptime: 7/6/2012 5:01:44 AM (0 hours ago) . Motherboard: Dell Computer Corp. | | 0M2035 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 112 GiB total, 1.46 GiB free. D: is CDROM () E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP212: 7/5/2012 11:13:04 PM - Software Distribution Service 3.0 RP213: 7/6/2012 2:09:04 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . . ABBYY FineReader 5.0 Sprint Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop Elements 2.0 Adobe Reader 8.3.1 Adobe Shockwave Player America Online (Choose which version to remove) AnswerWorks 5.0 English Runtime AOL Coach Version 1.0(Build:20030807.3) Apple Application Support Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver ATIMCEE AXIS Media Control Embedded Backyard Football Banctec Service Agreement BCM V.92 56K Modem Bonjour Business Contact Manager for Outlook 2003 CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.10 Canon Utilities EOS Sample Music Canon Utilities EOS Utility Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Utilities Movie Uploader for YouTube Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Classic PhoneTools Compatibility Pack for the 2007 Office system Creative MediaSource DAO Dell AIO Printer A940 Dell Networking Guide Dell Picture Studio - Dell Image Expert Dell Solution Center Dell Support Center DellSupport Desktop Doctor DS21Patch DVDSentry EarthLink Setup Files ESET Online Scanner v3 exPressit S.E. 2.1 Family Tree Maker 2005 Family Tree Maker 9.0 Garmin Communicator Plugin Garmin POI Loader Garmin VoiceStudio v2.10 GemMaster Mystic Glary Utilities 2.37.0.1260 Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GoZone iSync Greeting Card Factory Deluxe 2.0 GTK+ 1.3.0-20030717-1 runtime environment Help and Support Customization HighMAT Extension to Microsoft Windows XP CD Writing Wizard HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® PRO Network Connections Drivers Intel® PROSet iPod for Windows 2006-03-23 iTunes Java Auto Updater Java 7 LAME v3.98.2 for Audacity Learn2 Player (Uninstall Only) LiveUpdate 1.90 (Symantec Corporation) Malwarebytes Anti-Malware version 1.61.0.1400 Managed DirectX (0901) Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In Microsoft Office Small Business Edition 2003 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Windows Journal Viewer MobileMe Control Panel Modem Helper Mozilla Firefox (3.6.25) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Norton Security Suite OpenMG AAC Add-on Module 1.0.00 OpenMG Limited Patch 4.5-06-05-12-01 OpenMG Secure Module 4.5.01 Otto Paint Shop Pro 7 Pdf995 Picasa 3 PowerDVD Quicken 2011 QuickTime Reader Rabbit's Preschool RealPlayer RollerCoaster Tycoon 2 RollerCoaster Tycoon 2: Wacky Worlds Samsung CLP-310 Series Savings Bond Wizard Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SmartMusic 2012a Sonic MyDVD Sonic PrimeTime Sonic RecordNow! Sonic UDF Reader Sonic Update Manager SonicStage 4.0 Sound Blaster Audigy 2 The GIMP 1.2.5-20030729-1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2641690) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Upromise TurboSaver (remove only) VoiceOver Kit WD Diagnostics WebFldrs XP Webshots Desktop Windows Defender Windows Defender Signatures Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Connect Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows Presentation Foundation Windows XP Service Pack 3 XML Paper Specification Shared Components Pack 1.0 Xvid 1.2.2 final uninstall Zoo Tycoon Expanded . ==== Event Viewer Messages From Past Week ======== . 7/6/2012 5:02:54 AM, error: Print [19] - Sharing printer failed + 1722, Printer PDF995 share name Printer. 7/4/2012 10:10:47 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified. 7/4/2012 10:10:47 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified. 7/4/2012 10:10:47 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified. 7/4/2012 10:06:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service. 7/4/2012 10:05:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. 7/3/2012 8:43:27 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2149896199 7/3/2012 8:27:07 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D. 7/3/2012 5:37:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service. . ==== End Of File ===========================
Ad network traffic, slow internet connection

