Apotheosis
-
Posts
27 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Apotheosis
-
-
Something has gone terribly wrong! Last night all seemed fine. The machine was shut down and this morning, I encountered some functionality problems.
First, the Caps Lock functionality was reversed. When it was off, letters were capitalized, and when it was on, they were lower-case.
I restarted the machine, but once the login screen appeared (press cntrl+alt+del to sign on), I can not advance. Cntrl+alt+del is not doing anything.
I rebooted the machine again manually holding the power button, then I get an error immediately upon reboot:
ERROR 0210: Stuck Key 2APress <F1> to SetupHowever, pressing F1 does nothing at all.
Any ideas???
-
Ok MBAM found nothing, looks good...
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.04.16.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
107267 :: AUSR86LF42T410 [administrator]
4/16/2012 11:14:33 PM
mbam-log-2012-04-16 (23-14-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339554
Time elapsed: 3 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Ok all done with ComboFix. Below is the log.
Note, you may see some Symantec Endpoint items in the log. I disabled it in the system tray, but I think there was still a background process.
Combofix restarted my computer (I imagine this is normal). It appears to have removed the infection. I will wait for your analysis to be sure, but I am not seeing the pop-up any more. So far, so good.
Thanks again mate!
ComboFix 12-04-16.01 - 107267 04/16/2012 22:35:42.1.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.2996.1628 [GMT 10:00]
Running from: c:\users\107267\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\users\107267\AppData\Local\bwwuiukr.log
c:\users\107267\AppData\Local\dpnrutou.log
c:\users\107267\AppData\Local\fwepddko\ndvcngtf.exe
c:\users\107267\AppData\Local\heghados.log
c:\users\107267\AppData\Local\pudhkcgb.log
c:\users\107267\AppData\Local\quswijjr.log
c:\users\107267\AppData\Local\tnqoqxsv.log
c:\users\107267\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ndvcngtf.exe
c:\users\107267\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\ITAdmin\AppData\Local\temp
2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\119327\AppData\Local\temp
2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\venausdp.AUS\AppData\Local\temp
2012-04-15 09:38 . 2012-04-15 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-15 09:38 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 08:56 . 2012-04-15 08:56 -------- d-----w- C:\found.000
2012-04-14 13:11 . 2012-04-14 13:11 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----w- c:\program files\Common Files\Skype
2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----r- c:\program files\Skype
2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----w- c:\programdata\Skype
2012-04-13 06:28 . 2012-04-13 06:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-04-13 06:28 . 2012-04-16 04:25 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-04-13 06:27 . 2011-12-02 00:33 99744 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-04-13 06:27 . 2011-12-02 00:33 357792 ----a-w- c:\windows\system32\Sysfer.dll
2012-04-13 06:27 . 2012-04-13 06:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-13 06:26 . 2007-03-21 09:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1
2012-04-13 06:26 . 2007-03-21 09:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2012-04-13 06:26 . 2007-03-21 09:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2012-04-13 06:26 . 2012-04-13 06:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-13 06:26 . 2012-04-13 06:28 -------- d-----w- c:\programdata\Symantec
2012-04-13 06:26 . 2012-04-13 06:27 -------- d-----w- c:\program files\Symantec
2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\Uninstall
2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\InstallShield
2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\Sonic
2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\users\Default\AppData\Local\Programs
2012-04-13 06:22 . 2012-04-13 06:22 -------- d-----w- c:\programdata\Roxio
2012-04-13 06:22 . 2012-04-13 06:23 -------- d-----w- c:\program files\Roxio
2012-04-13 06:22 . 2012-04-13 06:22 -------- d-----w- c:\program files\Common Files\SureThing Shared
2012-04-13 06:20 . 2004-01-22 17:52 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-04-13 06:20 . 2004-01-22 17:52 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll
2012-04-13 06:20 . 2004-01-22 17:52 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll
2012-04-13 06:20 . 2003-05-22 11:57 721168 ----a-w- c:\windows\system32\VB40032.DLL
2012-04-13 06:20 . 2012-04-13 06:20 -------- d-----w- c:\program files\Oracle
2012-04-13 06:20 . 2012-04-13 06:20 -------- d-----w- c:\program files\Microsoft Visual Studio .NET
2012-04-13 05:55 . 2012-04-13 05:55 -------- d-----w- c:\program files\ScanSoft
2012-04-13 05:51 . 2012-04-13 05:51 -------- d-----w- c:\users\Administrator\AppData\Local\Lotus
2012-04-13 05:40 . 2012-04-13 05:41 -------- d-----w- C:\Hyperion
2012-04-13 05:28 . 2012-04-13 05:36 -------- d-----w- C:\AdobeTemp
2012-04-13 05:25 . 2012-04-16 12:42 -------- d-----w- c:\users\107267
2012-04-13 05:25 . 2012-04-13 05:25 -------- d---a-w- C:\RestoreData
2012-04-09 23:10 . 2012-04-10 00:12 -------- d-----w- c:\users\119575
2012-04-07 04:42 . 2012-04-07 04:42 453 ----a-w- C:\user.js
2012-04-07 04:38 . 2012-04-13 05:48 -------- d-----w- C:\codec-info
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 23:57 . 2012-03-14 23:57 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-14 23:57 . 2012-03-14 23:57 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-14 23:57 . 2012-03-14 23:57 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-14 23:57 . 2012-03-14 23:57 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-14 23:57 . 2012-03-14 23:57 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-14 23:57 . 2012-03-14 23:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-14 23:57 . 2012-03-14 23:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-14 23:57 . 2012-03-14 23:57 367104 ----a-w- c:\windows\system32\html.iec
2012-03-14 23:57 . 2012-03-14 23:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-14 23:57 . 2012-03-14 23:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-14 23:57 . 2012-03-14 23:57 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-14 23:57 . 2012-03-14 23:57 1797632 ----a-w- c:\windows\system32\jscript9.dll
2012-03-14 23:57 . 2012-03-14 23:57 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-14 23:57 . 2012-03-14 23:57 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-14 23:57 . 2012-03-14 23:57 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-14 23:57 . 2012-03-14 23:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-14 23:57 . 2012-03-14 23:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-14 23:57 . 2012-03-14 23:57 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-14 23:57 . 2012-03-14 23:57 1126912 ----a-w- c:\windows\system32\wininet.dll
2012-03-14 23:57 . 2012-03-14 23:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-14 23:57 . 2012-03-14 23:57 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-22 23:18 . 2011-10-15 17:39 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 14:05 . 2012-03-14 23:58 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7923A67D-A651-4C37-8D4D-083FDED8299B}\mpengine.dll
2012-02-10 05:38 . 2012-03-14 23:55 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 23:55 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-14 23:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 23:55 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 23:55 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 04:39 . 2012-03-14 23:47 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2010-01-15 14336]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-17 2307368]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 176408]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-11-30 1322048]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"CAF_SystemTray"="c:\program files\ca\DSM\bin\cfSysTray.exe" [2010-04-26 84232]
"DsmSxplog"="c:\program files\ca\DSM\Bin\sxpstub.exe" [2010-04-26 25352]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-12-02 115624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128]
Online plug-in.lnk - c:\windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2012-3-2 77824]
WinZip Quick Pick.lnk - c:\windows\Installer\{FDCC0996-EB13-45D6-846D-013F1C8DC6BD}\IconFDCC0996.exe [2011-10-16 157696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"dontdisplaylockeduserid"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\DSM\bin\caf.exe service [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-11-30 292200]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwNx32.sys [2011-01-06 7391104]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-11-30 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-11-30 175168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-09-28 38912]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-09-23 1124848]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-11-30 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-12-02 43936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\CsamSockAdapter\bin\csampmux.exe [2011-07-06 169288]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Notes\nsd.exe [2010-08-11 3417480]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2011-06-15 59904]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 132864]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-09 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-30 106104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-14 269824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696]
S3 rcSmCard;rcSmCard;c:\windows\system32\DRIVERS\rcSmCard.sys [2010-04-26 26128]
S3 rcVidCap;rcVidCap;c:\windows\system32\DRIVERS\rcVidMpt.sys [2010-04-26 9872]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541481396-3027813910-3587673724-2262Core.job
- c:\users\venauslm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 00:00]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541481396-3027813910-3587673724-2262UA.job
- c:\users\venauslm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.au/
uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;119.225.1.34;<local>
uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: amadeus.com
Trusted Zone: amadeusvista.com
Trusted Zone: azamaraclubcruises.co.uk
Trusted Zone: azamaraclubcruises.com
Trusted Zone: cdfcroisieresdefrance.fr
Trusted Zone: celebritycruises.co.uk
Trusted Zone: celebritycruises.com
Trusted Zone: concursolutions.com
Trusted Zone: crusingpower.com
Trusted Zone: localhost
Trusted Zone: pullmantur.es
Trusted Zone: rccl.com
Trusted Zone: rccl.com\colonial
Trusted Zone: rcleurope.com
Trusted Zone: rclinvestor.com
Trusted Zone: royalcaribbean.co.uk
Trusted Zone: royalcaribbean.com
Trusted Zone: specialtydining.com
TCP: DhcpNameServer = 192.168.0.1 203.134.12.90
DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdewebctlsU.cab
DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdeexpimpU.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-NdvCngtf - c:\users\107267\AppData\Local\fwepddko\ndvcngtf.exe
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3052)
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\ca\sc\CAM\bin\cam.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\taskhost.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-16 22:48:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 12:48
.
Pre-Run: 102,365,892,608 bytes free
Post-Run: 105,055,432,704 bytes free
.
- - End Of File - - 96DF6F0BBC85963BCC7ECD9850E74F66
-
A couple of things to note...
First, seems like progress is being made. The pop-up no longer overrides other activity. It still remains flashing in my system tray but it is allowing my system to function whereas prior, it did not.
Second, on the malwarebytes download page, I am re-directed to majorgeeks.com website...on my other machine I am brought to cnet/download.com site. I did not proceed on the majorgeeks site.
-
Ok processes completed. System restore points created as instructed. It's a new computer, this is why I hadn't set one up yet.
