shiannte Posted July 2, 2012 ID:566078 Share Posted July 2, 2012 Every time I start my computer, ads play in the background somewhere. No programs are open but something is running behind the scenes as I hear all kinds of commercials/ads through the speakers.dds.txtattach.txt Link to post Share on other sites More sharing options...
shiannte Posted July 2, 2012 Author ID:566079 Share Posted July 2, 2012 When I noticed the problem, I downloaded MalwareBytes and Spybot. I removed what I could however the problem still persists. Malwarebytes keep notifying me that it has blocked access to a potentially malicious website 206.161.121.3 (type: outgoing). This is driving me nuts because I cannot locate the program or process that is doing this. Please help Link to post Share on other sites More sharing options...
Maniac Posted July 2, 2012 ID:566148 Share Posted July 2, 2012 Hello shiannte and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.BACKDOOR WARNINGOne or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.I don't see SpyBot in your log file, which means that the log file is not the latest. Please, generate fresh new DDS log files and not make changes without my instructions. Link to post Share on other sites More sharing options...
shiannte Posted July 3, 2012 Author ID:566429 Share Posted July 3, 2012 Ok thank you! I would really appreciate your help with this issue.Here is my new DDS log file and Attach File..DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_33Run by Laptop User at 23:43:01 on 2012-07-02Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.579 [GMT -10:00].AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}FW: Norton 360 *Enabled*.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\IBM\Lotus\Notes\nsd.exeC:\Program Files\IBM\Lotus\Notes\nslsvice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\IBM\Lotus\Notes\ntmulti.exeC:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exeC:\Program Files\Symantec\Ghost\ngctw32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exeC:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exeC:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\umonit.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Symantec\Ghost\ngtray.exeC:\Program Files\Network Associates\Common Framework\UdaterUI.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Network Associates\Common Framework\McTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Epson Software\Event Manager\EEventManager.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exeC:\Program Files\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files\WebEx\Productivity Tools\PTIM.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\SetPoint\SetPoint.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\WebEx\Productivity Tools\ptSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXEC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exeC:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe.============== Pseudo HJT Report ===============.BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DWABrowserHlprObj Class: {2709d830-b643-4e72-9a1e-701cfffcf30c} - c:\windows\system32\dwabho.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dllBHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dllBHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dllTB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dllTB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileuRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exeuRun: [Epson Stylus NX330(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihaa.exe /fu "c:\docume~1\laptop~1\locals~1\temp\E_S24F.tmp" /EF "HKCU"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [uMonit] c:\windows\system32\umonit.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exemRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONEmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKeymRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startupmRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXEmRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"dRun: [Adobe] rundll32.exe "c:\documents and settings\laptop user\local settings\application data\apple computer\adobe\xdlqzl.dll",DllRegisterServerStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dllDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://165.248.233.217/iNotes6W.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231532123176DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://165.248.233.217/dwa7W.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc.cabNotify: igfxcui - igfxdev.dllNotify: SDWinLogon - SDWinLogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /fHosts: 165.248.100.142 makala1Hosts: 165.248.101.190 manoa1Hosts: 165.248.101.62 manana1Hosts: 165.248.102.38 mauka1Hosts: 165.248.103.61 mckin1.Note: multiple HOSTS entries found. Please refer to Attach.txt.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\laptop user\application data\mozilla\firefox\profiles\165tp9u2.default\FF - prefs.js: browser.startup.homepage - hxxp://165.248.233.217/mail/skeough.nsfFF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13130.dllFF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dllFF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dllFF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dllFF - plugin: c:\program files\netscape\communicator\program\plugins\NPQTW32.DLLFF - plugin: c:\program files\zwinky_5qei\installr\1.bin\NP5qEISb.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npptools.dllFF - plugin: c:\windows\system32\NPSWF32.dll.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\SymDS.sys [2012-6-27 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys [2012-6-27 905336]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920]R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys [2012-6-27 132744]R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys [2012-6-27 149624]R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2009-9-29 3397000]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 654408]R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-7-28 103744]R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960]R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872]R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccSvcHst.exe [2012-6-27 138232]R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-1 1122296]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-1 838136]R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart product drivers\UCService.exe [2010-11-19 846192]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-28 106656]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120702.001\IDSXpx86.sys [2012-7-2 369632]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344]R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-12-15 72264]R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-12-15 34152]R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-12-15 168776]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120702.002\NAVENG.SYS [2012-7-2 87928]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120702.002\NAVEX15.SYS [2012-7-2 1589752]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2012-2-6 6016]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2010-11-19 1664368].=============== File Associations ===============..txt=.=============== Created Last 30 ================.2012-07-03 09:39:15 1324 ----a-w- c:\windows\system32\d3d9caps.tmp2012-07-02 02:25:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy2012-07-02 02:24:45 15224 ----a-w- c:\windows\system32\sdnclean.exe2012-07-02 02:24:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 22012-06-30 10:41:06 -------- d-----w- c:\documents and settings\laptop user\application data\Malwarebytes2012-06-30 10:40:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-06-30 10:40:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-30 10:40:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-06-30 09:36:00 -------- d-----w- c:\documents and settings\laptop user\application data\DriverCure2012-06-30 09:35:59 -------- d-----w- c:\documents and settings\laptop user\application data\SpeedMaxPc2012-06-30 09:35:26 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc2012-06-29 20:44:31 -------- d-----w- c:\windows\pss2012-06-29 20:14:06 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2012-06-28 06:05:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2012-06-28 06:05:23 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2012-06-28 06:05:03 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys2012-06-28 06:05:03 388216 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdi.sys2012-06-28 06:05:03 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys2012-06-28 06:05:03 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymDS.sys2012-06-28 06:05:03 32888 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys2012-06-28 06:05:03 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys2012-06-28 06:05:02 574072 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys2012-06-28 06:05:02 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys2012-06-28 06:05:02 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys2012-06-28 06:04:42 4782 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymVTcer.dat2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\n360\0602010.0052012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\N3602012-06-28 06:04:40 -------- d-----w- c:\program files\Norton 3602012-06-28 06:02:35 -------- d-----w- c:\program files\NortonInstaller2012-06-28 06:02:35 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller2012-06-28 01:56:43 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3E0405F6ED00096165D151FC4E2012-06-26 22:25:04 73 ----a-w- c:\windows\system32\ssprs.dll2012-06-26 22:25:04 205 ----a-w- c:\windows\system32\lsprst7.dll2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\sysprs7.dll2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth2.dll2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth1.dll2012-06-26 22:25:04 -------- d-----w- c:\documents and settings\all users\application data\Minnetonka Audio Software2012-06-26 22:19:12 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys2012-06-26 22:19:03 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys2012-06-26 22:18:57 16384 ----a-w- c:\windows\system32\ipsink.ax2012-06-26 22:18:57 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys2012-06-26 22:18:50 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys2012-06-26 22:18:42 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS2012-06-26 22:18:31 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys2012-06-26 22:18:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys2012-06-26 21:55:49 53760 ----a-w- c:\windows\system32\vfwwdm32.dll2012-06-26 21:55:48 51200 ----a-w- c:\windows\system32\drivers\msdv.sys2012-06-26 21:55:48 43008 ----a-w- c:\windows\system32\ksxbar.ax2012-06-26 21:55:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax2012-06-26 21:55:47 61952 ----a-w- c:\windows\system32\kstvtune.ax2012-06-26 21:55:24 38912 ----a-w- c:\windows\system32\drivers\avc.sys2012-06-26 21:54:58 48128 ----a-w- c:\windows\system32\drivers\61883.sys2012-06-23 23:57:19 -------- d-----w- c:\documents and settings\laptop user\local settings\application data\IBM2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\ieencode.dll2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll2012-06-23 07:09:15 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll2012-06-23 07:09:15 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll2012-06-22 05:43:54 476936 ----a-w- c:\windows\system32\npdeployJava1.dll2012-06-22 05:43:54 472840 ----a-w- c:\windows\system32\deployJava1.dll2012-06-12 10:18:36 -------- d-----w- c:\documents and settings\laptop user\application data\Leader Technologies2012-06-12 07:19:13 -------- d-----w- c:\program files\LTCM Client2012-06-12 07:09:08 77824 ----a-w- c:\windows\system32\EBAPI.dll2012-06-12 07:09:08 65536 ----a-w- c:\windows\system32\EEBUtil.dll2012-06-12 07:09:08 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll2012-06-12 07:09:08 135168 ----a-w- c:\windows\system32\EEBAPI.dll2012-06-12 07:09:08 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll2012-06-12 07:05:32 475496 ----a-w- c:\windows\system32\ensppmon.dll2012-06-12 07:05:32 475496 ----a-w- c:\windows\system32\enppmon.dll2012-06-12 07:05:32 457780 ----a-w- c:\windows\system32\ensppui.dll2012-06-12 07:05:32 457780 ----a-w- c:\windows\system32\enppui.dll2012-06-12 07:05:32 249344 ----a-w- c:\windows\system32\enspres.dll2012-06-12 07:05:32 249344 ----a-w- c:\windows\system32\enpres.dll2012-06-12 07:05:32 -------- d-----w- c:\program files\EpsonNet2012-06-12 07:05:13 -------- d-----w- c:\program files\common files\EPSON2012-06-12 07:05:00 -------- d-----w- c:\program files\Epson America Inc2012-06-12 07:04:24 93696 ----a-w- c:\windows\system32\E_FLBHAA.DLL2012-06-12 07:04:24 63488 ----a-w- c:\windows\system32\E_FD4BHAA.DLL2012-06-12 07:04:01 -------- d-----w- c:\documents and settings\all users\application data\EPSON2012-06-12 07:03:12 -------- d-----w- c:\program files\Epson Software2012-06-12 07:02:32 342016 ----a-w- c:\windows\system32\eswiaud.dll2012-06-12 07:02:32 132560 ----a-w- c:\windows\system32\esdevapp.exe2012-06-12 07:02:32 12800 ----a-w- c:\windows\system32\escdev.dll2012-06-12 07:02:21 -------- d-----w- c:\program files\epson2012-06-12 01:59:27 -------- d-----w- c:\program files\common files\The Neat Company2012-06-12 01:53:35 -------- d-----w- c:\program files\Microsoft Synchronization Services2012-06-12 01:53:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition2012-06-12 01:34:43 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll2012-06-12 01:34:43 87040 ----a-w- c:\windows\system32\wiafbdrv.dll2012-06-12 01:31:20 -------- d-----w- c:\documents and settings\laptop user\local settings\application data\IsolatedStorage2012-06-12 01:30:23 45056 ----a-w- c:\windows\system32\midrv74P.dll2012-06-12 01:29:08 -------- d-----w- c:\program files\common files\Intuit2012-06-12 01:29:01 -------- d-----w- c:\program files\common files\NeatReceipts2012-06-12 01:28:36 -------- d-----w- c:\documents and settings\all users\application data\The Neat Company2012-06-12 01:27:50 -------- d-----w- c:\program files\NeatWorks2012-06-06 09:35:52 83424 ----a-w- c:\windows\system32\dwabho.dll2012-06-03 23:05:02 -------- d-----w- c:\windows\system32\wbem\repository\FS2012-06-03 23:05:02 -------- d-----w- c:\windows\system32\wbem\Repository.==================== Find3M ====================.2012-06-28 20:22:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-28 20:22:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-22 05:43:37 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe2005-06-16 22:19:22 2482176 ----a-w- c:\program files\TCTrill.dll2005-06-11 01:12:16 847872 ----a-w- c:\program files\TCTrillS.dll2005-06-03 18:59:54 61440 ----a-w- c:\program files\TCReports.dll2004-02-12 04:11:40 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe2004-02-12 03:59:34 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe2004-01-27 02:04:08 49152 ----a-w- c:\program files\TCAlerts.dll2003-11-04 22:21:00 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll2003-11-04 22:21:00 561152 ----a-w- c:\program files\xp32_207.dll2003-11-04 22:21:00 21776 ----a-w- c:\program files\shfolder.dll2003-11-04 22:20:00 479232 ----a-w- c:\program files\rp32_207.dll2003-11-04 22:20:00 217088 ----a-w- c:\program files\sa32_207.dll2003-11-04 22:19:00 725032 ----a-w- c:\program files\kSAdg.dll2003-11-04 22:19:00 692264 ----a-w- c:\program files\kCPdg.dll2003-11-04 22:19:00 413736 ----a-w- c:\program files\kGRdg.dll2003-11-04 22:19:00 401462 ----a-w- c:\program files\msvcp60.dll2003-11-04 22:19:00 290869 ----a-w- c:\program files\msvcrt.dll2003-11-04 22:19:00 2744361 ----a-w- c:\program files\kFDMdg.dll2003-11-04 22:19:00 1982504 ----a-w- c:\program files\kFDdg.dll2003-11-04 22:19:00 1937448 ----a-w- c:\program files\kXPdg.dll2003-11-04 22:19:00 1794088 ----a-w- c:\program files\kRPdg.dll2003-11-04 22:19:00 1597480 ----a-w- c:\program files\kDBdg.dll2003-11-04 22:19:00 1486848 ----a-w- c:\program files\owl609v.dll2003-11-04 22:18:00 638976 ----a-w- c:\program files\fd32_207.dll2003-11-04 22:18:00 401728 ----a-w- c:\program files\EQNEDIT.EXE2003-11-04 22:18:00 352256 ----a-w- c:\program files\db32_207.dll2003-11-04 22:18:00 212992 ----a-w- c:\program files\cp32_207.dll2003-11-04 22:18:00 131072 ----a-w- c:\program files\gr32_207.dll2003-11-04 22:18:00 1122304 ----a-w- c:\program files\fm32_207.dll2003-11-04 22:17:00 311296 ----a-w- c:\program files\APE24EXT_MT.dll.