jvreynol replied to jvreynol's topic in Resolved Malware Removal Logs

Decided to try to clean per your instructions...multiple replies due to post too long... TDSSKiller Log ============ 22:46:43.0687 4576 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 22:46:45.0687 4576 ============================================================ 22:46:45.0687 4576 Current date / time: 2012/07/05 22:46:45.0687 22:46:45.0687 4576 SystemInfo: 22:46:45.0687 4576 22:46:45.0687 4576 OS Version: 5.1.2600 ServicePack: 3.0 22:46:45.0687 4576 Product type: Workstation 22:46:45.0687 4576 ComputerName: REYNOLDS 22:46:45.0687 4576 UserName: Jim 22:46:45.0687 4576 Windows directory: C:\WINDOWS 22:46:45.0687 4576 System windows directory: C:\WINDOWS 22:46:45.0687 4576 Processor architecture: Intel x86 22:46:45.0687 4576 Number of processors: 1 22:46:45.0687 4576 Page size: 0x1000 22:46:45.0687 4576 Boot type: Normal boot 22:46:45.0687 4576 ============================================================ 22:46:48.0468 4576 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:46:48.0625 4576 ============================================================ 22:46:48.0625 4576 \Device\Harddisk0\DR0: 22:46:48.0625 4576 MBR partitions: 22:46:48.0625 4576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xDF741B9 22:46:48.0625 4576 ============================================================ 22:46:48.0687 4576 C: <-> \Device\Harddisk0\DR0\Partition0 22:46:48.0687 4576 ============================================================ 22:46:48.0687 4576 Initialize success 22:46:48.0687 4576 ============================================================ 22:47:15.0031 5896 ============================================================ 22:47:15.0031 5896 Scan started 22:47:15.0031 5896 Mode: Manual; SigCheck; TDLFS; 22:47:15.0031 5896 ============================================================ 22:47:15.0453 5896 Abiosdsk - ok 22:47:15.0500 5896 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS 22:47:18.0062 5896 abp480n5 - ok 22:47:18.0109 5896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:47:18.0390 5896 ACPI - ok 22:47:18.0421 5896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:47:18.0625 5896 ACPIEC - ok 22:47:18.0640 5896 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys 22:47:18.0859 5896 adpu160m - ok 22:47:18.0906 5896 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 22:47:18.0984 5896 aeaudio - ok 22:47:19.0031 5896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:47:19.0203 5896 aec - ok 22:47:19.0250 5896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 22:47:19.0312 5896 AFD - ok 22:47:19.0375 5896 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys 22:47:19.0562 5896 agp440 - ok 22:47:19.0593 5896 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys 22:47:19.0781 5896 agpCPQ - ok 22:47:19.0812 5896 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys 22:47:19.0953 5896 Aha154x - ok 22:47:19.0984 5896 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys 22:47:20.0187 5896 aic78u2 - ok 22:47:20.0203 5896 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys 22:47:20.0390 5896 aic78xx - ok 22:47:20.0437 5896 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 22:47:20.0625 5896 Alerter - ok 22:47:20.0656 5896 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 22:47:20.0843 5896 ALG - ok 22:47:20.0875 5896 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys 22:47:21.0078 5896 AliIde - ok 22:47:21.0109 5896 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys 22:47:21.0296 5896 alim1541 - ok 22:47:21.0343 5896 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys 22:47:21.0640 5896 amdagp - ok 22:47:21.0671 5896 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys 22:47:21.0781 5896 amsint - ok 22:47:22.0015 5896 AOL ACS (73d675514f148b1e69429e1d95e22adc) C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe 22:47:22.0187 5896 AOL ACS ( UnsignedFile.Multi.Generic ) - warning 22:47:22.0187 5896 AOL ACS - detected UnsignedFile.Multi.Generic (1) 22:47:22.0250 5896 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:47:22.0265 5896 Apple Mobile Device - ok 22:47:22.0421 5896 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 22:47:22.0593 5896 AppMgmt - ok 22:47:22.0671 5896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 22:47:22.0875 5896 Arp1394 - ok 22:47:22.0890 5896 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys 22:47:23.0125 5896 asc - ok 22:47:23.0140 5896 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys 22:47:23.0234 5896 asc3350p - ok 22:47:23.0265 5896 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys 22:47:23.0484 5896 asc3550 - ok 22:47:23.0593 5896 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 22:47:23.0656 5896 aspnet_state - ok 22:47:23.0687 5896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:47:23.0875 5896 AsyncMac - ok 22:47:23.0937 5896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:47:24.0109 5896 atapi - ok 22:47:24.0125 5896 Atdisk - ok 22:47:24.0187 5896 Ati HotKey Poller (0715fd85c9dbbc18346a7da07873d298) C:\WINDOWS\System32\Ati2evxx.exe 22:47:24.0265 5896 Ati HotKey Poller - ok 22:47:24.0359 5896 ati2mtag (2d30381d718228d2841cf962e9e86499) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 22:47:24.0468 5896 ati2mtag - ok 22:47:24.0500 5896 atinevxx (d335e45bfa1bf0bf93a8d3c15d1fc0e1) C:\WINDOWS\system32\DRIVERS\atinevxx.sys 22:47:24.0546 5896 atinevxx - ok 22:47:24.0609 5896 ATITUNEP (4e09c36d16c5c310e9e8065385e743c2) C:\WINDOWS\system32\DRIVERS\atineuxx.sys 22:47:24.0640 5896 ATITUNEP - ok 22:47:24.0671 5896 ativraxx (866332d193898755dc955a4ad111ac89) C:\WINDOWS\system32\DRIVERS\atinraxx.sys 22:47:24.0718 5896 ativraxx - ok 22:47:24.0734 5896 ATIXSAudio (2bf5f72ad56964451b2e7b22aae389d1) C:\WINDOWS\system32\DRIVERS\atinesxx.sys 22:47:24.0781 5896 ATIXSAudio - ok 22:47:24.0812 5896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:47:25.0015 5896 Atmarpc - ok 22:47:25.0046 5896 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 22:47:25.0250 5896 AudioSrv - ok 22:47:25.0281 5896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:47:25.0484 5896 audstub - ok 22:47:25.0593 5896 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys 22:47:25.0781 5896 BCMModem - ok 22:47:25.0843 5896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:47:26.0078 5896 Beep - ok 22:47:26.0359 5896 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys 22:47:26.0484 5896 BHDrvx86 - ok 22:47:26.0546 5896 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 22:47:26.0843 5896 BITS - ok 22:47:26.0953 5896 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 22:47:26.0984 5896 Bonjour Service - ok 22:47:27.0031 5896 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 22:47:27.0250 5896 Browser - ok 22:47:27.0296 5896 bvrp_pci - ok 22:47:27.0359 5896 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys 22:47:27.0671 5896 cbidf - ok 22:47:27.0687 5896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:47:27.0906 5896 cbidf2k - ok 22:47:27.0937 5896 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 22:47:28.0140 5896 CCDECODE - ok 22:47:28.0171 5896 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys 22:47:28.0250 5896 cd20xrnt - ok 22:47:28.0296 5896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:47:28.0500 5896 Cdaudio - ok 22:47:28.0531 5896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:47:28.0718 5896 Cdfs - ok 22:47:28.0750 5896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:47:28.0937 5896 Cdrom - ok 22:47:28.0953 5896 Changer - ok 22:47:29.0000 5896 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 22:47:29.0187 5896 CiSvc - ok 22:47:29.0234 5896 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 22:47:29.0406 5896 ClipSrv - ok 22:47:29.0515 5896 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:47:29.0578 5896 