Here is the log from TSSKiller:
14:26:59.0538 3600 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:27:01.0566 3600 ============================================================
14:27:01.0566 3600 Current date / time: 2012/04/16 14:27:01.0566
14:27:01.0566 3600 SystemInfo:
14:27:01.0566 3600
14:27:01.0566 3600 OS Version: 6.1.7601 ServicePack: 1.0
14:27:01.0566 3600 Product type: Workstation
14:27:01.0566 3600 ComputerName: AUSR86LF42T410
14:27:01.0566 3600 UserName: 107267
14:27:01.0566 3600 Windows directory: C:\Windows
14:27:01.0566 3600 System windows directory: C:\Windows
14:27:01.0566 3600 Processor architecture: Intel x86
14:27:01.0566 3600 Number of processors: 4
14:27:01.0566 3600 Page size: 0x1000
14:27:01.0566 3600 Boot type: Normal boot
14:27:01.0566 3600 ============================================================
14:27:02.0549 3600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
14:27:02.0549 3600 \Device\Harddisk0\DR0:
14:27:02.0549 3600 MBR used
14:27:02.0549 3600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1297D000
14:27:02.0549 3600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1297D800, BlocksNum 0x96000
14:27:02.0580 3600 Initialize success
14:27:02.0580 3600 ============================================================
14:27:34.0822 9276 ============================================================
14:27:34.0822 9276 Scan started
14:27:34.0822 9276 Mode: Manual; SigCheck; TDLFS;
14:27:34.0822 9276 ============================================================
14:27:35.0212 9276 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:27:35.0305 9276 1394ohci - ok
14:27:35.0352 9276 5U877 (400e37a671ffc7ff3e713b72c4e23d3f) C:\Windows\system32\DRIVERS\5U877.sys
14:27:35.0399 9276 5U877 - ok
14:27:35.0430 9276 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:27:35.0461 9276 ACPI - ok
14:27:35.0555 9276 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:27:35.0602 9276 AcpiPmi - ok
14:27:35.0617 9276 adfs - ok
14:27:35.0649 9276 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
14:27:35.0680 9276 adp94xx - ok
14:27:35.0695 9276 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
14:27:35.0711 9276 adpahci - ok
14:27:35.0727 9276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
14:27:35.0742 9276 adpu320 - ok
14:27:35.0773 9276 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:27:35.0820 9276 AeLookupSvc - ok
14:27:35.0898 9276 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:27:35.0961 9276 AFD - ok
14:27:35.0992 9276 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:27:36.0007 9276 agp440 - ok
14:27:36.0039 9276 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
14:27:36.0054 9276 aic78xx - ok
14:27:36.0085 9276 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:27:36.0117 9276 ALG - ok
14:27:36.0195 9276 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:27:36.0210 9276 aliide - ok
14:27:36.0335 9276 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:27:36.0351 9276 amdagp - ok
14:27:36.0366 9276 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:27:36.0382 9276 amdide - ok
14:27:36.0413 9276 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
14:27:36.0460 9276 AmdK8 - ok
14:27:36.0491 9276 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
14:27:36.0522 9276 AmdPPM - ok
14:27:36.0569 9276 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:27:36.0584 9276 amdsata - ok
14:27:36.0600 9276 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
14:27:36.0616 9276 amdsbs - ok
14:27:36.0694 9276 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:27:36.0709 9276 amdxata - ok
14:27:36.0756 9276 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:27:36.0803 9276 AppID - ok
14:27:36.0834 9276 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:27:36.0865 9276 AppIDSvc - ok
14:27:36.0881 9276 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
14:27:36.0928 9276 Appinfo - ok
14:27:36.0974 9276 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
14:27:36.0990 9276 AppMgmt - ok
14:27:37.0037 9276 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
14:27:37.0068 9276 arc - ok
14:27:37.0084 9276 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
14:27:37.0084 9276 arcsas - ok
14:27:37.0115 9276 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:27:37.0224 9276 AsyncMac - ok
14:27:37.0302 9276 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:27:37.0318 9276 atapi - ok
14:27:37.0364 9276 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:27:37.0427 9276 AudioEndpointBuilder - ok
14:27:37.0427 9276 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:27:37.0458 9276 Audiosrv - ok
14:27:37.0505 9276 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
14:27:37.0536 9276 AxInstSV - ok
14:27:37.0645 9276 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
14:27:37.0676 9276 b06bdrv - ok
14:27:37.0723 9276 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:27:37.0739 9276 b57nd60x - ok
14:27:37.0801 9276 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:27:37.0832 9276 BDESVC - ok
14:27:37.0926 9276 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:27:37.0973 9276 Beep - ok
14:27:38.0004 9276 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
14:27:38.0051 9276 BFE - ok
14:27:38.0082 9276 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
14:27:38.0129 9276 BITS - ok
14:27:38.0207 9276 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:27:38.0238 9276 blbdrive - ok
14:27:38.0254 9276 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:27:38.0285 9276 bowser - ok
14:27:38.0300 9276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
14:27:38.0332 9276 BrFiltLo - ok
14:27:38.0347 9276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
14:27:38.0363 9276 BrFiltUp - ok
14:27:38.0410 9276 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
14:27:38.0456 9276 Browser - ok
14:27:38.0550 9276 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:27:38.0565 9276 Brserid - ok
14:27:38.0597 9276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:27:38.0628 9276 BrSerWdm - ok
14:27:38.0643 9276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:27:38.0675 9276 BrUsbMdm - ok
14:27:38.0690 9276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:27:38.0721 9276 BrUsbSer - ok
14:27:38.0768 9276 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
14:27:38.0799 9276 BthEnum - ok
14:27:38.0877 9276 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
14:27:38.0924 9276 BTHMODEM - ok
14:27:38.0940 9276 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
14:27:38.0955 9276 BthPan - ok
14:27:38.0987 9276 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
14:27:39.0018 9276 BTHPORT - ok
14:27:39.0065 9276 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:27:39.0111 9276 bthserv - ok
14:27:39.0143 9276 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
14:27:39.0158 9276 BTHUSB - ok
14:27:39.0236 9276 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
14:27:39.0267 9276 btusbflt - ok
14:27:39.0330 9276 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
14:27:39.0345 9276 btwaudio - ok
14:27:39.0377 9276 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\drivers\btwavdt.sys
14:27:39.0392 9276 btwavdt - ok
14:27:39.0486 9276 btwdins (5c24aec670b9cce7f2af6de74677ceb4) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
14:27:39.0517 9276 btwdins - ok
14:27:39.0611 9276 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:27:39.0611 9276 btwl2cap - ok
14:27:39.0657 9276 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
14:27:39.0657 9276 btwrchid - ok
14:27:39.0782 9276 CA-MessageQueuing (3eac989be9af1228d0455afffbeee539) C:\Program Files\ca\sc\CAM\bin\cam.exe
14:27:39.0798 9276 CA-MessageQueuing - ok
14:27:39.0813 9276 CA-SAM-Pmux (974019262e249c7103fb30c4214c29e4) C:\Program Files\ca\sc\CsamSockAdapter\bin\csampmux.exe
14:27:39.0829 9276 CA-SAM-Pmux - ok
14:27:39.0891 9276 caf (d1f7a3aaed8b7a55233b9831a5c2401e) C:\Program Files\ca\DSM\bin\caf.exe
14:27:39.0907 9276 caf - ok
14:27:40.0001 9276 ccEvtMgr (73f7e0619d6ce8480f3a575619fc974f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
14:27:40.0016 9276 ccEvtMgr - ok
14:27:40.0032 9276 ccSetMgr (73f7e0619d6ce8480f3a575619fc974f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
14:27:40.0047 9276 ccSetMgr - ok
14:27:40.0141 9276 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:27:40.0188 9276 cdfs - ok
14:27:40.0219 9276 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:27:40.0250 9276 cdrom - ok
14:27:40.0297 9276 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:27:40.0313 9276 CertPropSvc - ok
14:27:40.0344 9276 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
14:27:40.0359 9276 circlass - ok
14:27:40.0391 9276 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:27:40.0391 9276 CLFS - ok
14:27:40.0484 9276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:27:40.0500 9276 clr_optimization_v2.0.50727_32 - ok
14:27:40.0562 9276 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:27:40.0593 9276 CmBatt - ok
14:27:40.0640 9276 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:27:40.0656 9276 cmdide - ok
14:27:40.0718 9276 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
14:27:40.0749 9276 CNG - ok
14:27:40.0812 9276 CnxtHdAudService (2fe437862d0caa879b3c01ef353edda7) C:\Windows\system32\drivers\CHDRT32.sys
14:27:40.0827 9276 CnxtHdAudService - ok
14:27:40.0874 9276 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:27:40.0874 9276 Compbatt - ok
14:27:40.0921 9276 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:27:40.0952 9276 CompositeBus - ok
14:27:40.0999 9276 COMSysApp - ok
14:27:41.0030 9276 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
14:27:41.0046 9276 crcdisk - ok
14:27:41.0092 9276 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
14:27:41.0124 9276 CryptSvc - ok
14:27:41.0155 9276 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:27:41.0186 9276 CSC - ok
14:27:41.0217 9276 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
14:27:41.0248 9276 CscService - ok
14:27:41.0295 9276 Cwbrxd (4066adcf86d3bab629366d10dcc40cb2) C:\Windows\cwbrxd.exe
14:27:41.0311 9276 Cwbrxd ( UnsignedFile.Multi.Generic ) - warning
14:27:41.0311 9276 Cwbrxd - detected UnsignedFile.Multi.Generic (1)
14:27:41.0389 9276 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:27:41.0451 9276 DcomLaunch - ok
14:27:41.0482 9276 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:27:41.0514 9276 defragsvc - ok
14:27:41.0560 9276 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:27:41.0607 9276 DfsC - ok
14:27:41.0638 9276 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
14:27:41.0670 9276 Dhcp - ok
14:27:41.0732 9276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:27:41.0763 9276 discache - ok
14:27:41.0779 9276 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
14:27:41.0794 9276 Disk - ok
14:27:41.0810 9276 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
14:27:41.0826 9276 dmvsc - ok
14:27:41.0857 9276 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
14:27:41.0888 9276 Dnscache - ok
14:27:41.0919 9276 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
14:27:41.0966 9276 dot3svc - ok
14:27:42.0075 9276 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
14:27:42.0091 9276 DozeHDD - ok
14:27:42.0138 9276 DozeSvc (01e2180c3d72cb0adcc43fb83d18942a) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
14:27:42.0153 9276 DozeSvc - ok
14:27:42.0184 9276 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
14:27:42.0231 9276 DPS - ok
14:27:42.0278 9276 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:27:42.0309 9276 drmkaud - ok
14:27:42.0403 9276 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:27:42.0434 9276 DXGKrnl - ok
14:27:42.0496 9276 e1kexpress (b0587c35e8c72a6fdf1782972efea03b) C:\Windows\system32\DRIVERS\e1k6232.sys
14:27:42.0512 9276 e1kexpress - ok
14:27:42.0543 9276 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:27:42.0590 9276 EapHost - ok
14:27:42.0746 9276 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
14:27:42.0808 9276 ebdrv - ok
14:27:42.0917 9276 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:27:42.0949 9276 eeCtrl - ok
14:27:43.0011 9276 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
14:27:43.0042 9276 EFS - ok
14:27:43.0105 9276 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
14:27:43.0136 9276 ehRecvr - ok
14:27:43.0167 9276 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:27:43.0198 9276 ehSched - ok
14:27:43.0292 9276 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
14:27:43.0307 9276 elxstor - ok
14:27:43.0463 9276 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:27:43.0479 9276 EraserUtilRebootDrv - ok
14:27:43.0557 9276 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:27:43.0604 9276 ErrDev - ok
14:27:43.0651 9276 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:27:43.0697 9276 EventSystem - ok
14:27:43.0775 9276 EvtEng (b6c691d8cae275ed9b2782e62626f36a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:27:43.0822 9276 EvtEng - ok
14:27:43.0916 9276 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:27:43.0947 9276 exfat - ok
14:27:43.0978 9276 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:27:44.0025 9276 fastfat - ok
14:27:44.0072 9276 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
14:27:44.0103 9276 Fax - ok
14:27:44.0181 9276 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
14:27:44.0212 9276 fdc - ok
14:27:44.0228 9276 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:27:44.0275 9276 fdPHost - ok
14:27:44.0306 9276 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:27:44.0337 9276 FDResPub - ok
14:27:44.0353 9276 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:27:44.0353 9276 FileInfo - ok
14:27:44.0384 9276 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:27:44.0415 9276 Filetrace - ok
14:27:44.0431 9276 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
14:27:44.0462 9276 flpydisk - ok
14:27:44.0493 9276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:27:44.0509 9276 FltMgr - ok
14:27:44.0540 9276 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
14:27:44.0587 9276 FontCache - ok
14:27:44.0680 9276 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:27:44.0696 9276 FontCache3.0.0.0 - ok
14:27:44.0758 9276 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:27:44.0774 9276 FsDepends - ok
14:27:44.0805 9276 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:27:44.0805 9276 Fs_Rec - ok
