Jump to content

Apotheosis

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Miami, FL
  1. Something has gone terribly wrong! Last night all seemed fine. The machine was shut down and this morning, I encountered some functionality problems. First, the Caps Lock functionality was reversed. When it was off, letters were capitalized, and when it was on, they were lower-case. I restarted the machine, but once the login screen appeared (press cntrl+alt+del to sign on), I can not advance. Cntrl+alt+del is not doing anything. I rebooted the machine again manually holding the power button, then I get an error immediately upon reboot: ERROR 0210: Stuck Key 2A Press <F1> to SetupHowever, pressing F1 does nothing at all. Any ideas???
  2. Thank you so much for your help MrC! Very clear and easy to use instruction. Well done.

  3. Ok MBAM found nothing, looks good... Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.16.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 107267 :: AUSR86LF42T410 [administrator] 4/16/2012 11:14:33 PM mbam-log-2012-04-16 (23-14-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 339554 Time elapsed: 3 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Ok all done with ComboFix. Below is the log. Note, you may see some Symantec Endpoint items in the log. I disabled it in the system tray, but I think there was still a background process. Combofix restarted my computer (I imagine this is normal). It appears to have removed the infection. I will wait for your analysis to be sure, but I am not seeing the pop-up any more. So far, so good. Thanks again mate! ComboFix 12-04-16.01 - 107267 04/16/2012 22:35:42.1.4 - x86 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.2996.1628 [GMT 10:00] Running from: c:\users\107267\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Symantec Endpoint Protection *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Roaming c:\users\107267\AppData\Local\bwwuiukr.log c:\users\107267\AppData\Local\dpnrutou.log c:\users\107267\AppData\Local\fwepddko\ndvcngtf.exe c:\users\107267\AppData\Local\heghados.log c:\users\107267\AppData\Local\pudhkcgb.log c:\users\107267\AppData\Local\quswijjr.log c:\users\107267\AppData\Local\tnqoqxsv.log c:\users\107267\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ndvcngtf.exe c:\users\107267\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 ))))))))))))))))))))))))))))))) . . 2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\ITAdmin\AppData\Local\temp 2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\119327\AppData\Local\temp 2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\venausdp.AUS\AppData\Local\temp 2012-04-15 09:38 . 2012-04-15 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-15 09:38 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-15 08:56 . 2012-04-15 08:56 -------- d-----w- C:\found.000 2012-04-14 13:11 . 2012-04-14 13:11 -------- d-----w- c:\programdata\Malwarebytes 2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----w- c:\program files\Common Files\Skype 2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----r- c:\program files\Skype 2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----w- c:\programdata\Skype 2012-04-13 06:28 . 2012-04-13 06:28 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-04-13 06:28 . 2012-04-16 04:25 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2012-04-13 06:27 . 2011-12-02 00:33 99744 ----a-w- c:\windows\system32\drivers\SysPlant.sys 2012-04-13 06:27 . 2011-12-02 00:33 357792 ----a-w- c:\windows\system32\Sysfer.dll 2012-04-13 06:27 . 2012-04-13 06:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-04-13 06:26 . 2007-03-21 09:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1 2012-04-13 06:26 . 2007-03-21 09:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL 2012-04-13 06:26 . 2007-03-21 09:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL 2012-04-13 06:26 . 2012-04-13 06:29 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-04-13 06:26 . 2012-04-13 06:28 -------- d-----w- c:\programdata\Symantec 2012-04-13 06:26 . 2012-04-13 06:27 -------- d-----w- c:\program files\Symantec 2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\Uninstall 2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\InstallShield 2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\Sonic 2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\users\Default\AppData\Local\Programs 2012-04-13 06:22 . 2012-04-13 06:22 -------- d-----w- c:\programdata\Roxio 2012-04-13 06:22 . 2012-04-13 06:23 -------- d-----w- c:\program files\Roxio 2012-04-13 06:22 . 2012-04-13 06:22 -------- d-----w- c:\program files\Common Files\SureThing Shared 2012-04-13 06:20 . 2004-01-22 17:52 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-04-13 06:20 . 2004-01-22 17:52 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll 2012-04-13 06:20 . 2004-01-22 17:52 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll 2012-04-13 06:20 . 2003-05-22 11:57 721168 ----a-w- c:\windows\system32\VB40032.DLL 2012-04-13 06:20 . 2012-04-13 06:20 -------- d-----w- c:\program files\Oracle 2012-04-13 06:20 . 2012-04-13 06:20 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2012-04-13 05:55 . 2012-04-13 05:55 -------- d-----w- c:\program files\ScanSoft 2012-04-13 05:51 . 2012-04-13 05:51 -------- d-----w- c:\users\Administrator\AppData\Local\Lotus 2012-04-13 05:40 . 2012-04-13 05:41 -------- d-----w- C:\Hyperion 2012-04-13 05:28 . 2012-04-13 05:36 -------- d-----w- C:\AdobeTemp 2012-04-13 05:25 . 2012-04-16 12:42 -------- d-----w- c:\users\107267 2012-04-13 05:25 . 2012-04-13 05:25 -------- d---a-w- C:\RestoreData 2012-04-09 23:10 . 2012-04-10 00:12 -------- d-----w- c:\users\119575 2012-04-07 04:42 . 2012-04-07 04:42 453 ----a-w- C:\user.js 2012-04-07 04:38 . 2012-04-13 05:48 -------- d-----w- C:\codec-info . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 23:57 . 2012-03-14 23:57 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-14 23:57 . 2012-03-14 23:57 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-14 23:57 . 2012-03-14 23:57 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-14 23:57 . 2012-03-14 23:57 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-03-14 23:57 . 2012-03-14 23:57 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-03-14 23:57 . 2012-03-14 23:57 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-14 23:57 . 2012-03-14 23:57 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-03-14 23:57 . 2012-03-14 23:57 367104 ----a-w- c:\windows\system32\html.iec 2012-03-14 23:57 . 2012-03-14 23:57 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-03-14 23:57 . 2012-03-14 23:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-03-14 23:57 . 2012-03-14 23:57 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-14 23:57 . 2012-03-14 23:57 1797632 ----a-w- c:\windows\system32\jscript9.dll 2012-03-14 23:57 . 2012-03-14 23:57 161792 ----a-w- c:\windows\system32\msls31.dll 2012-03-14 23:57 . 2012-03-14 23:57 152064 ----a-w- c:\windows\system32\wextract.exe 2012-03-14 23:57 . 2012-03-14 23:57 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-03-14 23:57 . 2012-03-14 23:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-03-14 23:57 . 2012-03-14 23:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-03-14 23:57 . 2012-03-14 23:57 11776 ----a-w- c:\windows\system32\mshta.exe 2012-03-14 23:57 . 2012-03-14 23:57 1126912 ----a-w- c:\windows\system32\wininet.dll 2012-03-14 23:57 . 2012-03-14 23:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-03-14 23:57 . 2012-03-14 23:57 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-22 23:18 . 2011-10-15 17:39 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-19 14:05 . 2012-03-14 23:58 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7923A67D-A651-4C37-8D4D-083FDED8299B}\mpengine.dll 2012-02-10 05:38 . 2012-03-14 23:55 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-03 03:54 . 2012-03-14 23:55 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 05:32 . 2012-03-14 23:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32 . 2012-03-14 23:55 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27 . 2012-03-14 23:55 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 04:39 . 2012-03-14 23:47 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2010-01-15 14336] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-17 2307368] "RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744] "TpShocks"="TpShocks.exe" [2011-03-29 337256] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 143640] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 177432] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 176408] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-11-30 1322048] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312] "CAF_SystemTray"="c:\program files\ca\DSM\bin\cfSysTray.exe" [2010-04-26 84232] "DsmSxplog"="c:\program files\ca\DSM\Bin\sxpstub.exe" [2010-04-26 25352] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-12-02 115624] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128] Online plug-in.lnk - c:\windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2012-3-2 77824] WinZip Quick Pick.lnk - c:\windows\Installer\{FDCC0996-EB13-45D6-846D-013F1C8DC6BD}\IconFDCC0996.exe [2011-10-16 157696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "dontdisplaylockeduserid"= 3 (0x3) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\DSM\bin\caf.exe service [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-11-30 292200] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464] R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwNx32.sys [2011-01-06 7391104] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-11-30 89152] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-11-30 175168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-09-28 38912] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-09-23 1124848] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1343400] S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-11-30 25968] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680] S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-12-02 43936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\CsamSockAdapter\bin\csampmux.exe [2011-07-06 169288] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336] S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Notes\nsd.exe [2010-08-11 3417480] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2011-06-15 59904] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 132864] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-09 45736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-30 106104] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-14 269824] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696] S3 rcSmCard;rcSmCard;c:\windows\system32\DRIVERS\rcSmCard.sys [2010-04-26 26128] S3 rcVidCap;rcVidCap;c:\windows\system32\DRIVERS\rcVidMpt.sys [2010-04-26 9872] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541481396-3027813910-3587673724-2262Core.job - c:\users\venauslm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 00:00] . 2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541481396-3027813910-3587673724-2262UA.job - c:\users\venauslm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 00:00] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com.au/ uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;119.225.1.34;<local> uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: amadeus.com Trusted Zone: amadeusvista.com Trusted Zone: azamaraclubcruises.co.uk Trusted Zone: azamaraclubcruises.com Trusted Zone: cdfcroisieresdefrance.fr Trusted Zone: celebritycruises.co.uk Trusted Zone: celebritycruises.com Trusted Zone: concursolutions.com Trusted Zone: crusingpower.com Trusted Zone: localhost Trusted Zone: pullmantur.es Trusted Zone: rccl.com Trusted Zone: rccl.com\colonial Trusted Zone: rcleurope.com Trusted Zone: rclinvestor.com Trusted Zone: royalcaribbean.co.uk Trusted Zone: royalcaribbean.com Trusted Zone: specialtydining.com TCP: DhcpNameServer = 192.168.0.1 203.134.12.90 DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdewebctlsU.cab DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdeexpimpU.cab FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-NdvCngtf - c:\users\107267\AppData\Local\fwepddko\ndvcngtf.exe SafeBoot-Symantec Antvirus . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3052) c:\program files\ThinkPad\Utilities\PWMTR32V.DLL c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL c:\program files\ThinkPad\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\ThinkPad\Bluetooth Software\btwdins.exe c:\program files\ca\sc\CAM\bin\cam.exe c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Citrix\ICA Client\ssonsvr.exe c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe c:\program files\LENOVO\HOTKEY\tposdsvc.exe c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe c:\windows\system32\taskhost.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\system32\conhost.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\sppsvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-04-16 22:48:52 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-16 12:48 . Pre-Run: 102,365,892,608 bytes free Post-Run: 105,055,432,704 bytes free . - - End Of File - - 96DF6F0BBC85963BCC7ECD9850E74F66
  5. A couple of things to note... First, seems like progress is being made. The pop-up no longer overrides other activity. It still remains flashing in my system tray but it is allowing my system to function whereas prior, it did not. Second, on the malwarebytes download page, I am re-directed to majorgeeks.com website...on my other machine I am brought to cnet/download.com site. I did not proceed on the majorgeeks site.