clr_optimization_v2.0.50727_32 - ok 22:47:29.0609 5896 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys 22:47:29.0828 5896 CmdIde - ok 22:47:29.0859 5896 COMSysApp - ok 22:47:29.0906 5896 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys 22:47:30.0125 5896 Cpqarray - ok 22:47:30.0171 5896 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe 22:47:30.0187 5896 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning 22:47:30.0187 5896 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1) 22:47:30.0234 5896 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 22:47:30.0406 5896 CryptSvc - ok 22:47:30.0453 5896 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys 22:47:30.0500 5896 ctac32k - ok 22:47:30.0562 5896 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys 22:47:30.0625 5896 ctaud2k - ok 22:47:30.0687 5896 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys 22:47:30.0765 5896 ctdvda2k - ok 22:47:30.0812 5896 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys 22:47:30.0828 5896 ctprxy2k - ok 22:47:30.0875 5896 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys 22:47:30.0906 5896 ctsfm2k - ok 22:47:30.0937 5896 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys 22:47:31.0156 5896 dac2w2k - ok 22:47:31.0187 5896 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys 22:47:31.0406 5896 dac960nt - ok 22:47:31.0484 5896 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 22:47:31.0578 5896 DcomLaunch - ok 22:47:31.0593 5896 DgiVecp - ok 22:47:31.0671 5896 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 22:47:31.0859 5896 Dhcp - ok 22:47:31.0921 5896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:47:32.0093 5896 Disk - ok 22:47:32.0109 5896 dmadmin - ok 22:47:32.0203 5896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 22:47:32.0406 5896 dmboot - ok 22:47:32.0453 5896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 22:47:32.0640 5896 dmio - ok 22:47:32.0656 5896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:47:32.0875 5896 dmload - ok 22:47:32.0937 5896 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 22:47:33.0093 5896 dmserver - ok 22:47:33.0140 5896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:47:33.0312 5896 DMusic - ok 22:47:33.0359 5896 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 22:47:33.0453 5896 Dnscache - ok 22:47:33.0500 5896 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 22:47:33.0687 5896 Dot3svc - ok 22:47:33.0718 5896 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys 22:47:33.0937 5896 dpti2o - ok 22:47:34.0000 5896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:47:34.0187 5896 drmkaud - ok 22:47:34.0234 5896 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys 22:47:34.0265 5896 drvmcdb ( UnsignedFile.Multi.Generic ) - warning 22:47:34.0265 5896 drvmcdb - detected UnsignedFile.Multi.Generic (1) 22:47:34.0296 5896 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys 22:47:34.0296 5896 drvnddm ( UnsignedFile.Multi.Generic ) - warning 22:47:34.0296 5896 drvnddm - detected UnsignedFile.Multi.Generic (1) 22:47:34.0406 5896 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe 22:47:34.0421 5896 DSBrokerService - ok 22:47:34.0484 5896 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 22:47:34.0500 5896 DSproct ( UnsignedFile.Multi.Generic ) - warning 22:47:34.0500 5896 DSproct - detected UnsignedFile.Multi.Generic (1) 22:47:34.0531 5896 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 22:47:34.0578 5896 dsunidrv - ok 22:47:34.0640 5896 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys 22:47:34.0765 5896 E100B - ok 22:47:34.0812 5896 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 22:47:35.0015 5896 EapHost - ok 22:47:35.0156 5896 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 22:47:35.0265 5896 eeCtrl - ok 22:47:35.0343 5896 ehSched (f6d494d609d52a0e9596756c5540a978) C:\WINDOWS\ehome\ehSched.exe 22:47:35.0515 5896 ehSched - ok 22:47:35.0562 5896 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 22:47:35.0796 5896 EL90XBC - ok 22:47:35.0859 5896 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys 22:47:35.0906 5896 emupia - ok 22:47:35.0953 5896 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 22:47:35.0968 5896 EraserUtilRebootDrv - ok 22:47:36.0015 5896 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 22:47:36.0218 5896 ERSvc - ok 22:47:36.0265 5896 EUSBMSD (3dc945a9abbfb2ecf268eed276e05fec) C:\WINDOWS\system32\DRIVERS\EUSBMSD.SYS 22:47:36.0296 5896 EUSBMSD - ok 22:47:36.0359 5896 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 22:47:36.0406 5896 Eventlog - ok 22:47:36.0453 5896 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll 22:47:36.0531 5896 EventSystem - ok 22:47:36.0562 5896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:47:36.0765 5896 Fastfat - ok 22:47:36.0812 5896 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 22:47:36.0921 5896 FastUserSwitchingCompatibility - ok 22:47:36.0984 5896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:47:37.0156 5896 Fdc - ok 22:47:37.0187 5896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 22:47:37.0421 5896 Fips - ok 22:47:37.0468 5896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:47:37.0640 5896 Flpydisk - ok 22:47:37.0703 5896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:47:37.0875 5896 FltMgr - ok 22:47:38.0000 5896 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:47:38.0015 5896 FontCache3.0.0.0 - ok 22:47:38.0062 5896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:47:38.0265 5896 Fs_Rec - ok 22:47:38.0328 5896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:47:38.0531 5896 Ftdisk - ok 22:47:38.0578 5896 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 22:47:38.0609 5896 GEARAspiWDM - ok 22:47:38.0687 5896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:47:38.0859 5896 Gpc - ok 22:47:38.0968 5896 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 22:47:38.0984 5896 gupdate - ok 22:47:39.0000 5896 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 22:47:39.0031 5896 gupdatem - ok 22:47:39.0109 5896 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 22:47:39.0125 5896 gusvc - ok 22:47:39.0234 5896 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys 22:47:39.0312 5896 ha10kx2k - ok 22:47:39.0328 5896 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys 22:47:39.0359 5896 hap16v2k - ok 22:47:39.0453 5896 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:47:39.0625 5896 helpsvc - ok 22:47:39.0687 5896 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys 22:47:39.0859 5896 HidIr - ok 22:47:39.0906 5896 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 22:47:40.0078 5896 HidServ - ok 22:47:40.0125 5896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:47:40.0281 5896 HidUsb - ok 22:47:40.0343 5896 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 22:47:40.0515 5896 hkmsvc - ok 22:47:40.0546 5896 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys 22:47:40.0750 5896 hpn - ok 22:47:40.0812 5896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:47:40.0859 5896 HTTP - ok 22:47:40.0890 5896 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 22:47:41.0078 5896 HTTPFilter - ok 22:47:41.0109 5896 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 22:47:41.0281 5896 i2omgmt - ok 22:47:41.0312 5896 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys 22:47:41.0703 5896 i2omp - ok 22:47:41.0750 5896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:47:41.0921 5896 i8042prt - ok 22:47:42.0078 5896 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 22:47:42.0109 5896 IDriverT ( UnsignedFile.Multi.Generic ) - warning 22:47:42.0109 5896 IDriverT - detected UnsignedFile.Multi.Generic (1) 22:47:42.0296 5896 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:47:42.0390 5896 idsvc - ok 22:47:42.0593 5896 