=================== ROOTKIT ====================.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 Disk: Hitachi_HTS722080K9A300 rev.DCBOCA1H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e.device: opened successfullyuser: MBR read successfully.Disk trace:called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A2434B1]<<_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a24a93c]; MOV EAX, [0x8a24aab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A67AAB8]3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8A555030]\Driver\atapi[0x8A621C80] -> IRP_MJ_CREATE -> 0x8A2434B1error: Read A device attached to the system is not functioning.kernel: MBR read successfully_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }detected disk devices:detected hooks:\Driver\atapi DriverStartIo -> 0x8A2432E2user & kernel MBR OKWarning: possible TDL3 rootkit infection !.============= FINISH: 23:44:32.43 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 7/24/2008 1:44:09 PMSystem Uptime: 7/2/2012 11:33:01 PM (0 hours ago).Motherboard: Dell Inc. | | Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 74 GiB total, 23.964 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Hosts File Hijack ======================.Hosts: 165.248.100.142 makala1Hosts: 165.248.101.190 manoa1Hosts: 165.248.101.62 manana1Hosts: 165.248.102.38 mauka1Hosts: 165.248.103.61 mckin1Hosts: 165.248.105.228 milh1Hosts: 165.248.106.150 milike1Hosts: 165.248.106.10 milmkaHosts: 165.248.107.136 miluka1Hosts: 165.248.108.209 moanae1Hosts: 165.248.108.37 milwaenaHosts: 165.248.109.187 moahs1Hosts: 165.248.10.9 isped2Hosts: 165.248.10.11 sra5Hosts: 165.248.10.12 sra4Hosts: 165.248.10.13 darkwingHosts: 165.248.10.134 isped14Hosts: 165.248.10.136 isped15Hosts: 165.248.10.144 lilinoteHosts: 165.248.10.145 rep1Hosts: 165.248.10.146 mta1Hosts: 165.248.10.147 route1Hosts: 165.248.10.148 maui1Hosts: 165.248.10.149 maui2Hosts: 165.248.10.15 sraserv2Hosts: 165.248.10.151 rep2Hosts: 165.248.10.158 isped2icmHosts: 165.248.10.159 isped3icmHosts: 165.248.10.160 isped6Hosts: 165.248.10.162 isped7Hosts: 165.248.10.169 isped5Hosts: 165.248.10.17 sraserv3Hosts: 165.248.10.170 app1Hosts: 165.248.10.173 isped3Hosts: 165.248.10.18 test1Hosts: 165.248.10.19 sraserv1Hosts: 165.248.10.190 srasunHosts: 165.248.10.21 sra1Hosts: 165.248.10.22 sra2Hosts: 165.248.10.24 beta2Hosts: 165.248.10.25 r5Hosts: 165.248.10.254 irmb1Hosts: 165.248.10.26 sugarHosts: 165.248.10.26 isped4Hosts: 165.248.10.28 sametimeHosts: 165.248.10.29 diisHosts: 165.248.10.30 049sphereHosts: 165.248.10.35 isped8Hosts: 165.248.10.43 isped12Hosts: 165.248.10.53 isped9Hosts: 165.248.10.56 isped1Hosts: 165.248.10.58 isped10Hosts: 165.248.10.59 isped10pnHosts: 165.248.10.7 decs1Hosts: 165.248.10.84 npump1Hosts: 165.248.111.126 moanai1Hosts: 165.248.112.158 mokulele1Hosts: 165.248.113.14 momil1Hosts: 165.248.113.190 nanaika1Hosts: 165.248.114.147 nanak1Hosts: 165.248.115.50 nanakhi1Hosts: 165.248.117.235 noelaniHosts: 165.248.117.62 niuv1Hosts: 165.248.118.190 nuuanu1Hosts: 165.248.119.67 palolo1Hosts: 165.248.11.11 hondo1Hosts: 165.248.11.138 cendo2Hosts: 165.248.11.151 cendo1Hosts: 165.248.120.122 pauoa1Hosts: 165.248.121.126 pccomp1Hosts: 165.248.123.190 pearlh1Hosts: 165.248.124.22 pearlhk1Hosts: 165.248.124.210 pridge1Hosts: 165.248.125.190 pohakea1Hosts: 165.248.127.143 radfordHosts: 165.248.127.62 puuhale1Hosts: 165.248.129.6 redhill1Hosts: 165.248.12.205 kahukuhiHosts: 165.248.12.206 kalaheoHosts: 165.248.12.207 kingHosts: 165.248.12.208 maunawiliHosts: 165.248.12.222 windo1Hosts: 165.248.130.62 rsvlt1Hosts: 165.248.131.190 slake1Hosts: 165.248.131.62 royal1Hosts: 165.248.132.79 ascott1Hosts: 165.248.133.17 shafter1Hosts: 165.248.133.217 solomon1Hosts: 165.248.134.190 stvson1Hosts: 165.248.136.254 wahiawai1Hosts: 165.248.136.62 wahiawa1Hosts: 165.248.138.16 waialae1Hosts: 165.248.138.141 waialuae1Hosts: 165.248.13.190 hawsped1Hosts: 165.248.13.80 hawdo1Hosts: 165.248.140.126 waianae1Hosts: 165.248.141.62 waianah1Hosts: 165.248.142.143 waianai1Hosts: 165.248.143.147 waiau1Hosts: 165.248.144.62 waikiki1Hosts: 165.248.145.126 waimalu1Hosts: 165.248.145.220 waiman1Hosts: 165.248.146.190 waipel1Hosts: 165.248.149.25 waipin1Hosts: 165.248.149.33 waipc1Hosts: 165.248.14.11 mauido1Hosts: 165.248.14.190 mlsc1Hosts: 165.248.14.203 kauaido1Hosts: 165.248.150.15 washint1Hosts: 165.248.151.126 webling1Hosts: 165.248.152.100 wheelm1Hosts: 165.248.151.146 wheele1Hosts: 165.248.153.190 wilson1Hosts: 165.248.154.60 anuenue1Hosts: 165.248.155.16 holomuaHosts: 165.248.158.94 waikele1Hosts: 165.248.160.16 milmid1Hosts: 165.248.164.158 haaheo1Hosts: 165.248.165.100 hiloh1Hosts: 165.248.167.190 hilou1Hosts: 165.248.168.144 honau1Hosts: 165.248.169.62 honokh1Hosts: 165.248.170.126 hookenaHosts: 165.248.171.126 kahakai1Hosts: 165.248.171.189 kalania1Hosts: 165.248.173.207 keaaum1Hosts: 165.248.174.126 keaau1Hosts: 165.248.174.254 kealake1Hosts: 165.248.175.140 kealaki1Hosts: 165.248.176.190 keauk1Hosts: 165.248.176.254 keone1Hosts: 165.248.177.79 kohalah1Hosts: 165.248.178.126 konaw1Hosts: 165.248.179.62 konawh1Hosts: 165.248.180.201 laupah1Hosts: 165.248.181.207 naalehu1Hosts: 165.248.181.79 mtview1Hosts: 165.248.182.126 paauilo1Hosts: 165.248.182.254 pahoae1Hosts: 165.248.184.126 waiakeae1Hosts: 165.248.185.100 waiakeah1Hosts: 165.248.186.185 waiakeai1Hosts: 165.248.187.190 waiakeaw1Hosts: 165.248.187.30 kapoleih1Hosts: 165.248.189.249 waikolo1Hosts: 165.248.189.62 waimeae1Hosts: 165.248.190.62 konawm1Hosts: 165.248.191.126 honoke1Hosts: 165.248.191.190 kohalae1Hosts: 165.248.192.15 kohalam1Hosts: 165.248.192.165 hiloi1Hosts: 165.248.193.60 kealakh1Hosts: 165.248.195.190 pahoah1Hosts: 165.248.198.60 keaauh2Hosts: 165.248.198.62 keaauh1Hosts: 165.248.199.126 baldwin1Hosts: 165.248.1.173 lili1Hosts: 165.248.200.190 haiku1Hosts: 165.248.201.146 iao1Hosts: 165.248.201.62 hana1Hosts: 165.248.202.190 kahuluiHosts: 165.248.203.16 kalama1Hosts: 165.248.203.221 jarret1Hosts: 165.248.204.62 kamiiiHosts: 165.248.205.126 kihei1Hosts: 165.248.206.126 kulaHosts: 165.248.207.62 lahaina1Hosts: 165.248.207.126 lahainal1Hosts: 165.248.208.254 lokela1Hosts: 165.248.208.62 lihikai1Hosts: 165.248.209.190 makawao1Hosts: 165.248.210.84 mauihs1Hosts: 165.248.211.203 mauiw1Hosts: 165.248.212.140 nahiena1Hosts: 165.248.213.190 pukala1Hosts: 165.248.213.62 paia1Hosts: 165.248.214.190 wailuku1Hosts: 165.248.214.62 waiheeHosts: 165.248.215.100 kklikeHosts: 165.248.215.99 kklike2Hosts: 165.248.216.62 kamalii1Hosts: 165.248.219.61 kapomid1Hosts: 165.248.225.190 kiloh1Hosts: 165.248.225.26 kaunaka1Hosts: 165.248.226.190 maunal1Hosts: 165.248.226.62 kualapuuHosts: 165.248.227.62 molokah1Hosts: 165.248.229.16 lanai1Hosts: 165.248.231.139 hanalei1Hosts: 165.248.232.62 kalahe1Hosts: 165.248.233.17 kapaa1Hosts: 165.248.233.217 kapaah1Hosts: 165.248.236.232 kaumu1Hosts: 165.248.236.62 kauaihi1Hosts: 165.248.238.126 kilauea1Hosts: 165.248.238.159 koloa1Hosts: 165.248.239.114 waimeac1Hosts: 165.248.240.83 waimeah1Hosts: 165.248.241.22 wilcoxHosts: 165.248.241.82 eleele1Hosts: 165.248.242.11 kapaam1Hosts: 165.248.243.126 kekaha1Hosts: 165.248.244.251 kamaka1Hosts: 165.248.24.89 leedo1Hosts: 165.248.89.21 kokoh1Hosts: 165.248.2.125 telesch1Hosts: 165.248.2.20 atr1Hosts: 165.248.2.55 hcps1Hosts: 165.248.2.56 cai1Hosts: 165.248.31.253 mcsaHosts: 165.248.33.254 jeffers1Hosts: 165.248.34.62 olomana1Hosts: 165.248.36.20 ahuim1Hosts: 165.248.36.190 aieael1Hosts: 165.248.38.62 aieah1Hosts: 165.248.39.145 ainaha1Hosts: 165.248.3.11 ois3Hosts: 165.248.3.126 felix1Hosts: 165.248.3.144 eval1Hosts: 165.248.40.254 aliame1Hosts: 165.248.40.62 alawai1Hosts: 165.248.41.126 aliami1Hosts: 165.248.42.126 alii1Hosts: 165.248.43.78 august1Hosts: 165.248.44.20 campb1Hosts: 165.248.45.151 castle1Hosts: 165.248.47.62 central1Hosts: 165.248.48.3 dole2Hosts: 165.248.48.4 dole3Hosts: 165.248.49.144 ewa1Hosts: 165.248.49.62 ewab1Hosts: 165.248.10.6 facil1Hosts: 165.248.50.62 farrin1Hosts: 165.248.51.150 fern1Hosts: 165.248.52.16 hahaioneHosts: 165.248.53.170 haleiwa1Hosts: 165.248.55.126 helemanoHosts: 165.248.55.18 heeia1Hosts: 165.248.56.196 highl1Hosts: 165.248.55.230 hickam1Hosts: 165.248.58.62 honowai1Hosts: 165.248.59.95 ilima1Hosts: 165.248.5.208 foodsrvHosts: 165.248.60.184 iroq1Hosts: 165.248.62.13 jeffers2Hosts: 165.248.63.62 kmanu1Hosts: 165.248.63.76 kaala1Hosts: 165.248.64.126 kaewai1Hosts: 165.248.64.209 kahalaHosts: 165.248.68.62 kailuae1Hosts: 165.248.70.80 kaimiloaHosts: 165.248.71.16 kaimuh1Hosts: 165.248.72.123 kaimum1Hosts: 165.248.73.254 kaiser1Hosts: 165.248.74.210 kaiula1Hosts: 165.248.76.90 kalaka1Hosts: 165.248.77.15 kalanih1Hosts: 165.248.78.207 kalihiHosts: 165.248.78.62 kalei1Hosts: 165.248.79.76 kalkai1Hosts: 165.248.7.80 nssb1Hosts: 165.248.80.189 kalihiw1Hosts: 165.248.80.62 kaluka1Hosts: 165.248.81.16 kamaileHosts: 165.248.82.120 kaneohe1Hosts: 165.248.82.62 kamilo1Hosts: 165.248.83.145 kapalamaHosts: 165.248.83.62 kanoela1Hosts: 165.248.84.78 leedo2Hosts: 165.248.84.79 kapoleiHosts: 165.248.85.253 kauluw1Hosts: 165.248.85.80 kapuna1Hosts: 165.248.86.80 kawana1Hosts: 165.248.88.190 kipapa1Hosts: 165.248.8.254 spms1Hosts: 165.248.90.207 lanak1Hosts: 165.248.90.25 laie1Hosts: 165.248.91.254 lehua1Hosts: 165.248.92.190 leihoku1Hosts: 165.248.93.21 leilehua1Hosts: 165.248.93.73 wahcsa1Hosts: 165.248.35.16 rise1Hosts: 165.248.95.93 likel1Hosts: 165.248.96.190 lincoln1Hosts: 165.248.96.62 linapu1Hosts: 165.248.97.144 maemaeHosts: 165.248.97.51 lunal1Hosts: 165.248.98.80 maili1Hosts: 165.248.99.254 mkilo1Hosts: 165.248.99.59 makaha1Hosts: 165.248.147.151 waipah1Hosts: 165.248.10.146 smtp1Hosts: 165.248.116.85 nimitz1Hosts: 165.248.118.207 pces1Hosts: 165.248.139.27 waialuah1Hosts: 165.248.126.55 pope1Hosts: 165.248.145.239 waiman2Hosts: 165.248.43.157 barbers1Hosts: 165.248.14.203 kauaido1Hosts: 165.248.10.96 mushroom.==== Installed Programs ======================.Acrobat.comAdobe Acrobat 4.0Adobe Acrobat 9 Pro - English, Français, DeutschAdobe Acrobat 9.5.1 - CPSID_83708Adobe After Effects CS4Adobe After Effects CS4 PresetsAdobe After Effects CS4 Template Projects & FootageAdobe After Effects CS4 Third Party ContentAdobe AIRAdobe Anchor Service CS4Adobe Asset Services CS4Adobe Bridge CS4Adobe CMaps CS4Adobe Color - Photoshop Specific CS4Adobe Color EU Extra Settings CS4Adobe Color JA Extra Settings CS4Adobe Color NA Recommended Settings CS4Adobe Color Video Profiles AE CS4Adobe Color Video Profiles CS CS4Adobe Contribute CS4Adobe Creative Suite 4 Master CollectionAdobe CS4 American English Speech Analysis ModelsAdobe CS4 French Speech Analysis ModelsAdobe CS4 German Speech Analysis ModelsAdobe CS4 International English Speech Analysis ModelsAdobe CS4 Italian Speech Analysis ModelsAdobe CS4 Japanese Speech Analysis ModelsAdobe CS4 Korean Speech Analysis ModelsAdobe CS4 Spanish Speech Analysis ModelsAdobe CSI CS4Adobe Default Language CS4Adobe Device Central CS4Adobe Dreamweaver CS4Adobe Drive CS4Adobe Dynamiclink SupportAdobe Encore CS4Adobe Encore CS4 CodecsAdobe Encore CS4 LibraryAdobe ExtendScript Toolkit CS4Adobe Extension Manager CS4Adobe Fireworks CS4Adobe Flash CS4Adobe Flash CS4 Extension - Flash Lite STI enAdobe Flash CS4 STI-enAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Fonts AllAdobe Illustrator CS4Adobe InDesign CS4Adobe InDesign CS4 Application Feature Set Files (Roman)Adobe InDesign CS4 Common Base FilesAdobe InDesign CS4 Icon HandlerAdobe Linguistics CS4Adobe Media Encoder CS4Adobe Media Encoder CS4 Additional ExporterAdobe Media Encoder CS4 DolbyAdobe Media Encoder CS4 ExporterAdobe Media Encoder CS4 ImporterAdobe Media PlayerAdobe MotionPicture Color Files CS4Adobe OnLocation CS4Adobe Output ModuleAdobe PDF Library Files CS4Adobe Photoshop CS4Adobe Photoshop CS4 SupportAdobe Premiere Pro CS4Adobe Premiere Pro CS4 Functional ContentAdobe Premiere Pro CS4 Third Party ContentAdobe Reader X (10.1.0)Adobe Search for HelpAdobe Service Manager ExtensionAdobe SetupAdobe SGM CS4Adobe SING CS4Adobe Soundbooth CS4Adobe Soundbooth CS4 CodecsAdobe Type Support CS4Adobe Update Manager CS4Adobe Version Cue CS4 ServerAdobe WinSoft Linguistics PluginAdobe XMP Panels CS4AdobeColorCommonSetCMYKAdobeColorCommonSetRGBAiO_Scan_CDAAiOSoftwareNPIApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft Media Card CompanionBluetooth Stack for Windows by ToshibaBonjourBroadcom Gigabit Integrated ControllerBufferChmCamtasia Studio 3CDDRV_InstallerCisco WebEx MeetingsConexant HDA D330 MDC V.92 ModemConnectCritical Update for Windows Media Player 11 (KB959772)CustomerResearchQFolderDell Resource CDDestinationsDeviceManagementQFolderDocProcDocProcQFolderEpson ConnectEpson Customer ParticipationEpson Event ManagerEPSON NX330 Series Printer UninstallEPSON ScanEpsonNet PrinteSupportQFolderFax_CDAGeneric color icon driverGenesys USB Mass Storage DeviceGeo CS Test GengetPlus® for AdobeHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Customer Participation Program 7.0HP Imaging Device Functions 7.0HP Photosmart EssentialHP Photosmart, Officejet and Deskjet 7.0.AHP Software UpdateHP Solution Center 7.0HPPhotoSmartExpressHPProductAssistantInstantShareDevicesMFCIntel® Graphics Media Accelerator DriverIntel® PROSet/Wireless SoftwareiTunesJava Auto UpdaterJava 6 Update 33Java 6 Update 7JingKhalSetupkulerLotus Notes 8.5.1LTCM ClientMalwarebytes Anti-Malware version 1.61.0.1400MarketResearchMcAfee AntiSpyware Enterprise ModulemCoremDrivermDrWiFimHlpDellMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft SQL Server Compact 3.5 SP2 ENUMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributablemIWAmLogViewmMHouseMozilla Firefox 13.0.1 (x86 en-US)Mozilla Maintenance ServicemPfMgrmPfWizmProSafemSCfgmSSOMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 ParsermWlsSafemWMImZConfigNeat ADF Scanner DriverNeat Mobile Scanner (Silver) DriverNeat Mobile Scanner 2008 DriverNeat Mobile Scanner DriverNeatWorksNeatWorks Core FilesNetscape Navigator 4.08Network Stumbler 0.4.0 (remove only)NewCopy_CDANorton 360OCR Software by I.R.I.S 7.0Oracle JInitiator 1.3.1.28Oracle JInitiator 1.3.1.30Oz776 SCR Driver V1.1.4.2PanoStandAlonePDF Settings CS4Photoshop Camera RawPixel Bender ToolkitProductContextNPIQuickTimeReadmeRoxio Activation ModuleRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express Labeler 3Roxio Update ManagerSafariScanScannerCopySecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2482017)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2497640)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2530548)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544521)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2559049)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2586448)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618444)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371-v2)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969897)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB976325)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982381)Security Update for Windows XP (KB982665)SetPointSigmaTel AudioSMART NotebookSMART Product DriversSMART Product UpdateSnagIt 8SolutionCenterSonic CinePlayer Decoder PackSpelling Dictionaries Support For Adobe Reader 9Spybot - Search & DestroyStatusSuite Shared Configuration CS4Symantec Ghost Console ClientToolboxTrayAppUnloadUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit EditionUpdate for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB942763)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update for Windows XP (KB978207)Update for Windows XP (KB980182)WebEx Productivity ToolsWebFldrs XPWebRegWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3ZipGenius 6 (6.0.3.1140).==== Event Viewer Messages From Past Week ========.6/29/2012 12:44:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted July 3, 2012 ID:566447 Share Posted July 3, 2012 Step 1Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. You can choose one between McAfee AntiSpyware Enterprise Module and Norton 360, then uninstall the other one. Finally, reboot your PC.Step 2Download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.Step 3Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, post the following log files:TDSSKiller logMalwarebytes' Anti-Malware loga new fresh DDS log file Link to post Share on other sites More sharing options...