14:27:44.0820 9276 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:27:44.0836 9276 fvevol - ok
14:27:44.0867 9276 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
14:27:44.0883 9276 gagp30kx - ok
14:27:44.0914 9276 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
14:27:44.0961 9276 gpsvc - ok
14:27:45.0008 9276 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:27:45.0008 9276 hcw85cir - ok
14:27:45.0070 9276 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:27:45.0101 9276 HDAudBus - ok
14:27:45.0164 9276 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
14:27:45.0210 9276 HECI - ok
14:27:45.0226 9276 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
14:27:45.0257 9276 HidBatt - ok
14:27:45.0304 9276 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
14:27:45.0351 9276 HidBth - ok
14:27:45.0413 9276 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
14:27:45.0460 9276 HidIr - ok
14:27:45.0491 9276 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
14:27:45.0538 9276 hidserv - ok
14:27:45.0600 9276 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:27:45.0632 9276 HidUsb - ok
14:27:45.0678 9276 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
14:27:45.0710 9276 hkmsvc - ok
14:27:45.0756 9276 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
14:27:45.0788 9276 HomeGroupListener - ok
14:27:45.0819 9276 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
14:27:45.0866 9276 HomeGroupProvider - ok
14:27:45.0928 9276 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:27:45.0944 9276 HpSAMD - ok
14:27:46.0006 9276 HsfXAudioService (bfbdbca42710795c4446c54243970fd1) C:\Windows\system32\XAudio32.dll
14:27:46.0037 9276 HsfXAudioService - ok
14:27:46.0084 9276 HSF_DPV (caaa4433360fd337cf68a1b0719f9cc1) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:27:46.0100 9276 HSF_DPV - ok
14:27:46.0224 9276 HSXHWAZL (cb049fa2ce718f7468be50f3d7192370) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:27:46.0240 9276 HSXHWAZL - ok
14:27:46.0287 9276 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:27:46.0318 9276 HTTP - ok
14:27:46.0365 9276 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:27:46.0365 9276 hwpolicy - ok
14:27:46.0427 9276 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:27:46.0474 9276 i8042prt - ok
14:27:46.0505 9276 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:27:46.0536 9276 iaStorV - ok
14:27:46.0583 9276 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:27:46.0583 9276 IBMPMDRV - ok
14:27:46.0630 9276 IBMPMSVC (5565982522ee9d4e8921feb304d4226f) C:\Windows\system32\ibmpmsvc.exe
14:27:46.0646 9276 IBMPMSVC - ok
14:27:46.0724 9276 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:27:46.0770 9276 idsvc - ok
14:27:47.0020 9276 igfx (387ce9ae43e98cf469c51664b7173b1c) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:27:47.0145 9276 igfx - ok
14:27:47.0238 9276 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
14:27:47.0254 9276 iirsp - ok
14:27:47.0301 9276 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
14:27:47.0379 9276 IKEEXT - ok
14:27:47.0410 9276 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
14:27:47.0441 9276 Impcd - ok
14:27:47.0535 9276 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:27:47.0581 9276 IntcDAud - ok
14:27:47.0597 9276 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
14:27:47.0613 9276 intelide - ok
14:27:47.0628 9276 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:27:47.0644 9276 intelppm - ok
14:27:47.0675 9276 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:27:47.0706 9276 IPBusEnum - ok
14:27:47.0722 9276 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:27:47.0753 9276 IpFilterDriver - ok
14:27:47.0800 9276 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
14:27:47.0831 9276 iphlpsvc - ok
14:27:47.0909 9276 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:27:47.0940 9276 IPMIDRV - ok
14:27:47.0956 9276 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:27:47.0987 9276 IPNAT - ok
14:27:48.0018 9276 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:27:48.0049 9276 IRENUM - ok
14:27:48.0065 9276 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:27:48.0081 9276 isapnp - ok
14:27:48.0096 9276 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:27:48.0112 9276 iScsiPrt - ok
14:27:48.0205 9276 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:27:48.0221 9276 IviRegMgr - ok
14:27:48.0299 9276 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:27:48.0315 9276 kbdclass - ok
14:27:48.0346 9276 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
14:27:48.0377 9276 kbdhid - ok
14:27:48.0424 9276 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:27:48.0439 9276 KeyIso - ok
14:27:48.0455 9276 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
14:27:48.0455 9276 KSecDD - ok
14:27:48.0471 9276 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
14:27:48.0486 9276 KSecPkg - ok
14:27:48.0517 9276 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:27:48.0595 9276 KtmRm - ok
14:27:48.0689 9276 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
14:27:48.0751 9276 LanmanServer - ok
14:27:48.0814 9276 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
14:27:48.0860 9276 LanmanWorkstation - ok
14:27:48.0954 9276 LENOVO.CAMMUTE (cab9c6c37fd0f9612b269349116504b6) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
14:27:48.0970 9276 LENOVO.CAMMUTE - ok
14:27:49.0032 9276 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:27:49.0048 9276 LENOVO.MICMUTE - ok
14:27:49.0141 9276 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
14:27:49.0141 9276 lenovo.smi - ok
14:27:49.0157 9276 LENOVO.TPKNRSVC (04b5f7f44ccb2fab615c67ed0e6c8323) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
14:27:49.0157 9276 LENOVO.TPKNRSVC - ok
14:27:49.0172 9276 Lenovo.VIRTSCRLSVC (158b67696ec8602ce71f9aa4f14aa96f) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
14:27:49.0188 9276 Lenovo.VIRTSCRLSVC - ok
14:27:49.0328 9276 LiveUpdate (3aa70dcfb4ecb5fcfe6b9ff7cec3a5ea) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
14:27:49.0375 9276 LiveUpdate - ok
14:27:49.0484 9276 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:27:49.0547 9276 lltdio - ok
14:27:49.0578 9276 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:27:49.0609 9276 lltdsvc - ok
14:27:49.0609 9276 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:27:49.0656 9276 lmhosts - ok
14:27:49.0781 9276 Lotus Notes Diagnostics (731fd0367064d15989dff8a6f826e881) C:\Program Files\Notes\nsd.exe
14:27:49.0843 9276 Lotus Notes Diagnostics - ok
14:27:49.0921 9276 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
14:27:49.0952 9276 LSI_FC - ok
14:27:49.0952 9276 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
14:27:49.0968 9276 LSI_SAS - ok
14:27:49.0984 9276 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
14:27:49.0999 9276 LSI_SAS2 - ok
14:27:49.0999 9276 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
14:27:50.0015 9276 LSI_SCSI - ok
14:27:50.0030 9276 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:27:50.0077 9276 luafv - ok
14:27:50.0140 9276 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:27:50.0171 9276 MBAMProtector - ok
14:27:50.0233 9276 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:27:50.0249 9276 MBAMService - ok
14:27:50.0327 9276 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
14:27:50.0342 9276 Mcx2Svc - ok
14:27:50.0405 9276 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:27:50.0420 9276 mdmxsdk - ok
14:27:50.0452 9276 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
14:27:50.0467 9276 megasas - ok
14:27:50.0483 9276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
14:27:50.0498 9276 MegaSR - ok
14:27:50.0514 9276 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:27:50.0561 9276 MMCSS - ok
14:27:50.0576 9276 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:27:50.0608 9276 Modem - ok
14:27:50.0686 9276 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:27:50.0732 9276 monitor - ok
14:27:50.0826 9276 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:27:50.0842 9276 mouclass - ok
14:27:50.0873 9276 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:27:50.0904 9276 mouhid - ok
14:27:50.0951 9276 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:27:50.0966 9276 mountmgr - ok
14:27:50.0966 9276 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:27:50.0982 9276 mpio - ok
14:27:50.0997 9276 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:27:51.0044 9276 mpsdrv - ok
14:27:51.0075 9276 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
14:27:51.0107 9276 MpsSvc - ok
14:27:51.0185 9276 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:27:51.0200 9276 MRxDAV - ok
14:27:51.0231 9276 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:27:51.0263 9276 mrxsmb - ok
14:27:51.0294 9276 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:27:51.0309 9276 mrxsmb10 - ok
14:27:51.0325 9276 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:27:51.0341 9276 mrxsmb20 - ok
14:27:51.0372 9276 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:27:51.0387 9276 msahci - ok
14:27:51.0387 9276 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:27:51.0403 9276 msdsm - ok
14:27:51.0434 9276 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:27:51.0465 9276 MSDTC - ok
14:27:51.0543 9276 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:27:51.0575 9276 Msfs - ok
14:27:51.0699 9276 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:27:51.0746 9276 mshidkmdf - ok
14:27:51.0871 9276 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:27:51.0918 9276 msisadrv - ok
14:27:52.0011 9276 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:27:52.0089 9276 MSiSCSI - ok
14:27:52.0230 9276 msiserver - ok
14:27:52.0355 9276 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:27:52.0433 9276 MSKSSRV - ok
14:27:52.0495 9276 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:27:52.0557 9276 MSPCLOCK - ok
14:27:52.0823 9276 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:27:52.0901 9276 MSPQM - ok
14:27:52.0979 9276 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:27:52.0994 9276 MsRPC - ok
14:27:53.0306 9276 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
14:27:53.0322 9276 mssmbios - ok
14:27:53.0384 9276 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:27:53.0431 9276 MSTEE - ok
14:27:53.0556 9276 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
14:27:53.0587 9276 MTConfig - ok
14:27:53.0634 9276 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:27:53.0649 9276 Mup - ok
14:27:53.0774 9276 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
14:27:53.0868 9276 napagent - ok
14:27:54.0055 9276 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:27:54.0086 9276 NativeWifiP - ok
14:27:54.0258 9276 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111130.002\NAVENG.SYS
14:27:54.0273 9276 NAVENG - ok
14:27:54.0429 9276 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111130.002\NAVEX15.SYS
14:27:54.0507 9276 NAVEX15 - ok
14:27:54.0710 9276 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys
14:27:54.0741 9276 NDIS - ok
14:27:54.0960 9276 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:27:55.0006 9276 NdisCap - ok
14:27:55.0162 9276 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:27:55.0225 9276 NdisTapi - ok
14:27:55.0381 9276 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:27:55.0427 9276 Ndisuio - ok
14:27:55.0615 9276 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:27:55.0677 9276 NdisWan - ok
14:27:55.0895 9276 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:27:55.0942 9276 NDProxy - ok
14:27:56.0098 9276 Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
14:27:56.0129 9276 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:27:56.0129 9276 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:27:56.0270 9276 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:27:56.0332 9276 NetBIOS - ok
14:27:56.0410 9276 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:27:56.0441 9276 NetBT - ok
14:27:56.0551 9276 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:27:56.0582 9276 Netlogon - ok
14:27:56.0691 9276 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:27:56.0738 9276 Netman - ok
14:27:56.0785 9276 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:27:56.0831 9276 netprofm - ok
14:27:56.0909 9276 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:27:56.0925 9276 NetTcpPortSharing - ok
14:27:56.0987 9276 netvsc (104be93f0607c6aa0d85319581f96ec2) C:\Windows\system32\DRIVERS\netvsc60.sys
14:27:57.0019 9276 netvsc - ok
14:27:57.0159 9276 NETwNs32 (5c979c481981e04919ecbb3b88d54b34) C:\Windows\system32\DRIVERS\NETwNs32.sys
14:27:57.0268 9276 NETwNs32 - ok
14:27:57.0471 9276 NETwNx32 (32e6902485c5add8e4c6cd21545d5133) C:\Windows\system32\DRIVERS\NETwNx32.sys
14:27:57.0580 9276 NETwNx32 ( UnsignedFile.Multi.Generic ) - warning
14:27:57.0580 9276 NETwNx32 - detected UnsignedFile.Multi.Generic (1)
14:27:57.0674 9276 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
14:27:57.0674 9276 nfrd960 - ok
14:27:57.0705 9276 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
14:27:57.0798 9276 NlaSvc - ok
14:27:57.0798 9276 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:27:57.0845 9276 Npfs - ok
14:27:57.0876 9276 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:27:57.0908 9276 nsi - ok
14:27:57.0908 9276 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:27:57.0954 9276 nsiproxy - ok
14:27:57.0986 9276 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:27:58.0017 9276 Ntfs - ok
14:27:58.0095 9276 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:27:58.0126 9276 Null - ok
14:27:58.0142 9276 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:27:58.0157 9276 nvraid - ok
14:27:58.0157 9276 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:27:58.0173 9276 nvstor - ok
14:27:58.0188 9276 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:27:58.0204 9276 nv_agp - ok
14:27:58.0235 9276 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:27:58.0266 9276 ohci1394 - ok
14:27:58.0360 9276 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:27:58.0376 9276 ose - ok
14:27:58.0485 9276 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:27:58.0656 9276 osppsvc - ok
14:27:58.0719 9276 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:27:58.0766 9276 p2pimsvc - ok
14:27:58.0781 9276 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:27:58.0812 9276 p2psvc - ok