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120704.001\IDSxpx86.sys 22:47:42.0625 5896 IDSxpx86 - ok 22:47:42.0750 5896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:47:42.0953 5896 Imapi - ok 22:47:43.0015 5896 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 22:47:43.0187 5896 ImapiService - ok 22:47:43.0234 5896 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys 22:47:43.0468 5896 ini910u - ok 22:47:43.0500 5896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys 22:47:43.0671 5896 IntelIde - ok 22:47:43.0734 5896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:47:43.0921 5896 intelppm - ok 22:47:43.0968 5896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:47:44.0156 5896 Ip6Fw - ok 22:47:44.0171 5896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:47:44.0375 5896 IpFilterDriver - ok 22:47:44.0437 5896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:47:44.0593 5896 IpInIp - ok 22:47:44.0625 5896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:47:44.0812 5896 IpNat - ok 22:47:44.0953 5896 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe 22:47:45.0015 5896 iPod Service - ok 22:47:45.0046 5896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:47:45.0234 5896 IPSec - ok 22:47:45.0281 5896 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys 22:47:45.0453 5896 IrBus - ok 22:47:45.0500 5896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:47:45.0671 5896 IRENUM - ok 22:47:45.0765 5896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:47:45.0953 5896 isapnp - ok 22:47:46.0109 5896 JavaQuickStarterService (a1509ba3a5fdc5366146e92b3d130eb5) C:\Program Files\Java\jre7\bin\jqs.exe 22:47:46.0125 5896 JavaQuickStarterService - ok 22:47:46.0171 5896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:47:46.0343 5896 Kbdclass - ok 22:47:46.0375 5896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 22:47:46.0546 5896 kbdhid - ok 22:47:46.0625 5896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:47:46.0796 5896 kmixer - ok 22:47:46.0859 5896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:47:46.0953 5896 KSecDD - ok 22:47:46.0984 5896 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 22:47:47.0078 5896 lanmanserver - ok 22:47:47.0140 5896 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 22:47:47.0203 5896 lanmanworkstation - ok 22:47:47.0218 5896 lbrtfdc - ok 22:47:47.0281 5896 LexBceS (5e3498f3d0146c0e275272b94369e3d2) C:\WINDOWS\system32\LEXBCES.EXE 22:47:47.0359 5896 LexBceS - ok 22:47:47.0421 5896 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 22:47:47.0593 5896 LmHosts - ok 22:47:47.0687 5896 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 22:47:47.0734 5896 MDM - ok 22:47:47.0781 5896 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 22:47:47.0984 5896 Messenger - ok 22:47:48.0031 5896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:47:48.0250 5896 mnmdd - ok 22:47:48.0328 5896 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe 22:47:48.0531 5896 mnmsrvc - ok 22:47:48.0546 5896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 22:47:48.0796 5896 Modem - ok 22:47:48.0843 5896 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 22:47:49.0093 5896 MODEMCSA - ok 22:47:49.0125 5896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:47:49.0312 5896 Mouclass - ok 22:47:49.0359 5896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:47:49.0546 5896 mouhid - ok 22:47:49.0593 5896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:47:49.0765 5896 MountMgr - ok 22:47:49.0796 5896 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys 22:47:50.0000 5896 mraid35x - ok 22:47:50.0062 5896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:47:50.0265 5896 MRxDAV - ok 22:47:50.0359 5896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:47:50.0531 5896 MRxSmb - ok 22:47:50.0703 5896 MSCSPTISRV (f1534aca143ca86cd57672953754fab0) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe 22:47:50.0734 5896 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning 22:47:50.0734 5896 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1) 22:47:50.0781 5896 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe 22:47:51.0000 5896 MSDTC - ok 22:47:51.0046 5896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:47:51.0218 5896 Msfs - ok 22:47:51.0234 5896 MSIServer - ok 22:47:51.0265 5896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:47:51.0453 5896 MSKSSRV - ok 22:47:51.0484 5896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:47:51.0671 5896 MSPCLOCK - ok 22:47:51.0703 5896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:47:51.0875 5896 MSPQM - ok 22:47:51.0921 5896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:47:52.0078 5896 mssmbios - ok 22:47:52.0125 5896 MSSQL$MICROSOFTBCM - ok 22:47:52.0203 5896 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 22:47:52.0234 5896 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning 22:47:52.0234 5896 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1) 22:47:52.0265 5896 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 22:47:52.0421 5896 MSTEE - ok 22:47:52.0484 5896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 22:47:52.0531 5896 Mup - ok 22:47:52.0562 5896 MVDCODEC (04dd08f6c43d331c238197e7deaf0d5e) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys 22:47:52.0609 5896 MVDCODEC - ok 22:47:52.0718 5896 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe 22:47:52.0750 5896 N360 - ok 22:47:52.0796 5896 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 22:47:52.0984 5896 NABTSFEC - ok 22:47:53.0031 5896 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 22:47:53.0218 5896 napagent - ok 22:47:53.0406 5896 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120704.017\NAVENG.SYS 22:47:53.0421 5896 NAVENG - ok 22:47:53.0578 5896 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120704.017\NAVEX15.SYS 22:47:53.0703 5896 NAVEX15 - ok 22:47:53.0937 5896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:47:54.0125 5896 NDIS - ok 22:47:54.0187 5896 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 22:47:54.0953 5896 NdisIP - ok 22:47:55.0000 5896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:47:55.0062 5896 NdisTapi - ok 22:47:55.0109 5896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:47:55.0281 5896 Ndisuio - ok 22:47:55.0328 5896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:47:55.0484 5896 NdisWan - ok 22:47:55.0531 5896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:47:55.0578 5896 NDProxy - ok 22:47:55.0609 5896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:47:55.0781 5896 NetBIOS - ok 22:47:55.0843 5896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:47:56.0015 5896 NetBT - ok 22:47:56.0078 5896 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 22:47:56.0234 5896 NetDDE - ok 22:47:56.0265 5896 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 22:47:56.0421 5896 NetDDEdsdm - ok 22:47:56.0468 5896 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:47:56.0640 5896 Netlogon - ok 22:47:56.0718 5896 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 22:47:56.0906 5896 Netman - ok 22:47:57.0062 5896 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe 22:47:57.0109 5896 NetSvc ( UnsignedFile.Multi.Generic ) - warning 22:47:57.0109 5896 NetSvc - detected UnsignedFile.Multi.Generic (1) 22:47:57.0250 5896 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:47:57.0296 5896 NetTcpPortSharing - ok 22:47:57.0343 5896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:47:57.0515 5896 NIC1394 - ok 22:47:57.0562 5896 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 22:47:57.0593 5896 Nla - ok 22:47:57.0671 5896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:47:57.0859 5896 Npfs - ok 22:47:57.0921 5896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:47:58.0125 5896 Ntfs - ok 22:47:58.0171 5896 