Staff screen317 Posted July 8, 2012 Staff ID:568255 Share Posted July 8, 2012 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 10, 2012 ID:568835 Share Posted July 10, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 12, 2012 ID:569663 Share Posted July 12, 2012 Re-opened per OP request.@shiannteBe sure to be prompt in doing the steps outlined by Maniac.IF in future you think you will be delayed, do make sure to let your helper know.Good luck. Link to post Share on other sites More sharing options...
shiannte Posted July 12, 2012 Author ID:569698 Share Posted July 12, 2012 After following your instructions, I notice that the adware/malware is not playing in the background any more. Thank you!!!1. I was unable to delete/uninstall one of my anti-virus software programs. I went to control panel and looked to uninstall the McAfee AntiSpyware Enterprise Module, deleted that but not able to delete the entire McAfee itself.2. Here is my TDSSKiller Log:01:47:56.0203 4204 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:3501:47:57.0296 4204 ============================================================01:47:57.0296 4204 Current date / time: 2012/07/12 01:47:57.029601:47:57.0296 4204 SystemInfo:01:47:57.0296 4204 01:47:57.0296 4204 OS Version: 5.1.2600 ServicePack: 3.001:47:57.0296 4204 Product type: Workstation01:47:57.0296 4204 ComputerName: E046087101:47:57.0296 4204 UserName: Admin01:47:57.0296 4204 Windows directory: C:\WINDOWS01:47:57.0296 4204 System windows directory: C:\WINDOWS01:47:57.0296 4204 Processor architecture: Intel x8601:47:57.0296 4204 Number of processors: 201:47:57.0296 4204 Page size: 0x100001:47:57.0296 4204 Boot type: Normal boot01:47:57.0296 4204 ============================================================01:48:00.0515 4204 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005401:48:00.0531 4204 ============================================================01:48:00.0531 4204 \Device\Harddisk0\DR0:01:48:00.0531 4204 MBR partitions:01:48:00.0531 4204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x94DB4F401:48:00.0531 4204 ============================================================01:48:00.0562 4204 C: <-> \Device\Harddisk0\DR0\Partition001:48:00.0562 4204 ============================================================01:48:00.0562 4204 Initialize success01:48:00.0562 4204 ============================================================01:48:31.0890 1628 ============================================================01:48:31.0890 1628 Scan started01:48:31.0890 1628 Mode: Manual; SigCheck; TDLFS;01:48:31.0890 1628 ============================================================01:48:33.0687 1628 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys01:49:07.0531 1628 61883 - ok01:49:07.0531 1628 Abiosdsk - ok01:49:07.0531 1628 abp480n5 - ok01:49:07.0593 1628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys01:49:07.0906 1628 ACPI - ok01:49:07.0937 1628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys01:49:08.0203 1628 ACPIEC - ok01:49:08.0234 1628 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys01:49:08.0265 1628 adfs - ok01:49:08.0359 1628 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe01:49:08.0375 1628 Adobe Version Cue CS4 - ok01:49:08.0390 1628 adpu160m - ok01:49:08.0421 1628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys01:49:08.0921 1628 aec - ok01:49:08.0953 1628 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys01:49:09.0218 1628 AegisP - ok01:49:09.0687 1628 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys01:49:10.0078 1628 AFD - ok01:49:10.0140 1628 Aha154x - ok01:49:10.0140 1628 aic78u2 - ok01:49:10.0140 1628 aic78xx - ok01:49:10.0187 1628 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll01:49:10.0421 1628 Alerter - ok01:49:10.0437 1628 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe01:49:10.0812 1628 ALG - ok01:49:10.0812 1628 AliIde - ok01:49:10.0812 1628 amsint - ok01:49:10.0875 1628 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe01:49:10.0890 1628 Apple Mobile Device - ok01:49:10.0937 1628 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll01:49:11.0171 1628 AppMgmt - ok01:49:11.0187 1628 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys01:49:11.0390 1628 Arp1394 - ok01:49:11.0390 1628 asc - ok01:49:11.0390 1628 asc3350p - ok01:49:11.0406 1628 asc3550 - ok01:49:11.0468 1628 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe01:49:11.0500 1628 aspnet_state - ok01:49:11.0515 1628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys01:49:11.0687 1628 AsyncMac - ok01:49:11.0718 1628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys01:49:12.0015 1628 atapi - ok01:49:12.0015 1628 Atdisk - ok01:49:12.0031 1628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys01:49:12.0328 1628 Atmarpc - ok01:49:12.0359 1628 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll01:49:12.0578 1628 AudioSrv - ok01:49:12.0609 1628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys01:49:12.0875 1628 audstub - ok01:49:12.0906 1628 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys01:49:13.0140 1628 Avc - ok01:49:13.0171 1628 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys01:49:13.0296 1628 b57w2k - ok01:49:13.0328 1628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys01:49:13.0531 1628 Beep - ok01:49:13.0656 1628 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys01:49:13.0703 1628 BHDrvx86 - ok01:49:13.0750 1628 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll01:49:14.0000 1628 BITS - ok01:49:14.0062 1628 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe01:49:14.0109 1628 Bonjour Service - ok01:49:14.0125 1628 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll01:49:14.0390 1628 Browser - ok01:49:14.0437 1628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys01:49:14.0687 1628 cbidf2k - ok01:49:14.0718 1628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys01:49:14.0984 1628 CCDECODE - ok01:49:15.0015 1628 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys01:49:15.0046 1628 ccSet_N360 - ok01:49:15.0046 1628 cd20xrnt - ok01:49:15.0093 1628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys01:49:15.0359 1628 Cdaudio - ok01:49:15.0390 1628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys01:49:15.0671 1628 Cdfs - ok01:49:15.0687 1628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys01:49:15.0921 1628 Cdrom - ok01:49:15.0921 1628 Changer - ok01:49:15.0953 1628 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe01:49:16.0296 1628 CiSvc - ok01:49:16.0343 1628 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe01:49:16.0671 1628 ClipSrv - ok01:49:16.0750 1628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe01:49:16.0765 1628 clr_optimization_v2.0.50727_32 - ok01:49:16.0765 1628 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys01:49:17.0125 1628 CmBatt - ok01:49:17.0125 1628 CmdIde - ok01:49:17.0125 1628 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys01:49:17.0453 1628 Compbatt - ok01:49:17.0453 1628 COMSysApp - ok01:49:17.0468 1628 Cpqarray - ok01:49:17.0484 1628 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll01:49:17.0718 1628 CryptSvc - ok01:49:17.0765 1628 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys01:49:17.0906 1628 CSRBC ( UnsignedFile.Multi.Generic ) - warning01:49:17.0906 1628 CSRBC - detected UnsignedFile.Multi.Generic (1)01:49:17.0906 1628 dac2w2k - ok01:49:17.0906 1628 dac960nt - ok01:49:17.0953 1628 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll01:49:18.0140 1628 DcomLaunch - ok01:49:18.0171 1628 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll01:49:18.0359 1628 Dhcp - ok01:49:18.0500 1628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys01:49:18.0812 1628 Disk - ok01:49:18.0828 1628 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS01:49:18.0843 1628 DLABMFSM - ok01:49:18.0859 1628 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS01:49:18.0875 1628 DLABOIOM - ok01:49:18.0875 1628 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS01:49:18.0890 1628 DLACDBHM - ok01:49:18.0890 1628 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS01:49:18.0906 1628 DLADResM - ok01:49:18.0921 1628 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS01:49:18.0937 1628 DLAIFS_M - ok01:49:18.0953 1628 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS01:49:18.0968 1628 DLAOPIOM - ok01:49:18.0968 1628 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS01:49:18.0984 1628 DLAPoolM - ok01:49:18.0984 1628 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS01:49:19.0015 1628 DLARTL_M - ok01:49:19.0046 1628 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS01:49:19.0078 1628 DLAUDFAM - ok01:49:19.0078 1628 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS01:49:19.0093 1628 DLAUDF_M - ok01:49:19.0109 1628 dmadmin - ok01:49:19.0187 1628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys01:49:19.0593 1628 dmboot - ok01:49:19.0640 1628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys01:49:19.0968 1628 dmio - ok01:49:20.0000 1628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys01:49:20.0390 1628 dmload - ok01:49:20.0421 1628 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll01:49:20.0765 1628 dmserver - ok01:49:20.0796 1628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys01:49:20.0984 1628 DMusic - ok01:49:21.0031 1628 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll01:49:21.0281 1628 Dnscache - ok01:49:21.0390 1628 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll01:49:21.0781 1628 Dot3svc - ok01:49:21.0781 1628 dpti2o - ok01:49:21.0781 1628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys01:49:22.0093 1628 drmkaud - ok01:49:22.0109 1628 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS01:49:22.0125 1628 DRVMCDB - ok01:49:22.0156 1628 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS01:49:22.0171 1628 DRVNDDM - ok01:49:22.0203 1628 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll01:49:22.0390 1628 EapHost - ok01:49:22.0484 1628 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys01:49:22.0515 1628 eeCtrl - ok01:49:22.0562 1628 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe01:49:22.0656 1628 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning01:49:22.0656 1628 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)01:49:22.0718 1628 EpsonCustomerParticipation (b78436ca173ff723a1eace5cd4900375) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe01:49:22.0750 1628 EpsonCustomerParticipation - ok01:49:22.0781 1628 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys01:49:22.0796 1628 EraserUtilRebootDrv - ok01:49:22.0828 1628 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll01:49:23.0093 1628 ERSvc - ok01:49:23.0140 1628 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe01:49:23.0343 1628 Eventlog - ok01:49:23.0375 1628 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll01:49:23.0718 1628 EventSystem - ok01:49:23.0781 1628 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe01:49:23.0921 1628 EvtEng ( UnsignedFile.Multi.Generic ) - warning01:49:23.0921 1628 EvtEng - detected UnsignedFile.Multi.Generic (1)01:49:24.0000 1628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys01:49:24.0265 1628 Fastfat - ok01:49:24.0312 1628 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll01:49:24.0453 1628 FastUserSwitchingCompatibility - ok01:49:24.0453 1628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys01:49:24.0671 1628 Fdc - ok01:49:24.0703 1628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys01:49:24.0968 1628 Fips - ok01:49:25.0000 1628 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys01:49:25.0203 1628 fixustor ( UnsignedFile.Multi.Generic ) - warning01:49:25.0203 1628 fixustor - detected UnsignedFile.Multi.Generic (1)01:49:25.0296 1628 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe01:49:25.0328 1628 FLEXnet Licensing Service - ok01:49:25.0328 1628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys01:49:25.0859 1628 Flpydisk - ok01:49:25.0875 1628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys01:49:26.0312 1628 FltMgr - ok01:49:26.0390 1628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe01:49:26.0421 1628 FontCache3.0.0.0 - ok01:49:26.0437 1628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys01:49:26.0921 1628 Fs_Rec - ok01:49:26.0921 1628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys01:49:27.0171 1628 Ftdisk - ok01:49:27.0187 1628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys01:49:27.0203 1628 GEARAspiWDM - ok01:49:27.0234 1628 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe01:49:27.0250 1628 getPlus® Helper - ok01:49:27.0281 1628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys01:49:27.0593 1628 Gpc - ok01:49:27.0625 1628 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys01:49:27.0890 1628 guardian2 - ok01:49:27.0890 1628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys01:49:28.0203 1628 HDAudBus - ok01:49:28.0234 1628 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll01:49:28.0609 1628 helpsvc - ok01:49:28.0625 1628 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll01:49:28.0984 1628 HidServ - ok01:49:29.0062 1628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys01:49:29.0390 1628 HidUsb - ok01:49:29.0421 1628 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll01:49:29.0625 1628 hkmsvc - ok01:49:29.0625 1628 hpn - ok01:49:29.0671 1628 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys01:49:30.0046 1628 HPZid412 - ok01:49:30.0046 1628 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys01:49:30.0656 1628 HPZipr12 - ok01:49:30.0656 1628 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys01:49:30.0843 1628 HPZius12 - ok01:49:30.0921 1628 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys01:49:31.0250 1628 HSFHWAZL - ok01:49:31.0312 1628 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys01:49:31.0468 1628 HSF_DPV - ok01:49:31.0515 1628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys01:49:31.0718 1628 HTTP - ok01:49:31.0765 1628 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll01:49:32.0078 1628 HTTPFilter - ok01:49:32.0078 1628 i2omgmt - ok01:49:32.0093 1628 i2omp - ok01:49:32.0140 1628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys01:49:32.0437 1628 i8042prt - ok01:49:32.0843 1628 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys01:49:33.0437 1628 ialm - ok01:49:33.0625 1628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe01:49:33.0656 1628 idsvc - ok01:49:33.0765 1628 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120711.001\IDSxpx86.sys01:49:33.0796 1628 IDSxpx86 - ok01:49:33.0890 1628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys01:49:34.0140 1628 Imapi - ok01:49:34.0171 1628 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe01:49:34.0375 1628 ImapiService - ok01:49:34.0375 1628 ini910u - ok01:49:34.0390 1628 IntelIde - ok01:49:34.0390 1628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys01:49:34.0609 1628 intelppm - ok01:49:34.0625 1628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys01:49:34.0828 1628 Ip6Fw - ok01:49:34.0859 1628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys01:49:35.0203 1628 IpFilterDriver - ok01:49:35.0218 1628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys01:49:35.0453 1628 IpInIp - ok01:49:35.0484 1628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys01:49:35.0843 1628 IpNat - ok01:49:35.0921 1628 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe01:49:35.0953 1628 iPod Service - ok01:49:35.0968 1628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys01:49:36.0187 1628 IPSec - ok01:49:36.0203 1628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys01:49:36.0656 1628 IRENUM - ok01:49:36.0703 1628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys01:49:36.0968 1628 isapnp - ok01:49:37.0015 1628 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe01:49:37.0031 1628 JavaQuickStarterService - ok01:49:37.0062 1628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys01:49:37.0296 1628 Kbdclass - ok01:49:37.0734 1628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys01:49:38.0015 1628 kbdhid - ok01:49:38.0062 1628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys01:49:38.0328 1628 kmixer - ok01:49:38.0343 1628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys01:49:38.0593 1628 KSecDD - ok01:49:38.0625 1628 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll01:49:38.0906 1628 lanmanserver - ok01:49:38.0937 1628 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll01:49:39.0156 1628 lanmanworkstation - ok01:49:39.0156 1628 lbrtfdc - ok01:49:39.0171 1628 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys01:49:39.0203 1628 LHidFilt - ok01:49:39.0234 1628 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll01:49:39.0609 1628 LmHosts - ok01:49:39.0625 1628 LMouFilt (8bd61e1f686d352b318b025524542128) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys01:49:39.0640 1628 LMouFilt - ok01:49:39.0890 1628 Lotus Notes Diagnostics (986e0f3be701b232b8913de59c7adc7c) C:\Program Files\IBM\Lotus\Notes\nsd.exe01:49:40.0000 1628 Lotus Notes Diagnostics - ok01:49:40.0125 1628 Lotus Notes Single Logon (71f607abe2355fabea9fb13e057ac050) C:\Program Files\IBM\Lotus\Notes\nslsvice.exe01:49:40.0140 1628 Lotus Notes Single Logon - ok01:49:40.0250 1628 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys01:49:40.0265 1628 MBAMProtector - ok01:49:40.0343 1628 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe01:49:40.0375 1628 MBAMService - ok01:49:40.0421 1628 McAfeeFramework (447d4617b99ac0a4ba056713dfe02279) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe01:49:40.0437 1628 McAfeeFramework - ok01:49:40.0484 1628 McShield (12bef73e0281ac793865be1a331c67fc) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe01:49:40.0500 1628 McShield - ok01:49:40.0531 1628 McTaskManager (d0f500bc9f114c99d32df4dc4c857c94) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe01:49:40.0546 1628 McTaskManager - ok01:49:40.0593 1628 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE01:49:40.0625 1628 MDM - ok01:49:40.0718 1628 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys01:49:41.0031 1628 mdmxsdk - ok01:49:41.0062 1628 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll01:49:41.0328 1628 Messenger - ok01:49:41.0343 1628 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys01:49:41.0359 1628 mfeapfk - ok01:49:41.0375 1628 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys01:49:41.0390 1628 mfeavfk - ok01:49:41.0406 1628 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys01:49:41.0421 1628 mfebopk - ok01:49:41.0468 1628 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys01:49:41.0484 1628 mfehidk - ok01:49:41.0500 1628 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys01:49:41.0515 1628 mferkdk - ok01:49:41.0531 1628 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys01:49:41.0546 1628 mfetdik - ok01:49:41.0562 1628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys01:49:41.0781 1628 mnmdd - ok01:49:41.0828 1628 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe01:49:42.0046 1628 mnmsrvc - ok01:49:42.0078 1628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys01:49:42.0328 1628 Modem - ok01:49:42.0343 1628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys01:49:42.0609 1628 Mouclass - ok01:49:42.0625 1628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys01:49:42.0875 1628 mouhid - ok01:49:42.0906 1628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys01:49:43.0125 1628 MountMgr - ok01:49:43.0171 1628 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe01:49:43.0187 1628 MozillaMaintenance - ok01:49:43.0203 1628 mraid35x - ok01:49:43.0218 1628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys01:49:43.0453 1628 MRxDAV - ok01:49:43.0500 1628 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys01:49:43.0703 1628 MRxSmb - ok01:49:43.0734 1628 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe01:49:43.0953 1628 MSDTC - ok01:49:43.0984 1628 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys01:49:44.0203 1628 MSDV - ok01:49:44.0218 1628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys01:49:44.0375 1628 Msfs - ok01:49:44.0375 1628 MSIServer - ok01:49:44.0390 1628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys01:49:44.0593 1628 MSKSSRV - ok01:49:44.0593 1628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys01:49:44.0812 1628 MSPCLOCK - ok01:49:44.0812 1628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys01:49:45.0031 1628 MSPQM - ok01:49:45.0046 1628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys01:49:45.0234 1628 mssmbios - ok01:49:45.0265 1628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys01:49:45.0531 1628 MSTEE - ok01:49:45.0562 1628 Multi-user Cleanup Service (218d58976c01c60657818ed0eac81602) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe01:49:45.0609 1628 Multi-user Cleanup Service - ok01:49:45.0640 1628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys01:49:45.0796 1628 Mup - ok01:49:45.0843 1628 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe01:49:45.0875 1628 N360 - ok01:49:45.0906 1628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys01:49:46.0125 1628 NABTSFEC - ok01:49:46.0171 1628 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll01:49:46.0343 1628 napagent - ok01:49:46.0421 1628 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120711.018\NAVENG.SYS01:49:46.0453 1628 NAVENG - ok01:49:46.0578 1628 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120711.018\NAVEX15.SYS01:49:46.0625 1628 NAVEX15 - ok01:49:46.0734 1628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys01:49:47.0015 1628 NDIS - ok01:49:47.0031 1628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys01:49:47.0359 1628 NdisIP - ok01:49:47.0390 1628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys01:49:47.0796 1628 NdisTapi - ok01:49:47.0812 1628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys01:49:48.0093 1628 Ndisuio - ok01:49:48.0109 1628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys01:49:48.0281 1628 NdisWan - ok01:49:48.0312 1628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys01:49:48.0640 1628 NDProxy - ok01:49:48.0671 1628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys01:49:48.0984 1628 NetBIOS - ok01:49:49.0015 1628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys01:49:49.0234 1628 NetBT - ok01:49:49.0281 1628 