14:27:58.0875 9276 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
14:27:58.0890 9276 Parport - ok
14:27:58.0906 9276 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:27:58.0922 9276 partmgr - ok
14:27:58.0937 9276 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
14:27:58.0968 9276 Parvdm - ok
14:27:58.0984 9276 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:27:59.0000 9276 PcaSvc - ok
14:27:59.0015 9276 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:27:59.0031 9276 pci - ok
14:27:59.0046 9276 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:27:59.0062 9276 pciide - ok
14:27:59.0124 9276 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
14:27:59.0140 9276 pcmcia - ok
14:27:59.0156 9276 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:27:59.0156 9276 pcw - ok
14:27:59.0187 9276 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:27:59.0234 9276 PEAUTH - ok
14:27:59.0280 9276 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
14:27:59.0327 9276 PeerDistSvc - ok
14:27:59.0374 9276 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
14:27:59.0436 9276 pla - ok
14:27:59.0499 9276 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
14:27:59.0545 9276 PlugPlay - ok
14:27:59.0592 9276 Pml Driver HPZ12 (f0efaf6000e9fcbd77f769d527ce5f9d) C:\Windows\system32\HPZipm12.dll
14:27:59.0608 9276 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:27:59.0608 9276 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:27:59.0639 9276 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:27:59.0670 9276 PNRPAutoReg - ok
14:27:59.0701 9276 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:27:59.0717 9276 PNRPsvc - ok
14:27:59.0764 9276 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
14:27:59.0795 9276 PolicyAgent - ok
14:27:59.0857 9276 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
14:27:59.0904 9276 Power - ok
14:27:59.0998 9276 Power Manager DBC Service (ebf8a077be308c0c6d55d90f89a43547) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
14:28:00.0013 9276 Power Manager DBC Service - ok
14:28:00.0076 9276 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:28:00.0123 9276 PptpMiniport - ok
14:28:00.0138 9276 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
14:28:00.0169 9276 Processor - ok
14:28:00.0232 9276 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
14:28:00.0279 9276 ProfSvc - ok
14:28:00.0310 9276 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:28:00.0325 9276 ProtectedStorage - ok
14:28:00.0372 9276 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
14:28:00.0403 9276 psadd - ok
14:28:00.0466 9276 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:28:00.0528 9276 Psched - ok
14:28:00.0622 9276 PwmEWSvc (254de0e4fb8822ca9e5495dcac3bf11c) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
14:28:00.0653 9276 PwmEWSvc - ok
14:28:00.0731 9276 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
14:28:00.0747 9276 PxHelp20 - ok
14:28:00.0793 9276 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
14:28:00.0825 9276 ql2300 - ok
14:28:00.0871 9276 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
14:28:00.0887 9276 ql40xx - ok
14:28:00.0918 9276 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:28:00.0965 9276 QWAVE - ok
14:28:01.0027 9276 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:28:01.0059 9276 QWAVEdrv - ok
14:28:01.0074 9276 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:28:01.0105 9276 RasAcd - ok
14:28:01.0137 9276 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:28:01.0168 9276 RasAgileVpn - ok
14:28:01.0183 9276 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:28:01.0215 9276 RasAuto - ok
14:28:01.0246 9276 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:28:01.0277 9276 Rasl2tp - ok
14:28:01.0324 9276 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
14:28:01.0355 9276 RasMan - ok
14:28:01.0433 9276 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:28:01.0480 9276 RasPppoe - ok
14:28:01.0480 9276 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:28:01.0511 9276 RasSstp - ok
14:28:01.0558 9276 rcSmCard (fa0192d67d676f360ef1bbb1b3b30070) C:\Windows\system32\DRIVERS\rcSmCard.sys
14:28:01.0558 9276 rcSmCard - ok
14:28:01.0589 9276 rcVidCap (c05b281d5bd452ccc0d61378757d134f) C:\Windows\system32\DRIVERS\rcVidMpt.sys
14:28:01.0589 9276 rcVidCap - ok
14:28:01.0604 9276 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:28:01.0636 9276 rdbss - ok
14:28:01.0651 9276 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:28:01.0682 9276 rdpbus - ok
14:28:01.0698 9276 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:28:01.0729 9276 RDPCDD - ok
14:28:01.0760 9276 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:28:01.0776 9276 RDPDR - ok
14:28:01.0870 9276 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:28:01.0916 9276 RDPENCDD - ok
14:28:01.0932 9276 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:28:01.0963 9276 RDPREFMP - ok
14:28:01.0979 9276 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
14:28:02.0010 9276 RdpVideoMiniport - ok
14:28:02.0026 9276 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:28:02.0057 9276 RDPWD - ok
14:28:02.0088 9276 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:28:02.0088 9276 rdyboost - ok
14:28:02.0197 9276 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
14:28:02.0213 9276 regi - ok
14:28:02.0322 9276 RegSrvc (6c47ac711f5fb55c5387a85d50ab4703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:28:02.0353 9276 RegSrvc - ok
14:28:02.0416 9276 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:28:02.0447 9276 RemoteAccess - ok
14:28:02.0494 9276 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:28:02.0525 9276 RemoteRegistry - ok
14:28:02.0587 9276 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
14:28:02.0618 9276 RFCOMM - ok
14:28:02.0634 9276 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys
14:28:02.0650 9276 rimspci - ok
14:28:02.0665 9276 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys
14:28:02.0681 9276 risdpcie - ok
14:28:02.0696 9276 rixdpcie (6a60626412129c713cc30c81870a8095) C:\Windows\system32\drivers\rixdpe86.sys
14:28:02.0728 9276 rixdpcie - ok
14:28:02.0915 9276 RoxMediaDB10 (b2a212fd6be89f4d7f835fb85bb24195) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
14:28:02.0962 9276 RoxMediaDB10 - ok
14:28:03.0024 9276 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:28:03.0102 9276 RpcEptMapper - ok
14:28:03.0133 9276 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:28:03.0164 9276 RpcLocator - ok
14:28:03.0196 9276 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:28:03.0242 9276 RpcSs - ok
14:28:03.0305 9276 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:28:03.0352 9276 rspndr - ok
14:28:03.0414 9276 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:28:03.0445 9276 s3cap - ok
14:28:03.0476 9276 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:28:03.0492 9276 SamSs - ok
14:28:03.0523 9276 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:28:03.0539 9276 sbp2port - ok
14:28:03.0570 9276 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:28:03.0617 9276 SCardSvr - ok
14:28:03.0632 9276 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:28:03.0679 9276 scfilter - ok
14:28:03.0710 9276 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
14:28:03.0757 9276 Schedule - ok
14:28:03.0819 9276 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:28:03.0866 9276 SCPolicySvc - ok
14:28:03.0897 9276 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
14:28:03.0929 9276 SDRSVC - ok
14:28:03.0991 9276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:28:04.0038 9276 secdrv - ok
14:28:04.0053 9276 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:28:04.0100 9276 seclogon - ok
14:28:04.0131 9276 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
14:28:04.0163 9276 SENS - ok
14:28:04.0225 9276 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:28:04.0241 9276 SensrSvc - ok
14:28:04.0272 9276 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:28:04.0287 9276 Serenum - ok
14:28:04.0287 9276 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:28:04.0319 9276 Serial - ok
14:28:04.0334 9276 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
14:28:04.0350 9276 sermouse - ok
14:28:04.0365 9276 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
14:28:04.0397 9276 SessionEnv - ok
14:28:04.0443 9276 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:28:04.0490 9276 sffdisk - ok
14:28:04.0506 9276 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:28:04.0521 9276 sffp_mmc - ok
14:28:04.0537 9276 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:28:04.0553 9276 sffp_sd - ok
14:28:04.0553 9276 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
14:28:04.0584 9276 sfloppy - ok
14:28:04.0631 9276 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:28:04.0662 9276 SharedAccess - ok
14:28:04.0740 9276 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
14:28:04.0787 9276 ShellHWDetection - ok
14:28:04.0849 9276 Shockprf (1624530d05155f4e5a4736531523bff5) C:\Windows\system32\DRIVERS\Apsx86.sys
14:28:04.0849 9276 Shockprf - ok
14:28:04.0880 9276 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:28:04.0896 9276 sisagp - ok
14:28:04.0927 9276 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
14:28:04.0943 9276 SiSRaid2 - ok
14:28:04.0958 9276 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
14:28:04.0958 9276 SiSRaid4 - ok
14:28:05.0021 9276 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
14:28:05.0052 9276 SkypeUpdate - ok
14:28:05.0130 9276 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:28:05.0177 9276 Smb - ok
14:28:05.0286 9276 SmcService (9672e993c5f09bb15adb757a8af7765e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
14:28:05.0317 9276 SmcService - ok
14:28:05.0379 9276 SNAC (229b0890af1a54e2f57099542cd18642) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
14:28:05.0411 9276 SNAC - ok
14:28:05.0473 9276 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:28:05.0504 9276 SNMPTRAP - ok
14:28:05.0613 9276 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:28:05.0644 9276 SPBBCDrv - ok
14:28:05.0691 9276 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:28:05.0722 9276 spldr - ok
14:28:05.0738 9276 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
14:28:05.0800 9276 Spooler - ok
14:28:05.0894 9276 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
14:28:05.0972 9276 sppsvc - ok
14:28:06.0050 9276 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
14:28:06.0112 9276 sppuinotify - ok
14:28:06.0190 9276 SRTSP (14389e87d0d2e25b12bf2cc74cfaee07) C:\Windows\system32\Drivers\SRTSP.SYS
14:28:06.0206 9276 SRTSP - ok
14:28:06.0253 9276 SRTSPL (aed0f68c185fe698a21cefcd76f0b8a4) C:\Windows\system32\Drivers\SRTSPL.SYS
14:28:06.0268 9276 SRTSPL - ok
14:28:06.0315 9276 SRTSPX (0e2ca6326726477fe29863808bbad413) C:\Windows\system32\Drivers\SRTSPX.SYS
14:28:06.0315 9276 SRTSPX - ok
14:28:06.0362 9276 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:28:06.0393 9276 srv - ok
14:28:06.0424 9276 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:28:06.0456 9276 srv2 - ok
14:28:06.0518 9276 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:28:06.0549 9276 srvnet - ok
14:28:06.0627 9276 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:28:06.0658 9276 SSDPSRV - ok
14:28:06.0674 9276 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:28:06.0705 9276 SstpSvc - ok
14:28:06.0736 9276 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
14:28:06.0736 9276 stexstor - ok
14:28:06.0768 9276 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
14:28:06.0814 9276 StiSvc - ok
14:28:06.0924 9276 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:28:06.0939 9276 stllssvr - ok
14:28:07.0033 9276 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
14:28:07.0064 9276 StorSvc - ok
14:28:07.0126 9276 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:28:07.0142 9276 storvsc - ok
14:28:07.0189 9276 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files\Lenovo\System Update\SUService.exe
14:28:07.0204 9276 SUService ( UnsignedFile.Multi.Generic ) - warning
14:28:07.0204 9276 SUService - detected UnsignedFile.Multi.Generic (1)
14:28:07.0220 9276 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
14:28:07.0236 9276 swenum - ok
14:28:07.0251 9276 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:28:07.0298 9276 swprv - ok
14:28:07.0407 9276 Symantec AntiVirus (409ebed03f66e3941e33e412795e6c2c) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
14:28:07.0454 9276 Symantec AntiVirus - ok
14:28:07.0516 9276 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:28:07.0532 9276 SymEvent - ok
14:28:07.0579 9276 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\Synth3dVsc.sys
14:28:07.0594 9276 Synth3dVsc - ok
14:28:07.0625 9276 SynthVid (04990c25043705985f1ec40bf704aaac) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
14:28:07.0641 9276 SynthVid - ok
14:28:07.0703 9276 SynTP (b41404ee2aacfb08dd1b3a6afa0b62eb) C:\Windows\system32\DRIVERS\SynTP.sys
14:28:07.0719 9276 SynTP - ok
14:28:07.0766 9276 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
14:28:07.0813 9276 SysMain - ok
14:28:07.0875 9276 SysPlant (e2433edc2fd23f7d7272d6e74f22bd79) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
14:28:07.0891 9276 SysPlant - ok
14:28:07.0922 9276 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
14:28:07.0953 9276 TabletInputService - ok
14:28:07.0984 9276 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
14:28:08.0015 9276 TapiSrv - ok
14:28:08.0047 9276 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:28:08.0078 9276 TBS - ok
14:28:08.0140 9276 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:28:08.0187 9276 Tcpip - ok
14:28:08.0249 9276 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:28:08.0281 9276 TCPIP6 - ok
14:28:08.0327 9276 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:28:08.0374 9276 tcpipreg - ok
14:28:08.0405 9276 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:28:08.0421 9276 TDPIPE - ok
14:28:08.0437 9276 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:28:08.0483 9276 TDTCP - ok
14:28:08.0483 9276 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:28:08.0515 9276 tdx - ok
14:28:08.0624 9276 Teefer3 (8f9bf086fed2c7c076a7a4b8e8a24fe9) C:\Windows\system32\DRIVERS\Teefer3.sys
14:28:08.0639 9276 Teefer3 - ok
14:28:08.0671 9276 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