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 22:47:58.0312 5896 NtLmSsp - ok 22:47:58.0406 5896 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 22:47:58.0593 5896 NtmsSvc - ok 22:47:58.0625 5896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:47:58.0828 5896 Null - ok 22:47:59.0015 5896 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:47:59.0343 5896 nv - ok 22:47:59.0453 5896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:47:59.0656 5896 NwlnkFlt - ok 22:47:59.0687 5896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:47:59.0859 5896 NwlnkFwd - ok 22:47:59.0890 5896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:48:00.0062 5896 ohci1394 - ok 22:48:00.0125 5896 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys 22:48:00.0140 5896 omci ( UnsignedFile.Multi.Generic ) - warning 22:48:00.0140 5896 omci - detected UnsignedFile.Multi.Generic (1) 22:48:00.0281 5896 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:48:00.0312 5896 ose - ok 22:48:00.0359 5896 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys 22:48:00.0375 5896 ossrv - ok 22:48:00.0453 5896 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 22:48:00.0625 5896 P3 - ok 22:48:00.0718 5896 PACSPTISVR (17bb6b38de8c2bda692ca1db0cea7325) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe 22:48:00.0765 5896 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning 22:48:00.0765 5896 PACSPTISVR - detected UnsignedFile.Multi.Generic (1) 22:48:00.0937 5896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 22:48:01.0218 5896 Parport - ok 22:48:01.0234 5896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:48:01.0421 5896 PartMgr - ok 22:48:01.0453 5896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:48:01.0656 5896 ParVdm - ok 22:48:01.0687 5896 PCDCODEC (1a3e460843151029f98f87274fbb40ca) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys 22:48:01.0734 5896 PCDCODEC - ok 22:48:01.0765 5896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 22:48:01.0921 5896 PCI - ok 22:48:01.0953 5896 PCIDump - ok 22:48:01.0968 5896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:48:02.0171 5896 PCIIde - ok 22:48:02.0234 5896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:48:02.0421 5896 Pcmcia - ok 22:48:02.0453 5896 PDCOMP - ok 22:48:02.0500 5896 PDFRAME - ok 22:48:02.0515 5896 PDRELI - ok 22:48:02.0531 5896 PDRFRAME - ok 22:48:02.0625 5896 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys 22:48:02.0875 5896 perc2 - ok 22:48:02.0921 5896 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys 22:48:03.0171 5896 perc2hib - ok 22:48:03.0234 5896 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys 22:48:03.0281 5896 PfModNT - ok 22:48:03.0328 5896 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 22:48:03.0359 5896 PlugPlay - ok 22:48:03.0390 5896 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:48:03.0656 5896 PolicyAgent - ok 22:48:03.0703 5896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:48:03.0906 5896 PptpMiniport - ok 22:48:03.0937 5896 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 22:48:04.0125 5896 Processor - ok 22:48:04.0125 5896 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:48:04.0296 5896 ProtectedStorage - ok 22:48:04.0343 5896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:48:04.0515 5896 PSched - ok 22:48:04.0546 5896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:48:04.0734 5896 Ptilink - ok 22:48:04.0796 5896 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 22:48:04.0828 5896 PxHelp20 - ok 22:48:04.0859 5896 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys 22:48:05.0046 5896 ql1080 - ok 22:48:05.0078 5896 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys 22:48:05.0281 5896 Ql10wnt - ok 22:48:05.0312 5896 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys 22:48:05.0468 5896 ql12160 - ok 22:48:05.0515 5896 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys 22:48:05.0718 5896 ql1240 - ok 22:48:05.0750 5896 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys 22:48:06.0000 5896 ql1280 - ok 22:48:06.0031 5896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:48:06.0218 5896 RasAcd - ok 22:48:06.0296 5896 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 22:48:06.0546 5896 RasAuto - ok 22:48:06.0562 5896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:48:06.0734 5896 Rasl2tp - ok 22:48:06.0781 5896 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 22:48:06.0953 5896 RasMan - ok 22:48:06.0984 5896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:48:07.0156 5896 RasPppoe - ok 22:48:07.0187 5896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:48:07.0359 5896 Raspti - ok 22:48:07.0406 5896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:48:07.0578 5896 Rdbss - ok 22:48:07.0625 5896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:48:07.0828 5896 RDPCDD - ok 22:48:07.0890 5896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 22:48:08.0109 5896 rdpdr - ok 22:48:08.0156 5896 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 22:48:08.0218 5896 RDPWD - ok 22:48:08.0265 5896 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 22:48:08.0453 5896 RDSessMgr - ok 22:48:08.0500 5896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:48:08.0671 5896 redbook - ok 22:48:08.0734 5896 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 22:48:08.0921 5896 RemoteAccess - ok 22:48:08.0984 5896 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 22:48:09.0156 5896 RemoteRegistry - ok 22:48:09.0218 5896 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe 22:48:10.0015 5896 RpcLocator - ok 22:48:10.0062 5896 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 22:48:10.0093 5896 RpcSs - ok 22:48:10.0140 5896 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe 22:48:10.0359 5896 RSVP - ok 22:48:10.0406 5896 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:48:10.0562 5896 SamSs - ok 22:48:10.0609 5896 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 22:48:10.0765 5896 SCardSvr - ok 22:48:10.0812 5896 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 22:48:11.0000 5896 Schedule - ok 22:48:11.0046 5896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:48:11.0234 5896 Secdrv - ok 22:48:11.0265 5896 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 22:48:11.0437 5896 seclogon - ok 22:48:11.0484 5896 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 22:48:11.0656 5896 SENS - ok 22:48:11.0703 5896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:48:12.0000 5896 serenum - ok 22:48:12.0046 5896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 22:48:12.0234 5896 Serial - ok 22:48:12.0343 5896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:48:12.0531 5896 Sfloppy - ok 22:48:12.0640 5896 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 22:48:12.0875 5896 SharedAccess - ok 22:48:12.0921 5896 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 22:48:12.0953 5896 ShellHWDetection - ok 22:48:12.0968 5896 Simbad - ok 22:48:13.0000 5896 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys 22:48:13.0156 5896 sisagp - ok 22:48:13.0187 5896 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 22:48:13.0375 5896 SLIP - ok 22:48:13.0468 5896 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys 22:48:13.0609 5896 smwdm - ok 22:48:13.0640 5896 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys 22:48:13.0750 5896 Sparrow - ok 22:48:13.0796 5896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:48:13.0953 5896 splitter - ok 22:48:14.0015 5896 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 22:48:14.0093 5896 Spooler - ok 22:48:14.0171 5896 sprtsvc_dellsupportcenter - ok 22:48:14.0359 5896 SPTISRV (3980b48dff300a7e4139f5c64da65f5c) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe 22:48:14.0390 5896 SPTISRV ( UnsignedFile.Multi.Generic ) - warning 22:48:14.0390 5896 SPTISRV - detected