  6. Ok processes completed. System restore points created as instructed. It's a new computer, this is why I hadn't set one up yet. Here is the log from TSSKiller: 14:26:59.0538 3600 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 14:27:01.0566 3600 ============================================================ 14:27:01.0566 3600 Current date / time: 2012/04/16 14:27:01.0566 14:27:01.0566 3600 SystemInfo: 14:27:01.0566 3600 14:27:01.0566 3600 OS Version: 6.1.7601 ServicePack: 1.0 14:27:01.0566 3600 Product type: Workstation 14:27:01.0566 3600 ComputerName: AUSR86LF42T410 14:27:01.0566 3600 UserName: 107267 14:27:01.0566 3600 Windows directory: C:\Windows 14:27:01.0566 3600 System windows directory: C:\Windows 14:27:01.0566 3600 Processor architecture: Intel x86 14:27:01.0566 3600 Number of processors: 4 14:27:01.0566 3600 Page size: 0x1000 14:27:01.0566 3600 Boot type: Normal boot 14:27:01.0566 3600 ============================================================ 14:27:02.0549 3600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 14:27:02.0549 3600 \Device\Harddisk0\DR0: 14:27:02.0549 3600 MBR used 14:27:02.0549 3600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1297D000 14:27:02.0549 3600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1297D800, BlocksNum 0x96000 14:27:02.0580 3600 Initialize success 14:27:02.0580 3600 ============================================================ 14:27:34.0822 9276 ============================================================ 14:27:34.0822 9276 Scan started 14:27:34.0822 9276 Mode: Manual; SigCheck; TDLFS; 14:27:34.0822 9276 ============================================================ 14:27:35.0212 9276 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys 14:27:35.0305 9276 1394ohci - ok 14:27:35.0352 9276 5U877 (400e37a671ffc7ff3e713b72c4e23d3f) C:\Windows\system32\DRIVERS\5U877.sys 14:27:35.0399 9276 5U877 - ok 14:27:35.0430 9276 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 14:27:35.0461 9276 ACPI - ok 14:27:35.0555 9276 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 14:27:35.0602 9276 AcpiPmi - ok 14:27:35.0617 9276 adfs - ok 14:27:35.0649 9276 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys 14:27:35.0680 9276 adp94xx - ok 14:27:35.0695 9276 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys 14:27:35.0711 9276 adpahci - ok 14:27:35.0727 9276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys 14:27:35.0742 9276 adpu320 - ok 14:27:35.0773 9276 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 14:27:35.0820 9276 AeLookupSvc - ok 14:27:35.0898 9276 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 14:27:35.0961 9276 AFD - ok 14:27:35.0992 9276 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 14:27:36.0007 9276 agp440 - ok 14:27:36.0039 9276 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys 14:27:36.0054 9276 aic78xx - ok 14:27:36.0085 9276 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 14:27:36.0117 9276 ALG - ok 14:27:36.0195 9276 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 14:27:36.0210 9276 aliide - ok 14:27:36.0335 9276 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 14:27:36.0351 9276 amdagp - ok 14:27:36.0366 9276 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 14:27:36.0382 9276 amdide - ok 14:27:36.0413 9276 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys 14:27:36.0460 9276 AmdK8 - ok 14:27:36.0491 9276 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys 14:27:36.0522 9276 AmdPPM - ok 14:27:36.0569 9276 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 14:27:36.0584 9276 amdsata - ok 14:27:36.0600 9276 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys 14:27:36.0616 9276 amdsbs - ok 14:27:36.0694 9276 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 14:27:36.0709 9276 amdxata - ok 14:27:36.0756 9276 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 14:27:36.0803 9276 AppID - ok 14:27:36.0834 9276 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 14:27:36.0865 9276 AppIDSvc - ok 14:27:36.0881 9276 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 14:27:36.0928 9276 Appinfo - ok 14:27:36.0974 9276 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 14:27:36.0990 9276 AppMgmt - ok 14:27:37.0037 9276 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys 14:27:37.0068 9276 arc - ok 14:27:37.0084 9276 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys 14:27:37.0084 9276 arcsas - ok 14:27:37.0115 9276 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 14:27:37.0224 9276 AsyncMac - ok 14:27:37.0302 9276 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 14:27:37.0318 9276 atapi - ok 14:27:37.0364 9276 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 14:27:37.0427 9276 AudioEndpointBuilder - ok 14:27:37.0427 9276 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 14:27:37.0458 9276 Audiosrv - ok 14:27:37.0505 9276 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 14:27:37.0536 9276 AxInstSV - ok 14:27:37.0645 9276 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys 14:27:37.0676 9276 b06bdrv - ok 14:27:37.0723 9276 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 14:27:37.0739 9276 b57nd60x - ok 14:27:37.0801 9276 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 14:27:37.0832 9276 BDESVC - ok 14:27:37.0926 9276 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 14:27:37.0973 9276 Beep - ok 14:27:38.0004 9276 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 14:27:38.0051 9276 BFE - ok 14:27:38.0082 9276 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 14:27:38.0129 9276 BITS - ok 14:27:38.0207 9276 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 14:27:38.0238 9276 blbdrive - ok 14:27:38.0254 9276 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 14:27:38.0285 9276 bowser - ok 14:27:38.0300 9276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys 14:27:38.0332 9276 BrFiltLo - ok 14:27:38.0347 9276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys 14:27:38.0363 9276 BrFiltUp - ok 14:27:38.0410 9276 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 14:27:38.0456 9276 Browser - ok 14:27:38.0550 9276 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 14:27:38.0565 9276 Brserid - ok 14:27:38.0597 9276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 14:27:38.0628 9276 BrSerWdm - ok 14:27:38.0643 9276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:27:38.0675 9276 BrUsbMdm - ok 14:27:38.0690 9276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 14:27:38.0721 9276 BrUsbSer - ok 14:27:38.0768 9276 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 14:27:38.0799 9276 BthEnum - ok 14:27:38.0877 9276 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys 14:27:38.0924 9276 BTHMODEM - ok 14:27:38.0940 9276 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 14:27:38.0955 9276 BthPan - ok 14:27:38.0987 9276 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys 14:27:39.0018 9276 BTHPORT - ok 14:27:39.0065 9276 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 14:27:39.0111 9276 bthserv - ok 14:27:39.0143 9276 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys 14:27:39.0158 9276 BTHUSB - ok 14:27:39.0236 9276 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys 14:27:39.0267 9276 btusbflt - ok 14:27:39.0330 9276 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys 14:27:39.0345 9276 btwaudio - ok 14:27:39.0377 9276 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\drivers\btwavdt.sys 14:27:39.0392 9276 btwavdt - ok 14:27:39.0486 9276 btwdins (5c24aec670b9cce7f2af6de74677ceb4) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 14:27:39.0517 9276 btwdins - ok 14:27:39.0611 9276 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys 14:27:39.0611 9276 btwl2cap - ok 14:27:39.0657 9276 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys 14:27:39.0657 9276 btwrchid - ok 14:27:39.0782 9276 CA-MessageQueuing (3eac989be9af1228d0455afffbeee539) C:\Program Files\ca\sc\CAM\bin\cam.exe 14:27:39.0798 9276 CA-MessageQueuing - ok 14:27:39.0813 9276 CA-SAM-Pmux (974019262e249c7103fb30c4214c29e4) C:\Program Files\ca\sc\CsamSockAdapter\bin\csampmux.exe 14:27:39.0829 9276 CA-SAM-Pmux - ok 14:27:39.0891 9276 caf (d1f7a3aaed8b7a55233b9831a5c2401e) C:\Program Files\ca\DSM\bin\caf.exe 14:27:39.0907 9276 caf - ok 14:27:40.0001 9276 ccEvtMgr (73f7e0619d6ce8480f3a575619fc974f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 14:27:40.0016 9276 ccEvtMgr - ok 14:27:40.0032 9276 ccSetMgr (73f7e0619d6ce8480f3a575619fc974f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 14:27:40.0047 9276 ccSetMgr - ok 14:27:40.0141 9276 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 14:27:40.0188 9276 cdfs - ok 14:27:40.0219 9276 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 14:27:40.0250 9276 cdrom - ok 14:27:40.0297 9276 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 14:27:40.0313 9276 CertPropSvc - ok 14:27:40.0344 9276 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys 14:27:40.0359 9276 circlass - ok 14:27:40.0391 9276 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 14:27:40.0391 9276 CLFS - ok 14:27:40.0484 9276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:27:40.0500 9276 clr_optimization_v2.0.50727_32 - ok 14:27:40.0562 9276 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 14:27:40.0593 9276 CmBatt - ok 14:27:40.0640 9276 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 14:27:40.0656 9276 cmdide - ok 14:27:40.0718 9276 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 14:27:40.0749 9276 CNG - ok 14:27:40.0812 9276 CnxtHdAudService (2fe437862d0caa879b3c01ef353edda7) C:\Windows\system32\drivers\CHDRT32.sys 14:27:40.0827 9276 CnxtHdAudService - ok 14:27:40.0874 9276 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 14:27:40.0874 9276 Compbatt - ok 14:27:40.0921 9276 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:27:40.0952 9276 CompositeBus - ok 14:27:40.0999 9276 COMSysApp - ok 14:27:41.0030 9276 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys 14:27:41.0046 9276 crcdisk - ok 14:27:41.0092 9276 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 14:27:41.0124 9276 CryptSvc - ok 14:27:41.0155 9276 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 14:27:41.0186 9276 CSC - ok 14:27:41.0217 9276 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 14:27:41.0248 9276 CscService - ok 14:27:41.0295 9276 Cwbrxd (4066adcf86d3bab629366d10dcc40cb2) C:\Windows\cwbrxd.exe 14:27:41.0311 9276 Cwbrxd ( UnsignedFile.Multi.Generic ) - warning 14:27:41.0311 9276 Cwbrxd - detected UnsignedFile.Multi.Generic (1) 14:27:41.0389 9276 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 14:27:41.0451 9276 DcomLaunch - ok 14:27:41.0482 9276 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 14:27:41.0514 9276 defragsvc - ok 14:27:41.0560 9276 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 14:27:41.0607 9276 DfsC - ok 14:27:41.0638 9276 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 14:27:41.0670 9276 Dhcp - ok 14:27:41.0732 9276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 14:27:41.0763 9276 discache - ok 14:27:41.0779 9276 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys 14:27:41.0794 9276 Disk - ok 14:27:41.0810 9276 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys 14:27:41.0826 9276 dmvsc - ok 14:27:41.0857 9276 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 14:27:41.0888 9276 Dnscache - ok 14:27:41.0919 9276 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 14:27:41.0966 9276 dot3svc - ok 14:27:42.0075 9276 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys 14:27:42.0091 9276 DozeHDD - ok 14:27:42.0138 9276 DozeSvc (01e2180c3d72cb0adcc43fb83d18942a) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE 14:27:42.0153 9276 DozeSvc - ok 14:27:42.0184 9276 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 14:27:42.0231 9276 DPS - ok 14:27:42.0278 9276 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 14:27:42.0309 9276 drmkaud - ok 14:27:42.0403 9276 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 14:27:42.0434 9276 DXGKrnl - ok 14:27:42.0496 9276 e1kexpress (b0587c35e8c72a6fdf1782972efea03b) C:\Windows\system32\DRIVERS\e1k6232.sys 14:27:42.0512 9276 e1kexpress - ok 14:27:42.0543 9276 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 14:27:42.0590 9276 EapHost - ok 14:27:42.0746 9276 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys 14:27:42.0808 9276 ebdrv - ok 14:27:42.0917 9276 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 14:27:42.0949 9276 eeCtrl - ok 14:27:43.0011 9276 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 14:27:43.0042 9276 EFS - ok 14:27:43.0105 9276 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 14:27:43.0136 9276 ehRecvr - ok 14:27:43.0167 9276 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 14:27:43.0198 9276 ehSched - ok 14:27:43.0292 9276 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys 14:27:43.0307 9276 elxstor - ok 14:27:43.0463 9276 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 14:27:43.0479 9276 EraserUtilRebootDrv - ok 14:27:43.0557 9276 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 14:27:43.0604 9276 ErrDev - ok 14:27:43.0651 9276 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 14:27:43.0697 9276 EventSystem - ok 14:27:43.0775 9276 EvtEng (b6c691d8cae275ed9b2782e62626f36a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 14:27:43.0822 9276 EvtEng - ok 14:27:43.0916 9276 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 14:27:43.0947 9276 exfat - ok 14:27:43.0978 9276 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 14:27:44.0025 9276 fastfat - ok 14:27:44.0072 9276 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 14:27:44.0103 9276 Fax - ok 14:27:44.0181 9276 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys 14:27:44.0212 9276 fdc - ok 14:27:44.0228 9276 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 14:27:44.0275 9276 fdPHost - ok 14:27:44.0306 9276 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 14:27:44.0337 9276 FDResPub - ok 14:27:44.0353 9276 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 14:27:44.0353 9276 FileInfo - ok 14:27:44.0384 9276 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 14:27:44.0415 9276 Filetrace - ok 14:27:44.0431 9276 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys 14:27:44.0462 9276 flpydisk - ok 14:27:44.0493 9276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 14:27:44.0509 9276 FltMgr - ok 14:27:44.0540 9276 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 14:27:44.0587 9276 FontCache - ok 14:27:44.0680 9276 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:27:44.0696 