14:28:08.0686 9276 TermDD - ok
14:28:08.0717 9276 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
14:28:08.0749 9276 terminpt - ok
14:28:08.0780 9276 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
14:28:08.0827 9276 TermService - ok
14:28:08.0873 9276 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:28:08.0905 9276 Themes - ok
14:28:08.0936 9276 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:28:08.0983 9276 THREADORDER - ok
14:28:09.0045 9276 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\Windows\system32\DRIVERS\ApsHM86.sys
14:28:09.0045 9276 TPDIGIMN - ok
14:28:09.0076 9276 TPHDEXLGSVC (a34a1e6b5461273846d30f5898602a72) C:\Windows\system32\TPHDEXLG.exe
14:28:09.0092 9276 TPHDEXLGSVC - ok
14:28:09.0185 9276 TPHKLOAD (9cd364ecb3a10b24c7cac8ff89993a67) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
14:28:09.0201 9276 TPHKLOAD - ok
14:28:09.0232 9276 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
14:28:09.0248 9276 TPHKSVC - ok
14:28:09.0326 9276 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
14:28:09.0357 9276 TPM - ok
14:28:09.0404 9276 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
14:28:09.0419 9276 TPPWRIF - ok
14:28:09.0451 9276 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:28:09.0482 9276 TrkWks - ok
14:28:09.0513 9276 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
14:28:09.0544 9276 TrustedInstaller - ok
14:28:09.0575 9276 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:28:09.0591 9276 tssecsrv - ok
14:28:09.0607 9276 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:28:09.0622 9276 TsUsbFlt - ok
14:28:09.0700 9276 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
14:28:09.0716 9276 TsUsbGD - ok
14:28:09.0762 9276 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
14:28:09.0778 9276 tsusbhub - ok
14:28:09.0809 9276 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:28:09.0856 9276 tunnel - ok
14:28:09.0872 9276 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
14:28:09.0887 9276 uagp35 - ok
14:28:09.0903 9276 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:28:09.0934 9276 udfs - ok
14:28:09.0965 9276 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:28:09.0996 9276 UI0Detect - ok
14:28:10.0090 9276 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:28:10.0106 9276 uliagpkx - ok
14:28:10.0152 9276 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
14:28:10.0168 9276 umbus - ok
14:28:10.0184 9276 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
14:28:10.0215 9276 UmPass - ok
14:28:10.0230 9276 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
14:28:10.0262 9276 UmRdpService - ok
14:28:10.0293 9276 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:28:10.0355 9276 upnphost - ok
14:28:10.0355 9276 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:28:10.0371 9276 usbccgp - ok
14:28:10.0464 9276 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:28:10.0496 9276 usbcir - ok
14:28:10.0527 9276 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:28:10.0558 9276 usbehci - ok
14:28:10.0605 9276 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:28:10.0620 9276 usbhub - ok
14:28:10.0683 9276 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:28:10.0730 9276 usbohci - ok
14:28:10.0761 9276 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
14:28:10.0776 9276 usbprint - ok
14:28:10.0808 9276 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:28:10.0823 9276 USBSTOR - ok
14:28:10.0901 9276 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:28:10.0917 9276 usbuhci - ok
14:28:10.0964 9276 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
14:28:10.0995 9276 usbvideo - ok
14:28:11.0010 9276 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:28:11.0026 9276 UxSms - ok
14:28:11.0073 9276 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:28:11.0088 9276 VaultSvc - ok
14:28:11.0120 9276 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:28:11.0120 9276 vdrvroot - ok
14:28:11.0151 9276 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
14:28:11.0198 9276 vds - ok
14:28:11.0260 9276 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:28:11.0307 9276 vga - ok
14:28:11.0322 9276 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:28:11.0354 9276 VgaSave - ok
14:28:11.0369 9276 VGPU - ok
14:28:11.0385 9276 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:28:11.0400 9276 vhdmp - ok
14:28:11.0432 9276 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:28:11.0447 9276 viaagp - ok
14:28:11.0463 9276 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
14:28:11.0494 9276 ViaC7 - ok
14:28:11.0525 9276 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:28:11.0541 9276 viaide - ok
14:28:11.0556 9276 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:28:11.0572 9276 VMBusHID - ok
14:28:11.0634 9276 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:28:11.0650 9276 volmgr - ok
14:28:11.0697 9276 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:28:11.0712 9276 volmgrx - ok
14:28:11.0728 9276 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:28:11.0728 9276 volsnap - ok
14:28:11.0790 9276 vpnagent (5ea22cb6b100212837a97f281edb3c47) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
14:28:11.0821 9276 vpnagent - ok
14:28:11.0853 9276 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
14:28:11.0868 9276 vpnva - ok
14:28:11.0899 9276 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
14:28:11.0915 9276 vsmraid - ok
14:28:12.0102 9276 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
14:28:12.0211 9276 VSS - ok
14:28:12.0383 9276 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:28:12.0414 9276 vwifibus - ok
14:28:12.0445 9276 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:28:12.0477 9276 vwififlt - ok
14:28:12.0523 9276 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:28:12.0555 9276 W32Time - ok
14:28:12.0601 9276 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
14:28:12.0617 9276 WacomPen - ok
14:28:12.0757 9276 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:28:12.0820 9276 WANARP - ok
14:28:12.0820 9276 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:28:12.0851 9276 Wanarpv6 - ok
14:28:12.0929 9276 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
14:28:12.0976 9276 WatAdminSvc - ok
14:28:13.0069 9276 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
14:28:13.0101 9276 wbengine - ok
14:28:13.0132 9276 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:28:13.0147 9276 WbioSrvc - ok
14:28:13.0179 9276 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
14:28:13.0194 9276 wcncsvc - ok
14:28:13.0210 9276 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:28:13.0241 9276 WcsPlugInService - ok
14:28:13.0319 9276 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
14:28:13.0335 9276 Wd - ok
14:28:13.0350 9276 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:28:13.0366 9276 Wdf01000 - ok
14:28:13.0428 9276 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:28:13.0459 9276 WdiServiceHost - ok
14:28:13.0475 9276 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:28:13.0491 9276 WdiSystemHost - ok
14:28:13.0522 9276 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
14:28:13.0553 9276 WebClient - ok
14:28:13.0584 9276 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:28:13.0615 9276 Wecsvc - ok
14:28:13.0662 9276 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:28:13.0709 9276 wercplsupport - ok
14:28:13.0725 9276 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:28:13.0756 9276 WerSvc - ok
14:28:13.0818 9276 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:28:13.0865 9276 WfpLwf - ok
14:28:13.0896 9276 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:28:13.0896 9276 WIMMount - ok
14:28:13.0927 9276 winachsf (bc43a66ed6898f405a4acf6179a5f9b1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:28:13.0943 9276 winachsf - ok
14:28:14.0036 9276 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:28:14.0099 9276 WinDefend - ok
14:28:14.0099 9276 WinHttpAutoProxySvc - ok
14:28:14.0192 9276 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:28:14.0239 9276 Winmgmt - ok
14:28:14.0380 9276 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
14:28:14.0489 9276 WinRM - ok
14:28:14.0551 9276 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:28:14.0645 9276 Wlansvc - ok
14:28:14.0785 9276 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:28:14.0801 9276 WmiAcpi - ok
14:28:14.0848 9276 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:28:14.0894 9276 wmiApSrv - ok
14:28:15.0050 9276 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:28:15.0082 9276 WMPNetworkSvc - ok
14:28:15.0175 9276 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:28:15.0206 9276 WPCSvc - ok
14:28:15.0222 9276 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
14:28:15.0238 9276 WPDBusEnum - ok
14:28:15.0331 9276 WPS (5b873300a1802a6d254af59943f6c1a2) C:\Windows\system32\drivers\wpsdrvnt.sys
14:28:15.0347 9276 WPS - ok
14:28:15.0409 9276 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
14:28:15.0409 9276 WpsHelper - ok
14:28:15.0503 9276 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:28:15.0565 9276 ws2ifsl - ok
14:28:15.0596 9276 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
14:28:15.0612 9276 wscsvc - ok
14:28:15.0612 9276 WSearch - ok
14:28:15.0690 9276 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
14:28:15.0768 9276 wuauserv - ok
14:28:15.0815 9276 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:28:15.0862 9276 WudfPf - ok
14:28:15.0986 9276 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:28:16.0033 9276 WUDFRd - ok
14:28:16.0095 9276 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
14:28:16.0127 9276 wudfsvc - ok
14:28:16.0158 9276 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:28:16.0189 9276 WwanSvc - ok
14:28:16.0251 9276 XAudio (311faffb280fca0d4a7739e2474eac9f) C:\Windows\system32\DRIVERS\XAudio32.sys
14:28:16.0267 9276 XAudio - ok
14:28:16.0298 9276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:28:16.0454 9276 \Device\Harddisk0\DR0 - ok
14:28:16.0485 9276 Boot (0x1200) (500a01d39808765925b81bcdd53495e8) \Device\Harddisk0\DR0\Partition0
14:28:16.0501 9276 \Device\Harddisk0\DR0\Partition0 - ok
14:28:16.0501 9276 Boot (0x1200) (67efa989ebacaf4500036a5f9ef9ca76) \Device\Harddisk0\DR0\Partition1
14:28:16.0501 9276 \Device\Harddisk0\DR0\Partition1 - ok
14:28:16.0501 9276 ============================================================
14:28:16.0501 9276 Scan finished
14:28:16.0501 9276 ============================================================
14:28:16.0517 1252 Detected object count: 5
14:28:16.0517 1252 Actual detected object count: 5
14:29:22.0545 1252 Cwbrxd ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:22.0545 1252 Cwbrxd ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:22.0561 1252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:22.0561 1252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:22.0561 1252 NETwNx32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:22.0561 1252 NETwNx32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:22.0561 1252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:22.0561 1252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:22.0561 1252 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:22.0561 1252 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
Thanks MrC. Here is the log from RogueKiller:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: 107267 [Admin rights]
Mode: Scan -- Date: 04/16/2012 10:53:43
¤¤¤ Bad processes: 3 ¤¤¤
[sUSP PATH] ndvcngtf.exe -- C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 9 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : NdvCngtf (C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe) -> FOUND
[sUSP PATH] HKUS\S-1-5-21-1541481396-3027813910-3587673724-1177[...]\Run : NdvCngtf (C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ausproxy.aus.rccl.com:8080) -> FOUND
[HJPOL] HKCU\[...]\Explorer : DisallowRun (1) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82D2DB93 -> HOOKED (Unknown @ 0x86222788)
SSDT[14] : NtAlertThread @ 0x82C80B80 -> HOOKED (Unknown @ 0x86222848)
SSDT[19] : NtAllocateVirtualMemory @ 0x82C79B8C -> HOOKED (Unknown @ 0x8621E6C0)
SSDT[74] : NtCreateMutant @ 0x82C6025A -> HOOKED (Unknown @ 0x86223880)
SSDT[87] : NtCreateThread @ 0x82D2BE36 -> HOOKED (Unknown @ 0x862169B8)
SSDT[131] : NtFreeVirtualMemory @ 0x82B094DB -> HOOKED (Unknown @ 0x86215988)
SSDT[145] : NtImpersonateAnonymousToken @ 0x82C45888 -> HOOKED (Unknown @ 0x86223950)
SSDT[147] : NtImpersonateThread @ 0x82CC97CC -> HOOKED (Unknown @ 0x862226C8)
SSDT[168] : NtMapViewOfSection @ 0x82C964D2 -> HOOKED (Unknown @ 0x8622B748)
SSDT[177] : NtOpenEvent @ 0x82C5FC56 -> HOOKED (Unknown @ 0x862237C0)
SSDT[191] : NtOpenProcessToken @ 0x82CB41CF -> HOOKED (Unknown @ 0x8621E790)
SSDT[199] : NtOpenThreadToken @ 0x82CC84B4 -> HOOKED (Unknown @ 0x8622C6D0)
SSDT[304] : NtResumeThread @ 0x82CC051B -> HOOKED (Unknown @ 0x861D4308)
SSDT[316] : NtSetContextThread @ 0x82D2CF2F -> HOOKED (Unknown @ 0x8622C610)
SSDT[333] : NtSetInformationProcess @ 0x82C8872D -> HOOKED (Unknown @ 0x8622B600)
SSDT[335] : NtSetInformationThread @ 0x82CB9C7F -> HOOKED (Unknown @ 0x86219940)
SSDT[366] : NtSuspendProcess @ 0x82D2DACF -> HOOKED (Unknown @ 0x86223700)
SSDT[367] : NtSuspendThread @ 0x82CE5005 -> HOOKED (Unknown @ 0x86222950)
SSDT[370] : NtTerminateProcess @ 0x82CAAB8D -> HOOKED (Unknown @ 0x8621F750)
SSDT[371] : NtTerminateThread @ 0x82CC8504 -> HOOKED (Unknown @ 0x86219880)
SSDT[385] : NtUnmapViewOfSection @ 0x82CB480A -> HOOKED (Unknown @ 0x8622B6D0)
SSDT[399] : NtWriteVirtualMemory @ 0x82CAF8EA -> HOOKED (Unknown @ 0x86212940)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS725016A9A364 ATA Device +++++
--- User ---
[MBR] e580097e5ff895ed02925a231ce5c21d
[bSP] bd8b6921c3619a601c6bda75acf140fb : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152314 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 311941120 | Size: 300 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 60b9cdbd75eb44d94f3de5a9ee80b5f8
[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16 | Size: 3814 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Hello, I have an infection on my machine. Running Windows 7. After watching a streaming video, I began getting a 'Windows Command Processor is requesting your permission' pop-up, which I am unable to close. When I restart the machine, the pop-up appears just after Windows restarts.