UnsignedFile.Multi.Generic (1) 22:48:14.0421 5896 SQLAgent$MICROSOFTBCM - ok 22:48:14.0484 5896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 22:48:14.0656 5896 sr - ok 22:48:14.0703 5896 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 22:48:14.0890 5896 srservice - ok 22:48:15.0031 5896 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS 22:48:15.0093 5896 SRTSP - ok 22:48:15.0140 5896 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS 22:48:15.0156 5896 SRTSPX - ok 22:48:15.0234 5896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 22:48:15.0343 5896 Srv - ok 22:48:15.0390 5896 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 22:48:15.0406 5896 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning 22:48:15.0406 5896 sscdbhk5 - detected UnsignedFile.Multi.Generic (1) 22:48:15.0453 5896 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 22:48:15.0640 5896 SSDPSRV - ok 22:48:15.0671 5896 SSPORT - ok 22:48:15.0687 5896 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 22:48:15.0703 5896 ssrtln ( UnsignedFile.Multi.Generic ) - warning 22:48:15.0703 5896 ssrtln - detected UnsignedFile.Multi.Generic (1) 22:48:15.0875 5896 SSScsiSV (3dbade5b4aa47c245a69e99d72b8e73b) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe 22:48:15.0906 5896 SSScsiSV ( UnsignedFile.Multi.Generic ) - warning 22:48:15.0906 5896 SSScsiSV - detected UnsignedFile.Multi.Generic (1) 22:48:15.0984 5896 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 22:48:16.0218 5896 stisvc - ok 22:48:16.0265 5896 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 22:48:16.0437 5896 streamip - ok 22:48:16.0484 5896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:48:16.0656 5896 swenum - ok 22:48:16.0687 5896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:48:16.0859 5896 swmidi - ok 22:48:16.0875 5896 SwPrv - ok 22:48:16.0921 5896 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys 22:48:17.0125 5896 symc810 - ok 22:48:17.0156 5896 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys 22:48:17.0359 5896 symc8xx - ok 22:48:17.0437 5896 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS 22:48:17.0500 5896 SymDS - ok 22:48:17.0578 5896 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS 22:48:17.0640 5896 SymEFA - ok 22:48:17.0703 5896 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 22:48:17.0750 5896 SymEvent - ok 22:48:17.0765 5896 SYMFW - ok 22:48:17.0781 5896 SYMIDS - ok 22:48:17.0843 5896 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS 22:48:17.0859 5896 SymIRON - ok 22:48:17.0875 5896 SYMNDIS - ok 22:48:17.0921 5896 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS 22:48:18.0109 5896 SYMTDI - ok 22:48:18.0156 5896 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys 22:48:18.0390 5896 sym_hi - ok 22:48:18.0421 5896 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys 22:48:18.0625 5896 sym_u3 - ok 22:48:18.0671 5896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:48:18.0859 5896 sysaudio - ok 22:48:18.0906 5896 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 22:48:19.0078 5896 SysmonLog - ok 22:48:19.0156 5896 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 22:48:19.0343 5896 TapiSrv - ok 22:48:19.0406 5896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:48:19.0437 5896 Tcpip - ok 22:48:19.0500 5896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:48:19.0671 5896 TDPIPE - ok 22:48:19.0703 5896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:48:19.0890 5896 TDTCP - ok 22:48:19.0921 5896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:48:20.0109 5896 TermDD - ok 22:48:20.0187 5896 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 22:48:20.0390 5896 TermService - ok 22:48:20.0453 5896 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys 22:48:20.0468 5896 tfsnboio ( UnsignedFile.Multi.Generic ) - warning 22:48:20.0468 5896 tfsnboio - detected UnsignedFile.Multi.Generic (1) 22:48:20.0546 5896 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys 22:48:20.0562 5896 tfsncofs ( UnsignedFile.Multi.Generic ) - warning 22:48:20.0562 5896 tfsncofs - detected UnsignedFile.Multi.Generic (1) 22:48:20.0609 5896 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys 22:48:20.0625 5896 tfsndrct ( UnsignedFile.Multi.Generic ) - warning 22:48:20.0625 5896 tfsndrct - detected UnsignedFile.Multi.Generic (1) 22:48:20.0671 5896 tfsndres (f8b907198e2540a4a340f1e6775f7b71) C:\WINDOWS\system32\dla\tfsndres.sys 22:48:20.0687 5896 tfsndres ( UnsignedFile.Multi.Generic ) - warning 22:48:20.0687 5896 tfsndres - detected UnsignedFile.Multi.Generic (1) 22:48:20.0734 5896 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys 22:48:20.0781 5896 tfsnifs ( UnsignedFile.Multi.Generic ) - warning 22:48:20.0781 5896 tfsnifs - detected UnsignedFile.Multi.Generic (1) 22:48:20.0828 5896 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys 22:48:20.0843 5896 tfsnopio ( UnsignedFile.Multi.Generic ) - warning 22:48:20.0843 5896 tfsnopio - detected UnsignedFile.Multi.Generic (1) 22:48:20.0890 5896 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys 22:48:20.0906 5896 tfsnpool ( UnsignedFile.Multi.Generic ) - warning 22:48:20.0906 5896 tfsnpool - detected UnsignedFile.Multi.Generic (1) 22:48:20.0937 5896 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys 22:48:20.0937 5896 tfsnudf ( UnsignedFile.Multi.Generic ) - warning 22:48:20.0937 5896 tfsnudf - detected UnsignedFile.Multi.Generic (1) 22:48:20.0968 5896 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys 22:48:21.0000 5896 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning 22:48:21.0000 5896 tfsnudfa - detected UnsignedFile.Multi.Generic (1) 22:48:21.0046 5896 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 22:48:21.0062 5896 Themes - ok 22:48:21.0109 5896 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe 22:48:21.0281 5896 TlntSvr - ok 22:48:21.0328 5896 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys 22:48:21.0781 5896 TosIde - ok 22:48:21.0828 5896 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 22:48:22.0015 5896 TrkWks - ok 22:48:22.0078 5896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:48:22.0250 5896 Udfs - ok 22:48:22.0281 5896 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys 22:48:22.0359 5896 ultra - ok 22:48:22.0406 5896 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe 22:48:22.0484 5896 UMWdf - ok 22:48:22.0531 5896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:48:22.0750 5896 Update - ok 22:48:22.0828 5896 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 22:48:23.0015 5896 upnphost - ok 22:48:23.0062 5896 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 22:48:23.0250 5896 UPS - ok 22:48:23.0296 5896 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 22:48:23.0375 5896 USBAAPL - ok 22:48:23.0421 5896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:48:23.0593 5896 usbccgp - ok 22:48:23.0640 5896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:48:23.0812 5896 usbehci - ok 22:48:23.0843 5896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:48:24.0046 5896 usbhub - ok 22:48:24.0062 5896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:48:24.0218 5896 usbprint - ok 22:48:24.0250 5896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:48:24.0437 5896 usbscan - ok 22:48:24.0453 5896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:48:24.0640 5896 USBSTOR - ok 22:48:24.0734 5896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:48:24.0953 5896 usbuhci - ok 22:48:24.0984 5896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:48:25.0156 5896 VgaSave - ok 22:48:25.0218 5896 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys 22:48:25.0406 5896 viaagp - ok 22:48:25.0437 5896 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys 22:48:25.0640 5896 ViaIde - ok 22:48:25.0656 5896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 