9276 FontCache3.0.0.0 - ok 14:27:44.0758 9276 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 14:27:44.0774 9276 FsDepends - ok 14:27:44.0805 9276 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 14:27:44.0805 9276 Fs_Rec - ok 14:27:44.0820 9276 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 14:27:44.0836 9276 fvevol - ok 14:27:44.0867 9276 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys 14:27:44.0883 9276 gagp30kx - ok 14:27:44.0914 9276 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 14:27:44.0961 9276 gpsvc - ok 14:27:45.0008 9276 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 14:27:45.0008 9276 hcw85cir - ok 14:27:45.0070 9276 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:27:45.0101 9276 HDAudBus - ok 14:27:45.0164 9276 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys 14:27:45.0210 9276 HECI - ok 14:27:45.0226 9276 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys 14:27:45.0257 9276 HidBatt - ok 14:27:45.0304 9276 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys 14:27:45.0351 9276 HidBth - ok 14:27:45.0413 9276 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys 14:27:45.0460 9276 HidIr - ok 14:27:45.0491 9276 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 14:27:45.0538 9276 hidserv - ok 14:27:45.0600 9276 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 14:27:45.0632 9276 HidUsb - ok 14:27:45.0678 9276 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 14:27:45.0710 9276 hkmsvc - ok 14:27:45.0756 9276 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 14:27:45.0788 9276 HomeGroupListener - ok 14:27:45.0819 9276 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 14:27:45.0866 9276 HomeGroupProvider - ok 14:27:45.0928 9276 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 14:27:45.0944 9276 HpSAMD - ok 14:27:46.0006 9276 HsfXAudioService (bfbdbca42710795c4446c54243970fd1) C:\Windows\system32\XAudio32.dll 14:27:46.0037 9276 HsfXAudioService - ok 14:27:46.0084 9276 HSF_DPV (caaa4433360fd337cf68a1b0719f9cc1) C:\Windows\system32\DRIVERS\HSX_DPV.sys 14:27:46.0100 9276 HSF_DPV - ok 14:27:46.0224 9276 HSXHWAZL (cb049fa2ce718f7468be50f3d7192370) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 14:27:46.0240 9276 HSXHWAZL - ok 14:27:46.0287 9276 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 14:27:46.0318 9276 HTTP - ok 14:27:46.0365 9276 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 14:27:46.0365 9276 hwpolicy - ok 14:27:46.0427 9276 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 14:27:46.0474 9276 i8042prt - ok 14:27:46.0505 9276 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 14:27:46.0536 9276 iaStorV - ok 14:27:46.0583 9276 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 14:27:46.0583 9276 IBMPMDRV - ok 14:27:46.0630 9276 IBMPMSVC (5565982522ee9d4e8921feb304d4226f) C:\Windows\system32\ibmpmsvc.exe 14:27:46.0646 9276 IBMPMSVC - ok 14:27:46.0724 9276 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:27:46.0770 9276 idsvc - ok 14:27:47.0020 9276 igfx (387ce9ae43e98cf469c51664b7173b1c) C:\Windows\system32\DRIVERS\igdkmd32.sys 14:27:47.0145 9276 igfx - ok 14:27:47.0238 9276 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys 14:27:47.0254 9276 iirsp - ok 14:27:47.0301 9276 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 14:27:47.0379 9276 IKEEXT - ok 14:27:47.0410 9276 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys 14:27:47.0441 9276 Impcd - ok 14:27:47.0535 9276 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys 14:27:47.0581 9276 IntcDAud - ok 14:27:47.0597 9276 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 14:27:47.0613 9276 intelide - ok 14:27:47.0628 9276 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 14:27:47.0644 9276 intelppm - ok 14:27:47.0675 9276 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 14:27:47.0706 9276 IPBusEnum - ok 14:27:47.0722 9276 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:27:47.0753 9276 IpFilterDriver - ok 14:27:47.0800 9276 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 14:27:47.0831 9276 iphlpsvc - ok 14:27:47.0909 9276 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 14:27:47.0940 9276 IPMIDRV - ok 14:27:47.0956 9276 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 14:27:47.0987 9276 IPNAT - ok 14:27:48.0018 9276 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 14:27:48.0049 9276 IRENUM - ok 14:27:48.0065 9276 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 14:27:48.0081 9276 isapnp - ok 14:27:48.0096 9276 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 14:27:48.0112 9276 iScsiPrt - ok 14:27:48.0205 9276 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 14:27:48.0221 9276 IviRegMgr - ok 14:27:48.0299 9276 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 14:27:48.0315 9276 kbdclass - ok 14:27:48.0346 9276 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 14:27:48.0377 9276 kbdhid - ok 14:27:48.0424 9276 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:27:48.0439 9276 KeyIso - ok 14:27:48.0455 9276 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 14:27:48.0455 9276 KSecDD - ok 14:27:48.0471 9276 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 14:27:48.0486 9276 KSecPkg - ok 14:27:48.0517 9276 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 14:27:48.0595 9276 KtmRm - ok 14:27:48.0689 9276 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 14:27:48.0751 9276 LanmanServer - ok 14:27:48.0814 9276 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 14:27:48.0860 9276 LanmanWorkstation - ok 14:27:48.0954 9276 LENOVO.CAMMUTE (cab9c6c37fd0f9612b269349116504b6) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 14:27:48.0970 9276 LENOVO.CAMMUTE - ok 14:27:49.0032 9276 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 14:27:49.0048 9276 LENOVO.MICMUTE - ok 14:27:49.0141 9276 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys 14:27:49.0141 9276 lenovo.smi - ok 14:27:49.0157 9276 LENOVO.TPKNRSVC (04b5f7f44ccb2fab615c67ed0e6c8323) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 14:27:49.0157 9276 LENOVO.TPKNRSVC - ok 14:27:49.0172 9276 Lenovo.VIRTSCRLSVC (158b67696ec8602ce71f9aa4f14aa96f) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 14:27:49.0188 9276 Lenovo.VIRTSCRLSVC - ok 14:27:49.0328 9276 LiveUpdate (3aa70dcfb4ecb5fcfe6b9ff7cec3a5ea) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 14:27:49.0375 9276 LiveUpdate - ok 14:27:49.0484 9276 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 14:27:49.0547 9276 lltdio - ok 14:27:49.0578 9276 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 14:27:49.0609 9276 lltdsvc - ok 14:27:49.0609 9276 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 14:27:49.0656 9276 lmhosts - ok 14:27:49.0781 9276 Lotus Notes Diagnostics (731fd0367064d15989dff8a6f826e881) C:\Program Files\Notes\nsd.exe 14:27:49.0843 9276 Lotus Notes Diagnostics - ok 14:27:49.0921 9276 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys 14:27:49.0952 9276 LSI_FC - ok 14:27:49.0952 9276 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys 14:27:49.0968 9276 LSI_SAS - ok 14:27:49.0984 9276 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys 14:27:49.0999 9276 LSI_SAS2 - ok 14:27:49.0999 9276 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys 14:27:50.0015 9276 LSI_SCSI - ok 14:27:50.0030 9276 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 14:27:50.0077 9276 luafv - ok 14:27:50.0140 9276 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 14:27:50.0171 9276 MBAMProtector - ok 14:27:50.0233 9276 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 14:27:50.0249 9276 MBAMService - ok 14:27:50.0327 9276 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 14:27:50.0342 9276 Mcx2Svc - ok 14:27:50.0405 9276 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\Windows\system32\DRIVERS\mdmxsdk.sys 14:27:50.0420 9276 mdmxsdk - ok 14:27:50.0452 9276 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys 14:27:50.0467 9276 megasas - ok 14:27:50.0483 9276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys 14:27:50.0498 9276 MegaSR - ok 14:27:50.0514 9276 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 14:27:50.0561 9276 MMCSS - ok 14:27:50.0576 9276 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 14:27:50.0608 9276 Modem - ok 14:27:50.0686 9276 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 14:27:50.0732 9276 monitor - ok 14:27:50.0826 9276 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 14:27:50.0842 9276 mouclass - ok 14:27:50.0873 9276 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 14:27:50.0904 9276 mouhid - ok 14:27:50.0951 9276 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 14:27:50.0966 9276 mountmgr - ok 14:27:50.0966 9276 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 14:27:50.0982 9276 mpio - ok 14:27:50.0997 9276 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 14:27:51.0044 9276 mpsdrv - ok 14:27:51.0075 9276 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 14:27:51.0107 9276 MpsSvc - ok 14:27:51.0185 9276 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 14:27:51.0200 9276 MRxDAV - ok 14:27:51.0231 9276 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:27:51.0263 9276 mrxsmb - ok 14:27:51.0294 9276 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:27:51.0309 9276 mrxsmb10 - ok 14:27:51.0325 9276 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:27:51.0341 9276 mrxsmb20 - ok 14:27:51.0372 9276 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 14:27:51.0387 9276 msahci - ok 14:27:51.0387 9276 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 14:27:51.0403 9276 msdsm - ok 14:27:51.0434 9276 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 14:27:51.0465 9276 MSDTC - ok 14:27:51.0543 9276 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 14:27:51.0575 9276 Msfs - ok 14:27:51.0699 9276 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 14:27:51.0746 9276 mshidkmdf - ok 14:27:51.0871 9276 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 14:27:51.0918 9276 msisadrv - ok 14:27:52.0011 9276 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 14:27:52.0089 9276 MSiSCSI - ok 14:27:52.0230 9276 msiserver - ok 14:27:52.0355 9276 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 14:27:52.0433 9276 MSKSSRV - ok 14:27:52.0495 9276 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 14:27:52.0557 9276 MSPCLOCK - ok 14:27:52.0823 9276 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 14:27:52.0901 9276 MSPQM - ok 14:27:52.0979 9276 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 14:27:52.0994 9276 MsRPC - ok 14:27:53.0306 9276 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 14:27:53.0322 9276 mssmbios - ok 14:27:53.0384 9276 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 14:27:53.0431 9276 MSTEE - ok 14:27:53.0556 9276 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys 14:27:53.0587 9276 MTConfig - ok 14:27:53.0634 9276 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 14:27:53.0649 9276 Mup - ok 14:27:53.0774 9276 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 14:27:53.0868 9276 napagent - ok 14:27:54.0055 9276 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 14:27:54.0086 9276 NativeWifiP - ok 14:27:54.0258 9276 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111130.002\NAVENG.SYS 14:27:54.0273 9276 NAVENG - ok 14:27:54.0429 9276 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111130.002\NAVEX15.SYS 14:27:54.0507 9276 NAVEX15 - ok 14:27:54.0710 9276 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys 14:27:54.0741 9276 NDIS - ok 14:27:54.0960 9276 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 14:27:55.0006 9276 NdisCap - ok 14:27:55.0162 9276 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 14:27:55.0225 9276 NdisTapi - ok 14:27:55.0381 9276 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 14:27:55.0427 9276 Ndisuio - ok 14:27:55.0615 9276 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 14:27:55.0677 9276 NdisWan - ok 14:27:55.0895 9276 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 14:27:55.0942 9276 NDProxy - ok 14:27:56.0098 9276 Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll 14:27:56.0129 9276 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 14:27:56.0129 9276 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 14:27:56.0270 9276 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 14:27:56.0332 9276 NetBIOS - ok 14:27:56.0410 9276 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 14:27:56.0441 9276 NetBT - ok 14:27:56.0551 9276 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:27:56.0582 9276 Netlogon - ok 14:27:56.0691 9276 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 14:27:56.0738 9276 Netman - ok 14:27:56.0785 9276 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 14:27:56.0831 9276 netprofm - ok 14:27:56.0909 9276 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:27:56.0925 9276 NetTcpPortSharing - ok 14:27:56.0987 9276 netvsc (104be93f0607c6aa0d85319581f96ec2) C:\Windows\system32\DRIVERS\netvsc60.sys 14:27:57.0019 9276 netvsc - ok 14:27:57.0159 9276 NETwNs32 (5c979c481981e04919ecbb3b88d54b34) C:\Windows\system32\DRIVERS\NETwNs32.sys 14:27:57.0268 9276 NETwNs32 - ok 14:27:57.0471 9276 NETwNx32 (32e6902485c5add8e4c6cd21545d5133) C:\Windows\system32\DRIVERS\NETwNx32.sys 14:27:57.0580 9276 NETwNx32 ( UnsignedFile.Multi.Generic ) - warning 14:27:57.0580 9276 NETwNx32 - detected UnsignedFile.Multi.Generic (1) 14:27:57.0674 9276 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys 14:27:57.0674 9276 nfrd960 - ok 14:27:57.0705 9276 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 14:27:57.0798 9276 NlaSvc - ok 14:27:57.0798 9276 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 14:27:57.0845 9276 Npfs - ok 14:27:57.0876 9276 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 14:27:57.0908 9276 nsi - ok 14:27:57.0908 9276 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 14:27:57.0954 9276 nsiproxy - ok 14:27:57.0986 9276 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 14:27:58.0017 9276 Ntfs - ok 14:27:58.0095 9276 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 14:27:58.0126 9276 Null - ok 14:27:58.0142 9276 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 14:27:58.0157 9276 nvraid - ok 14:27:58.0157 9276 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 14:27:58.0173 9276 nvstor - ok 14:27:58.0188 9276 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 14:27:58.0204 9276 nv_agp - ok 14:27:58.0235 9276 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 14:27:58.0266 9276 ohci1394 - ok 14:27:58.0360 9276 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:27:58.0376 9276 ose - ok 14:27:58.0485 9276 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:27:58.0656 9276 osppsvc - ok 14:27:58.0719 9276 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 14:27:58.0766 9276 p2pimsvc - ok 14:27:58.0781 9276 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 14:27:58.0812 9276 p2psvc - ok 14:27:58.0875 9276 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys 14:27:58.0890 9276 Parport - ok 14:27:58.0906 9276 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 14:27:58.0922 9276 partmgr - ok 14:27:58.0937 9276 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys 14:27:58.0968 9276 Parvdm - ok 14:27:58.0984 9276 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 14:27:59.0000 9276 PcaSvc - ok 14:27:59.0015 9276 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 14:27:59.0031 9276 pci - ok 14:27:59.0046 9276 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 14:27:59.0062 9276 pciide - ok 14:27:59.0124 9276 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys 14:27:59.0140 9276 pcmcia - ok 14:27:59.0156 9276 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 14:27:59.0156 9276 pcw - ok 14:27:59.0187 9276 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 14:27:59.0234 9276 PEAUTH - ok 14:27:59.0280 9276 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 14:27:59.0327 9276 PeerDistSvc - ok 14:27:59.0374 9276 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 14:27:59.0436 9276 pla - ok 14:27:59.0499 9276 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 14:27:59.0545 9276 PlugPlay - ok 14:27:59.0592 9276 Pml Driver HPZ12 (f0efaf6000e9fcbd77f769d527ce5f9d) C:\Windows\system32\HPZipm12.dll 14:27:59.0608 9276 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 14:27:59.0608 9276 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 14:27:59.0639 9276 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 14:27:59.0670 9276 PNRPAutoReg - ok 14:27:59.0701 9276 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 14:27:59.0717 9276 PNRPsvc - ok 14:27:59.0764 9276 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 14:27:59.0795 9276 PolicyAgent - ok 14:27:59.0857 9276 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 14:27:59.0904 9276 Power - ok 14:27:59.0998 9276 Power Manager DBC Service (ebf8a077be308c0c6d55d90f89a43547) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE 14:28:00.0013 9276 Power Manager DBC Service - ok 14:28:00.0076 9276 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 14:28:00.0123 9276 PptpMiniport - ok 14:28:00.0138 9276 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys 14:28:00.0169 9276 Processor - ok 14:28:00.0232 9276 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 14:28:00.0279 9276 ProfSvc - ok 14:28:00.0310 9276 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:28:00.0325 9276 ProtectedStorage - ok 14:28:00.0372 9276 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys 14:28:00.0403 9276 psadd - ok 14:28:00.0466 9276 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 14:28:00.0528 9276 Psched - ok 14:28:00.0622 9276 PwmEWSvc (254de0e4fb8822ca9e5495dcac3bf11c) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE 14:28:00.0653 9276 PwmEWSvc - ok 14:28:00.0731 9276 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys 14:28:00.0747 9276 PxHelp20 - ok 14:28:00.0793 9276 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys 14:28:00.0825 9276 ql2300 - ok 14:28:00.0871 9276 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys 14:28:00.0887 9276 ql40xx - ok 14:28:00.0918 9276 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 14:28:00.0965 9276 QWAVE - ok 14:28:01.0027 9276 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 14:28:01.0059 9276 QWAVEdrv - ok 14:28:01.0074 9276 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 14:28:01.0105 9276 RasAcd - ok 14:28:01.0137 9276 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:28:01.0168 9276 RasAgileVpn - ok 14:28:01.0183 9276 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 14:28:01.0215 9276 RasAuto - ok 14:28:01.0246 9276 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:28:01.0277 9276 Rasl2tp - ok 14:28:01.0324 9276 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 14:28:01.0355 9276 RasMan - ok 14:28:01.0433 9276 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 14:28:01.0480 9276 RasPppoe - ok 14:28:01.0480 9276 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 14:28:01.0511 9276 RasSstp - ok 14:28:01.0558 9276 rcSmCard (fa0192d67d676f360ef1bbb1b3b30070) C:\Windows\system32\DRIVERS\rcSmCard.sys 14:28:01.0558 9276 rcSmCard - ok 14:28:01.0589 9276 rcVidCap (c05b281d5bd452ccc0d61378757d134f) C:\Windows\system32\DRIVERS\rcVidMpt.sys 14:28:01.0589 9276 rcVidCap - ok 14:28:01.0604 9276 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 14:28:01.0636 9276 rdbss - ok 14:28:01.0651 9276 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 14:28:01.0682 9276 rdpbus - ok 14:28:01.0698 9276 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:28:01.0729 9276 RDPCDD - ok 14:28:01.0760 9276 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 14:28:01.0776 9276 RDPDR - ok 14:28:01.0870 9276 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 14:28:01.0916 9276 RDPENCDD - ok 14:28:01.0932 9276 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 14:28:01.0963 9276 RDPREFMP - ok 14:28:01.0979 9276 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 14:28:02.0010 9276 RdpVideoMiniport - ok 14:28:02.0026 9276 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 14:28:02.0057 9276 RDPWD - ok 14:28:02.0088 9276 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 14:28:02.0088 9276 rdyboost - ok 14:28:02.0197 9276 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 14:28:02.0213 9276 regi - ok 14:28:02.0322 9276 RegSrvc (6c47ac711f5fb55c5387a85d50ab4703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 14:28:02.0353 9276 RegSrvc - ok 14:28:02.0416 9276 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 14:28:02.0447 9276 RemoteAccess - ok 14:28:02.0494 9276 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 14:28:02.0525 9276 RemoteRegistry - ok 14:28:02.0587 9276 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 14:28:02.0618 9276 RFCOMM - ok 14:28:02.0634 9276 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys 14:28:02.0650 9276 rimspci - ok 14:28:02.0665 9276 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys 14:28:02.0681 9276 risdpcie - ok 14:28:02.0696 9276 rixdpcie (6a60626412129c713cc30c81870a8095) C:\Windows\system32\drivers\rixdpe86.sys 14:28:02.0728 9276 rixdpcie - ok 14:28:02.0915 9276 RoxMediaDB10 (b2a212fd6be89f4d7f835fb85bb24195) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe 14:28:02.0962 9276 RoxMediaDB10 - ok 14:28:03.0024 9276 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 14:28:03.0102 9276 RpcEptMapper - ok 14:28:03.0133 9276 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 14:28:03.0164 9276 RpcLocator - ok 14:28:03.0196 9276 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 14:28:03.0242 9276 RpcSs - ok 14:28:03.0305 9276 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 14:28:03.0352 9276 rspndr - ok 14:28:03.0414 9276 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 14:28:03.0445 9276 s3cap - ok 14:28:03.0476 9276 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:28:03.0492 9276 SamSs - ok 14:28:03.0523 9276 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 14:28:03.0539 9276 sbp2port - ok 14:28:03.0570 9276 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 14:28:03.0617 9276 SCardSvr - ok 14:28:03.0632 9276 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 14:28:03.0679 9276 scfilter - ok 14:28:03.0710 9276 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 14:28:03.0757 9276 Schedule - ok 14:28:03.0819 9276 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 14:28:03.0866 9276 SCPolicySvc - ok 14:28:03.0897 9276 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 14:28:03.0929 9276 SDRSVC - ok 14:28:03.0991 9276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:28:04.0038 9276 secdrv - ok 14:28:04.0053 9276 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 14:28:04.0100 9276 seclogon - ok 14:28:04.0131 9276 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 14:28:04.0163 9276 SENS - ok 14:28:04.0225 9276 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 14:28:04.0241 9276 SensrSvc - ok 14:28:04.0272 9276 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 14:28:04.0287 9276 Serenum - ok 14:28:04.0287 9276 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 14:28:04.0319 9276 Serial - ok 14:28:04.0334 9276 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys 14:28:04.0350 9276 sermouse - ok 14:28:04.0365 9276 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 14:28:04.0397 9276 SessionEnv - ok 14:28:04.0443 9276 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 14:28:04.0490 9276 sffdisk - ok 14:28:04.0506 9276 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 14:28:04.0521 9276 sffp_mmc - ok 14:28:04.0537 9276 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 14:28:04.0553 9276 sffp_sd - ok 14:28:04.0553 9276 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys 14:28:04.0584 9276 sfloppy - ok 14:28:04.0631 9276 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 14:28:04.0662 9276 SharedAccess - ok 14:28:04.0740 9276 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 14:28:04.0787 9276 ShellHWDetection - ok 14:28:04.0849 9276 Shockprf (1624530d05155f4e5a4736531523bff5) C:\Windows\system32\DRIVERS\Apsx86.sys 14:28:04.0849 9276 Shockprf - ok 14:28:04.0880 9276 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 14:28:04.0896 9276 sisagp - ok 14:28:04.0927 9276 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys 14:28:04.0943 9276 SiSRaid2 - ok 14:28:04.0958 9276 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys 14:28:04.0958 9276 SiSRaid4 - ok 14:28:05.0021 9276 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe 14:28:05.0052 9276 SkypeUpdate - ok 14:28:05.0130 9276 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 14:28:05.0177 9276 Smb - ok 14:28:05.0286 9276 SmcService (9672e993c5f09bb15adb757a8af7765e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe 14:28:05.0317 9276 SmcService - ok 14:28:05.0379 9276 SNAC (229b0890af1a54e2f57099542cd18642) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE 14:28:05.0411 9276 SNAC - ok 14:28:05.0473 9276 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 14:28:05.0504 9276 SNMPTRAP - ok 14:28:05.0613 9276 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 14:28:05.0644 9276 SPBBCDrv - ok 14:28:05.0691 9276 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 14:28:05.0722 9276 spldr - ok 14:28:05.0738 9276 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 14:28:05.0800 9276 Spooler - ok 14:28:05.0894 9276 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 14:28:05.0972 9276 sppsvc - ok 14:28:06.0050 9276 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 14:28:06.0112 9276 sppuinotify - ok 14:28:06.0190 9276 SRTSP (14389e87d0d2e25b12bf2cc74cfaee07) C:\Windows\system32\Drivers\SRTSP.SYS 14:28:06.0206 9276 SRTSP - ok 14:28:06.0253 9276 SRTSPL (aed0f68c185fe698a21cefcd76f0b8a4) C:\Windows\system32\Drivers\SRTSPL.SYS 14:28:06.0268 9276 SRTSPL - ok 14:28:06.0315 9276 SRTSPX (0e2ca6326726477fe29863808bbad413) C:\Windows\system32\Drivers\SRTSPX.SYS 14:28:06.0315 9276 SRTSPX - ok 14:28:06.0362 9276 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 14:28:06.0393 9276 srv - ok 14:28:06.0424 9276 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 14:28:06.0456 9276 srv2 - ok 14:28:06.0518 9276 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 14:28:06.0549 9276 srvnet - ok 14:28:06.0627 9276 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 14:28:06.0658 9276 SSDPSRV - ok 14:28:06.0674 9276 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 14:28:06.0705 9276 SstpSvc - ok 14:28:06.0736 9276 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys 14:28:06.0736 9276 stexstor - ok 14:28:06.0768 9276 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 14:28:06.0814 9276 StiSvc - ok 14:28:06.0924 9276 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 14:28:06.0939 9276 stllssvr - ok 14:28:07.0033 9276 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 14:28:07.0064 9276 StorSvc - ok 14:28:07.0126 9276 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 14:28:07.0142 9276 storvsc - ok 14:28:07.0189 9276 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files\Lenovo\System Update\SUService.exe 14:28:07.0204 9276 SUService ( UnsignedFile.Multi.Generic ) - warning 14:28:07.0204 9276 SUService - detected UnsignedFile.Multi.Generic (1) 14:28:07.0220 9276 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 14:28:07.0236 9276 swenum - ok 14:28:07.0251 9276 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 14:28:07.0298 9276 swprv - ok 14:28:07.0407 9276 Symantec AntiVirus (409ebed03f66e3941e33e412795e6c2c) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe 14:28:07.0454 9276 Symantec AntiVirus - ok 14:28:07.0516 9276 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS 14:28:07.0532 9276 SymEvent - ok 14:28:07.0579 9276 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\Synth3dVsc.sys 14:28:07.0594 9276 Synth3dVsc - ok 14:28:07.0625 9276 SynthVid (04990c25043705985f1ec40bf704aaac) C:\Windows\system32\DRIVERS\VMBusVideoM.sys 14:28:07.0641 9276 SynthVid - ok 14:28:07.0703 9276 SynTP (b41404ee2aacfb08dd1b3a6afa0b62eb) C:\Windows\system32\DRIVERS\SynTP.sys 14:28:07.0719 9276 SynTP - ok 14:28:07.0766 9276 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 14:28:07.0813 9276 SysMain - ok 14:28:07.0875 9276 SysPlant (e2433edc2fd23f7d7272d6e74f22bd79) C:\Windows\SYSTEM32\Drivers\SysPlant.sys 14:28:07.0891 9276 SysPlant - ok 14:28:07.0922 9276 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 14:28:07.0953 9276 TabletInputService - ok 14:28:07.0984 9276 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 14:28:08.0015 9276 TapiSrv - ok 14:28:08.0047 9276 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 14:28:08.0078 9276 TBS - ok 14:28:08.0140 9276 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 14:28:08.0187 9276 Tcpip - ok 14:28:08.0249 9276 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 14:28:08.0281 9276 TCPIP6 - ok 14:28:08.0327 9276 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 14:28:08.0374 9276 tcpipreg - ok 14:28:08.0405 