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe01:49:49.0531 1628 NetDDE - ok01:49:49.0687 1628 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe01:49:49.0968 1628 NetDDEdsdm - ok01:49:50.0046 1628 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe01:49:50.0281 1628 Netlogon - ok01:49:50.0312 1628 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll01:49:50.0609 1628 Netman - ok01:49:50.0703 1628 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe01:49:50.0734 1628 NetTcpPortSharing - ok01:49:50.0906 1628 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys01:49:51.0187 1628 NETw4x32 - ok01:49:51.0296 1628 NGCLIENT (174692e8a5eb4df16d44c1b44f978d3f) C:\Program Files\Symantec\Ghost\ngctw32.exe01:49:51.0328 1628 NGCLIENT - ok01:49:51.0468 1628 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys01:49:51.0796 1628 NIC1394 - ok01:49:51.0859 1628 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll01:49:52.0015 1628 Nla - ok01:49:52.0031 1628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys01:49:52.0234 1628 Npfs - ok01:49:52.0265 1628 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS01:49:52.0562 1628 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning01:49:52.0562 1628 NSNDIS5 - detected UnsignedFile.Multi.Generic (1)01:49:52.0609 1628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys01:49:52.0906 1628 Ntfs - ok01:49:52.0937 1628 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe01:49:53.0140 1628 NtLmSsp - ok01:49:53.0187 1628 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll01:49:53.0375 1628 NtmsSvc - ok01:49:53.0406 1628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys01:49:53.0593 1628 Null - ok01:49:53.0609 1628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys01:49:53.0828 1628 NwlnkFlt - ok01:49:53.0828 1628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys01:49:54.0109 1628 NwlnkFwd - ok01:49:54.0234 1628 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE01:49:54.0265 1628 odserv - ok01:49:54.0281 1628 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys01:49:54.0500 1628 ohci1394 - ok01:49:54.0531 1628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE01:49:54.0562 1628 ose - ok01:49:54.0578 1628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys01:49:54.0812 1628 Parport - ok01:49:54.0812 1628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys01:49:55.0062 1628 PartMgr - ok01:49:55.0078 1628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys01:49:55.0296 1628 ParVdm - ok01:49:55.0312 1628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys01:49:55.0593 1628 PCI - ok01:49:55.0593 1628 PCIDump - ok01:49:55.0593 1628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys01:49:56.0078 1628 PCIIde - ok01:49:56.0093 1628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys01:49:56.0343 1628 Pcmcia - ok01:49:56.0343 1628 PDCOMP - ok01:49:56.0343 1628 PDFRAME - ok01:49:56.0359 1628 PDRELI - ok01:49:56.0359 1628 PDRFRAME - ok01:49:56.0359 1628 perc2 - ok01:49:56.0375 1628 perc2hib - ok01:49:56.0406 1628 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe01:49:56.0484 1628 PlugPlay - ok01:49:56.0500 1628 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe01:49:56.0703 1628 Pml Driver HPZ12 - ok01:49:56.0718 1628 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe01:49:56.0890 1628 PolicyAgent - ok01:49:56.0921 1628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys01:49:57.0187 1628 PptpMiniport - ok01:49:57.0187 1628 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe01:49:57.0437 1628 ProtectedStorage - ok01:49:57.0453 1628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys01:49:57.0640 1628 PSched - ok01:49:57.0750 1628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys01:49:58.0078 1628 Ptilink - ok01:49:58.0093 1628 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys01:49:58.0109 1628 PxHelp20 - ok01:49:58.0125 1628 ql1080 - ok01:49:58.0125 1628 Ql10wnt - ok01:49:58.0140 1628 ql12160 - ok01:49:58.0140 1628 ql1240 - ok01:49:58.0140 1628 ql1280 - ok01:49:58.0156 1628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys01:49:58.0421 1628 RasAcd - ok01:49:58.0609 1628 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll01:49:58.0843 1628 RasAuto - ok01:49:58.0859 1628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys01:49:59.0093 1628 Rasl2tp - ok01:49:59.0125 1628 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll01:49:59.0359 1628 RasMan - ok01:49:59.0359 1628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys01:49:59.0640 1628 RasPppoe - ok01:49:59.0640 1628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys01:49:59.0875 1628 Raspti - ok01:49:59.0921 1628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys01:50:00.0156 1628 Rdbss - ok01:50:00.0218 1628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys01:50:00.0468 1628 RDPCDD - ok01:50:00.0500 1628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys01:50:00.0765 1628 rdpdr - ok01:50:00.0796 1628 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys01:50:00.0968 1628 RDPWD - ok01:50:01.0000 1628 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe01:50:01.0234 1628 RDSessMgr - ok01:50:01.0250 1628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys01:50:01.0437 1628 redbook - ok01:50:01.0515 1628 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe01:50:01.0625 1628 RegSrvc ( UnsignedFile.Multi.Generic ) - warning01:50:01.0625 1628 RegSrvc - detected UnsignedFile.Multi.Generic (1)01:50:01.0656 1628 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll01:50:02.0000 1628 RemoteAccess - ok01:50:02.0015 1628 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll01:50:02.0343 1628 RemoteRegistry - ok01:50:02.0375 1628 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe01:50:02.0625 1628 RpcLocator - ok01:50:02.0687 1628 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll01:50:02.0812 1628 RpcSs - ok01:50:02.0843 1628 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe01:50:03.0125 1628 RSVP - ok01:50:03.0203 1628 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe01:50:03.0328 1628 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning01:50:03.0328 1628 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)01:50:03.0359 1628 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys01:50:03.0515 1628 s24trans ( UnsignedFile.Multi.Generic ) - warning01:50:03.0515 1628 s24trans - detected UnsignedFile.Multi.Generic (1)01:50:03.0546 1628 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe01:50:03.0765 1628 SamSs - ok01:50:03.0796 1628 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe01:50:03.0984 1628 SCardSvr - ok01:50:04.0015 1628 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll01:50:04.0218 1628 Schedule - ok01:50:04.0375 1628 SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe01:50:04.0421 1628 SDScannerService - ok01:50:04.0546 1628 SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe01:50:04.0578 1628 SDUpdateService - ok01:50:04.0734 1628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys01:50:04.0937 1628 Secdrv - ok01:50:04.0968 1628 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll01:50:05.0203 1628 seclogon - ok01:50:05.0250 1628 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll01:50:05.0453 1628 SENS - ok01:50:05.0546 1628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys01:50:05.0859 1628 serenum - ok01:50:05.0906 1628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys01:50:06.0125 1628 Serial - ok01:50:06.0156 1628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys01:50:06.0359 1628 Sfloppy - ok01:50:06.0421 1628 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll01:50:06.0828 1628 SharedAccess - ok01:50:06.0890 1628 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll01:50:07.0328 1628 ShellHWDetection - ok01:50:07.0343 1628 Simbad - ok01:50:07.0359 1628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys01:50:08.0046 1628 SLIP - ok01:50:08.0609 1628 SMART Board Service (6dac3f90ef7b3ac349890e4eebacb260) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe01:50:08.0812 1628 SMART Board Service - ok01:50:08.0968 1628 SMART Display Controller (63beb15cc3e249bf51134e85dd56535d) C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe01:50:09.0000 1628 SMART Display Controller - ok01:50:09.0140 1628 SMART SNMP Agent Service (3bcb934ae0a0fca1c3aa7a3a8088bc68) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe01:50:09.0187 1628 SMART SNMP Agent Service - ok01:50:09.0437 1628 Sparrow - ok01:50:09.0453 1628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys01:50:09.0671 1628 splitter - ok01:50:09.0687 1628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe01:50:09.0812 1628 Spooler - ok01:50:09.0843 1628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys01:50:10.0156 1628 sr - ok01:50:10.0203 1628 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll01:50:10.0421 1628 srservice - ok01:50:10.0562 1628 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSP.SYS01:50:10.0593 1628 SRTSP - ok01:50:10.0609 1628 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS01:50:10.0640 1628 SRTSPX - ok01:50:10.0687 1628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys01:50:10.0828 1628 Srv - ok01:50:10.0843 1628 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll01:50:11.0156 1628 SSDPSRV - ok01:50:11.0218 1628 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe01:50:11.0421 1628 STacSV - ok01:50:11.0578 1628 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys01:50:11.0859 1628 STHDA - ok01:50:11.0906 1628 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll01:50:12.0140 1628 stisvc - ok01:50:12.0203 1628 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe01:50:12.0359 1628 stllssvr ( UnsignedFile.Multi.Generic ) - warning01:50:12.0359 1628 stllssvr - detected UnsignedFile.Multi.Generic (1)01:50:12.0406 1628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys01:50:12.0921 1628 streamip - ok01:50:12.0953 1628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys01:50:13.0406 1628 swenum - ok01:50:13.0453 1628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys01:50:13.0921 1628 swmidi - ok01:50:13.0921 1628 SwPrv - ok01:50:13.0937 1628 symc810 - ok01:50:13.0937 1628 symc8xx - ok01:50:14.0000 1628 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS01:50:14.0171 1628 SymDS - ok01:50:14.0265 1628 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS01:50:14.0312 1628 SymEFA - ok01:50:14.0359 1628 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS01:50:14.0375 1628 SymEvent - ok01:50:14.0390 1628 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS01:50:14.0406 1628 SymIRON - ok01:50:14.0437 1628 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMTDI.SYS01:50:14.0468 1628 SYMTDI - ok01:50:14.0468 1628 sym_hi - ok01:50:14.0468 1628 sym_u3 - ok01:50:14.0500 1628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys01:50:14.0703 1628 sysaudio - ok01:50:14.0765 1628 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe01:50:15.0062 1628 SysmonLog - ok01:50:15.0093 1628 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll01:50:15.0265 1628 TapiSrv - ok01:50:15.0312 1628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys01:50:15.0421 1628 Tcpip - ok01:50:15.0468 1628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys01:50:15.0781 1628 TDPIPE - ok01:50:15.0796 1628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys01:50:15.0968 1628 TDTCP - ok01:50:16.0000 1628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys01:50:16.0234 1628 TermDD - ok01:50:16.0265 1628 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll01:50:16.0468 1628 TermService - ok01:50:16.0546 1628 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll01:50:16.0671 1628 Themes - ok01:50:16.0703 1628 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe01:50:16.0921 1628 TlntSvr - ok01:50:16.0937 1628 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys01:50:17.0109 1628 toshidpt - ok01:50:17.0140 1628 TosIde - ok01:50:17.0171 1628 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys01:50:17.0265 1628 tosporte - ok01:50:17.0281 1628 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys01:50:17.0453 1628 tosrfbd - ok01:50:17.0484 1628 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys01:50:17.0609 1628 tosrfbnp - ok01:50:17.0843 1628 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys01:50:18.0000 1628 Tosrfcom - ok01:50:18.0000 1628 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys01:50:18.0125 1628 Tosrfhid - ok01:50:18.0125 1628 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys01:50:18.0250 1628 tosrfnds - ok01:50:18.0265 1628 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys01:50:18.0437 1628 Tosrfusb - ok01:50:18.0468 1628 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll01:50:18.0703 1628 TrkWks - ok01:50:18.0734 1628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys01:50:19.0000 1628 Udfs - ok01:50:19.0000 1628 ultra - ok01:50:19.0062 1628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys01:50:19.0234 1628 Update - ok01:50:19.0265 1628 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll01:50:19.0484 1628 upnphost - ok01:50:19.0515 1628 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe01:50:19.0718 1628 UPS - ok01:50:19.0750 1628 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys01:50:20.0109 1628 USBAAPL - ok01:50:20.0140 1628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys01:50:20.0421 1628 usbaudio - ok01:50:20.0437 1628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys01:50:20.0687 1628 usbccgp - ok01:50:20.0703 1628 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys01:50:20.0859 1628 USBCCID - ok01:50:20.0890 1628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys01:50:21.0125 1628 usbehci - ok01:50:21.0140 1628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys01:50:21.0359 1628 usbhub - ok01:50:21.0390 1628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys01:50:21.0859 1628 usbprint - ok01:50:21.0906 1628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys01:50:22.0125 1628 usbscan - ok01:50:22.0156 1628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS01:50:22.0437 1628 USBSTOR - ok01:50:22.0484 1628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys01:50:22.0718 1628 usbuhci - ok01:50:22.0765 1628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys01:50:23.0093 1628 VgaSave - ok01:50:23.0093 1628 ViaIde - ok01:50:23.0125 1628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys01:50:23.0296 1628 VolSnap - ok01:50:23.0359 1628 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe01:50:23.0593 1628 VSS - ok01:50:23.0625 1628 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll01:50:23.0953 1628 W32Time - ok01:50:23.0984 1628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys01:50:24.0250 1628 Wanarp - ok01:50:24.0296 1628 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys01:50:24.0328 1628 Wdf01000 - ok01:50:24.0328 1628 WDICA - ok01:50:24.0359 1628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys01:50:24.0625 1628 wdmaud - ok01:50:24.0703 1628 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll01:50:24.0937 1628 WebClient - ok01:50:25.0031 1628 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys01:50:25.0171 1628 winachsf - ok01:50:25.0234 1628 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll01:50:25.0453 1628 winmgmt - ok01:50:25.0546 1628 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe01:50:25.0687 1628 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning01:50:25.0687 1628 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)01:50:25.0718 1628 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll01:50:25.0906 1628 WmdmPmSN - ok01:50:25.0968 1628 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll01:50:26.0078 1628 Wmi - ok01:50:26.0109 1628 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys01:50:26.0281 1628 WmiAcpi - ok01:50:26.0328 1628 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe01:50:26.0515 1628 WmiApSrv - ok01:50:26.0625 1628 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe01:50:26.0765 1628 WMPNetworkSvc - ok01:50:26.0812 1628 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll01:50:27.0062 1628 wscsvc - ok01:50:27.0109 1628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS01:50:27.0296 1628 WSTCODEC - ok01:50:27.0296 1628 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll01:50:27.0531 1628 wuauserv - ok01:50:27.0609 1628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys01:50:27.0765 1628 WudfPf - ok01:50:27.0765 1628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys01:50:27.0890 1628 WudfRd - ok01:50:27.0906 1628 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll01:50:28.0046 1628 WudfSvc - ok01:50:28.0109 1628 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll01:50:28.0390 1628 WZCSVC - ok01:50:28.0671 1628 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll01:50:29.0000 1628 xmlprov - ok01:50:29.0031 1628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR001:50:29.0031 1628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected01:50:29.0031 1628 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)01:50:29.0062 1628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning01:50:29.0062 1628 \Device\Harddisk0\DR0 - detected TDSS File System (1)01:50:29.0078 1628 Boot (0x1200) (6a8375b063e3f895c13c123b5305a0f1) \Device\Harddisk0\DR0\Partition001:50:29.0078 1628 \Device\Harddisk0\DR0\Partition0 - ok01:50:29.0078 1628 ============================================================01:50:29.0078 1628 Scan finished01:50:29.0078 1628 ============================================================01:50:29.0187 3772 Detected object count: 1201:50:29.0187 3772 Actual detected object count: 1201:50:55.0625 3772 CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0625 3772 CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0625 3772 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0625 3772 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0625 3772 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0625 3772 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0640 3772 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0640 3772 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0640 3772 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0640 3772 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0640 3772 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0640 3772 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0640 3772 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0640 3772 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0640 3772 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0640 3772 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0640 3772 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0640 3772 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:55.0640 3772 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user01:50:55.0640 3772 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip01:50:56.0390 3772 \Device\Harddisk0\DR0\# - copied to quarantine01:50:56.0390 3772 \Device\Harddisk0\DR0 - copied to quarantine01:50:56.0421 3772 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine01:50:56.0437 3772 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine01:50:56.0453 3772 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine01:50:56.0484 3772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine01:50:56.0500 3772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine01:50:56.0515 3772 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine01:50:56.0531 3772 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine01:50:56.0531 3772 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine01:50:56.0546 3772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine01:50:56.0562 3772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine01:50:56.0562 3772 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine01:50:56.0578 3772 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine01:50:56.0593 3772 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine01:50:56.0625 3772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot01:50:56.0625 3772 \Device\Harddisk0\DR0 - ok01:50:56.0625 3772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure01:50:56.0625 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user01:50:56.0625 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip01:51:36.0406 5732 Deinitialize success3. Here is my Malwarebytes' Anti-Malware Log (Nothing to remove):Malwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.12.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 6.0.2900.5512Admin :: E0460871 [administrator]Protection: Enabled7/12/2012 2:07:40 AMmbam-log-2012-07-12 (02-07-40).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 270709Time elapsed: 14 minute(s), 3 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)4. Here is my dds log:.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_33Run by Admin at 2:25:18 on 2012-07-12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1086 [GMT -10:00].AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}FW: Norton 360 *Enabled*.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\IBM\Lotus\Notes\nsd.exeC:\Program Files\IBM\Lotus\Notes\nslsvice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\IBM\Lotus\Notes\ntmulti.exeC:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exeC:\Program Files\Symantec\Ghost\ngctw32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exeC:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exeC:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\WINDOWS\system32\umonit.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Symantec\Ghost\ngtray.exeC:\Program Files\Network Associates\Common Framework\UdaterUI.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Network Associates\Common Framework\McTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Epson Software\Event Manager\EEventManager.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exeC:\Program Files\Spybot - Search & Destroy 2\SDTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\SetPoint\SetPoint.