22:48:25.0828 5896 VolSnap - ok 22:48:25.0890 5896 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 22:48:26.0078 5896 VSS - ok 22:48:26.0125 5896 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 22:48:26.0296 5896 w32time - ok 22:48:26.0343 5896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:48:26.0515 5896 Wanarp - ok 22:48:26.0578 5896 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 22:48:26.0609 5896 wanatw - ok 22:48:26.0656 5896 WANMiniportService (909f2dc0da7f57d229a05ee90647b2c3) C:\WINDOWS\wanmpsvc.exe 22:48:28.0062 5896 WANMiniportService ( UnsignedFile.Multi.Generic ) - warning 22:48:28.0062 5896 WANMiniportService - detected UnsignedFile.Multi.Generic (1) 22:48:28.0093 5896 WDICA - ok 22:48:28.0171 5896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:48:28.0437 5896 wdmaud - ok 22:48:28.0500 5896 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 22:48:28.0703 5896 WebClient - ok 22:48:28.0828 5896 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe 22:48:28.0843 5896 WinDefend - ok 22:48:28.0921 5896 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 22:48:29.0109 5896 winmgmt - ok 22:48:29.0250 5896 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe 22:48:29.0343 5896 WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning 22:48:29.0343 5896 WMConnectCDS - detected UnsignedFile.Multi.Generic (1) 22:48:29.0390 5896 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe 22:48:29.0406 5896 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning 22:48:29.0406 5896 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1) 22:48:29.0484 5896 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll 22:48:29.0578 5896 WmdmPmSN - ok 22:48:29.0687 5896 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 22:48:29.0781 5896 Wmi - ok 22:48:29.0906 5896 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe 22:48:30.0093 5896 WmiApSrv - ok 22:48:30.0187 5896 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys 22:48:30.0218 5896 WpdUsb - ok 22:48:30.0281 5896 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 22:48:30.0500 5896 WS2IFSL - ok 22:48:30.0562 5896 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 22:48:30.0734 5896 wscsvc - ok 22:48:30.0781 5896 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 22:48:30.0968 5896 WSTCODEC - ok 22:48:31.0015 5896 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 22:48:31.0187 5896 wuauserv - ok 22:48:31.0265 5896 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 22:48:31.0453 5896 WZCSVC - ok 22:48:31.0609 5896 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 22:48:31.0781 5896 xmlprov - ok 22:48:31.0828 5896 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 22:48:31.0843 5896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 22:48:31.0843 5896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 22:48:31.0875 5896 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 22:48:31.0875 5896 \Device\Harddisk0\DR0 - detected TDSS File System (1) 22:48:31.0921 5896 Boot (0x1200) (b9e81464156e28b66ed872da1925d8d6) \Device\Harddisk0\DR0\Partition0 22:48:31.0921 5896 \Device\Harddisk0\DR0\Partition0 - ok 22:48:31.0921 5896 ============================================================ 22:48:31.0921 5896 Scan finished 22:48:31.0921 5896 ============================================================ 22:48:32.0078 3112 Detected object count: 29 22:48:32.0078 3112 Actual detected object count: 29 22:48:53.0515 3112 AOL ACS ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0515 3112 AOL ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0515 3112 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0515 3112 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0515 3112 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0515 3112 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0515 3112 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0515 3112 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0515 3112 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0515 3112 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0515 3112 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0515 3112 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0531 3112 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0531 3112 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0531 3112 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0531 3112 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0531 3112 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0531 3112 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0531 3112 omci ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0531 3112 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0546 3112 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0546 3112 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0546 3112 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0546 3112 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0546 3112 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0546 3112 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0546 3112 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0546 3112 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0562 3112 SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0562 3112 SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0562 3112 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0562 3112 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0562 3112 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0562 3112 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0562 3112 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0562 3112 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 WANMiniportService ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 WANMiniportService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:53.0578 3112 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:53.0578 3112 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:54.0500 3112 \Device\Harddisk0\DR0\# - copied to quarantine 22:48:54.0500 3112 \Device\Harddisk0\DR0 - copied to quarantine 22:48:54.0546 3112 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 22:48:54.0562 3112 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 22:48:54.0578 3112 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 22:48:54.0593 3112 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 22:48:54.0609 3112 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 22:48:54.0609 3112 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 22:48:54.0609 3112 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 22:48:54.0609 3112 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 22:48:54.0625 3112 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 22:48:54.0625 3112 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 22:48:54.0625 3112 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 22:48:54.0625 3112 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 22:48:54.0640 3112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 22:48:54.0640 3112 \Device\Harddisk0\DR0 - ok 22:49:01.0359 3112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 22:49:01.0375 3112 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 22:49:01.0375 3112 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 22:49:38.0406 4228 Deinitialize success ============== MalwareBytes Log ============== Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.06.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Jim :: REYNOLDS [administrator] 7/5/2012 11:01:08 PM mbam-log-2012-07-05 (23-01-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 365542 Time elapsed: 1 hour(s), 17 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\Jim\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully. (end)
Ad network traffic, slow internet connection