9276 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 14:28:08.0421 9276 TDPIPE - ok 14:28:08.0437 9276 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 14:28:08.0483 9276 TDTCP - ok 14:28:08.0483 9276 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 14:28:08.0515 9276 tdx - ok 14:28:08.0624 9276 Teefer3 (8f9bf086fed2c7c076a7a4b8e8a24fe9) C:\Windows\system32\DRIVERS\Teefer3.sys 14:28:08.0639 9276 Teefer3 - ok 14:28:08.0671 9276 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys 14:28:08.0686 9276 TermDD - ok 14:28:08.0717 9276 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys 14:28:08.0749 9276 terminpt - ok 14:28:08.0780 9276 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 14:28:08.0827 9276 TermService - ok 14:28:08.0873 9276 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 14:28:08.0905 9276 Themes - ok 14:28:08.0936 9276 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 14:28:08.0983 9276 THREADORDER - ok 14:28:09.0045 9276 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\Windows\system32\DRIVERS\ApsHM86.sys 14:28:09.0045 9276 TPDIGIMN - ok 14:28:09.0076 9276 TPHDEXLGSVC (a34a1e6b5461273846d30f5898602a72) C:\Windows\system32\TPHDEXLG.exe 14:28:09.0092 9276 TPHDEXLGSVC - ok 14:28:09.0185 9276 TPHKLOAD (9cd364ecb3a10b24c7cac8ff89993a67) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 14:28:09.0201 9276 TPHKLOAD - ok 14:28:09.0232 9276 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 14:28:09.0248 9276 TPHKSVC - ok 14:28:09.0326 9276 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys 14:28:09.0357 9276 TPM - ok 14:28:09.0404 9276 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys 14:28:09.0419 9276 TPPWRIF - ok 14:28:09.0451 9276 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 14:28:09.0482 9276 TrkWks - ok 14:28:09.0513 9276 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 14:28:09.0544 9276 TrustedInstaller - ok 14:28:09.0575 9276 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:28:09.0591 9276 tssecsrv - ok 14:28:09.0607 9276 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 14:28:09.0622 9276 TsUsbFlt - ok 14:28:09.0700 9276 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys 14:28:09.0716 9276 TsUsbGD - ok 14:28:09.0762 9276 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys 14:28:09.0778 9276 tsusbhub - ok 14:28:09.0809 9276 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 14:28:09.0856 9276 tunnel - ok 14:28:09.0872 9276 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys 14:28:09.0887 9276 uagp35 - ok 14:28:09.0903 9276 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 14:28:09.0934 9276 udfs - ok 14:28:09.0965 9276 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 14:28:09.0996 9276 UI0Detect - ok 14:28:10.0090 9276 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 14:28:10.0106 9276 uliagpkx - ok 14:28:10.0152 9276 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 14:28:10.0168 9276 umbus - ok 14:28:10.0184 9276 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys 14:28:10.0215 9276 UmPass - ok 14:28:10.0230 9276 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 14:28:10.0262 9276 UmRdpService - ok 14:28:10.0293 9276 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 14:28:10.0355 9276 upnphost - ok 14:28:10.0355 9276 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 14:28:10.0371 9276 usbccgp - ok 14:28:10.0464 9276 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 14:28:10.0496 9276 usbcir - ok 14:28:10.0527 9276 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 14:28:10.0558 9276 usbehci - ok 14:28:10.0605 9276 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 14:28:10.0620 9276 usbhub - ok 14:28:10.0683 9276 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 14:28:10.0730 9276 usbohci - ok 14:28:10.0761 9276 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys 14:28:10.0776 9276 usbprint - ok 14:28:10.0808 9276 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:28:10.0823 9276 USBSTOR - ok 14:28:10.0901 9276 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 14:28:10.0917 9276 usbuhci - ok 14:28:10.0964 9276 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys 14:28:10.0995 9276 usbvideo - ok 14:28:11.0010 9276 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 14:28:11.0026 9276 UxSms - ok 14:28:11.0073 9276 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:28:11.0088 9276 VaultSvc - ok 14:28:11.0120 9276 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 14:28:11.0120 9276 vdrvroot - ok 14:28:11.0151 9276 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 14:28:11.0198 9276 vds - ok 14:28:11.0260 9276 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 14:28:11.0307 9276 vga - ok 14:28:11.0322 9276 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 14:28:11.0354 9276 VgaSave - ok 14:28:11.0369 9276 VGPU - ok 14:28:11.0385 9276 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 14:28:11.0400 9276 vhdmp - ok 14:28:11.0432 9276 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 14:28:11.0447 9276 viaagp - ok 14:28:11.0463 9276 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys 14:28:11.0494 9276 ViaC7 - ok 14:28:11.0525 9276 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 14:28:11.0541 9276 viaide - ok 14:28:11.0556 9276 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 14:28:11.0572 9276 VMBusHID - ok 14:28:11.0634 9276 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 14:28:11.0650 9276 volmgr - ok 14:28:11.0697 9276 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 14:28:11.0712 9276 volmgrx - ok 14:28:11.0728 9276 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 14:28:11.0728 9276 volsnap - ok 14:28:11.0790 9276 vpnagent (5ea22cb6b100212837a97f281edb3c47) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 14:28:11.0821 9276 vpnagent - ok 14:28:11.0853 9276 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys 14:28:11.0868 9276 vpnva - ok 14:28:11.0899 9276 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys 14:28:11.0915 9276 vsmraid - ok 14:28:12.0102 9276 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 14:28:12.0211 9276 VSS - ok 14:28:12.0383 9276 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 14:28:12.0414 9276 vwifibus - ok 14:28:12.0445 9276 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 14:28:12.0477 9276 vwififlt - ok 14:28:12.0523 9276 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 14:28:12.0555 9276 W32Time - ok 14:28:12.0601 9276 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys 14:28:12.0617 9276 WacomPen - ok 14:28:12.0757 9276 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 14:28:12.0820 9276 WANARP - ok 14:28:12.0820 9276 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 14:28:12.0851 9276 Wanarpv6 - ok 14:28:12.0929 9276 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 14:28:12.0976 9276 WatAdminSvc - ok 14:28:13.0069 9276 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 14:28:13.0101 9276 wbengine - ok 14:28:13.0132 9276 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 14:28:13.0147 9276 WbioSrvc - ok 14:28:13.0179 9276 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 14:28:13.0194 9276 wcncsvc - ok 14:28:13.0210 9276 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 14:28:13.0241 9276 WcsPlugInService - ok 14:28:13.0319 9276 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys 14:28:13.0335 9276 Wd - ok 14:28:13.0350 9276 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 14:28:13.0366 9276 Wdf01000 - ok 14:28:13.0428 9276 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 14:28:13.0459 9276 WdiServiceHost - ok 14:28:13.0475 9276 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 14:28:13.0491 9276 WdiSystemHost - ok 14:28:13.0522 9276 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 14:28:13.0553 9276 WebClient - ok 14:28:13.0584 9276 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 14:28:13.0615 9276 Wecsvc - ok 14:28:13.0662 9276 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 14:28:13.0709 9276 wercplsupport - ok 14:28:13.0725 9276 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 14:28:13.0756 9276 WerSvc - ok 14:28:13.0818 9276 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 14:28:13.0865 9276 WfpLwf - ok 14:28:13.0896 9276 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 14:28:13.0896 9276 WIMMount - ok 14:28:13.0927 9276 winachsf (bc43a66ed6898f405a4acf6179a5f9b1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 14:28:13.0943 9276 winachsf - ok 14:28:14.0036 9276 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 14:28:14.0099 9276 WinDefend - ok 14:28:14.0099 9276 WinHttpAutoProxySvc - ok 14:28:14.0192 9276 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 14:28:14.0239 9276 Winmgmt - ok 14:28:14.0380 9276 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 14:28:14.0489 9276 WinRM - ok 14:28:14.0551 9276 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 14:28:14.0645 9276 Wlansvc - ok 14:28:14.0785 9276 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:28:14.0801 9276 WmiAcpi - ok 14:28:14.0848 9276 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 14:28:14.0894 9276 wmiApSrv - ok 14:28:15.0050 9276 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 14:28:15.0082 9276 WMPNetworkSvc - ok 14:28:15.0175 9276 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 14:28:15.0206 9276 WPCSvc - ok 14:28:15.0222 9276 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 14:28:15.0238 9276 WPDBusEnum - ok 14:28:15.0331 9276 WPS (5b873300a1802a6d254af59943f6c1a2) C:\Windows\system32\drivers\wpsdrvnt.sys 14:28:15.0347 9276 WPS - ok 14:28:15.0409 9276 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys 14:28:15.0409 9276 WpsHelper - ok 14:28:15.0503 9276 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 14:28:15.0565 9276 ws2ifsl - ok 14:28:15.0596 9276 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 14:28:15.0612 9276 wscsvc - ok 14:28:15.0612 9276 WSearch - ok 14:28:15.0690 9276 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 14:28:15.0768 9276 wuauserv - ok 14:28:15.0815 9276 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 14:28:15.0862 9276 WudfPf - ok 14:28:15.0986 9276 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:28:16.0033 9276 WUDFRd - ok 14:28:16.0095 9276 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 14:28:16.0127 9276 wudfsvc - ok 14:28:16.0158 9276 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 14:28:16.0189 9276 WwanSvc - ok 14:28:16.0251 9276 XAudio (311faffb280fca0d4a7739e2474eac9f) C:\Windows\system32\DRIVERS\XAudio32.sys 14:28:16.0267 9276 XAudio - ok 14:28:16.0298 9276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:28:16.0454 9276 \Device\Harddisk0\DR0 - ok 14:28:16.0485 9276 Boot (0x1200) (500a01d39808765925b81bcdd53495e8) \Device\Harddisk0\DR0\Partition0 14:28:16.0501 9276 \Device\Harddisk0\DR0\Partition0 - ok 14:28:16.0501 9276 Boot (0x1200) (67efa989ebacaf4500036a5f9ef9ca76) \Device\Harddisk0\DR0\Partition1 14:28:16.0501 9276 \Device\Harddisk0\DR0\Partition1 - ok 14:28:16.0501 9276 ============================================================ 14:28:16.0501 9276 Scan finished 14:28:16.0501 9276 ============================================================ 14:28:16.0517 1252 Detected object count: 5 14:28:16.0517 1252 Actual detected object count: 5 14:29:22.0545 1252 Cwbrxd ( UnsignedFile.Multi.Generic ) - skipped by user 14:29:22.0545 1252 Cwbrxd ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:29:22.0561 1252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 14:29:22.0561 1252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:29:22.0561 1252 NETwNx32 ( UnsignedFile.Multi.Generic ) - skipped by user 14:29:22.0561 1252 NETwNx32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:29:22.0561 1252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 14:29:22.0561 1252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:29:22.0561 1252 SUService ( UnsignedFile.Multi.Generic ) - skipped by user 14:29:22.0561 1252 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
  7. Thanks MrC. Here is the log from RogueKiller: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: 107267 [Admin rights] Mode: Scan -- Date: 04/16/2012 10:53:43 ¤¤¤ Bad processes: 3 ¤¤¤ [sUSP PATH] ndvcngtf.exe -- C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 9 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : NdvCngtf (C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1541481396-3027813910-3587673724-1177[...]\Run : NdvCngtf (C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ausproxy.aus.rccl.com:8080) -> FOUND [HJPOL] HKCU\[...]\Explorer : DisallowRun (1) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x82D2DB93 -> HOOKED (Unknown @ 0x86222788) SSDT[14] : NtAlertThread @ 0x82C80B80 -> HOOKED (Unknown @ 0x86222848) SSDT[19] : NtAllocateVirtualMemory @ 0x82C79B8C -> HOOKED (Unknown @ 0x8621E6C0) SSDT[74] : NtCreateMutant @ 0x82C6025A -> HOOKED (Unknown @ 0x86223880) SSDT[87] : NtCreateThread @ 0x82D2BE36 -> HOOKED (Unknown @ 0x862169B8) SSDT[131] : NtFreeVirtualMemory @ 0x82B094DB -> HOOKED (Unknown @ 0x86215988) SSDT[145] : NtImpersonateAnonymousToken @ 0x82C45888 -> HOOKED (Unknown @ 0x86223950) SSDT[147] : NtImpersonateThread @ 0x82CC97CC -> HOOKED (Unknown @ 0x862226C8) SSDT[168] : NtMapViewOfSection @ 0x82C964D2 -> HOOKED (Unknown @ 0x8622B748) SSDT[177] : NtOpenEvent @ 0x82C5FC56 -> HOOKED (Unknown @ 0x862237C0) SSDT[191] : NtOpenProcessToken @ 0x82CB41CF -> HOOKED (Unknown @ 0x8621E790) SSDT[199] : NtOpenThreadToken @ 0x82CC84B4 -> HOOKED (Unknown @ 0x8622C6D0) SSDT[304] : NtResumeThread @ 0x82CC051B -> HOOKED (Unknown @ 0x861D4308) SSDT[316] : NtSetContextThread @ 0x82D2CF2F -> HOOKED (Unknown @ 0x8622C610) SSDT[333] : NtSetInformationProcess @ 0x82C8872D -> HOOKED (Unknown @ 0x8622B600) SSDT[335] : NtSetInformationThread @ 0x82CB9C7F -> HOOKED (Unknown @ 0x86219940) SSDT[366] : NtSuspendProcess @ 0x82D2DACF -> HOOKED (Unknown @ 0x86223700) SSDT[367] : NtSuspendThread @ 0x82CE5005 -> HOOKED (Unknown @ 0x86222950) SSDT[370] : NtTerminateProcess @ 0x82CAAB8D -> HOOKED (Unknown @ 0x8621F750) SSDT[371] : NtTerminateThread @ 0x82CC8504 -> HOOKED (Unknown @ 0x86219880) SSDT[385] : NtUnmapViewOfSection @ 0x82CB480A -> HOOKED (Unknown @ 0x8622B6D0) SSDT[399] : NtWriteVirtualMemory @ 0x82CAF8EA -> HOOKED (Unknown @ 0x86212940) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: HITACHI HTS725016A9A364 ATA Device +++++ --- User --- [MBR] e580097e5ff895ed02925a231ce5c21d [bSP] bd8b6921c3619a601c6bda75acf140fb : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152314 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 311941120 | Size: 300 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++ --- User --- [MBR] 60b9cdbd75eb44d94f3de5a9ee80b5f8 [bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16 | Size: 3814 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  8. Hello, I have an infection on my machine. Running Windows 7. After watching a streaming video, I began getting a 'Windows Command Processor is requesting your permission' pop-up, which I am unable to close. When I restart the machine, the pop-up appears just after Windows restarts. I have ran MBAM but nothing is found. I ran Windows Defender Offline...two threats were found and removed, but the problem remains. The virus is preventing me from downloading or running MBAB, but I was able to run it in Chamelon mode. Here are the requested logs from DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by 107267 at 21:13:39 on 2012-04-15 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.2996.1631 [GMT 10:00] . AV: Symantec Endpoint Protection *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Program Files\ca\sc\CAM\bin\cam.