I have ran MBAM but nothing is found. I ran Windows Defender Offline...two threats were found and removed, but the problem remains.
The virus is preventing me from downloading or running MBAB, but I was able to run it in Chamelon mode.
Here are the requested logs from DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by 107267 at 21:13:39 on 2012-04-15
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.2996.1631 [GMT 10:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\ca\sc\CAM\bin\cam.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\ca\sc\CsamSockAdapter\bin\csampmux.exe
C:\Program Files\ca\DSM\bin\caf.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Notes\nsd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ca\DSM\Bin\cfsmsmd.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ca\DSM\Bin\ccnfagent.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ca\DSM\Bin\cfnotsrvd.exe
C:\Program Files\ca\DSM\Bin\ccsmagtd.exe
C:\Program Files\ca\DSM\Bin\rcHost.exe
C:\Program Files\ca\DSM\Bin\amswmagt.exe
C:\Program Files\ca\DSM\Bin\cfftplugin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\ca\DSM\bin\cfSysTray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\UserAccountControlSettings.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\consent.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com.au/
uDefault_Page_URL = about:blank
mDefault_Page_URL = Http://intranet.rcleurope.com
uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;119.225.1.34;<local>
uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [NdvCngtf] c:\users\107267\appdata\local\fwepddko\ndvcngtf.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Client Access Service] c:\program files\ibm\client access\cwbsvstr.exe
mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [TpShocks] TpShocks.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe"
mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\107267\appdata\roaming\microsoft\windows\start menu\programs\startup\ndvcngtf.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{0f1f7a90-e71b-4e45-a066-2891619f22e1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\windows\installer\{fdcc0996-eb13-45d6-846d-013f1c8dc6bd}\IconFDCC0996.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = autorun.pif
uPolicies-disallowrun: 2 = hupigon.exe
uPolicies-system: NoDispSettingsPage = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: dontdisplaylockeduserid = 3 (0x3)
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: amadeus.com
Trusted Zone: amadeusvista.com
Trusted Zone: azamaraclubcruises.co.uk
Trusted Zone: azamaraclubcruises.com
Trusted Zone: cdfcroisieresdefrance.fr
Trusted Zone: celebritycruises.co.uk
Trusted Zone: celebritycruises.com
Trusted Zone: concursolutions.com
Trusted Zone: crusingpower.com
Trusted Zone: localhost
Trusted Zone: pullmantur.es
Trusted Zone: rccl.com
Trusted Zone: rccl.com\colonial
Trusted Zone: rcleurope.com
Trusted Zone: rclinvestor.com
Trusted Zone: royalcaribbean.co.uk
Trusted Zone: royalcaribbean.com
Trusted Zone: specialtydining.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdewebctlsU.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdeexpimpU.cab
TCP: DhcpNameServer = 192.168.0.1 203.134.12.90
TCP: Interfaces\{15E7702C-B836-49ED-B4F7-D42A117612E3} : DhcpNameServer = 192.168.0.1 203.134.12.90
TCP: Interfaces\{15E7702C-B836-49ED-B4F7-D42A117612E3}\051657C6E4F5251697D6F6E6469437D49774F646 : DhcpNameServer = 192.168.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-2-29 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-2-29 13680]
R1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\drivers\Teefer3.sys [2011-12-2 43936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2012-3-2 185672]
R2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\csamsockadapter\bin\CSAMPmux.exe [2011-7-6 169288]
R2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\dsm\bin\CAF.exe [2010-4-26 208648]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2012-2-29 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-2-29 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2012-2-29 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-2-29 127336]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\notes\nsd.exe [2010-8-12 3417480]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-15 654408]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2012-3-1 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2012-3-1 59904]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-12-2 1846592]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-2-29 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-2-29 142696]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-18 497856]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2012-2-29 132864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-3-1 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-29 29472]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-2-29 292200]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-3-1 215208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-13 106104]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-3-1 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-1 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-15 22344]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-8-3 7517696]
R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2010-4-26 26128]
R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2010-4-26 9872]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-21 126464]
S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2012-3-1 7391104]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2012-2-29 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-2-29 175168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2012-3-1 38912]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-9-24 1124848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-21 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-16 1343400]
.
=============== Created Last 30 ================
.
2012-04-15 09:38:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 09:38:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-15 08:56:55 -------- d-sh--w- C:\found.000
2012-04-14 13:11:11 -------- d-----w- c:\users\107267\appdata\roaming\Malwarebytes
2012-04-14 13:11:11 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 11:58:05 -------- d-----w- c:\users\107267\appdata\local\fwepddko
2012-04-14 07:55:21 -------- d-----r- c:\program files\Skype
2012-04-14 07:41:50 -------- d-----w- c:\users\107267\appdata\local\Google
2012-04-14 07:40:48 -------- d-----w- c:\users\107267\appdata\local\Deployment
2012-04-14 07:40:48 -------- d-----w- c:\users\107267\appdata\local\Apps
2012-04-14 07:24:13 -------- d-----w- c:\users\107267\appdata\local\Broadcom
2012-04-13 07:03:25 -------- d-----w- c:\users\107267\appdata\roaming\PwrMgr
2012-04-13 07:00:21 -------- d-----w- c:\users\107267\appdata\roaming\smkits
2012-04-13 07:00:04 -------- d-----w- c:\users\107267\appdata\local\Cisco
2012-04-13 06:57:06 -------- d-----w- c:\users\107267\appdata\local\RSA
2012-04-13 06:48:27 -------- d-----w- c:\users\107267\appdata\roaming\CA
2012-04-13 06:33:12 -------- d-----w- c:\users\107267\appdata\roaming\IBM
2012-04-13 06:32:52 -------- d-----w- c:\users\107267\appdata\local\Symantec
2012-04-13 06:32:48 -------- d-----w- c:\users\107267\appdata\roaming\Intel
2012-04-13 06:32:48 -------- d-----w- c:\users\107267\appdata\local\VirtualStore
2012-04-13 06:28:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-04-13 06:28:47 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-04-13 06:27:23 99744 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-04-13 06:27:23 357792 ----a-w- c:\windows\system32\Sysfer.dll
2012-04-13 06:27:05 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-13 06:26:57 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2012-04-13 06:26:57 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2012-04-13 06:26:57 1060864 ----a-w- c:\windows\system32\MFC71.DL1
2012-04-13 06:26:40 -------- d-----w- c:\programdata\Symantec
2012-04-13 06:26:40 -------- d-----w- c:\program files\Symantec
2012-04-13 06:26:40 -------- d-----w- c:\program files\common files\Symantec Shared
2012-04-13 06:23:37 -------- d-----w- c:\programdata\Uninstall
2012-04-13 06:22:05 -------- d-----w- c:\program files\Roxio
2012-04-13 06:22:05 -------- d-----w- c:\program files\common files\SureThing Shared
2012-04-13 06:20:26 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-04-13 06:20:26 721168 ----a-w- c:\windows\system32\VB40032.DLL
2012-04-13 06:20:26 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll
2012-04-13 06:20:26 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll
2012-04-13 06:20:25 -------- d-----w- c:\program files\Oracle
2012-04-13 06:20:25 -------- d-----w- c:\program files\Microsoft Visual Studio .NET
2012-04-13 06:03:09 311296 ----a-w- c:\program files\internet explorer\plugins\hyperion\BILauncher.dll
2012-04-13 06:03:09 27820133 ----a-w- c:\program files\internet explorer\plugins\hyperion\9.3.1\axbqs32.dll
2012-04-13 06:03:09 14233712 ----a-w- c:\program files\internet explorer\plugins\hyperion\8.3\axbqs32.dll
2012-04-13 06:03:04 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-04-13 06:03:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2012-04-13 06:03:04 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-04-13 06:03:04 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-04-13 06:03:04 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-04-13 06:03:03 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2012-04-13 06:03:03 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-04-13 06:03:03 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2012-04-13 05:55:13 -------- d-----w- c:\program files\ScanSoft
2012-04-13 05:50:33 -------- d-----w- c:\users\107267\appdata\local\Lotus
2012-04-13 05:42:53 -------- d-----w- c:\users\107267\appdata\local\Apple Computer
2012-04-13 05:40:35 -------- d-----w- C:\Hyperion
2012-04-13 05:28:28 -------- d-----w- C:\AdobeTemp
2012-04-07 04:38:14 -------- d-----w- C:\codec-info
.
==================== Find3M ====================
.
2012-02-22 23:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 21:14:16.58 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 2/29/2012 10:43:44 AM
System Uptime: 4/15/2012 8:59:06 PM (1 hours ago)
.
Motherboard: LENOVO | | 2522ED2
Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 96.071 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: CA IT Client Manager r12 Secure Control Adapter
Device ID: ROOT\DISPLAY\0001
Manufacturer: CA, Inc.
Name: CA IT Client Manager r12 Secure Control Adapter
PNP Device ID: ROOT\DISPLAY\0001
Service: rcVidCap
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
CA DSM Agent + Asset Management plugin (English only Edition)
CA DSM Agent + Remote Control plugin (English only Edition)
CA DSM Agent + Software Delivery plugin (English only Edition)
CA Secure Socket Adapter
Cisco AnyConnect VPN Client
Citrix online plug-in
Citrix online plug-in (DV)
Citrix online plug-in (PNA)
Citrix online plug-in (SSON)
Citrix online plug-in (Web)
Conexant 20585 SmartAudio HD
cwbnethlp
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX 9 Runtime
FireFox
GPL Ghostscript Lite 8.70
HumanConcepts OrgPlus 8 Plug-in
Hyperion Interactive Reporting Web Client
Hyperion Reporting and Analysis Client
IBM i Access for Windows 7.1
IBM i Access for Windows MRI
Integrated Camera Driver Installer Package Ver.1.1.0.48
Intel PROSet Wireless
Intel® Control Center
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
InterVideo WinDVD 8
Java 6 Update 20
JDE ActiveX
Lenovo Auto Scroll Utility
Lenovo Central Audio
Lenovo Patch Utility
Lenovo System Interface Driver
LiveUpdate 3.3 (Symantec Corporation)
Lotus Notes 8.5.2
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
On Screen Display
Oracle10gAdmin
PDF Writer - bioPDF 7.1.0.1195
QuickTime
RICOH R5U230 Media Driver ver.2.06.02.02
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
RSA SecurID Software Token
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype™ 5.9
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Symantec Endpoint Protection
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
ThinkVantage Communications Utility
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
WinZip 9 SR1
.
==== Event Viewer Messages From Past Week ========
.
4/15/2012 9:02:18 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
4/15/2012 9:00:25 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
4/15/2012 8:59:40 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
4/15/2012 8:59:40 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
4/15/2012 8:59:39 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain AUS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
4/15/2012 7:38:35 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
4/15/2012 6:53:42 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OSDisk.
4/14/2012 5:37:41 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
4/14/2012 11:22:19 PM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
4/13/2012 4:27:16 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/13/2012 4:23:17 PM, Error: Service Control Manager [7030] - The RoxMediaDB10 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/11/2012 12:22:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
4/11/2012 12:22:40 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
4/11/2012 12:22:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
4/11/2012 12:22:38 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
fyi, this is a work computer.
-
Hi, I believe my computer is infected. When I open a new Chrome session, it automatically opens two tabs, which re-direct me to a site called "btsearch.name" which is simply a Google search window. This began after downloading "MyStart by Incredibar". I I removed the program via Add/Remove but the problem remains.
I have run both MalwareBytes & Spybot S&D (including Immunization) but the problem remains.
Here are the DDS.txt & Attach.txt files as requested. Thank you for any assistance you can offer.
-Ryan
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by 107267 at 18:00:26 on 2012-04-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2108 [GMT 10:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Notes\nsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sonexis\ApplicationSharing\AppDriverService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\CA\DSM\Bin\caf.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\rcHost.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\DSM\bin\cfSysTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\107267\Desktop\snagit32.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://intranet.rcleurope.com/
mDefault_Page_URL = Http://intranet.rcleurope.com
uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080
uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;anyconnect.rccl.com;119.225.1.34;;*.local;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\107267\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe"
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [WinVNC] "c:\program files\orl\vnc\winvnc.exe" -servicehelper
mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe"
mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [bigPondWirelessBroadbandCM] "c:\program files\telstra\mobile broadband manager\TelstraUCM.exe" -tsr
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = autorun.pif
uPolicies-disallowrun: 2 = hupigon.exe
uPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: B3467D2D-E10C-41A6-B671-2B07A1445DC4 - hxxp://econference.rcleurope.com//Downloads/cmW32client.cab
DPF: {00B28243-126B-4FFF-B346-6C3176E8296B} - hxxp://siebgvsp.rccl.com:9100/callcenter_enu/19221/applets/SiebelAx_Calendar.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://qc.rccl.com/qcbin/capicom.dll
DPF: {5F738800-9D2F-48CE-999B-B3D66C7E8D24} - hxxp://teamsite-prod.rccl.com/iw/ewebeditpro20/ewebeditpro5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://remotemail.rccl.com:11023/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} - hxxp://siebgvsp.rccl.com:9100/callcenter_enu/19221/applets/SiebelAx_HI_Client.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aufreetrial.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxp://hyperion.rccl.com/InsightInstaller/setup.cab
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://qc.rccl.com/qcbin/Spider10.cab
TCP: DhcpNameServer = 192.168.0.1 203.134.12.90
TCP: Interfaces\{362A5A16-A1C4-4FFD-8712-ECA41F10EB74} : DhcpNameServer = 192.168.0.1 203.134.12.90
Notify: CAF - c:\program files\ca\dsm\bin\cfwlogon.dll
Notify: igfxcui - igfxdev.dll
Notify: rcHostExt - c:\program files\ca\dsm\bin\rcLoginExt.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\107267\application data\mozilla\firefox\profiles\tuai47zv.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6Oyy706xO9&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oyy706xO9&&i=26&search=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\107267\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\107267\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\107267\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oyy706xO9&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 142c63b900000000000000218696caed
FF - user.js: extensions.incredibar_i.instlDay - 15437
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:42:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6Oyy706xO9
FF - user.js: extensions.incredibar_i.upn2n - 92261197075936793
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 61%5F2
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-3-5 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-3-5 24064]
R2 Ataman TCP Remote Logon Services;Ataman TCP Remote Logon Services;c:\hyperion\biplus\bin\sqr\remote\bin\atrls.exe [2010-9-17 71168]
R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2010-3-5 147456]
R2 caf;CA DSM r11 Common Application Framework.;c:\program files\ca\dsm\bin\CAF.exe [2008-3-1 193800]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\notes\nsd.exe [2009-9-29 3397000]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-12-13 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-12-13 97520]
R2 Sonexis Application Sharing Driver Service;Sonexis Application Sharing Driver Service;c:\program files\sonexis\applicationsharing\AppDriverService.exe [2010-8-16 167936]
R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2010-12-13 282624]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-12-13 230640]
R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2010-12-13 806912]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2012-3-15 1543704]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2010-9-2 230768]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-7-25 245760]
R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2008-3-1 26128]
R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2008-3-1 9872]
R3 SonMirrorftas;ConferenceManager AppShare Filter Driver;c:\windows\system32\drivers\SonMirrorftas.sys [2010-8-16 3840]
R3 SonVMDas;SonVMDas;c:\windows\system32\drivers\SonVMDas.sys [2010-8-16 2560]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253600]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-28 7680]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-7-21 23928]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-29 189792]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-7-28 114688]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-3-5 14976]
.
=============== Created Last 30 ================
.
2012-04-10 06:00:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-10 06:00:54 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-04-10 05:52:28 -------- d-----w- c:\documents and settings\107267\application data\Malwarebytes
2012-04-10 05:52:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-10 05:52:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 05:52:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-07 04:43:10 -------- d-----w- c:\documents and settings\all users\application data\Premium
2012-04-07 04:38:14 -------- d-----w- C:\codec-info
2012-04-07 04:37:42 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-04-04 01:09:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-04 01:09:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 06:58:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-07 06:58:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 18:01:24.15 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2010 11:12:31 PM
System Uptime: 4/10/2012 5:11:47 PM (1 hours ago)
.
Motherboard: LENOVO | | 7659WET
Processor: Intel® Core2 Duo CPU T7100 @ 1.80GHz | None | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 35.063 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Unicenter r11 Remote Control Secure Control Adapter
Device ID: ROOT\DISPLAY\0001
Manufacturer: Computer Associates Intl., Inc.
Name: Unicenter r11 Remote Control Secure Control Adapter
PNP Device ID: ROOT\DISPLAY\0001
Service: rcVidCap
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva
.
==== System Restore Points ===================
.
RP387: 2/21/2012 11:01:03 AM - System Checkpoint
RP388: 2/26/2012 5:54:36 PM - System Checkpoint
RP389: 3/3/2012 5:03:07 PM - System Checkpoint
RP390: 3/5/2012 6:04:10 PM - System Checkpoint
RP391: 3/7/2012 4:57:42 PM - Removed Java 6 Update 17
RP392: 3/7/2012 4:58:27 PM - Installed Java 6 Update 31
RP393: 3/8/2012 5:06:13 PM - System Checkpoint
RP394: 3/9/2012 7:30:28 PM - System Checkpoint
RP395: 3/10/2012 8:42:14 PM - System Checkpoint
RP396: 3/12/2012 7:38:40 PM - System Checkpoint
RP397: 3/14/2012 1:06:50 PM - System Checkpoint
RP398: 3/15/2012 4:32:59 PM - System Checkpoint
RP399: 3/16/2012 4:43:28 PM - System Checkpoint
RP400: 3/19/2012 4:46:45 PM - System Checkpoint
RP401: 3/20/2012 5:37:09 PM - System Checkpoint
RP402: 3/22/2012 3:07:04 AM - System Checkpoint
RP403: 3/23/2012 7:46:19 AM - System Checkpoint
RP404: 3/25/2012 3:34:39 AM - System Checkpoint
RP405: 3/26/2012 1:32:00 PM - System Checkpoint
RP406: 3/27/2012 5:45:53 PM - System Checkpoint
RP407: 3/29/2012 12:24:37 PM - System Checkpoint
RP408: 3/31/2012 10:35:09 PM - System Checkpoint
RP409: 4/2/2012 9:55:37 AM - System Checkpoint
RP410: 4/3/2012 8:53:55 PM - System Checkpoint
RP411: 4/5/2012 9:00:51 PM - System Checkpoint
RP412: 4/7/2012 1:57:07 PM - System Checkpoint
RP413: 4/10/2012 6:39:39 AM - System Checkpoint
RP414: 4/10/2012 11:12:59 AM - Removed PGP Desktop
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avaya CMS Supervisor R13
BlackBerry Desktop Software 6.0
Bonjour
Brother MFL-Pro Suite MFC-J415W
CA Unicenter DSM Agent + Asset Management Plugin (English only Edition)
CA Unicenter DSM Agent + Remote Control Plugin (English only Edition)
CA Unicenter DSM Agent + Software Delivery Plugin (English only Edition)
Cisco AnyConnect VPN Client
Cisco Systems VPN Client 4.0.3 (F)
Client Access Shortcut Fix
Compatibility Pack for the 2007 Office system
ConferenceManager Application Sharing Driver 8.0.15.0
Foxit Reader
Google Chrome
Google Talk Plugin
GoToMeeting 4.8.0.723
GPL Ghostscript Lite 8.61
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hyperion Interactive Reporting Web Client
Hyperion Reporting and Analysis Client
IBM iSeries Access for Windows
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java 6 Update 31
Lotus Notes
Malwarebytes Anti-Malware version 1.61.0.1400
MetaFrame Presentation Server Client
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox 10.0 (x86 en-GB)
mp
mpmri
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Oracle10gAdmin
PaperPort Image Printer
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RSA SecurID Software Token
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 4.2
Sophos Remote Management System
SoundMAX
Spybot - Search & Destroy
Telstra Mobile Broadband Manager
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2264107)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VLC media player 1.0.5
VNC Free Edition 4.1.3
WarriorPDF 5.0.0.614
WebEx
WebFldrs XP
Windows Imaging Component
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR 4.00 beta 4 (32-bit)
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
4/5/2012 4:00:50 PM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-862' (IDE\CdRomMATSHITA_DVD-RAM_UJ-862_________________RB01____\5&28ef052f&0&0.1.0) disappeared from the system without first being prepared for removal.
4/5/2012 11:10:01 AM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-862' (IDE\CdRomMATSHITA_DVD-RAM_UJ-862_________________RB01____\5&28ef052f&0&0.0.0) disappeared from the system without first being prepared for removal.
4/5/2012 11:09:59 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
4/5/2012 11:09:32 AM, error: Dhcp [1002] - The IP address lease 10.1.1.79 for the Network Card with network address 00215C8FD1CB has been denied by the DHCP server 192.168.40.65 (The DHCP Server sent a DHCPNACK message).
4/4/2012 11:06:50 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/4/2012 10:56:03 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AUS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/3/2012 8:34:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
4/3/2012 8:34:19 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/10/2012 5:12:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/10/2012 11:18:27 AM, error: Service Control Manager [7031] - The Sophos Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
-
MSRT reports no malicious software.
_________________________________________
MBAM log:
Malwarebytes' Anti-Malware 1.31
Database version: 1544
Windows 5.1.2600 Service Pack 3
12/25/2008 7:33:37 AM
mbam-log-2008-12-25 (07-33-37).txt
Scan type: Full Scan (C:\|)
Objects scanned: 128357
Time elapsed: 55 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
__________________________________________
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:33 AM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Upromise\Upromise.exe
C:\Program Files\Upromise\UpromiseUa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [upromise] C:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [upromise Update] C:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://remotemail.rccl.com/,DanaInfo=RCLMA...l.com+dwa7W.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
--
End of file - 9758 bytes
-
thank you so much for your help, Maurice. i have completed all steps successfully. here are the logs:
Avenger
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open file "C:\Program Files\AntivirusPro2009\data"
Deletion of file "C:\Program Files\AntivirusPro2009\data" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT"
Deletion of file "C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: file "C:\Program Files\AntivirusPro2009" not found!
Deletion of file "C:\Program Files\AntivirusPro2009" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Documents and Settings\KBJ\Start Menu\Programs\AntivirusPro2009" not found!
Deletion of file "C:\Documents and Settings\KBJ\Start Menu\Programs\AntivirusPro2009" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\windows\system32\drivers\tdssserv.sys" not found!
Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSfpmp.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSfpmp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found!
Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found!
Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSShrxr.dll" not found!
Deletion of file "c:\windows\system32\TDSShrxr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSkkbi.log" not found!
Deletion of file "c:\windows\system32\TDSSkkbi.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSlrvd.dat" not found!
Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSlxwp.dll" not found!
Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSnmxh.log" not found!
Deletion of file "c:\windows\system32\TDSSnmxh.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSoiqt.dll" not found!
Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSrhyp.log" not found!
Deletion of file "c:\windows\system32\TDSSrhyp.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSrtqp.dll" not found!
Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSsihc.dll" not found!
Deletion of file "c:\windows\system32\TDSSsihc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSxfum.dll" not found!
Deletion of file "c:\windows\system32\TDSSxfum.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found!
Deletion of driver "tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
_____________________________________________________
Combofix
ComboFix 08-12-24.01 - KBJ 2008-12-24 20:00:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -5:00]
Running from: c:\documents and settings\KBJ\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winsrc.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.