jvreynol replied to jvreynol's topic in Resolved Malware Removal Logs

Here are the DDS results...thanks again for your assistance! Attach.txt ========. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 11/15/2003 3:55:47 PM System Uptime: 7/3/2012 12:51:03 PM (6 hours ago) . Motherboard: Dell Computer Corp. | | 0M2035 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 112 GiB total, 1.453 GiB free. D: is CDROM () E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel® PRO/100 VE Network Connection Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0 Manufacturer: Intel Name: Intel® PRO/100 VE Network Connection PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0 Service: E100B . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . ABBYY FineReader 5.0 Sprint Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop Elements 2.0 Adobe Reader 8.3.1 Adobe Shockwave Player America Online (Choose which version to remove) AnswerWorks 5.0 English Runtime AOL Coach Version 1.0(Build:20030807.3) Apple Application Support Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver ATIMCEE AXIS Media Control Embedded Backyard Football Banctec Service Agreement BCM V.92 56K Modem Bonjour Business Contact Manager for Outlook 2003 CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.10 Canon Utilities EOS Sample Music Canon Utilities EOS Utility Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Utilities Movie Uploader for YouTube Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Classic PhoneTools Compatibility Pack for the 2007 Office system Creative MediaSource DAO Dell AIO Printer A940 Dell Networking Guide Dell Picture Studio - Dell Image Expert Dell Solution Center Dell Support Center DellSupport Desktop Doctor DS21Patch DVDSentry EarthLink Setup Files ESET Online Scanner v3 exPressit S.E. 2.1 Family Tree Maker 2005 Family Tree Maker 9.0 Garmin Communicator Plugin Garmin POI Loader Garmin VoiceStudio v2.10 GemMaster Mystic Glary Utilities 2.37.0.1260 Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GoZone iSync Greeting Card Factory Deluxe 2.0 GTK+ 1.3.0-20030717-1 runtime environment Help and Support Customization HighMAT Extension to Microsoft Windows XP CD Writing Wizard HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® PRO Network Connections Drivers Intel® PROSet iPod for Windows 2006-03-23 iTunes Java Auto Updater Java 7 LAME v3.98.2 for Audacity Learn2 Player (Uninstall Only) LiveUpdate 1.90 (Symantec Corporation) Malwarebytes Anti-Malware version 1.60.1.1000 Managed DirectX (0901) Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In Microsoft Office Small Business Edition 2003 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Windows Journal Viewer MobileMe Control Panel Modem Helper Mozilla Firefox (3.6.25) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Norton Security Suite OpenMG AAC Add-on Module 1.0.00 OpenMG Limited Patch 4.5-06-05-12-01 OpenMG Secure Module 4.5.01 Otto Paint Shop Pro 7 Pdf995 Picasa 3 PowerDVD Quicken 2011 QuickTime Reader Rabbit's Preschool RealPlayer RollerCoaster Tycoon 2 RollerCoaster Tycoon 2: Wacky Worlds Samsung CLP-310 Series SaveVid Plug-in Savings Bond Wizard Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SmartMusic 2012a Sonic MyDVD Sonic PrimeTime Sonic RecordNow! Sonic UDF Reader Sonic Update Manager SonicStage 4.0 Sound Blaster Audigy 2 The GIMP 1.2.5-20030729-1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2641690) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Upromise TurboSaver (remove only) Viewpoint Manager (Remove Only) VoiceOver Kit WD Diagnostics WebFldrs XP Webshots Desktop Windows Defender Windows Defender Signatures Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Connect Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows Presentation Foundation Windows Savevid Toolbar Windows XP Service Pack 3 XML Paper Specification Shared Components Pack 1.0 Xvid 1.2.2 final uninstall Zoo Tycoon Expanded . ==== Event Viewer Messages From Past Week ======== . 7/3/2012 8:27:07 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D. 7/3/2012 8:15:04 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2149896199 7/3/2012 8:14:37 AM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified. 7/3/2012 8:14:37 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified. 7/3/2012 8:14:37 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified. 7/3/2012 5:37:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service. 7/3/2012 5:36:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service. . ==== End Of File =========================== ======= DDS.txt ======= . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0 Run by Jim at 18:07:29 on 2012-07-03 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.832 [GMT -4:00] . AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* . ============== Running Processes =============== . C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll TB: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll TB: !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {00000000-0000-0000-0000-000000000000} - No File TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00 c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00 c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00 c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00 c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00 c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00 c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00 c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00 StartupFolder: c:\docume~1\jim\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Save video on Savevid.com - c:\program files\savevidplug-in\redirect.htm Trusted Zone: kyw1060.com\www Trusted Zone: mcafee.com Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: phillies.com\www Trusted Zone: windowsupdate.com DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1077755673359 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1077755629062 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.126.199.53:81/activex/AMC.cab Notify: WRNotifier - WRLogonNTF.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\bl6vfl0c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q= FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\1.2.567.20382\npCIDetect5.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn . ---- FIREFOX POLICIES ---- . FF - user.js: browser.search.selectedEngine - Search FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q= FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyoApz4U8&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 606540c60000000000000007e9484568 FF - user.js: extensions.incredibar_i.hardId - 606540c60000000000000007e9484568 FF - user.js: extensions.incredibar_i.instlDay - 15341 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2711:23:06 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyoApz4U8 FF - user.js: extensions.incredibar_i.upn2n - 92260656017641888 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10589 FF - user.js: extensions.incredibar_i.ppd - . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-4-23 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-4-23 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-18 821920] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-4-23 136312] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-4-23 130008] R2 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-2 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120702.001\IDSXpx86.sys [2004-2-25 369632] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120703.002\NAVENG.SYS [2012-7-3 87928] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120703.002\NAVEX15.SYS [2012-7-3 1589752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104] . =============== Created Last 30 ================ . 2012-07-03 13:17:00 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d32a0764-1d7a-473a-873c-86cec3bc65a4}\offreg.dll 2012-07-03 02:31:59 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d32a0764-1d7a-473a-873c-86cec3bc65a4}\mpengine.dll . ==================== Find3M ==================== . 2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST3120026AS rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ABDF4B1]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8abe693c]; MOV EAX, [0x8abe6ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8AEBDAB8] 3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8AC78C38] \Driver\atapi[0x8AE2DF38] -> IRP_MJ_CREATE -> 0x8ABDF4B1 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8ABDF2E2 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 18:31:32.84 ===============
Ad network traffic, slow internet connection

jvreynol posted a topic in Resolved Malware Removal Logs

Hello: Recently experiencing higher CPU usage and increased internet traffic not generated by my browsing sessions. Router logs indicate access to random ad and other spam sites. I've done a MWBytes scan and a HijackThis scan. Logs below. Appreciate any advice. Thank you! MalwareBytes Log ============== Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.07.02.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Jim :: REYNOLDS [administrator] 2/25/2004 6:43:11 PM mbam-log-2004-02-25 (18-43-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 362001 Time elapsed: 37 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\Jim\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken. (end) ============ Hijack This Log ============ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:24:36 PM, on 2/25/2004 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\GoZone\GoZone_iSync.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll O3 - Toolbar: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll (file missing) O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O3 - Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 2.8; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\SavevidPlug-in\redirect.htm O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.kyw1060.com O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: www.phillies.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.co...inAxControl.CAB O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204 O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/im...r/SysProExe.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1263953748824 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pn...veX_Control.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://69.126.199.53...activex/AMC.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13341 bytes

Sign In

jvreynol

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by jvreynol

Ad network traffic, slow internet connection

Ad network traffic, slow internet connection

Ad network traffic, slow internet connection

Ad network traffic, slow internet connection

Ad network traffic, slow internet connection

Ad network traffic, slow internet connection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information