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files\ca\sc\CsamSockAdapter\bin\csampmux.exe C:\Program Files\ca\DSM\bin\caf.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Notes\nsd.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\ca\DSM\Bin\cfsmsmd.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\taskhost.exe C:\Program Files\ca\DSM\Bin\ccnfagent.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\ca\DSM\Bin\cfnotsrvd.exe C:\Program Files\ca\DSM\Bin\ccsmagtd.exe C:\Program Files\ca\DSM\Bin\rcHost.exe C:\Program Files\ca\DSM\Bin\amswmagt.exe C:\Program Files\ca\DSM\Bin\cfftplugin.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe C:\Windows\System32\TpShocks.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe C:\Program Files\ca\DSM\bin\cfSysTray.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\UserAccountControlSettings.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\consent.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchFilterHost.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.com.au/ uDefault_Page_URL = about:blank mDefault_Page_URL = Http://intranet.rcleurope.com uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;119.225.1.34;<local> uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [NdvCngtf] c:\users\107267\appdata\local\fwepddko\ndvcngtf.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Client Access Service] c:\program files\ibm\client access\cwbsvstr.exe mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe mRun: [TpShocks] TpShocks.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe" mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\107267\appdata\roaming\microsoft\windows\start menu\programs\startup\ndvcngtf.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{0f1f7a90-e71b-4e45-a066-2891619f22e1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\windows\installer\{fdcc0996-eb13-45d6-846d-013f1c8dc6bd}\IconFDCC0996.exe uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = autorun.pif uPolicies-disallowrun: 2 = hupigon.exe uPolicies-system: NoDispSettingsPage = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: dontdisplaylockeduserid = 3 (0x3) IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll Trusted Zone: amadeus.com Trusted Zone: amadeusvista.com Trusted Zone: azamaraclubcruises.co.uk Trusted Zone: azamaraclubcruises.com Trusted Zone: cdfcroisieresdefrance.fr Trusted Zone: celebritycruises.co.uk Trusted Zone: celebritycruises.com Trusted Zone: concursolutions.com Trusted Zone: crusingpower.com Trusted Zone: localhost Trusted Zone: pullmantur.es Trusted Zone: rccl.com Trusted Zone: rccl.com\colonial Trusted Zone: rcleurope.com Trusted Zone: rclinvestor.com Trusted Zone: royalcaribbean.co.uk Trusted Zone: royalcaribbean.com Trusted Zone: specialtydining.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdewebctlsU.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdeexpimpU.cab TCP: DhcpNameServer = 192.168.0.1 203.134.12.90 TCP: Interfaces\{15E7702C-B836-49ED-B4F7-D42A117612E3} : DhcpNameServer = 192.168.0.1 203.134.12.90 TCP: Interfaces\{15E7702C-B836-49ED-B4F7-D42A117612E3}\051657C6E4F5251697D6F6E6469437D49774F646 : DhcpNameServer = 192.168.10.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-2-29 25968] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-2-29 13680] R1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\drivers\Teefer3.sys [2011-12-2 43936] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2012-3-2 185672] R2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\csamsockadapter\bin\CSAMPmux.exe [2011-7-6 169288] R2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\dsm\bin\CAF.exe [2010-4-26 208648] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2012-2-29 50536] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-2-29 101736] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2012-2-29 74088] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-2-29 127336] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\notes\nsd.exe [2010-8-12 3417480] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-15 654408] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2012-3-1 48640] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2012-3-1 59904] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-12-2 1846592] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-2-29 131432] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-2-29 142696] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-18 497856] R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2012-2-29 132864] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-3-1 45736] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-29 29472] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-2-29 292200] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-3-1 215208] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-13 106104] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-3-1 132480] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-1 269824] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-15 22344] R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-8-3 7517696] R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2010-4-26 26128] R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2010-4-26 9872] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-21 126464] S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2012-3-1 7391104] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000] S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2012-2-29 89152] S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-2-29 175168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872] S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2012-3-1 38912] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-9-24 1124848] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-21 19456] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264] S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-16 1343400] . =============== Created Last 30 ================ . 2012-04-15 09:38:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-15 09:38:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-15 08:56:55 -------- d-sh--w- C:\found.000 2012-04-14 13:11:11 -------- d-----w- c:\users\107267\appdata\roaming\Malwarebytes 2012-04-14 13:11:11 -------- d-----w- c:\programdata\Malwarebytes 2012-04-14 11:58:05 -------- d-----w- c:\users\107267\appdata\local\fwepddko 2012-04-14 07:55:21 -------- d-----r- c:\program files\Skype 2012-04-14 07:41:50 -------- d-----w- c:\users\107267\appdata\local\Google 2012-04-14 07:40:48 -------- d-----w- c:\users\107267\appdata\local\Deployment 2012-04-14 07:40:48 -------- d-----w- c:\users\107267\appdata\local\Apps 2012-04-14 07:24:13 -------- d-----w- c:\users\107267\appdata\local\Broadcom 2012-04-13 07:03:25 -------- d-----w- c:\users\107267\appdata\roaming\PwrMgr 2012-04-13 07:00:21 -------- d-----w- c:\users\107267\appdata\roaming\smkits 2012-04-13 07:00:04 -------- d-----w- c:\users\107267\appdata\local\Cisco 2012-04-13 06:57:06 -------- d-----w- c:\users\107267\appdata\local\RSA 2012-04-13 06:48:27 -------- d-----w- c:\users\107267\appdata\roaming\CA 2012-04-13 06:33:12 -------- d-----w- c:\users\107267\appdata\roaming\IBM 2012-04-13 06:32:52 -------- d-----w- c:\users\107267\appdata\local\Symantec 2012-04-13 06:32:48 -------- d-----w- c:\users\107267\appdata\roaming\Intel 2012-04-13 06:32:48 -------- d-----w- c:\users\107267\appdata\local\VirtualStore 2012-04-13 06:28:48 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-04-13 06:28:47 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2012-04-13 06:27:23 99744 ----a-w- c:\windows\system32\drivers\SysPlant.sys 2012-04-13 06:27:23 357792 ----a-w- c:\windows\system32\Sysfer.dll 2012-04-13 06:27:05 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-04-13 06:26:57 503808 ----a-w- c:\windows\system32\MSVCP71.DLL 2012-04-13 06:26:57 348160 ----a-w- c:\windows\system32\MSVCR71.DLL 2012-04-13 06:26:57 1060864 ----a-w- c:\windows\system32\MFC71.DL1 2012-04-13 06:26:40 -------- d-----w- c:\programdata\Symantec 2012-04-13 06:26:40 -------- d-----w- c:\program files\Symantec 2012-04-13 06:26:40 -------- d-----w- c:\program files\common files\Symantec Shared 2012-04-13 06:23:37 -------- d-----w- c:\programdata\Uninstall 2012-04-13 06:22:05 -------- d-----w- c:\program files\Roxio 2012-04-13 06:22:05 -------- d-----w- c:\program files\common files\SureThing Shared 2012-04-13 06:20:26 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-04-13 06:20:26 721168 ----a-w- c:\windows\system32\VB40032.DLL 2012-04-13 06:20:26 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll 2012-04-13 06:20:26 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll 2012-04-13 06:20:25 -------- d-----w- c:\program files\Oracle 2012-04-13 06:20:25 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2012-04-13 06:03:09 311296 ----a-w- c:\program files\internet explorer\plugins\hyperion\BILauncher.dll 2012-04-13 06:03:09 27820133 ----a-w- c:\program files\internet explorer\plugins\hyperion\9.3.1\axbqs32.dll 2012-04-13 06:03:09 14233712 ----a-w- c:\program files\internet explorer\plugins\hyperion\8.3\axbqs32.dll 2012-04-13 06:03:04 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll 2012-04-13 06:03:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2012-04-13 06:03:04 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2012-04-13 06:03:04 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll 2012-04-13 06:03:04 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll 2012-04-13 06:03:03 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll 2012-04-13 06:03:03 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll 2012-04-13 06:03:03 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll 2012-04-13 05:55:13 -------- d-----w- c:\program files\ScanSoft 2012-04-13 05:50:33 -------- d-----w- c:\users\107267\appdata\local\Lotus 2012-04-13 05:42:53 -------- d-----w- c:\users\107267\appdata\local\Apple Computer 2012-04-13 05:40:35 -------- d-----w- C:\Hyperion 2012-04-13 05:28:28 -------- d-----w- C:\AdobeTemp 2012-04-07 04:38:14 -------- d-----w- C:\codec-info . ==================== Find3M ==================== . 2012-02-22 23:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . ============= FINISH: 21:14:16.58 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume2 Install Date: 2/29/2012 10:43:44 AM System Uptime: 4/15/2012 8:59:06 PM (1 hours ago) . Motherboard: LENOVO | | 2522ED2 Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 96.071 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318} Description: CA IT Client Manager r12 Secure Control Adapter Device ID: ROOT\DISPLAY\0001 Manufacturer: CA, Inc. Name: CA IT Client Manager r12 Secure Control Adapter PNP Device ID: ROOT\DISPLAY\0001 Service: rcVidCap . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: adfs Device ID: ROOT\LEGACY_ADFS\0000 Manufacturer: Name: adfs PNP Device ID: ROOT\LEGACY_ADFS\0000 Service: adfs . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . 32 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Media Player Adobe Reader 9.3.4 Adobe Shockwave Player 11.5 CA DSM Agent + Asset Management plugin (English only Edition) CA DSM Agent + Remote Control plugin (English only Edition) CA DSM Agent + Software Delivery plugin (English only Edition) CA Secure Socket Adapter Cisco AnyConnect VPN Client Citrix online plug-in Citrix online plug-in (DV) Citrix online plug-in (PNA) Citrix online plug-in (SSON) Citrix online plug-in (Web) Conexant 20585 SmartAudio HD cwbnethlp Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition DirectX 9 Runtime FireFox GPL Ghostscript Lite 8.70 HumanConcepts OrgPlus 8 Plug-in Hyperion Interactive Reporting Web Client Hyperion Reporting and Analysis Client IBM i Access for Windows 7.1 IBM i Access for Windows MRI Integrated Camera Driver Installer Package Ver.1.1.0.48 Intel PROSet Wireless Intel® Control Center Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software InterVideo WinDVD 8 Java 6 Update 20 JDE ActiveX Lenovo Auto Scroll Utility Lenovo Central Audio Lenovo Patch Utility Lenovo System Interface Driver LiveUpdate 3.3 (Symantec Corporation) Lotus Notes 8.5.2 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Standard 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 11.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) On Screen Display Oracle10gAdmin PDF Writer - bioPDF 7.1.0.1195 QuickTime RICOH R5U230 Media Driver ver.2.06.02.02 Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Creator Business Edition Roxio Express Labeler 3 RSA SecurID Software Token Security Update for Microsoft Excel 2010 (KB2553070) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2289161) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft PowerPoint 2010 (KB2519975) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft Word 2010 (KB2345000) Skype™ 5.9 Sonic CinePlayer Decoder Pack Spelling Dictionaries Support For Adobe Reader 9 Symantec Endpoint Protection System Update ThinkPad Bluetooth with Enhanced Data Rate Software ThinkPad FullScreen Magnifier ThinkPad Hotkey Features Integration Setup ThinkPad Modem Adapter ThinkPad Power Management Driver ThinkPad Power Manager ThinkPad UltraNav Driver ThinkPad UltraNav Utility ThinkVantage Active Protection System ThinkVantage Communications Utility Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2566458) Update for Microsoft OneNote 2010 (KB2493983) Update for Microsoft Outlook Social Connector (KB2583935) WinZip 9 SR1 . ==== Event Viewer Messages From Past Week ======== . 4/15/2012 9:02:18 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . 4/15/2012 9:00:25 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 4/15/2012 8:59:40 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified. 4/15/2012 8:59:40 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 4/15/2012 8:59:39 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain AUS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 4/15/2012 7:38:35 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding 4/15/2012 6:53:42 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OSDisk. 4/14/2012 5:37:41 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 4/14/2012 11:22:19 PM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). 4/13/2012 4:27:16 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/13/2012 4:23:17 PM, Error: Service Control Manager [7030] - The RoxMediaDB10 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/11/2012 12:22:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} 4/11/2012 12:22:40 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 4/11/2012 12:22:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 4/11/2012 12:22:38 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== fyi, this is a work computer.