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXEC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exeC:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exeC:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer, optimized for Bing and MSNuInternet Settings,ProxyOverride = *.localBHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DWABrowserHlprObj Class: {2709d830-b643-4e72-9a1e-701cfffcf30c} - c:\windows\system32\dwabho.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dllBHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dllBHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dllTB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dllTB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -schedulermRun: [uMonit] c:\windows\system32\umonit.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exemRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONEmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKeymRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startupmRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXEmRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"dRun: [Adobe] rundll32.exe "c:\documents and settings\laptop user\local settings\application data\apple computer\adobe\xdlqzl.dll",DllRegisterServerStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exeIE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dllDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://165.248.233.217/iNotes6W.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231532123176DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://165.248.233.217/dwa7W.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{3357F480-C801-4B6D-B320-86F0E362BC60} : DhcpNameServer = 192.168.1.1Notify: igfxcui - igfxdev.dllNotify: SDWinLogon - SDWinLogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /fHosts: 165.248.100.142 makala1Hosts: 165.248.101.190 manoa1Hosts: 165.248.101.62 manana1Hosts: 165.248.102.38 mauka1Hosts: 165.248.103.61 mckin1.Note: multiple HOSTS entries found. Please refer to Attach.txt.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\7wgst86i.default\FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13130.dllFF - plugin: c:\program files\zwinky_5qei\installr\1.bin\NP5qEISb.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npptools.dllFF - plugin: c:\windows\system32\NPSWF32.dll.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\SymDS.sys [2012-6-27 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys [2012-6-27 905336]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys [2012-6-27 132744]R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys [2012-6-27 149624]R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2009-9-29 3397000]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 655944]R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-7-28 103744]R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960]R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872]R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccSvcHst.exe [2012-6-27 138232]R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-1 1122296]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-1 838136]R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart product drivers\UCService.exe [2010-11-19 846192]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-28 106656]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120711.001\IDSXpx86.sys [2012-7-12 369632]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344]R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-12-15 72264]R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-12-15 34152]R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-12-15 168776]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120711.018\NAVENG.SYS [2012-7-12 87928]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120711.018\NAVEX15.SYS [2012-7-12 1589752]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2012-2-6 6016]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2010-11-19 1664368].=============== File Associations ===============..txt=.=============== Created Last 30 ================.2012-07-12 11:57:10 711240 ----a-w- c:\windows\isRS-000.tmp2012-07-12 11:55:29 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes2012-07-12 11:50:55 -------- d-----w- C:\TDSSKiller_Quarantine2012-07-12 11:23:24 -------- d-----w- c:\documents and settings\admin\application data\Leader Technologies2012-07-03 09:48:26 0 ----a-w- C:\LOG2F.tmp2012-07-02 02:25:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy2012-07-02 02:24:45 15224 ----a-w- c:\windows\system32\sdnclean.exe2012-07-02 02:24:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 22012-06-30 10:40:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-06-30 10:40:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-30 10:40:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-06-30 09:35:26 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc2012-06-29 20:44:31 -------- d-----w- c:\windows\pss2012-06-29 20:14:06 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2012-06-28 06:05:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2012-06-28 06:05:23 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2012-06-28 06:05:03 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys2012-06-28 06:05:03 388216 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdi.sys2012-06-28 06:05:03 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys2012-06-28 06:05:03 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymDS.sys2012-06-28 06:05:03 32888 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys2012-06-28 06:05:03 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys2012-06-28 06:05:02 574072 ----a-r- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys2012-06-28 06:05:02 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys2012-06-28 06:05:02 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys2012-06-28 06:04:42 4782 ----a-r- c:\windows\system32\drivers\n360\0602010.005\SymVTcer.dat2012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\n360\0602010.0052012-06-28 06:04:41 -------- d-----w- c:\windows\system32\drivers\N3602012-06-28 06:04:40 -------- d-----w- c:\program files\Norton 3602012-06-28 06:02:35 -------- d-----w- c:\program files\NortonInstaller2012-06-28 06:02:35 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller2012-06-28 01:56:43 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3E0405F6ED00096165D151FC4E2012-06-26 22:25:04 73 ----a-w- c:\windows\system32\ssprs.dll2012-06-26 22:25:04 205 ----a-w- c:\windows\system32\lsprst7.dll2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\sysprs7.dll2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth2.dll2012-06-26 22:25:04 1025 ----a-w- c:\windows\system32\clauth1.dll2012-06-26 22:25:04 -------- d-----w- c:\documents and settings\all users\application data\Minnetonka Audio Software2012-06-26 22:19:12 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys2012-06-26 22:19:03 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys2012-06-26 22:18:57 16384 ----a-w- c:\windows\system32\ipsink.ax2012-06-26 22:18:57 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys2012-06-26 22:18:50 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys2012-06-26 22:18:42 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS2012-06-26 22:18:31 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys2012-06-26 22:18:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys2012-06-26 21:55:49 53760 ----a-w- c:\windows\system32\vfwwdm32.dll2012-06-26 21:55:48 51200 ----a-w- c:\windows\system32\drivers\msdv.sys2012-06-26 21:55:48 43008 ----a-w- c:\windows\system32\ksxbar.ax2012-06-26 21:55:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax2012-06-26 21:55:47 61952 ----a-w- c:\windows\system32\kstvtune.ax2012-06-26 21:55:24 38912 ----a-w- c:\windows\system32\drivers\avc.sys2012-06-26 21:54:58 48128 ----a-w- c:\windows\system32\drivers\61883.sys2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\ieencode.dll2012-06-23 20:54:29 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll2012-06-23 07:09:15 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll2012-06-23 07:09:15 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll2012-06-22 05:43:54 476936 ----a-w- c:\windows\system32\npdeployJava1.dll2012-06-22 05:43:54 472840 ----a-w- c:\windows\system32\deployJava1.dll.==================== Find3M ====================.2012-06-28 20:22:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-28 20:22:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-22 05:43:37 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-06-06 09:35:52 83424 ----a-w- c:\windows\system32\dwabho.dll2005-06-16 22:19:22 2482176 ----a-w- c:\program files\TCTrill.dll2005-06-11 01:12:16 847872 ----a-w- c:\program files\TCTrillS.dll2005-06-03 18:59:54 61440 ----a-w- c:\program files\TCReports.dll2004-02-12 04:11:40 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe2004-02-12 03:59:34 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe2004-01-27 02:04:08 49152 ----a-w- c:\program files\TCAlerts.dll2003-11-04 22:21:00 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll2003-11-04 22:21:00 561152 ----a-w- c:\program files\xp32_207.dll2003-11-04 22:21:00 21776 ----a-w- c:\program files\shfolder.dll2003-11-04 22:20:00 479232 ----a-w- c:\program files\rp32_207.dll2003-11-04 22:20:00 217088 ----a-w- c:\program files\sa32_207.dll2003-11-04 22:19:00 725032 ----a-w- c:\program files\kSAdg.dll2003-11-04 22:19:00 692264 ----a-w- c:\program files\kCPdg.dll2003-11-04 22:19:00 413736 ----a-w- c:\program files\kGRdg.dll2003-11-04 22:19:00 401462 ----a-w- c:\program files\msvcp60.dll2003-11-04 22:19:00 290869 ----a-w- c:\program files\msvcrt.dll2003-11-04 22:19:00 2744361 ----a-w- c:\program files\kFDMdg.dll2003-11-04 22:19:00 1982504 ----a-w- c:\program files\kFDdg.dll2003-11-04 22:19:00 1937448 ----a-w- c:\program files\kXPdg.dll2003-11-04 22:19:00 1794088 ----a-w- c:\program files\kRPdg.dll2003-11-04 22:19:00 1597480 ----a-w- c:\program files\kDBdg.dll2003-11-04 22:19:00 1486848 ----a-w- c:\program files\owl609v.dll2003-11-04 22:18:00 638976 ----a-w- c:\program files\fd32_207.dll2003-11-04 22:18:00 401728 ----a-w- c:\program files\EQNEDIT.EXE2003-11-04 22:18:00 352256 ----a-w- c:\program files\db32_207.dll2003-11-04 22:18:00 212992 ----a-w- c:\program files\cp32_207.dll2003-11-04 22:18:00 131072 ----a-w- c:\program files\gr32_207.dll2003-11-04 22:18:00 1122304 ----a-w- c:\program files\fm32_207.dll2003-11-04 22:17:00 311296 ----a-w- c:\program files\APE24EXT_MT.dll.============= FINISH: 2:26:11.25 =============== Link to post Share on other sites More sharing options...
Maniac Posted July 13, 2012 ID:570147 Share Posted July 13, 2012 Step 1Please clean the leftovers of McAfee using their own tool:http://service.mcafee.com/FAQDocument.aspx?id=TS101331Step 2Please run TDSSKiller and this time use Delete option for this entrie:01:50:56.0625 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user01:50:56.0625 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: SkipStep 3Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
shiannte Posted July 15, 2012 Author ID:570895 Share Posted July 15, 2012 Still no luck at removing the mcafee software.Here is my tdsskiller log:15:13:12.0437 3728 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:3515:13:12.0921 3728 ============================================================15:13:12.0921 3728 Current date / time: 2012/07/14 15:13:12.092115:13:12.0921 3728 SystemInfo:15:13:12.0921 3728 15:13:12.0921 3728 OS Version: 5.1.2600 ServicePack: 3.015:13:12.0937 3728 Product type: Workstation15:13:12.0937 3728 ComputerName: E046087115:13:12.0937 3728 UserName: Admin15:13:12.0937 3728 Windows directory: C:\WINDOWS15:13:12.0937 3728 System windows directory: C:\WINDOWS15:13:12.0937 3728 Processor architecture: Intel x8615:13:12.0937 3728 Number of processors: 215:13:12.0937 3728 Page size: 0x100015:13:12.0937 3728 Boot type: Normal boot15:13:12.0937 3728 ============================================================15:13:14.0906 3728 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005415:13:14.0921 3728 ============================================================15:13:14.0921 3728 \Device\Harddisk0\DR0:15:13:14.0921 3728 MBR partitions:15:13:14.0921 3728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x94DB4F415:13:14.0921 3728 ============================================================15:13:14.0937 3728 C: <-> \Device\Harddisk0\DR0\Partition015:13:14.0937 3728 ============================================================15:13:14.0937 3728 Initialize success15:13:14.0937 3728 ============================================================15:13:24.0421 4872 ============================================================15:13:24.0421 4872 Scan started15:13:24.0421 4872 Mode: Manual; SigCheck; TDLFS;15:13:24.0421 4872 ============================================================15:13:25.0765 4872 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys15:13:33.0328 4872 61883 - ok15:13:33.0328 4872 Abiosdsk - ok15:13:33.0343 4872 abp480n5 - ok15:13:33.0375 4872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys15:13:33.0531 4872 ACPI - ok15:13:33.0562 4872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys15:13:33.0703 4872 ACPIEC - ok15:13:33.0734 4872 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys15:13:33.0765 4872 adfs - ok15:13:33.0875 4872 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe15:13:33.0921 4872 Adobe Version Cue CS4 - ok15:13:33.0937 4872 adpu160m - ok15:13:33.0968 4872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys15:13:34.0171 4872 aec - ok15:13:34.0187 4872 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys15:13:34.0281 4872 AegisP - ok15:13:34.0328 4872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys15:13:34.0390 4872 AFD - ok15:13:34.0390 4872 Aha154x - ok15:13:34.0390 4872 aic78u2 - ok15:13:34.0406 4872 aic78xx - ok15:13:34.0437 4872 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll15:13:34.0593 4872 Alerter - ok15:13:34.0609 4872 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe15:13:34.0781 4872 ALG - ok15:13:34.0781 4872 AliIde - ok15:13:34.0796 4872 amsint - ok15:13:34.0843 4872 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe15:13:34.0890 4872 Apple Mobile Device - ok15:13:34.0937 4872 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll15:13:35.0046 4872 AppMgmt - ok15:13:35.0062 4872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys15:13:35.0203 4872 Arp1394 - ok15:13:35.0218 4872 asc - ok15:13:35.0218 4872 asc3350p - ok15:13:35.0218 4872 asc3550 - ok15:13:35.0328 4872 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe15:13:35.0375 4872 aspnet_state - ok15:13:35.0406 4872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys15:13:35.0546 4872 AsyncMac - ok15:13:35.0578 4872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys15:13:35.0703 4872 atapi - ok15:13:35.0703 4872 Atdisk - ok15:13:35.0734 4872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys15:13:35.0843 4872 Atmarpc - ok15:13:35.0875 4872 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll15:13:36.0000 4872 AudioSrv - ok15:13:36.0031 4872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys15:13:36.0171 4872 audstub - ok15:13:36.0203 4872 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys15:13:36.0312 4872 Avc - ok15:13:36.0343 4872 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys15:13:36.0421 4872 b57w2k - ok15:13:36.0453 4872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys15:13:36.0593 4872 Beep - ok15:13:36.0718 4872 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys15:13:36.0781 4872 BHDrvx86 - ok15:13:36.0828 4872 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll15:13:37.0000 4872 BITS - ok15:13:37.0046 4872 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe15:13:37.0109 4872 Bonjour Service - ok15:13:37.0125 4872 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll15:13:37.0265 4872 Browser - ok15:13:37.0312 4872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys15:13:37.0453 4872 cbidf2k - ok15:13:37.0468 4872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys15:13:37.0593 4872 CCDECODE - ok15:13:37.0640 4872 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys15:13:37.0687 4872 ccSet_N360 - ok15:13:37.0687 4872 cd20xrnt - ok15:13:37.0718 4872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys15:13:37.0859 4872 Cdaudio - ok15:13:37.0906 4872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys15:13:38.0031 4872 Cdfs - ok15:13:38.0046 4872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys15:13:38.0187 4872 Cdrom - ok15:13:38.0187 4872 Changer - ok15:13:38.0203 4872 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe15:13:38.0328 4872 CiSvc - ok15:13:38.0375 4872 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe15:13:38.0515 4872 ClipSrv - ok15:13:38.0593 4872 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe15:13:38.0625 4872 clr_optimization_v2.0.50727_32 - ok15:13:38.0656 4872 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys15:13:38.0765 4872 CmBatt - ok15:13:38.0781 4872 CmdIde - ok15:13:38.0781 4872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys15:13:38.0921 4872 Compbatt - ok15:13:38.0921 4872 COMSysApp - ok15:13:38.0937 4872 Cpqarray - ok15:13:38.0953 4872 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll15:13:39.0093 4872 CryptSvc - ok15:13:39.0109 4872 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys15:13:39.0140 4872 CSRBC ( UnsignedFile.Multi.Generic ) - warning15:13:39.0140 4872 CSRBC - detected UnsignedFile.Multi.Generic (1)15:13:39.0140 4872 dac2w2k - ok15:13:39.0140 4872 dac960nt - ok15:13:39.0187 4872 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll15:13:39.0281 4872 DcomLaunch - ok15:13:39.0312 4872 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll15:13:39.0421 4872 Dhcp - ok15:13:39.0421 4872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys15:13:39.0546 4872 Disk - ok15:13:39.0578 4872 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS15:13:39.0609 4872 DLABMFSM - ok15:13:39.0625 4872 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS15:13:39.0656 4872 DLABOIOM - ok15:13:39.0671 4872 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS15:13:39.0703 4872 DLACDBHM - ok15:13:39.0703 4872 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS15:13:39.0734 4872 DLADResM - ok15:13:39.0750 4872 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS15:13:39.0796 4872 DLAIFS_M - ok15:13:39.0796 4872 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS15:13:39.0828 4872 DLAOPIOM - ok15:13:39.0828 4872 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS15:13:39.0875 4872 DLAPoolM - ok15:13:39.0875 4872 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS15:13:39.0906 4872 DLARTL_M - ok15:13:39.0937 4872 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS15:13:39.0984 4872 DLAUDFAM - ok15:13:40.0000 4872 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS15:13:40.0062 4872 DLAUDF_M - ok15:13:40.0062 4872 dmadmin - ok15:13:40.0125 4872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys15:13:40.0281 4872 dmboot - ok15:13:40.0312 4872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys15:13:40.0453 4872 dmio - ok15:13:40.0468 4872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys15:13:40.0656 4872 dmload - ok15:13:40.0687 4872 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll15:13:40.0843 4872 dmserver - ok15:13:40.0875 4872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys15:13:41.0031 4872 DMusic - ok15:13:41.0046 4872 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll15:13:41.0156 4872 Dnscache - ok15:13:41.0187 4872 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll15:13:41.0312 4872 Dot3svc - ok15:13:41.0312 4872 dpti2o - ok15:13:41.0328 4872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys15:13:41.0437 4872 drmkaud - ok15:13:41.0468 4872 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS15:13:41.0515 4872 DRVMCDB - ok15:13:41.0546 4872 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS15:13:41.0578 4872 DRVNDDM - ok15:13:41.0625 4872 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll15:13:41.0750 4872 EapHost - ok15:13:41.0828 4872 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys15:13:41.0890 4872 eeCtrl - ok15:13:41.0937 4872 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe15:13:41.0968 4872 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning15:13:41.0968 4872 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)15:13:42.0031 4872 EpsonCustomerParticipation (b78436ca173ff723a1eace5cd4900375) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe15:13:42.0093 4872 EpsonCustomerParticipation - ok15:13:42.0125 4872 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys15:13:42.0156 4872 EraserUtilRebootDrv - ok15:13:42.0187 4872 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll15:13:42.0328 4872 ERSvc - ok15:13:42.0359 4872 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe15:13:42.0390 4872 Eventlog - ok15:13:42.0421 4872 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll15:13:42.0500 4872 EventSystem - ok15:13:42.0562 4872 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe15:13:42.0656 4872 EvtEng ( UnsignedFile.Multi.Generic ) - warning15:13:42.0656 4872 EvtEng - detected UnsignedFile.Multi.Generic (1)15:13:42.0718 4872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys15:13:42.0859 4872 Fastfat - ok15:13:42.0890 4872 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll15:13:43.0000 4872 FastUserSwitchingCompatibility - ok15:13:43.0015 4872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys15:13:43.0250 4872 Fdc - ok15:13:43.0281 4872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys15:13:43.0500 4872 Fips - ok15:13:43.0531 4872 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys15:13:43.0593 4872 fixustor ( UnsignedFile.Multi.Generic ) - warning15:13:43.0593 4872 fixustor - detected UnsignedFile.Multi.Generic (1)15:13:43.0687 4872 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe15:13:43.0781 4872 FLEXnet Licensing Service - ok15:13:43.0796 4872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys15:13:44.0000 4872 Flpydisk - ok15:13:44.0031 4872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys15:13:44.0156 4872 FltMgr - ok15:13:44.0234 4872 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe15:13:44.0265 4872 FontCache3.0.0.0 - ok15:13:44.0312 4872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys15:13:44.0453 4872 Fs_Rec - ok15:13:44.0453 