2008-12-23 09:17 . 2008-12-23 09:17 <DIR> d-------- c:\program files\Foxit Software
2008-12-23 09:17 . 2008-12-23 09:17 <DIR> d-------- c:\documents and settings\KBJ\Application Data\Foxit
2008-12-22 23:28 . 2008-12-22 23:28 <DIR> d-------- c:\program files\Trend Micro
2008-12-22 20:57 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-22 20:56 . 2008-12-22 20:56 <DIR> d-------- c:\program files\Panda Security
2008-12-22 19:31 . 2008-12-22 19:55 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 19:31 . 2008-12-22 19:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-22 19:15 . 2008-12-22 19:15 <DIR> d-------- c:\documents and settings\KBJ\Application Data\Malwarebytes
2008-12-22 19:15 . 2008-12-22 19:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 19:15 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 19:15 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 19:14 . 2008-12-22 19:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 10:51 . 2008-12-21 10:51 552 --a------ c:\windows\system32\DO_NOT_DELETE.backupSetID
2008-12-05 19:44 . 2008-12-05 19:44 <DIR> d-------- c:\program files\Scholastic
2008-11-27 08:32 . 2008-11-27 08:32 <DIR> d--hs---- c:\documents and settings\Default User\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 15:32 --------- d-----w c:\program files\Microsoft Windows OneCare Live
2008-12-23 00:08 --------- d-----w c:\program files\Google
2008-12-23 00:05 --------- d-----w c:\program files\WildTangent
2008-12-23 00:03 --------- d-----w c:\program files\Dell
2008-12-23 00:01 --------- d-----w c:\program files\Common Files\Ahead
2008-12-23 00:01 --------- d-----w c:\program files\Ahead
2008-12-23 00:00 --------- d-----w c:\program files\CyberLink DVD Solution
2008-12-22 23:38 --------- d-----w c:\program files\Common Files\Adobe
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-15 19:36 --------- d-----w c:\documents and settings\Shannon\Application Data\Apple Computer
2008-11-13 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-11-13 17:14 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2004-10-01 20:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2006-10-24 21:30 88 --sh--r c:\windows\system32\05A8E500E5.sys
2008-02-25 00:33 56 --sh--r c:\windows\system32\DC627FA1E0.sys
2008-02-25 00:33 4,496 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Upromise"="c:\program files\Upromise\Upromise.exe" [2007-07-10 385024]
"Upromise Update"="c:\program files\Upromise\UpromiseUa.exe" [2007-07-10 147456]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-05 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-22 28544]
R2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" [2008-11-05 25968]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2007-08-01 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1177280955.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 20:01:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-24 20:02:46
ComboFix-quarantined-files.txt 2008-12-25 01:02:39
Pre-Run: 8,507,138,048 bytes free
Post-Run: 8,565,121,024 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
171 --- E O F --- 2008-12-19 01:18:10
-
MBAM scan:
Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 3
12/22/2008 8:50:29 PM
mbam-log-2008-12-22 (20-50-23).txt
Scan type: Quick Scan
Objects scanned: 59499
Time elapsed: 7 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\data (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\KBJ\Start Menu\Programs\AntivirusPro2009 (Rogue.AntivirusPro2009) -> No action taken.
Files Infected:
C:\Program Files\AntivirusPro2009\AntivirusPro2009.cfg (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\data\daily.cvd (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\data\main.cvd (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\KBJ\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk (Rogue.AntivirusPro2009) -> No action taken.
_________________________________________________________
Panda scan:
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-22 23:25:49
PROTECTIONS: 1
MALWARE: 42
SUSPECTS: 2
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Live OneCare 1.0.0 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\kbj@atdmt[1].txt.nco[20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\KBJ@AT~1.TXT]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\kbj@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@mediaplex[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@linksynergy[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@maxserving[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@com[1].txt
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@z1.adserver[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@azjmp[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\kbj@counter13.sextracker[1].txt
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No E:\20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\kbj@counter13.sextracker[1].txt.nco[20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\KBJ@CO~1.TXT]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@www.burstbeacon[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@server.iad.liveperson[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@server.iad.liveperson[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\kbj@advertising[1].txt.nco[20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\KBJ@AD~1.TXT]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\kbj@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@advertising[1].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\kbj@sextracker[2].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No E:\20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\kbj@sextracker[2].txt.nco[20080403_221114_KBJ\C\WINDOWS\Temp\Cookies\KBJ@SE~3.TXT]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@media.adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@ads.pointroll[2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@hc2.humanclick[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\Windows OneCare Backup\CRIB\2008\Files\Part 885.ZIP[C\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@go[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@target[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Cookies\kbj@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@atwola[1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon\Cookies\shannon@ehg-dig.hitbox[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@ads.addynamix[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\KBJ\Local Settings\Temp\Cookies\kbj@citi.bridgetrack[2].txt
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP556\A0061791.exe
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\LocalCopy\{AB1A65C4-D225-81BF-64DE-C198D59A3AA7}-AVEngn.dll
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\LocalCopy\{4FEFA341-CC44-12D7-905E-6E0B0797C4A6}-A0056182.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location ,z
;===============================================================================
================================================================================
=
===================
No C:\Program Files\BAE\BAE.dll ,z
No C:\Program Files\BAE\BAE.dll ,z
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description ,z
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
__________________________________________________________
Hijack This scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:08 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Upromise\Upromise.exe
C:\Program Files\Upromise\UpromiseUa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [upromise] C:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [upromise Update] C:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
--
End of file - 9743 bytes
-
Kaspersky - looks like I'm good to go!
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 5, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 05, 2008 11:42:31
Records in database: 1438448
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 42360
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:24:41
No malware has been detected. The scan area is clean.
The selected area was scanned.
-
OTMI log
========== FILES ==========
C:\WINDOWS\pojubifeto.vbs moved successfully.
LoadLibrary failed for C:\WINDOWS\gomyfozydo.dll
C:\WINDOWS\gomyfozydo.dll NOT unregistered.
C:\WINDOWS\gomyfozydo.dll moved successfully.
C:\Documents and Settings\Owner\Application Data\kysaro.com moved successfully.
C:\WINDOWS\system32\ofuhil.com moved successfully.
C:\WINDOWS\wininit.ini moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12042008_211637
-
MBAB log
Malwarebytes' Anti-Malware 1.31
Database version: 1460
Windows 5.1.2600 Service Pack 3
12/4/2008 9:13:51 PM
mbam-log-2008-12-04 (21-13-51).txt
Scan type: Full Scan (C:\|)
Objects scanned: 80679
Time elapsed: 1 hour(s), 22 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
everything seems great....no signs of infection. thank you again for your help, let me know if you have any feedback regarding these logs.
-ryan
-
RSIT info.txt
info.txt logfile of random's system information tool 1.04 2008-12-03 13:15:25
======Uninstall list======
-->MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
America Online-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Electric Sheep 2.6.5-->C:\WINDOWS\system32\UninstallElectricSheep.exe
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 5400 series-->C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MegaStat 9.1-->C:\PROGRA~1\MICROS~2\Office\Library\UNWISE.EXE C:\PROGRA~1\MICROS~2\Office\Library\INSTALL.LOG
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Protection Service-->MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.5.2900.20-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.20-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NETGEAR WG511 54 Mbps Wireless PC Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B1E5CF8-9170-42A2-A88A-A169FBDD128E}\Setup.exe" -l0x9
Nokia Connectivity Adapter Cable DKU-5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live OneCare-->"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
=====HijackThis Backups=====
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: karna.dat
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Windows Live OneCare (disabled)
FW: Windows Live OneCare Firewall (disabled)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Sonic\MyDVD;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
-
RSIT
LOG.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-03 13:15:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (11%) free of 38 GB
Total RAM: 383 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:20 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-soft.com/hdesk_offer_02/HDeskSetup_A.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://remotemail.rccl.com/,DanaInfo=RCLMA...l.com+dwa7W.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/interim/...trl.cab?lmi=100
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 4761 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WG511WLU"=C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe [2004-11-09 475136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
America Online 8.0 Tray Icon.lnk - C:\Program Files\America Online 8.0\aoltray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:
-
after reboot:
========== REGISTRY ==========
Registry key hkey_current_user\software\cydoor\\ not found.
Registry key hkey_local_machine\software\cydoor\\ not found.
Registry key hkey_local_machine\software\perfectnav\\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm\\ deleted successfully.
Registry key hkey_local_machine\software\myway\\ not found.
Registry key hkey_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0428FFC7-1931-45b7-95CB-3CBB919777E1}\\ not found.
Registry key hkey_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
========== FILES ==========
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn19 not found.
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn14 not found.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\desktop.ini moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\f_moved[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\icon14[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\p_mq_add[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\t_reply[1].gif moved successfully.
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn23 not found.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\css_img_quote[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\desktop.ini moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\icon13[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\icon2[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\nav_m[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\rating_0_mini[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\stats[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\t_new[1].gif moved successfully.
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn12 not found.
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn18 not found.
File/Folder c:\documents and settings\all users\start menu\programs\gain publishing not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12032008_125844
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_2e0.dat moved successfully.
-
step 1:
========== REGISTRY ==========
Registry key hkey_current_user\software\cydoor\\ not found.
Registry key hkey_local_machine\software\cydoor\\ not found.
Registry key hkey_local_machine\software\perfectnav\\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm\\ deleted successfully.
Registry key hkey_local_machine\software\myway\\ not found.
Registry key hkey_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0428FFC7-1931-45b7-95CB-3CBB919777E1}\\ not found.
Registry key hkey_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
Registry key hkey_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\\ not found.
========== FILES ==========
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn19 not found.
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn14 not found.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\desktop.ini moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\f_moved[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\icon14[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\p_mq_add[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\t_reply[1].gif moved successfully.
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn23 not found.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\css_img_quote[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\desktop.ini moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\icon13[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\icon2[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\nav_m[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\rating_0_mini[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\stats[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\t_new[1].gif moved successfully.
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn12 not found.
File/Folder C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn18 not found.
File/Folder c:\documents and settings\all users\start menu\programs\gain publishing not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12032008_125844
restart requested, will do so now.
-
hi Katana, thank you for this. I will not be at the infected computer until Wednesday 12/3/08. I will follow your instructions then.
-
EDIT! virus is called 'XP Protection Center' (not service center).
Note, after MBAB scan, virus appeared to be gone! No more pop-ups or infection notices, nor any problems browsing internet. Thanks guys!!!
-
and lastly....hijack this log....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:42 AM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-soft.com/hdesk_offer_02/HDeskSetup_A.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://remotemail.rccl.com/,DanaInfo=RCLMA...l.com+dwa7W.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/interim/...trl.cab?lmi=100
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 4785 bytes
-
Panda Active Scan log:
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-11-26 08:49:41
PROTECTIONS: 0
MALWARE: 28
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00013869 adware/cydoor Adware No 0 Yes No hkey_current_user\software\cydoor
00013869 adware/cydoor Adware No 0 Yes No hkey_local_machine\software\cydoor
00018331 adware/gator Adware No 0 Yes No c:\documents and settings\all users\start menu\programs\gain publishing
00024343 adware/keenvalue Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0428FFC7-1931-45b7-95CB-3CBB919777E1}
00024343 adware/keenvalue Adware No 0 Yes No hkey_local_machine\software\perfectnav
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00034477 spyware/new.net Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No hkey_local_machine\software\myway
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@kinghost[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
00461493 Adware/XPProtectionCenter Adware No 0 No No C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn19[XPProtectionCenter.exe]
00461493 Adware/XPProtectionCenter Adware No 0 No No C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn14[XPProtectionCenter.exe]
00461493 Adware/XPProtectionCenter Adware No 0 No No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HK7GCD\Binaries1[1].cab[XPProtectionCenter.exe]
00461495 Adware/XPProtectionCenter Adware No 0 No No C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn23[wscui.cpl]
00461495 Adware/XPProtectionCenter Adware No 0 No No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I3HXZPT1\BinariesSC[1].cab[wscui.cpl]
00461495 Adware/XPProtectionCenter Adware No 0 No No C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn12[wscui.cpl]
00461495 Adware/XPProtectionCenter Adware No 0 No No C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn18[wscui.cpl]
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn15[AVEngn.dll]
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn20[AVEngn.dll]
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{990E8A1A-F525-4D02-B4BA-DD2DF68E3DCF}\RP1307\A0131041.sys
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0F53AD4D\Install[1].exe
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
-
MBAB scan...Panda scan running right now...
Malwarebytes' Anti-Malware 1.30
Database version: 1424
Windows 5.1.2600 Service Pack 3
11/26/2008 7:50:02 AM
mbam-log-2008-11-26 (07-50-02).txt
Scan type: Quick Scan
Objects scanned: 48080
Time elapsed: 7 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 42
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xpprotectioncenter (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XPProtectionCenter (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp protection center (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\XPProtectionCenter (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\data (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\XPProtectionCenter (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\XPProtectionCenter\XPProtectionCenter.exe (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfum.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmact.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\AVEngn.dll (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\htmlayout.dll (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\pthreadVC2.dll (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\Uninstall.exe (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\wscui.cpl (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\XPProtectionCenter.cfg (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\data\daily.cvd (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\XPProtectionCenter\Uninstall.lnk (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\XPProtectionCenter\XPProtectionCenter.lnk (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10895.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Owner\Desktop\XPProtectionCenter.lnk (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\XPProtectionCenter.lnk (Rogue.XPProtectionCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\TDSSab46.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\TDSSb0a2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
Windows Command Processor infection
in Resolved Malware Removal Logs
Posted
Disregard! Hardware problem with the keyboard.