  9. Hi, I believe my computer is infected. When I open a new Chrome session, it automatically opens two tabs, which re-direct me to a site called "btsearch.name" which is simply a Google search window. This began after downloading "MyStart by Incredibar". I I removed the program via Add/Remove but the problem remains. I have run both MalwareBytes & Spybot S&D (including Immunization) but the problem remains. Here are the DDS.txt & Attach.txt files as requested. Thank you for any assistance you can offer. -Ryan . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31 Run by 107267 at 18:00:26 on 2012-04-10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2108 [GMT 10:00] . AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . ============== Running Processes =============== . C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Citrix\ICA Client\ssonsvr.exe svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CA\SC\CAM\bin\cam.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Notes\nsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Notes\ntmulti.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sonexis\ApplicationSharing\AppDriverService.exe C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Sophos\Remote Management System\RouterNT.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\CA\DSM\Bin\caf.exe C:\Program Files\CA\DSM\Bin\cfsmsmd.exe C:\Program Files\CA\DSM\Bin\ccnfagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe C:\Program Files\CA\DSM\Bin\ccsmagtd.exe C:\Program Files\CA\DSM\Bin\rcHost.exe C:\Program Files\CA\DSM\Bin\amswmagt.exe C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe C:\Program Files\CA\DSM\Bin\cfftplugin.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CA\DSM\bin\cfSysTray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Sophos\AutoUpdate\almon.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Browny02\Brother\BrStMonW.exe C:\Program Files\Browny02\BrYNSvc.exe C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\107267\Desktop\snagit32.exe C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://intranet.rcleurope.com/ mDefault_Page_URL = Http://intranet.rcleurope.com uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080 uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;anyconnect.rccl.com;119.225.1.34;;*.local;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\107267\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe" mRun: [WinVNC] "c:\program files\orl\vnc\winvnc.exe" -servicehelper mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe" mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN mRun: [bigPondWirelessBroadbandCM] "c:\program files\telstra\mobile broadband manager\TelstraUCM.exe" -tsr mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = autorun.pif uPolicies-disallowrun: 2 = hupigon.exe uPolicies-system: NoDispSettingsPage = 0 (0x0) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab DPF: B3467D2D-E10C-41A6-B671-2B07A1445DC4 - hxxp://econference.rcleurope.com//Downloads/cmW32client.cab DPF: {00B28243-126B-4FFF-B346-6C3176E8296B} - hxxp://siebgvsp.rccl.com:9100/callcenter_enu/19221/applets/SiebelAx_Calendar.cab DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://qc.rccl.com/qcbin/capicom.dll DPF: {5F738800-9D2F-48CE-999B-B3D66C7E8D24} - hxxp://teamsite-prod.rccl.com/iw/ewebeditpro20/ewebeditpro5.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://remotemail.rccl.com:11023/dwa8W.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} - hxxp://siebgvsp.rccl.com:9100/callcenter_enu/19221/applets/SiebelAx_HI_Client.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aufreetrial.webex.com/client/T27L/webex/ieatgpc.cab DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxp://hyperion.rccl.com/InsightInstaller/setup.cab DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://qc.rccl.com/qcbin/Spider10.cab TCP: DhcpNameServer = 192.168.0.1 203.134.12.90 TCP: Interfaces\{362A5A16-A1C4-4FFD-8712-ECA41F10EB74} : DhcpNameServer = 192.168.0.1 203.134.12.90 Notify: CAF - c:\program files\ca\dsm\bin\cfwlogon.dll Notify: igfxcui - igfxdev.dll Notify: rcHostExt - c:\program files\ca\dsm\bin\rcLoginExt.dll AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\107267\application data\mozilla\firefox\profiles\tuai47zv.default\ FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6Oyy706xO9&i=26 FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oyy706xO9&&i=26&search= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\107267\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\107267\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\107267\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oyy706xO9&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 142c63b900000000000000218696caed FF - user.js: extensions.incredibar_i.instlDay - 15437 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:42:48 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6Oyy706xO9 FF - user.js: extensions.incredibar_i.upn2n - 92261197075936793 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10606 FF - user.js: extensions.incredibar_i.ppd - 61%5F2 . ============= SERVICES / DRIVERS =============== . R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-3-5 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-3-5 24064] R2 Ataman TCP Remote Logon Services;Ataman TCP Remote Logon Services;c:\hyperion\biplus\bin\sqr\remote\bin\atrls.exe [2010-9-17 71168] R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2010-3-5 147456] R2 caf;CA DSM r11 Common Application Framework.;c:\program files\ca\dsm\bin\CAF.exe [2008-3-1 193800] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\notes\nsd.exe [2009-9-29 3397000] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-12-13 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-12-13 97520] R2 Sonexis Application Sharing Driver Service;Sonexis Application Sharing Driver Service;c:\program files\sonexis\applicationsharing\AppDriverService.exe [2010-8-16 167936] R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2010-12-13 282624] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-12-13 230640] R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2010-12-13 806912] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2012-3-15 1543704] R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2010-9-2 230768] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856] R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-7-25 245760] R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2008-3-1 26128] R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2008-3-1 9872] R3 SonMirrorftas;ConferenceManager AppShare Filter Driver;c:\windows\system32\drivers\SonMirrorftas.sys [2010-8-16 3840] R3 SonVMDas;SonVMDas;c:\windows\system32\drivers\SonVMDas.sys [2010-8-16 2560] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253600] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-28 7680] S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-7-21 23928] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-29 189792] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-7-28 114688] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-3-5 14976] . =============== Created Last 30 ================ . 2012-04-10 06:00:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-04-10 06:00:54 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-04-10 05:52:28 -------- d-----w- c:\documents and settings\107267\application data\Malwarebytes 2012-04-10 05:52:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-10 05:52:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-10 05:52:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-07 04:43:10 -------- d-----w- c:\documents and settings\all users\application data\Premium 2012-04-07 04:38:14 -------- d-----w- C:\codec-info 2012-04-07 04:37:42 -------- d-----w- c:\documents and settings\all users\application data\InstallMate 2012-04-04 01:09:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-04-04 01:09:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-07 06:58:33 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-07 06:58:32 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 18:01:24.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/5/2010 11:12:31 PM System Uptime: 4/10/2012 5:11:47 PM (1 hours ago) . Motherboard: LENOVO | | 7659WET Processor: Intel® Core2 Duo CPU T7100 @ 1.80GHz | None | 1795/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 35.063 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: Unicenter r11 Remote Control Secure Control Adapter Device ID: ROOT\DISPLAY\0001 Manufacturer: Computer Associates Intl., Inc. Name: Unicenter r11 Remote Control Secure Control Adapter PNP Device ID: ROOT\DISPLAY\0001 Service: rcVidCap . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0001 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0001 Service: vpnva . ==== System Restore Points =================== . RP387: 2/21/2012 11:01:03 AM - System Checkpoint RP388: 2/26/2012 5:54:36 PM - System Checkpoint RP389: 3/3/2012 5:03:07 PM - System Checkpoint RP390: 3/5/2012 6:04:10 PM - System Checkpoint RP391: 3/7/2012 4:57:42 PM - Removed Java 6 Update 17 RP392: 3/7/2012 4:58:27 PM - Installed Java 6 Update 31 RP393: 3/8/2012 5:06:13 PM - System Checkpoint RP394: 3/9/2012 7:30:28 PM - System Checkpoint RP395: 3/10/2012 8:42:14 PM - System Checkpoint RP396: 3/12/2012 7:38:40 PM - System Checkpoint RP397: 3/14/2012 1:06:50 PM - System Checkpoint RP398: 3/15/2012 4:32:59 PM - System Checkpoint RP399: 3/16/2012 4:43:28 PM - System Checkpoint RP400: 3/19/2012 4:46:45 PM - System Checkpoint RP401: 3/20/2012 5:37:09 PM - System Checkpoint RP402: 3/22/2012 3:07:04 AM - System Checkpoint RP403: 3/23/2012 7:46:19 AM - System Checkpoint RP404: 3/25/2012 3:34:39 AM - System Checkpoint RP405: 3/26/2012 1:32:00 PM - System Checkpoint RP406: 3/27/2012 5:45:53 PM - System Checkpoint RP407: 3/29/2012 12:24:37 PM - System Checkpoint RP408: 3/31/2012 10:35:09 PM - System Checkpoint RP409: 4/2/2012 9:55:37 AM - System Checkpoint RP410: 4/3/2012 8:53:55 PM - System Checkpoint RP411: 4/5/2012 9:00:51 PM - System Checkpoint RP412: 4/7/2012 1:57:07 PM - System Checkpoint RP413: 4/10/2012 6:39:39 AM - System Checkpoint RP414: 4/10/2012 11:12:59 AM - Removed PGP Desktop . ==== Installed Programs ====================== . 32 Bit HP BiDi Channel Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update Avaya CMS Supervisor R13 BlackBerry Desktop Software 6.0 Bonjour Brother MFL-Pro Suite MFC-J415W CA Unicenter DSM Agent + Asset Management Plugin (English only Edition) CA Unicenter DSM Agent + Remote Control Plugin (English only Edition) CA Unicenter DSM Agent + Software Delivery Plugin (English only Edition) Cisco AnyConnect VPN Client Cisco Systems VPN Client 4.0.3 (F) Client Access Shortcut Fix Compatibility Pack for the 2007 Office system ConferenceManager Application Sharing Driver 8.0.15.0 Foxit Reader Google Chrome Google Talk Plugin GoToMeeting 4.8.0.723 GPL Ghostscript Lite 8.61 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB969084) Hyperion Interactive Reporting Web Client Hyperion Reporting and Analysis Client IBM iSeries Access for Windows Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java 6 Update 31 Lotus Notes Malwarebytes Anti-Malware version 1.61.0.1400 MetaFrame Presentation Server Client Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Mozilla Firefox 10.0 (x86 en-GB) mp mpmri MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB925673) Oracle10gAdmin PaperPort Image Printer QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 RSA SecurID Software Token ScanSoft PaperPort 11 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2183461) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2483614) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype™ 4.2 Sophos Remote Management System SoundMAX Spybot - Search & Destroy Telstra Mobile Broadband Manager ThinkPad Modem ThinkPad Power Management Driver ThinkPad UltraNav Driver Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Windows (KB971513) Update for Windows XP (KB2264107) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB898461) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) VLC media player 1.0.5 VNC Free Edition 4.1.3 WarriorPDF 5.0.0.614 WebEx WebFldrs XP Windows Imaging Component Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinRAR 4.00 beta 4 (32-bit) XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 4/5/2012 4:00:50 PM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-862' (IDE\CdRomMATSHITA_DVD-RAM_UJ-862_________________RB01____\5&28ef052f&0&0.1.0) disappeared from the system without first being prepared for removal. 4/5/2012 11:10:01 AM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-862' (IDE\CdRomMATSHITA_DVD-RAM_UJ-862_________________RB01____\5&28ef052f&0&0.0.0) disappeared from the system without first being prepared for removal. 4/5/2012 11:09:59 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. 4/5/2012 11:09:32 AM, error: Dhcp [1002] - The IP address lease 10.1.1.79 for the Network Card with network address 00215C8FD1CB has been denied by the DHCP server 192.168.40.65 (The DHCP Server sent a DHCPNACK message). 4/4/2012 11:06:50 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/4/2012 10:56:03 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AUS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 4/3/2012 8:34:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 4/3/2012 8:34:19 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/10/2012 5:12:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 4/10/2012 11:18:27 AM, error: Service Control Manager [7031] - The Sophos Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File ===========================
  10. MSRT reports no malicious software. _________________________________________ MBAM log: Malwarebytes' Anti-Malware 1.31 Database version: 1544 Windows 5.1.2600 Service Pack 3 12/25/2008 7:33:37 AM mbam-log-2008-12-25 (07-33-37).txt Scan type: Full Scan (C:\|) Objects scanned: 128357 Time elapsed: 55 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) __________________________________________ HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:34:33 AM, on 12/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Print Server\PTP\PSDiagnostic.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Upromise\Upromise.exe C:\Program Files\Upromise\UpromiseUa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [upromise] C:\Program Files\Upromise\Upromise.exe O4 - HKCU\..\Run: [upromise Update] C:\Program Files\Upromise\UpromiseUa.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://remotemail.rccl.com/,DanaInfo=RCLMA...l.com+dwa7W.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -- End of file - 9758 bytes
  11. thank you so much for your help, Maurice. i have completed all steps successfully. here are the logs: Avenger Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open file "C:\Program Files\AntivirusPro2009\data" Deletion of file "C:\Program Files\AntivirusPro2009\data" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT" Deletion of file "C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "C:\Program Files\AntivirusPro2009" not found! Deletion of file "C:\Program Files\AntivirusPro2009" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Documents and Settings\KBJ\Start Menu\Programs\AntivirusPro2009" not found! Deletion of file "C:\Documents and Settings\KBJ\Start Menu\Programs\AntivirusPro2009" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\windows\system32\drivers\tdssserv.sys" not found! Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSfpmp.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSfpmp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found! Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found! Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSShrxr.dll" not found! Deletion of file "c:\windows\system32\TDSShrxr.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSkkbi.log" not found! Deletion of file "c:\windows\system32\TDSSkkbi.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlrvd.dat" not found! Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlxwp.dll" not found! Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnmxh.log" not found! Deletion of file "c:\windows\system32\TDSSnmxh.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSoiqt.dll" not found! Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrhyp.log" not found! Deletion of file "c:\windows\system32\TDSSrhyp.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrtqp.dll" not found! Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSsihc.dll" not found! Deletion of file "c:\windows\system32\TDSSsihc.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSxfum.dll" not found! Deletion of file "c:\windows\system32\TDSSxfum.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found! Deletion of driver "tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. _____________________________________________________ Combofix ComboFix 08-12-24.01 - KBJ 2008-12-24 20:00:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -5:00] Running from: c:\documents and settings\KBJ\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winsrc.dll.tmp . ((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 ))))))))))))))))))))))))))))))) . 2008-12-23 09:17 . 2008-12-23 09:17 <DIR> d-------- c:\program files\Foxit Software 2008-12-23 09:17 . 2008-12-23 09:17 <DIR> d-------- c:\documents and settings\KBJ\Application Data\Foxit 2008-12-22 23:28 . 2008-12-22 23:28 <DIR> d-------- c:\program files\Trend Micro 2008-12-22 20:57 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-12-22 20:56 . 2008-12-22 20:56 <DIR> d-------- c:\program files\Panda Security 2008-12-22 19:31 . 2008-12-22 19:55 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-22 19:31 . 2008-12-22 19:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-22 19:15 . 2008-12-22 19:15 <DIR> d-------- c:\documents and settings\KBJ\Application Data\Malwarebytes 2008-12-22 19:15 . 2008-12-22 19:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-22 19:15 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-22 19:15 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-22 19:14 . 2008-12-22 19:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-21 10:51 . 2008-12-21 10:51 552 --a------ c:\windows\system32\DO_NOT_DELETE.backupSetID 2008-12-05 19:44 . 2008-12-05 19:44 <DIR> d-------- c:\program files\Scholastic 2008-11-27 08:32 . 2008-11-27 08:32 <DIR> d--hs---- c:\documents and settings\Default User\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-24 15:32 --------- d-----w c:\program files\Microsoft Windows OneCare Live 2008-12-23 00:08 --------- d-----w c:\program files\Google 2008-12-23 00:05 --------- d-----w c:\program files\WildTangent 2008-12-23 00:03 --------- d-----w c:\program files\Dell 2008-12-23 00:01 --------- d-----w c:\program files\Common Files\Ahead 2008-12-23 00:01 --------- d-----w c:\program files\Ahead 2008-12-23 00:00 --------- d-----w c:\program files\CyberLink DVD Solution 2008-12-22 23:38 --------- d-----w c:\program files\Common Files\Adobe 2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-11-15 19:36 --------- d-----w c:\documents and settings\Shannon\Application Data\Apple Computer 2008-11-13 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com 2008-11-13 17:14 --------- d-----w c:\program files\Windows Live Safety Center 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2004-10-01 20:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe 2006-10-24 21:30 88 --sh--r c:\windows\system32\05A8E500E5.sys 2008-02-25 00:33 56 --sh--r c:\windows\system32\DC627FA1E0.sys 2008-02-25 00:33 4,496 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Upromise"="c:\program files\Upromise\Upromise.exe" [2007-07-10 385024] "Upromise Update"="c:\program files\Upromise\UpromiseUa.exe" [2007-07-10 147456] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016] "PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-05 147456] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-22 28544] R2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" [2008-11-05 25968] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2007-08-01 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1177280955.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-24 20:01:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-24 20:02:46 ComboFix-quarantined-files.txt 2008-12-25 01:02:39 Pre-Run: 8,507,138,048 bytes free Post-Run: 8,565,121,024 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 171 --- E O F --- 2008-12-19 01:18:10
  12. MBAM scan: Malwarebytes' Anti-Malware 1.31 Database version: 1533 Windows 5.1.2600 Service Pack 3 12/22/2008 8:50:29 PM mbam-log-2008-12-22 (20-50-23).txt Scan type: Quick Scan Objects scanned: 59499 Time elapsed: 7 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 4 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\data (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT (Rogue.Antivirus2008) -> No action taken. C:\Documents and Settings\KBJ\Start Menu\Programs\AntivirusPro2009 (Rogue.AntivirusPro2009) -> No action taken. Files Infected: C:\Program Files\AntivirusPro2009\AntivirusPro2009.cfg (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\data\daily.cvd (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\data\main.cvd (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.Antivirus2008) -> No action taken. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.Antivirus2008) -> No action taken. C:\Documents and Settings\KBJ\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk (Rogue.AntivirusPro2009) -> No action taken. _________________________________________________________ Panda scan: ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-22 23:25:49 PROTECTIONS: 1 MALWARE: 42 SUSPECTS: 2 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Live OneCare 1.0.0 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@trafficmp[1].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@trafficmp[2].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\kbj@atdmt[1].txt.nco[20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\KBJ@AT~1.TXT] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\kbj@atdmt[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@247realmedia[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@247realmedia[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@fastclick[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@mediaplex[1].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@linksynergy[2].txt 00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@maxserving[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@com[1].txt 00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@z1.adserver[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@azjmp[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@statcounter[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt 00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\kbj@counter13.sextracker[1].txt 00167762 Cookie/Sextracker TrackingCookie No 0 Yes No E:\20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\kbj@counter13.sextracker[1].txt.nco[20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\KBJ@CO~1.TXT] 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@ad.yieldmanager[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@apmebf[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@burstnet[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@bs.serving-sys[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@www.burstbeacon[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@server.iad.liveperson[2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@server.iad.liveperson[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\kbj@advertising[1].txt.nco[20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\KBJ@AD~1.TXT] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\kbj@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@advertising[1].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\kbj@sextracker[2].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No E:\20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\kbj@sextracker[2].txt.nco[20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\KBJ@SE~3.TXT] 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@media.adrevolver[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@statse.webtrendslive[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@ads.pointroll[2].txt 00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@hc2.humanclick[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@overture[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@realmedia[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@realmedia[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@questionmarket[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@zedo[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@bluestreak[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@bluestreak[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@adrevolver[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@go[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@target[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@atwola[1].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@ehg-dig.hitbox[1].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@ads.addynamix[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@citi.bridgetrack[2].txt 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP556\A0061791.exe 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\LocalCopy\{AB1A65C4-D225-81BF-64DE-C198D59A3AA7}-AVEngn.dll 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\LocalCopy\{4FEFA341-CC44-12D7-905E-6E0B0797C4A6}-A0056182.exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ,z ;=============================================================================== ================================================================================ = =================== No C:\Program Files\BAE\BAE.dll ,z No C:\Program Files\BAE\BAE.dll ,z ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ,z ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== __________________________________________________________ Hijack This scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:08 PM, on 12/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Print Server\PTP\PSDiagnostic.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Upromise\Upromise.exe C:\Program Files\Upromise\UpromiseUa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [upromise] C:\Program Files\Upromise\Upromise.exe O4 - HKCU\..\Run: [upromise Update] C:\Program Files\Upromise\UpromiseUa.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -- End of file - 9743 bytes
  13. Kaspersky - looks like I'm good to go! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, December 5, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, December 05, 2008 11:42:31 Records in database: 1438448 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 42360 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:24:41 No malware has been detected. The scan area is clean. The selected area was scanned.
  14. OTMI log ========== FILES ========== C:\WINDOWS\pojubifeto.vbs moved successfully. LoadLibrary failed for C:\WINDOWS\gomyfozydo.dll C:\WINDOWS\gomyfozydo.dll NOT unregistered. C:\WINDOWS\gomyfozydo.dll moved successfully. C:\Documents and Settings\Owner\Application Data\kysaro.com moved successfully. C:\WINDOWS\system32\ofuhil.com moved successfully. C:\WINDOWS\wininit.ini moved successfully. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12042008_211637
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.