4872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys15:13:44.0609 4872 Ftdisk - ok15:13:44.0656 4872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys15:13:44.0687 4872 GEARAspiWDM - ok15:13:44.0718 4872 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe15:13:44.0781 4872 getPlus® Helper - ok15:13:44.0812 4872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys15:13:44.0953 4872 Gpc - ok15:13:44.0984 4872 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys15:13:45.0031 4872 guardian2 - ok15:13:45.0046 4872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys15:13:45.0171 4872 HDAudBus - ok15:13:45.0203 4872 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll15:13:45.0343 4872 helpsvc - ok15:13:45.0359 4872 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll15:13:45.0484 4872 HidServ - ok15:13:45.0500 4872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys15:13:45.0640 4872 HidUsb - ok15:13:45.0687 4872 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll15:13:45.0812 4872 hkmsvc - ok15:13:45.0812 4872 hpn - ok15:13:45.0859 4872 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys15:13:45.0984 4872 HPZid412 - ok15:13:46.0000 4872 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys15:13:46.0093 4872 HPZipr12 - ok15:13:46.0125 4872 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys15:13:46.0203 4872 HPZius12 - ok15:13:46.0250 4872 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys15:13:46.0328 4872 HSFHWAZL - ok15:13:46.0406 4872 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys15:13:46.0531 4872 HSF_DPV - ok15:13:46.0578 4872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys15:13:46.0687 4872 HTTP - ok15:13:46.0703 4872 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll15:13:46.0843 4872 HTTPFilter - ok15:13:46.0843 4872 i2omgmt - ok15:13:46.0843 4872 i2omp - ok15:13:46.0875 4872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys15:13:47.0140 4872 i8042prt - ok15:13:47.0500 4872 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys15:13:47.0781 4872 ialm - ok15:13:47.0953 4872 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe15:13:48.0031 4872 idsvc - ok15:13:48.0156 4872 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSxpx86.sys15:13:48.0187 4872 IDSxpx86 - ok15:13:48.0281 4872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys15:13:48.0500 4872 Imapi - ok15:13:48.0578 4872 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe15:13:48.0796 4872 ImapiService - ok15:13:48.0812 4872 ini910u - ok15:13:48.0812 4872 IntelIde - ok15:13:48.0859 4872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys15:13:49.0046 4872 intelppm - ok15:13:49.0062 4872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys15:13:49.0203 4872 Ip6Fw - ok15:13:49.0234 4872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys15:13:49.0359 4872 IpFilterDriver - ok15:13:49.0375 4872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys15:13:49.0500 4872 IpInIp - ok15:13:49.0531 4872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys15:13:49.0671 4872 IpNat - ok15:13:49.0734 4872 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe15:13:49.0781 4872 iPod Service - ok15:13:49.0812 4872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys15:13:49.0921 4872 IPSec - ok15:13:49.0953 4872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys15:13:50.0062 4872 IRENUM - ok15:13:50.0093 4872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys15:13:50.0234 4872 isapnp - ok15:13:50.0296 4872 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe15:13:50.0328 4872 JavaQuickStarterService - ok15:13:50.0343 4872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys15:13:50.0484 4872 Kbdclass - ok15:13:50.0515 4872 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys15:13:50.0625 4872 kbdhid - ok15:13:50.0671 4872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys15:13:50.0781 4872 kmixer - ok15:13:50.0796 4872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys15:13:50.0875 4872 KSecDD - ok15:13:50.0921 4872 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll15:13:50.0984 4872 lanmanserver - ok15:13:51.0031 4872 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll15:13:51.0109 4872 lanmanworkstation - ok15:13:51.0125 4872 lbrtfdc - ok15:13:51.0156 4872 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys15:13:51.0187 4872 LHidFilt - ok15:13:51.0218 4872 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll15:13:51.0375 4872 LmHosts - ok15:13:51.0390 4872 LMouFilt (8bd61e1f686d352b318b025524542128) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys15:13:51.0484 4872 LMouFilt - ok15:13:51.0734 4872 Lotus Notes Diagnostics (986e0f3be701b232b8913de59c7adc7c) C:\Program Files\IBM\Lotus\Notes\nsd.exe15:13:51.0937 4872 Lotus Notes Diagnostics - ok15:13:52.0015 4872 Lotus Notes Single Logon (71f607abe2355fabea9fb13e057ac050) C:\Program Files\IBM\Lotus\Notes\nslsvice.exe15:13:52.0078 4872 Lotus Notes Single Logon - ok15:13:52.0171 4872 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys15:13:52.0234 4872 MBAMProtector - ok15:13:52.0296 4872 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe15:13:52.0390 4872 MBAMService - ok15:13:52.0437 4872 McAfeeFramework (447d4617b99ac0a4ba056713dfe02279) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe15:13:52.0468 4872 McAfeeFramework - ok15:13:52.0500 4872 McShield (12bef73e0281ac793865be1a331c67fc) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe15:13:52.0578 4872 McShield - ok15:13:52.0609 4872 McTaskManager (d0f500bc9f114c99d32df4dc4c857c94) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe15:13:52.0640 4872 McTaskManager - ok15:13:52.0687 4872 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE15:13:52.0734 4872 MDM - ok15:13:52.0781 4872 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys15:13:52.0843 4872 mdmxsdk - ok15:13:52.0875 4872 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll15:13:53.0000 4872 Messenger - ok15:13:53.0015 4872 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys15:13:53.0062 4872 mfeapfk - ok15:13:53.0093 4872 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys15:13:53.0125 4872 mfeavfk - ok15:13:53.0140 4872 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys15:13:53.0171 4872 mfebopk - ok15:13:53.0203 4872 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys15:13:53.0250 4872 mfehidk - ok15:13:53.0250 4872 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys15:13:53.0296 4872 mferkdk - ok15:13:53.0312 4872 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys15:13:53.0343 4872 mfetdik - ok15:13:53.0359 4872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys15:13:53.0515 4872 mnmdd - ok15:13:53.0546 4872 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe15:13:53.0687 4872 mnmsrvc - ok15:13:53.0703 4872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys15:13:53.0828 4872 Modem - ok15:13:53.0843 4872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys15:13:53.0984 4872 Mouclass - ok15:13:54.0015 4872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys15:13:54.0171 4872 mouhid - ok15:13:54.0187 4872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys15:13:54.0328 4872 MountMgr - ok15:13:54.0375 4872 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe15:13:54.0421 4872 MozillaMaintenance - ok15:13:54.0421 4872 mraid35x - ok15:13:54.0437 4872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys15:13:54.0578 4872 MRxDAV - ok15:13:54.0687 4872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys15:13:54.0765 4872 MRxSmb - ok15:13:54.0796 4872 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe15:13:54.0937 4872 MSDTC - ok15:13:54.0968 4872 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys15:13:55.0078 4872 MSDV - ok15:13:55.0093 4872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys15:13:55.0218 4872 Msfs - ok15:13:55.0218 4872 MSIServer - ok15:13:55.0250 4872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys15:13:55.0375 4872 MSKSSRV - ok15:13:55.0375 4872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys15:13:55.0515 4872 MSPCLOCK - ok15:13:55.0531 4872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys15:13:55.0640 4872 MSPQM - ok15:13:55.0671 4872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys15:13:55.0781 4872 mssmbios - ok15:13:55.0812 4872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys15:13:55.0937 4872 MSTEE - ok15:13:55.0984 4872 Multi-user Cleanup Service (218d58976c01c60657818ed0eac81602) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe15:13:56.0015 4872 Multi-user Cleanup Service - ok15:13:56.0062 4872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys15:13:56.0109 4872 Mup - ok15:13:56.0156 4872 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe15:13:56.0171 4872 N360 - ok15:13:56.0203 4872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys15:13:56.0328 4872 NABTSFEC - ok15:13:56.0390 4872 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll15:13:56.0515 4872 napagent - ok15:13:56.0593 4872 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120713.035\NAVENG.SYS15:13:56.0625 4872 NAVENG - ok15:13:56.0750 4872 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120713.035\NAVEX15.SYS15:13:56.0828 4872 NAVEX15 - ok15:13:56.0953 4872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys15:13:57.0187 4872 NDIS - ok15:13:57.0265 4872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys15:13:57.0390 4872 NdisIP - ok15:13:57.0421 4872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys15:13:57.0500 4872 NdisTapi - ok15:13:57.0515 4872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys15:13:57.0656 4872 Ndisuio - ok15:13:57.0656 4872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys15:13:57.0781 4872 NdisWan - ok15:13:57.0812 4872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys15:13:57.0859 4872 NDProxy - ok15:13:57.0890 4872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys15:13:58.0031 4872 NetBIOS - ok15:13:58.0046 4872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys15:13:58.0187 4872 NetBT - ok15:13:58.0234 4872 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe15:13:58.0359 4872 NetDDE - ok15:13:58.0359 4872 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe15:13:58.0468 4872 NetDDEdsdm - ok15:13:58.0500 4872 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe15:13:58.0640 4872 Netlogon - ok15:13:58.0687 4872 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll15:13:58.0812 4872 Netman - ok15:13:58.0906 4872 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe15:13:58.0937 4872 NetTcpPortSharing - ok15:13:59.0156 4872 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys15:13:59.0343 4872 NETw4x32 - ok15:13:59.0468 4872 NGCLIENT (174692e8a5eb4df16d44c1b44f978d3f) C:\Program Files\Symantec\Ghost\ngctw32.exe15:13:59.0531 4872 NGCLIENT - ok15:13:59.0656 4872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys15:13:59.0812 4872 NIC1394 - ok15:13:59.0859 4872 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll15:13:59.0906 4872 Nla - ok15:13:59.0937 4872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys15:14:00.0062 4872 Npfs - ok15:14:00.0093 4872 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS15:14:00.0140 4872 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning15:14:00.0140 4872 NSNDIS5 - detected UnsignedFile.Multi.Generic (1)15:14:00.0187 4872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys15:14:00.0359 4872 Ntfs - ok15:14:00.0406 4872 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe15:14:00.0500 4872 NtLmSsp - ok15:14:00.0562 4872 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll15:14:00.0703 4872 NtmsSvc - ok15:14:00.0734 4872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys15:14:00.0859 4872 Null - ok15:14:00.0875 4872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys15:14:01.0015 4872 NwlnkFlt - ok15:14:01.0031 4872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys15:14:01.0171 4872 NwlnkFwd - ok15:14:01.0296 4872 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE15:14:01.0343 4872 odserv - ok15:14:01.0375 4872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys15:14:01.0500 4872 ohci1394 - ok15:14:01.0531 4872 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE15:14:01.0578 4872 ose - ok15:14:01.0609 4872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys15:14:01.0781 4872 Parport - ok15:14:01.0781 4872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys15:14:01.0953 4872 PartMgr - ok15:14:01.0984 4872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys15:14:02.0171 4872 ParVdm - ok15:14:02.0250 4872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys15:14:02.0390 4872 PCI - ok15:14:02.0406 4872 PCIDump - ok15:14:02.0406 4872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys15:14:02.0562 4872 PCIIde - ok15:14:02.0578 4872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys15:14:02.0703 4872 Pcmcia - ok15:14:02.0703 4872 PDCOMP - ok15:14:02.0718 4872 PDFRAME - ok15:14:02.0718 4872 PDRELI - ok15:14:02.0718 4872 PDRFRAME - ok15:14:02.0734 4872 perc2 - ok15:14:02.0734 4872 perc2hib - ok15:14:02.0781 4872 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe15:14:02.0796 4872 PlugPlay - ok15:14:02.0828 4872 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe15:14:02.0875 4872 Pml Driver HPZ12 - ok15:14:02.0890 4872 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe15:14:03.0000 4872 PolicyAgent - ok15:14:03.0015 4872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys15:14:03.0156 4872 PptpMiniport - ok15:14:03.0171 4872 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe15:14:03.0265 4872 ProtectedStorage - ok15:14:03.0281 4872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys15:14:03.0437 4872 PSched - ok15:14:03.0453 4872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys15:14:03.0609 4872 Ptilink - ok15:14:03.0640 4872 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys15:14:03.0671 4872 PxHelp20 - ok15:14:03.0687 4872 ql1080 - ok15:14:03.0687 4872 Ql10wnt - ok15:14:03.0687 4872 ql12160 - ok15:14:03.0687 4872 ql1240 - ok15:14:03.0703 4872 ql1280 - ok15:14:03.0718 4872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys15:14:03.0843 4872 RasAcd - ok15:14:03.0875 4872 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll15:14:04.0000 4872 RasAuto - ok15:14:04.0015 4872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys15:14:04.0156 4872 Rasl2tp - ok15:14:04.0187 4872 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll15:14:04.0296 4872 RasMan - ok15:14:04.0296 4872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys15:14:04.0421 4872 RasPppoe - ok15:14:04.0421 4872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys15:14:04.0578 4872 Raspti - ok15:14:04.0656 4872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys15:14:04.0781 4872 Rdbss - ok15:14:04.0781 4872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys15:14:04.0906 4872 RDPCDD - ok15:14:04.0937 4872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys15:14:05.0093 4872 rdpdr - ok15:14:05.0125 4872 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys15:14:05.0187 4872 RDPWD - ok15:14:05.0218 4872 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe15:14:05.0359 4872 RDSessMgr - ok15:14:05.0390 4872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys15:14:05.0531 4872 redbook - ok15:14:05.0593 4872 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe15:14:05.0671 4872 RegSrvc ( UnsignedFile.Multi.Generic ) - warning15:14:05.0671 4872 RegSrvc - detected UnsignedFile.Multi.Generic (1)15:14:05.0703 4872 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll15:14:05.0828 4872 RemoteAccess - ok15:14:05.0859 4872 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll15:14:05.0984 4872 RemoteRegistry - ok15:14:06.0031 4872 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe15:14:06.0187 4872 RpcLocator - ok15:14:06.0234 4872 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll15:14:06.0296 4872 RpcSs - ok15:14:06.0343 4872 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe15:14:06.0531 4872 RSVP - ok15:14:06.0609 4872 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe15:14:06.0703 4872 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning15:14:06.0703 4872 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)15:14:06.0734 4872 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys15:14:06.0781 4872 s24trans ( UnsignedFile.Multi.Generic ) - warning15:14:06.0781 4872 s24trans - detected UnsignedFile.Multi.Generic (1)15:14:06.0812 4872 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe15:14:06.0953 4872 SamSs - ok15:14:06.0984 4872 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe15:14:07.0109 4872 SCardSvr - ok15:14:07.0140 4872 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll15:14:07.0281 4872 Schedule - ok15:14:07.0406 4872 SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe15:14:07.0500 4872 SDScannerService - ok15:14:07.0578 4872 SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe15:14:07.0656 4872 SDUpdateService - ok15:14:07.0781 4872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys15:14:07.0937 4872 Secdrv - ok15:14:07.0968 4872 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll15:14:08.0125 4872 seclogon - ok15:14:08.0140 4872 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll15:14:08.0296 4872 SENS - ok15:14:08.0312 4872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys15:14:08.0468 4872 serenum - ok15:14:08.0531 4872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys15:14:08.0671 4872 Serial - ok15:14:08.0687 4872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys15:14:08.0828 4872 Sfloppy - ok15:14:08.0875 4872 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll15:14:09.0015 4872 SharedAccess - ok15:14:09.0046 4872 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll15:14:09.0093 4872 ShellHWDetection - ok15:14:09.0093 4872 Simbad - ok15:14:09.0125 4872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys15:14:09.0265 4872 SLIP - ok15:14:09.0718 4872 SMART Board Service (6dac3f90ef7b3ac349890e4eebacb260) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe15:14:09.0968 4872 SMART Board Service - ok15:14:10.0125 4872 SMART Display Controller (63beb15cc3e249bf51134e85dd56535d) C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe15:14:10.0203 4872 SMART Display Controller - ok15:14:10.0343 4872 SMART SNMP Agent Service (3bcb934ae0a0fca1c3aa7a3a8088bc68) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe15:14:10.0468 4872 SMART SNMP Agent Service - ok15:14:10.0578 4872 Sparrow - ok15:14:10.0609 4872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys15:14:10.0875 4872 splitter - ok15:14:10.0937 4872 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe15:14:10.0984 4872 Spooler - ok15:14:11.0015 4872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys15:14:11.0156 4872 sr - ok15:14:11.0187 4872 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll15:14:11.0296 4872 srservice - ok15:14:11.0406 4872 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSP.SYS15:14:11.0437 4872 SRTSP - ok15:14:11.0453 4872 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS15:14:11.0500 4872 SRTSPX - ok15:14:11.0546 4872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys15:14:11.0609 4872 Srv - ok15:14:11.0625 4872 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll15:14:11.0812 4872 SSDPSRV - ok15:14:11.0859 4872 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe15:14:11.0921 4872 STacSV - ok15:14:12.0046 4872 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys15:14:12.0140 4872 STHDA - ok15:14:12.0218 4872 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll15:14:12.0390 4872 stisvc - ok15:14:12.0468 4872 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe15:14:12.0531 4872 stllssvr ( UnsignedFile.Multi.Generic ) - warning15:14:12.0531 4872 stllssvr - detected UnsignedFile.Multi.Generic (1)15:14:12.0578 4872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys15:14:12.0781 4872 streamip - ok15:14:12.0843 4872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys15:14:12.0984 4872 swenum - ok15:14:13.0015 4872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys15:14:13.0125 4872 swmidi - ok15:14:13.0125 4872 SwPrv - ok15:14:13.0140 4872 symc810 - ok15:14:13.0140 4872 symc8xx - ok15:14:13.0203 4872 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS15:14:13.0250 4872 SymDS - ok15:14:13.0359 4872 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS15:14:13.0437 4872 SymEFA - ok15:14:13.0484 4872 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS15:14:13.0515 4872 SymEvent - ok15:14:13.0546 4872 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS15:14:13.0578 4872 SymIRON - ok15:14:13.0609 4872 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMTDI.SYS15:14:13.0656 4872 SYMTDI - ok15:14:13.0656 4872 sym_hi - ok15:14:13.0671 4872 sym_u3 - ok15:14:13.0687 4872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys15:14:13.0828 4872 sysaudio - ok15:14:13.0875 4872 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe15:14:14.0000 4872 SysmonLog - ok15:14:14.0031 4872 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll15:14:14.0156 4872 TapiSrv - ok15:14:14.0218 4872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys15:14:14.0265 4872 Tcpip - ok15:14:14.0328 4872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys15:14:14.0437 4872 TDPIPE - ok15:14:14.0468 4872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys15:14:14.0609 4872 TDTCP - ok15:14:14.0640 4872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys15:14:14.0765 4872 TermDD - ok15:14:14.0781 4872 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll15:14:14.0906 4872 TermService - ok15:14:14.0953 4872 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll15:14:14.0984 4872 Themes - ok15:14:15.0015 4872 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe15:14:15.0140 4872 TlntSvr - ok15:14:15.0156 4872 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys15:14:15.0250 4872 toshidpt - ok15:14:15.0250 4872 TosIde - ok15:14:15.0250 4872 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys15:14:15.0296 4872 tosporte - ok15:14:15.0312 4872 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys15:14:15.0359 4872 tosrfbd - ok15:14:15.0375 4872 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys15:14:15.0437 4872 tosrfbnp - ok15:14:15.0453 4872 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys15:14:15.0515 4872 Tosrfcom - ok15:14:15.0546 4872 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys15:14:15.0578 4872 Tosrfhid - ok15:14:15.0593 4872 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys15:14:15.0656 4872 tosrfnds - ok15:14:15.0671 4872 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys15:14:15.0734 4872 Tosrfusb - ok15:14:15.0765 4872 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll15:14:15.0906 4872 TrkWks - ok15:14:15.0921 4872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys15:14:16.0062 4872 Udfs - ok15:14:16.0062 4872 ultra - ok15:14:16.0125 4872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys15:14:16.0296 4872 Update - ok15:14:16.0328 4872 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll15:14:16.0468 4872 upnphost - ok15:14:16.0484 4872 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe15:14:16.0687 4872 UPS - ok15:14:16.0703 4872 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys15:14:16.0796 4872 USBAAPL - ok15:14:16.0828 4872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys15:14:16.0968 4872 usbaudio - ok15:14:17.0015 4872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys15:14:17.0156 4872 usbccgp - ok15:14:17.0187 4872 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys15:14:17.0234 4872 USBCCID - ok15:14:17.0265 4872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys15:14:17.0390 4872 usbehci - ok15:14:17.0421 4872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys15:14:17.0546 4872 usbhub - ok15:14:17.0578 4872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys15:14:17.0703 4872 usbprint - ok15:14:17.0734 4872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys15:14:17.0859 4872 usbscan - ok15:14:17.0906 4872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS15:14:18.0062 4872 USBSTOR - ok15:14:18.0078 4872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys15:14:18.0187 4872 usbuhci - ok15:14:18.0218 4872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys15:14:18.0359 4872 VgaSave - ok15:14:18.0359 4872 ViaIde - ok15:14:18.0375 4872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys15:14:18.0515 4872 VolSnap - ok15:14:18.0562 4872 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe15:14:18.0750 4872 VSS - ok15:14:18.0781 4872 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll15:14:18.0921 4872 W32Time - ok15:14:18.0937 4872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys15:14:19.0062 4872 Wanarp - ok15:14:19.0109 4872 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys15:14:19.0156 4872 Wdf01000 - ok15:14:19.0171 4872 WDICA - ok15:14:19.0203 4872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys15:14:19.0328 4872 wdmaud - ok15:14:19.0359 4872 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll15:14:19.0484 4872 WebClient - ok15:14:19.0562 4872 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys15:14:19.0640 4872 winachsf - ok15:14:19.0687 4872 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll15:14:19.0812 4872 winmgmt - ok15:14:19.0906 4872 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe15:14:19.0953 4872 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning15:14:19.0953 4872 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)15:14:20.0000 4872 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll15:14:20.0078 4872 WmdmPmSN - ok15:14:20.0171 4872 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll15:14:20.0234 4872 Wmi - ok15:14:20.0281 4872 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys15:14:20.0390 4872 WmiAcpi - ok15:14:20.0437 4872 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe15:14:20.0625 4872 WmiApSrv - ok15:14:20.0718 4872 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe15:14:20.0828 4872 WMPNetworkSvc - ok15:14:20.0875 4872 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll15:14:20.0984 4872 wscsvc - ok15:14:21.0031 4872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS15:14:21.0187 4872 WSTCODEC - ok15:14:21.0203 4872 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll15:14:21.0343 4872 wuauserv - ok15:14:21.0437 4872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys15:14:21.0531 4872 WudfPf - ok15:14:21.0531 4872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys15:14:21.0593 4872 WudfRd - ok15:14:21.0609 4872 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll15:14:21.0656 4872 WudfSvc - ok15:14:21.0718 4872 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll15:14:21.0890 4872 WZCSVC - ok15:14:21.0921 4872 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll15:14:22.0109 4872 xmlprov - ok15:14:22.0140 4872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR015:14:22.0546 4872 \Device\Harddisk0\DR0 ( TDSS File System ) - warning15:14:22.0546 4872 \Device\Harddisk0\DR0 - detected TDSS File System (1)15:14:22.0546 4872 Boot (0x1200) (6a8375b063e3f895c13c123b5305a0f1) \Device\Harddisk0\DR0\Partition015:14:22.0546 4872 \Device\Harddisk0\DR0\Partition0 - ok15:14:22.0562 4872 ============================================================15:14:22.0562 4872 Scan finished15:14:22.0562 4872 ============================================================15:14:22.0671 4008 Detected object count: 1115:14:22.0671 4008 Actual detected object count: 1115:16:34.0765 4008 CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0765 4008 CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0765 4008 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0765 4008 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0765 4008 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0765 4008 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0781 4008 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0781 4008 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0781 4008 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0781 4008 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0781 4008 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0781 4008 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0781 4008 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0781 4008 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0781 4008 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0781 4008 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0781 4008 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0781 4008 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0781 4008 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user15:16:34.0781 4008 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip15:16:34.0843 4008 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine15:16:34.0859 4008 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine15:16:35.0015 4008 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine15:16:35.0109 4008 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine15:16:35.0562 4008 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine15:16:35.0640 4008 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine15:16:35.0640 4008 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine15:16:35.0671 4008 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine15:16:35.0718 4008 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine15:16:35.0750 4008 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine15:16:35.0781 4008 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine15:16:35.0796 4008 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine15:16:36.0000 4008 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine15:16:36.0078 4008 \Device\Harddisk0\DR0\TDLFS - deleted15:16:36.0078 4008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete15:17:23.0406 0160 Deinitialize successHere is the combofix log:ComboFix 12-07-14.01 - Admin 07/14/2012 15:32:45.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1161 [GMT -10:00]Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exeAV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Resident AV is active...((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Laptop User\WINDOWSc:\windows\system32\lsprst7.dllc:\windows\system32\ssprs.dll..((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))..2012-07-14 20:55 . 2012-07-14 20:55 1193472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\mac.dll2012-07-14 20:53 . 2012-07-14 20:52 173568 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\welsvp.dll2012-07-14 20:52 . 2012-07-14 20:52 43008 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\wbxtrace.dll2012-07-14 20:52 . 2012-07-14 20:52 52736 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\raurl.dll2012-07-14 20:52 . 2012-07-14 20:52 516920 ----a-w- c:\program files\Mozilla Firefox\plugins\atcliun.exe2012-07-14 20:52 . 2012-07-14 20:52 4004352 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atres.dll2012-07-14 20:52 . 2012-07-14 20:52 50176 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atpack.dll2012-07-14 20:52 . 2012-07-14 20:52 8704 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atmemmgr.dll2012-07-14 20:52 . 2012-07-14 20:52 69120 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atcarmcl.dll2012-07-14 20:52 . 2012-07-14 20:52 1028096 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\Atwbxui12.dll2012-07-14 20:52 . 2012-07-14 20:52 9216 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atkbctl.dll2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\Mozilla Firefox\plugins\ieatgpc.dll2012-07-14 20:52 . 2012-07-14 20:52 586040 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcext.dll2012-07-14 20:52 . 2012-07-14 20:52 80184 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcdec.dll2012-07-14 20:52 . 2012-07-14 20:52 215864 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll2012-07-12 11:55 . 2012-07-12 11:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes2012-07-12 11:50 . 2012-07-15 01:16 -------- d-----w- C:\TDSSKiller_Quarantine2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Epson2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Leader Technologies2012-07-02 02:25 . 2012-07-02 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2012-07-02 02:24 . 2009-01-25 23:14 15224 ----a-w- c:\windows\system32\sdnclean.exe2012-07-02 02:24 . 2012-07-02 02:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 22012-06-30 10:41 . 2012-06-30 10:41 -------- d-----w- c:\documents and settings\Laptop User\Application Data\Malwarebytes2012-06-30 10:40 . 2012-06-30 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-06-30 10:40 . 2012-07-03 23:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-30 10:40 . 2012-07-12 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-06-30 09:36 . 2012-06-30 09:36 -------- d-----w- c:\documents and settings\Laptop User\Application Data\DriverCure2012-06-30 09:35 . 2012-06-30 09:35 -------- d-----w- c:\documents and settings\Laptop User\Application Data\SpeedMaxPc2012-06-30 09:35 . 2012-07-01 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc2012-06-28 06:05 . 2012-06-28 06:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2012-06-28 06:05 . 2012-06-28 06:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\windows\system32\drivers\N3602012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Norton 3602012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Windows Sidebar2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\program files\NortonInstaller2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller2012-06-28 01:56 . 2012-06-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3E0405F6ED00096165D151FC4E2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\sysprs7.dll2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth2.dll2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth1.dll2012-06-26 22:25 . 2012-06-26 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software2012-06-26 22:19 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys2012-06-26 22:19 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys2012-06-26 22:18 . 2008-04-14 00:12 16384 ----a-w- c:\windows\system32\ipsink.ax2012-06-26 22:18 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys2012-06-26 22:18 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys2012-06-26 22:18 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS2012-06-26 22:18 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys2012-06-26 22:18 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys2012-06-26 21:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll2012-06-26 21:55 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax2012-06-26 21:55 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys2012-06-26 21:55 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax2012-06-26 21:55 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax2012-06-26 21:55 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys2012-06-26 21:54 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys2012-06-23 23:57 . 2012-06-23 23:57 -------- d-----w- c:\documents and settings\Laptop User\Local Settings\Application Data\IBM2012-06-23 20:54 . 2012-04-20 19:29 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll2012-06-23 20:54 . 2012-04-20 19:29 81920 ----a-w- c:\windows\system32\ieencode.dll2012-06-23 07:09 . 2012-06-23 07:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll2012-06-23 07:09 . 2012-06-23 07:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll2012-06-22 05:43 . 2012-06-22 05:43 476936 ----a-w- c:\windows\system32\npdeployJava1.dll2012-06-22 05:43 . 2012-06-22 05:43 472840 ----a-w- c:\windows\system32\deployJava1.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-28 20:22 . 2012-04-13 06:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-28 20:22 . 2011-06-07 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-22 05:43 . 2008-09-26 23:07 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-06 09:35 . 2012-06-06 09:35 83424 ----a-w- c:\windows\system32\dwabho.dll2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-05 15:50 . 2005-09-08 11:03 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-03 01:19 . 2008-07-28 21:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-03 01:19 . 2008-07-28 21:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-03 01:19 . 2008-07-24 23:39 329240 ----a-w- c:\windows\system32\wucltui.dll2012-06-03 01:19 . 2008-07-24 23:39 210968 ----a-w- c:\windows\system32\wuweb.dll2012-06-03 01:19 . 2008-07-24 23:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-03 01:19 . 2009-01-09 20:15 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-03 01:19 . 2008-07-28 21:10 45080 ----a-w- c:\windows\system32\wups2.dll2012-06-03 01:19 . 2008-07-24 23:39 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-03 01:19 . 2008-07-24 23:39 35864 ----a-w- c:\windows\system32\wups.dll2012-06-03 01:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll2012-06-03 01:19 . 2008-07-28 21:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-03 01:19 . 2008-07-24 23:39 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-03 01:19 . 2008-07-24 23:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-03 01:18 . 2010-01-19 07:08 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-03 01:18 . 2010-01-19 07:08 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-03 01:18 . 2010-01-19 07:08 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-02 13:46 . 2008-07-24 23:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-20 19:29 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx2012-04-19 12:44 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec2005-06-16 22:19 . 2005-06-16 22:19 2482176 ----a-w- c:\program files\TCTrill.dll2005-06-11 01:12 . 2005-06-11 01:12 847872 ----a-w- c:\program files\TCTrillS.dll2005-06-03 18:59 . 2005-06-03 18:59 61440 ----a-w- c:\program files\TCReports.dll2004-02-12 04:11 . 2004-02-12 04:11 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe2004-02-12 03:59 . 2004-02-12 03:59 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe2004-01-27 02:04 . 2004-01-27 02:04 49152 ----a-w- c:\program files\TCAlerts.dll2003-11-04 22:21 . 2003-11-04 22:21 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll2003-11-04 22:21 . 2003-11-04 22:21 561152 ----a-w- c:\program files\xp32_207.dll2003-11-04 22:21 . 2003-11-04 22:21 21776 ----a-w- c:\program files\shfolder.dll2003-11-04 22:20 . 2003-11-04 22:20 479232 ----a-w- c:\program files\rp32_207.dll2003-11-04 22:20 . 2003-11-04 22:20 217088 ----a-w- c:\program files\sa32_207.dll2003-11-04 22:19 . 2003-11-04 22:19 725032 ----a-w- c:\program files\kSAdg.dll2003-11-04 22:19 . 2003-11-04 22:19 692264 ----a-w- c:\program files\kCPdg.dll2003-11-04 22:19 . 2003-11-04 22:19 413736 ----a-w- c:\program files\kGRdg.dll2003-11-04 22:19 . 2003-11-04 22:19 401462 ----a-w- c:\program files\msvcp60.dll2003-11-04 22:19 . 2003-11-04 22:19 290869 ----a-w- c:\program files\msvcrt.dll2003-11-04 22:19 . 2003-11-04 22:19 2744361 ----a-w- c:\program files\kFDMdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1982504 ----a-w- c:\program files\kFDdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1937448 ----a-w- c:\program files\kXPdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1794088 ----a-w- c:\program files\kRPdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1597480 ----a-w- c:\program files\kDBdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1486848 ----a-w- c:\program files\owl609v.dll2003-11-04 22:18 . 2003-11-04 22:18 638976 ----a-w- c:\program files\fd32_207.dll2003-11-04 22:18 . 2003-11-04 22:18 401728 ----a-w- c:\program files\EQNEDIT.EXE2003-11-04 22:18 . 2003-11-04 22:18 352256 ----a-w- c:\program files\db32_207.dll2003-11-04 22:18 . 2003-11-04 22:18 212992 ----a-w- c:\program files\cp32_207.dll2003-11-04 22:18 . 2003-11-04 22:18 131072 ----a-w- c:\program files\gr32_207.dll2003-11-04 22:18 . 2003-11-04 22:18 1122304 ----a-w- c:\program files\fm32_207.dll2003-11-04 22:17 . 2003-11-04 22:17 311296 ----a-w- c:\program files\APE24EXT_MT.dll2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll2012-06-23 07:09 . 2011-12-28 05:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UMonit"="c:\windows\system32\umonit.exe" [2007-06-18 200704]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008]"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2007-04-20 181896]"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-26 136512]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-26 823296]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-26 974848]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584]"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-12-19 611712]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-11 3349488].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-1-12 679936]SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-11-19 13310832].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@="".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"="c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"="c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"="c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:TCP"= 5353:TCP:Adobe CSI CS4"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SymDS.sys [6/27/2012 8:05 PM 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SymEFA.sys [6/27/2012 8:05 PM 905336]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 1:31 AM 821920]R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [6/27/2012 8:05 PM 132744]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.sys [6/27/2012 8:05 PM 149624]R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 1:01 PM 521600]R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [9/29/2009 11:29 AM 3397000]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/30/2012 12:40 AM 655944]R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [6/27/2012 8:04 PM 138232]R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [4/19/2007 9:01 PM 632456]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [7/1/2012 4:24 PM 1122296]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [7/1/2012 4:24 PM 838136]R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [11/19/2010 7:58 PM 846192]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2012 4:09 PM 106656]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSXpx86.sys [7/14/2012 12:57 AM 369632]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2012 12:40 AM 22344]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2/6/2012 7:05 PM 6016]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 PM 113120]S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [11/19/2010 7:59 PM 1664368].--- Other Services/Drivers In Memory ---.*NewlyCreated* - 50883511*Deregistered* - 50883511.Contents of the 'Scheduled Tasks' folder.2012-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-02 02:29].2012-07-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-02 02:29].2012-07-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-07-02 02:29]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\7wgst86i.default\..------- File Associations -------..txt=.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKU-Default-Run-Adobe - c:\documents and settings\Laptop User\Local Settings\Application Data\Apple Computer\Adobe\xdlqzl.dllNotify-SDWinLogon - SDWinLogon.dllHKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008AddRemove-FixUstor - c:\windows\temp\fixustor\remove.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-07-14 15:40Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....HKLM\Software\Microsoft\Windows\CurrentVersion\Run UMonit = c:\windows\system32\umonit.exe?USB\Vid_1713&Pid_01008???????I_03????(!??B\ROOT_H8??????V????????????????????h?????A~(!???????????b@?????????????????@$?|?????$?|??B~??@???E~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@.scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:5c,7c,2e,44,07,d1,54,06,ef,30,5f,22,e3,21,18,6d,13,c9,fb,1b,f7, 44,50,70,ec,57,e4,82,0e,d2,30,9b,ee,e8,ae,db,e4,1d,fb,9c,81,e3,64,01,34,ee,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1212)c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dllc:\program files\IBM\Lotus\Notes\npnotes.dll.Completion time: 2012-07-14 15:42:50ComboFix-quarantined-files.txt 2012-07-15 01:42.Pre-Run: 25,248,092,160 bytes freePost-Run: 25,688,604,672 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - FA06A307EE655AAE237BCC14DAA8BE16 Link to post Share on other sites More sharing options...
Maniac Posted July 15, 2012 ID:570952 Share Posted July 15, 2012 Step 1Please use the McAfee uninstaller tool to clean the leftovers: http://service.mcafee.com/FAQDocument.aspx?id=TS101331Step 21. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:SecCenter::AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}JavaClearCache::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
shiannte Posted July 16, 2012 Author ID:571588 Share Posted July 16, 2012 ComboFix 12-07-14.01 - Admin 07/16/2012 12:17:47.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1188 [GMT -10:00]Running from: c:\documents and settings\Admin\My Documents\ComboFix.exeCommand switches used :: c:\documents and settings\Admin\My Documents\CFScript.txtAV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}..((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))..2012-07-15 04:43 . 2012-07-15 05:14 -------- d-----w- c:\documents and settings\Admin\Application Data\webex2012-07-14 20:55 . 2012-07-14 20:55 1193472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\mac.dll2012-07-14 20:53 . 2012-07-14 20:52 173568 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\welsvp.dll2012-07-14 20:52 . 2012-07-14 20:52 43008 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\wbxtrace.dll2012-07-14 20:52 . 2012-07-14 20:52 52736 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\raurl.dll2012-07-14 20:52 . 2012-07-14 20:52 516920 ----a-w- c:\program files\Mozilla Firefox\plugins\atcliun.exe2012-07-14 20:52 . 2012-07-14 20:52 4004352 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atres.dll2012-07-14 20:52 . 2012-07-14 20:52 50176 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atpack.dll2012-07-14 20:52 . 2012-07-14 20:52 8704 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atmemmgr.dll2012-07-14 20:52 . 2012-07-14 20:52 69120 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atcarmcl.dll2012-07-14 20:52 . 2012-07-14 20:52 1028096 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\Atwbxui12.dll2012-07-14 20:52 . 2012-07-14 20:52 9216 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atkbctl.dll2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\Mozilla Firefox\plugins\ieatgpc.dll2012-07-14 20:52 . 2012-07-14 20:52 586040 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcext.dll2012-07-14 20:52 . 2012-07-14 20:52 80184 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\1224\atgpcdec.dll2012-07-14 20:52 . 2012-07-14 20:52 215864 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll2012-07-12 11:55 . 2012-07-12 11:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes2012-07-12 11:50 . 2012-07-15 01:16 -------- d-----w- C:\TDSSKiller_Quarantine2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Epson2012-07-12 11:23 . 2012-07-12 11:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Leader Technologies2012-07-02 02:25 . 2012-07-02 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2012-07-02 02:24 . 2009-01-25 23:14 15224 ----a-w- c:\windows\system32\sdnclean.exe2012-07-02 02:24 . 2012-07-02 02:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 22012-06-30 10:41 . 2012-06-30 10:41 -------- d-----w- c:\documents and settings\Laptop User\Application Data\Malwarebytes2012-06-30 10:40 . 2012-06-30 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-06-30 10:40 . 2012-07-03 23:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-30 10:40 . 2012-07-12 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-06-30 09:36 . 2012-06-30 09:36 -------- d-----w- c:\documents and settings\Laptop User\Application Data\DriverCure2012-06-30 09:35 . 2012-06-30 09:35 -------- d-----w- c:\documents and settings\Laptop User\Application Data\SpeedMaxPc2012-06-30 09:35 . 2012-07-01 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc2012-06-28 06:05 . 2012-06-28 06:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2012-06-28 06:05 . 2012-06-28 06:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\windows\system32\drivers\N3602012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Norton 3602012-06-28 06:04 . 2012-06-28 06:04 -------- d-----w- c:\program files\Windows Sidebar2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\program files\NortonInstaller2012-06-28 06:02 . 2012-06-28 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller2012-06-28 01:56 . 2012-06-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3E0405F6ED00096165D151FC4E2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\sysprs7.dll2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth2.dll2012-06-26 22:25 . 2012-06-26 22:25 1025 ----a-w- c:\windows\system32\clauth1.dll2012-06-26 22:25 . 2012-06-26 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software2012-06-26 22:19 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys2012-06-26 22:19 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys2012-06-26 22:18 . 2008-04-14 00:12 16384 ----a-w- c:\windows\system32\ipsink.ax2012-06-26 22:18 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys2012-06-26 22:18 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys2012-06-26 22:18 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS2012-06-26 22:18 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys2012-06-26 22:18 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys2012-06-26 21:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll2012-06-26 21:55 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax2012-06-26 21:55 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys2012-06-26 21:55 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax2012-06-26 21:55 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax2012-06-26 21:55 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys2012-06-26 21:54 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys2012-06-23 23:57 . 2012-06-23 23:57 -------- d-----w- c:\documents and settings\Laptop User\Local Settings\Application Data\IBM2012-06-23 20:54 . 2012-04-20 19:29 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll2012-06-23 20:54 . 2012-04-20 19:29 81920 ----a-w- c:\windows\system32\ieencode.dll2012-06-23 07:09 . 2012-06-23 07:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll2012-06-23 07:09 . 2012-06-23 07:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll2012-06-22 05:43 . 2012-06-22 05:43 476936 ----a-w- c:\windows\system32\npdeployJava1.dll2012-06-22 05:43 . 2012-06-22 05:43 472840 ----a-w- c:\windows\system32\deployJava1.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-28 20:22 . 2012-04-13 06:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-28 20:22 . 2011-06-07 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-22 05:43 . 2008-09-26 23:07 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-06 09:35 . 2012-06-06 09:35 83424 ----a-w- c:\windows\system32\dwabho.dll2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-05 15:50 . 2005-09-08 11:03 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-03 01:19 . 2008-07-28 21:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-03 01:19 . 2008-07-28 21:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-03 01:19 . 2008-07-24 23:39 329240 ----a-w- c:\windows\system32\wucltui.dll2012-06-03 01:19 . 2008-07-24 23:39 210968 ----a-w- c:\windows\system32\wuweb.dll2012-06-03 01:19 . 2008-07-24 23:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-03 01:19 . 2009-01-09 20:15 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-03 01:19 . 2008-07-28 21:10 45080 ----a-w- c:\windows\system32\wups2.dll2012-06-03 01:19 . 2008-07-24 23:39 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-03 01:19 . 2008-07-24 23:39 35864 ----a-w- c:\windows\system32\wups.dll2012-06-03 01:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll2012-06-03 01:19 . 2008-07-28 21:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-03 01:19 . 2008-07-24 23:39 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-03 01:19 . 2008-07-24 23:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-03 01:18 . 2010-01-19 07:08 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-03 01:18 . 2010-01-19 07:08 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-03 01:18 . 2010-01-19 07:08 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-02 13:46 . 2008-07-24 23:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-20 19:29 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx2012-04-19 12:44 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec2005-06-16 22:19 . 2005-06-16 22:19 2482176 ----a-w- c:\program files\TCTrill.dll2005-06-11 01:12 . 2005-06-11 01:12 847872 ----a-w- c:\program files\TCTrillS.dll2005-06-03 18:59 . 2005-06-03 18:59 61440 ----a-w- c:\program files\TCReports.dll2004-02-12 04:11 . 2004-02-12 04:11 7659520 ----a-w- c:\program files\Geo CS Test Gen Management.exe2004-02-12 03:59 . 2004-02-12 03:59 4009984 ----a-w- c:\program files\Geo CS Test Gen Student.exe2004-01-27 02:04 . 2004-01-27 02:04 49152 ----a-w- c:\program files\TCAlerts.dll2003-11-04 22:21 . 2003-11-04 22:21 983040 ----a-w- c:\program files\stuffit5.engine-5.1.dll2003-11-04 22:21 . 2003-11-04 22:21 561152 ----a-w- c:\program files\xp32_207.dll2003-11-04 22:21 . 2003-11-04 22:21 21776 ----a-w- c:\program files\shfolder.dll2003-11-04 22:20 . 2003-11-04 22:20 479232 ----a-w- c:\program files\rp32_207.dll2003-11-04 22:20 . 2003-11-04 22:20 217088 ----a-w- c:\program files\sa32_207.dll2003-11-04 22:19 . 2003-11-04 22:19 725032 ----a-w- c:\program files\kSAdg.dll2003-11-04 22:19 . 2003-11-04 22:19 692264 ----a-w- c:\program files\kCPdg.dll2003-11-04 22:19 . 2003-11-04 22:19 413736 ----a-w- c:\program files\kGRdg.dll2003-11-04 22:19 . 2003-11-04 22:19 401462 ----a-w- c:\program files\msvcp60.dll2003-11-04 22:19 . 2003-11-04 22:19 290869 ----a-w- c:\program files\msvcrt.dll2003-11-04 22:19 . 2003-11-04 22:19 2744361 ----a-w- c:\program files\kFDMdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1982504 ----a-w- c:\program files\kFDdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1937448 ----a-w- c:\program files\kXPdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1794088 ----a-w- c:\program files\kRPdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1597480 ----a-w- c:\program files\kDBdg.dll2003-11-04 22:19 . 2003-11-04 22:19 1486848 ----a-w- c:\program files\owl609v.dll2003-11-04 22:18 . 2003-11-04 22:18 638976 ----a-w- c:\program files\fd32_207.dll2003-11-04 22:18 . 2003-11-04 22:18 401728 ----a-w- c:\program files\EQNEDIT.EXE2003-11-04 22:18 . 2003-11-04 22:18 352256 ----a-w- c:\program files\db32_207.dll2003-11-04 22:18 . 2003-11-04 22:18 212992 ----a-w- c:\program files\cp32_207.dll2003-11-04 22:18 . 2003-11-04 22:18 131072 ----a-w- c:\program files\gr32_207.dll2003-11-04 22:18 . 2003-11-04 22:18 1122304 ----a-w- c:\program files\fm32_207.dll2003-11-04 22:17 . 2003-11-04 22:17 311296 ----a-w- c:\program files\APE24EXT_MT.dll2012-07-14 20:52 . 2012-07-14 20:52 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll2012-06-23 07:09 . 2011-12-28 05:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2012-07-15_01.40.44 ))))))))))))))))))))))))))))))))))))))))).+ 2012-07-15 01:51 . 2012-07-15 01:51 16384 c:\windows\Temp\Perflib_Perfdata_8e4.dat+ 2012-07-15 01:45 . 2012-07-15 01:45 16384 c:\windows\Temp\Perflib_Perfdata_310.dat+ 2012-07-15 01:49 . 2012-07-15 01:49 19968 c:\windows\Installer\3bbe3.msi+ 2011-01-14 17:10 . 2011-01-14 17:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL+ 2011-01-14 17:10 . 2011-01-14 17:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL+ 2011-07-21 22:34 . 2011-07-21 22:34 3456000 c:\windows\Installer\26ec878.msp+ 2011-01-14 17:10 . 2011-01-14 17:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL+ 2011-01-14 17:10 . 2011-01-14 17:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL+ 2011-01-14 17:10 . 2011-01-14 17:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UMonit"="c:\windows\system32\umonit.exe" [2007-06-18 200704]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008]"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2007-04-20 181896]"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-26 136512]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-26 823296]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-26 974848]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584]"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-12-19 611712]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-11 3349488].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-1-12 679936]SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-11-19 13310832].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@="".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"="c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"="c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"="c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:TCP"= 5353:TCP:Adobe CSI CS4"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SymDS.sys [6/27/2012 8:05 PM 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SymEFA.sys [6/27/2012 8:05 PM 905336]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 1:31 AM 821920]R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [6/27/2012 8:05 PM 132744]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.sys [6/27/2012 8:05 PM 149624]R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 1:01 PM 521600]R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [9/29/2009 11:29 AM 3397000]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/30/2012 12:40 AM 655944]R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [6/27/2012 8:04 PM 138232]R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [4/19/2007 9:01 PM 632456]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [7/1/2012 4:24 PM 1122296]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [7/1/2012 4:24 PM 838136]R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [11/19/2010 7:58 PM 846192]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2012 4:09 PM 106656]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSXpx86.sys [7/14/2012 12:57 AM 369632]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2012 12:40 AM 22344]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2/6/2012 7:05 PM 6016]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 PM 113120]S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [11/19/2010 7:59 PM 1664368].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-02 02:29].2012-07-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-02 02:29].2012-07-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-07-02 02:29]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\7wgst86i.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-07-16 12:26Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....HKLM\Software\Microsoft\Windows\CurrentVersion\Run UMonit = c:\windows\system32\umonit.exe?USB\Vid_1713&Pid_01008???????I_03????(!??B\ROOT_H8??????V????????????????????h?????A~(!???????????b@?????????????????@$?|?????$?|??B~??@???E~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@.scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:5c,7c,2e,44,07,d1,54,06,ef,30,5f,22,e3,21,18,6d,13,c9,fb,1b,f7, 44,50,70,ec,57,e4,82,0e,d2,30,9b,ee,e8,ae,db,e4,1d,fb,9c,81,e3,64,01,34,ee,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1200)c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dllc:\program files\IBM\Lotus\Notes\npnotes.dllc:\windows\system32\igfxdev.dll.- - - - - - - > 'explorer.exe'(8088)c:\program files\SetPoint\lgscroll.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2012-07-16 12:28:03ComboFix-quarantined-files.txt 2012-07-16 22:27ComboFix2.txt 2012-07-15 01:42.Pre-Run: 25,100,419,072 bytes freePost-Run: 25,097,547,776 bytes free.- - End Of File - - 8E82462B56C1E73DEBBD35B0FD508DA0 Link to post Share on other sites More sharing options...
Maniac Posted July 16, 2012 ID:571590 Share Posted July 16, 2012 Good! Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
shiannte Posted July 17, 2012 Author ID:571710 Share Posted July 17, 2012 ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=efd6fba95682834ba2e9374d5060c928# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-07-17 01:19:56# local_time=2012-07-16 03:19:56 (-1000, Hawaiian Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=3589 16777189 100 74 1397679 93060631 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=185669# found=16# cleaned=16# scan_time=3461C:\Program Files\Zwinky_5qEI\Installr\1.bin\5qEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Program Files\Zwinky_5qEI\Installr\1.bin\5qEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{99127170-8C24-4E44-88F1-D9B20302B823}\RP4\A0000168.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{99127170-8C24-4E44-88F1-D9B20302B823}\RP4\A0000169.dll a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\12.07.2012_01.47.57\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\14.07.2012_15.13.12\tdlfs0000\tsk0011.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
Maniac Posted July 17, 2012 ID:571780 Share Posted July 17, 2012 Good! How is your system now? Link to post Share on other sites More sharing options...
shiannte Posted July 19, 2012 Author ID:572887 Share Posted July 19, 2012 Back to normal Thank you sooooo much for all of your help! Link to post Share on other sites More sharing options...
Maniac Posted July 19, 2012 ID:572912 Share Posted July 19, 2012 Glad I could help! Please uninstall ComboFix:www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstallNext, manually delete DDS, TDSSKiller and McAfee tool. Next, uninstall ESET Online Scanner.Some malware prevention tips:http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983Safe surfing! Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 19, 2012 ID:572946 Share Posted July 19, 2012 Glad we could help. This has been resolved, and now this topic is closed.The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system! Link to post Share on other sites More sharing options...
Staff screen317 Posted July 19, 2012 Staff ID:573127 Share Posted July 19, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts