TechSpot

Infected w/ Trojan.zeroaccess!inf cannot remove! WinXP Pro SP3

By scotpig
Mar 30, 2012
  1. Hello, My Laptop running XP Pro, sp3... Norton Security Suite Keeps on finding a Trojan during my daily scan... I have followed instructions via Symantec websites' Removal 411 and Dloaded the FixTDSS.exe, ran it, and it says it's clean...And the next day it has returned...
    I have also tried Kaspersky's free removal tool and it still keeps showing up.

    When prompted to restart, sometimes my system freezes, forcing me to perform a Hard Boot, and sometimes it just doesn't auto restart, it just turns off.
    When that happens, i.e.- shutting down incompletely, does that negate the scan performed prior? Or do I need to do it all over again until it restarts properly, does that even matter?

    I'm currently scanning thru the self help/Malware Removal Guides, but any direct, specific assistance from anyone would be greatly appreciated...

    Thanks in Advance!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Required Logs Pasted per instructions

    Here's my MBAM scan Log...


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.28.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Scott :: DADS [administrator]

    Protection: Enabled

    3/28/2012 3:26:07 PM
    mbam-log-2012-03-28 (15-26-07).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 397261
    Time elapsed: 4 hour(s), 37 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Now here's the gmer.exe log...


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-30 03:05:49
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST98823A rev.7.24
    Running: gmer.exe.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\pxtdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 848E8D48 ZwAlertResumeThread
    SSDT 84A19150 ZwAlertThread
    SSDT 84A7EA48 ZwAllocateVirtualMemory
    SSDT 849E3A60 ZwAssignProcessToJobObject
    SSDT 84A82460 ZwConnectPort
    SSDT \??\C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys ZwCreateFile [0xF78489A0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF626A710]
    SSDT 84A05030 ZwCreateMutant
    SSDT 84A0CBB8 ZwCreateSymbolicLinkObject
    SSDT 84A33918 ZwCreateThread
    SSDT 849E3B40 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF626A990]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF626AEF0]
    SSDT 84A4D4D8 ZwDuplicateObject
    SSDT 84BE8610 ZwFreeVirtualMemory
    SSDT 84A05C70 ZwImpersonateAnonymousToken
    SSDT 84A05D50 ZwImpersonateThread
    SSDT 84CBAAA0 ZwLoadDriver
    SSDT 84A3AB00 ZwMapViewOfSection
    SSDT 849ED238 ZwOpenEvent
    SSDT 84A091F0 ZwOpenProcess
    SSDT 84C5EF30 ZwOpenProcessToken
    SSDT 84A0F068 ZwOpenSection
    SSDT 84A4C170 ZwOpenThread
    SSDT 849EC348 ZwProtectVirtualMemory
    SSDT 849C73E8 ZwResumeThread
    SSDT 849C2D78 ZwSetContextThread
    SSDT 85EAD4E8 ZwSetInformationProcess
    SSDT 849DF280 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF626B140]
    SSDT 84A0F100 ZwSuspendProcess
    SSDT 849C7480 ZwSuspendThread
    SSDT 84C85120 ZwTerminateProcess
    SSDT 84A36B00 ZwTerminateThread
    SSDT 84C5A270 ZwUnmapViewOfSection
    SSDT 84A63C58 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C28 805044C4 4 Bytes [48, EA, A7, 84]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 4 Bytes [E8, 73, 9C, 84]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F74 80504810 4 Bytes CALL 8ED632E9
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    ? C:\DOCUME~1\Scott\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2404] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2404] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\explorer.exe[3020] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\explorer.exe[3020] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[3084] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe[3088] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe[3088] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[3320] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[3320] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe[3668] shell32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe[3668] shell32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 0041C110 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 0041C180 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 0041C000 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 0041BF50 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 0041C0D0 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 0041BF90 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 0041C040 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 0041BFC0 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 0041C080 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 0041BF10 C:\WINDOWS\SMINST\Scheduler.exe
    .text C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe[4000] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe[4000] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4484] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4484] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Documents and Settings\Scott\Desktop\VIRUS REMOVAL FOLDER\march 2012 new dl's\gmer.exe.exe[5316] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Documents and Settings\Scott\Desktop\VIRUS REMOVAL FOLDER\march 2012 new dl's\gmer.exe.exe[5316] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@FolderType Documents
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MinPos1280x800(1).x -1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MinPos1280x800(1).y -1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MaxPos1280x800(1).x -1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MaxPos1280x800(1).y -1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).left 88
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).top 88
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).right 888
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).bottom 688
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Rev 0
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WFlags 0
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ShowCmd 1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@FFlags 1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@HotKey 0
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Buttons -1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Links 0
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Address -1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Vid {65F125E5-7BE1-4810-BA9D-D271C8432CE3}
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Mode 6
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ScrollPos1280x800(1).x 0
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ScrollPos1280x800(1).y 0
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Sort 0
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@SortDir 1
    Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Col -1

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB32952$\1018300276 0 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129 0 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\bckfg.tmp 868 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\cfg.ini 240 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\keywords 357 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\L\lelapezm 52480 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000000.@ 66560 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000004.@ 12800 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000032.@ 115200 bytes
    File C:\WINDOWS\$NtUninstallKB32952$\252809129\version 868 bytes

    ---- EOF - GMER 1.0.15 ----

    Here's the DDS.txt Log...

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
    Run by Scott at 22:52:42 on 2012-03-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.190 [GMT -7:00]
    .
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\System32\svchost.exe -k Cognizance
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k eapsvcs
    C:\WINDOWS\System32\svchost.exe -k dot3svc
    C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
    C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\ifxspmgt.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    C:\Program Files\Samsung\AllShare\AllShareAgent.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\ActivIdentity\ActivClient Mini\acevents.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    dRun: [Epson Stylus NX510(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_S7E8.tmp" /EF "HKCU"
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mPolicies-system: HideShutdownScripts = 0 (0x0)
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    LSP: mswsock.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: ackpbsc - c:\program files\actividentity\activclient mini\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient mini\acunlock.dll
    Notify: DeviceNP - DeviceNP.dll
    Notify: igfxcui - igfxdev.dll
    Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
    AppInit_DLLs: APSHook.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Notification Packages = scecli ASWLNPkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\djykcujg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - plugin: c:\documents and settings\scott\application data\move networks\plugins\npqmp071706000001.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-3-20 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-3-20 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-16 820856]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2011-6-23 38816]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-3-20 136312]
    R2 acachsrv;ActivClient Authentication Service;c:\program files\actividentity\activclient mini\acachsrv.exe [2006-4-12 81920]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient mini\accoca.exe [2006-5-2 135168]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-3 14336]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-24 652360]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-3-20 130008]
    R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2011-3-9 23200]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-22 106104]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-2-18 97280]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120328.002\IDSXpx86.sys [2012-3-28 356280]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-6-23 41216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-24 20464]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120329.002\NAVENG.SYS [2012-3-29 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120329.002\NAVEX15.SYS [2012-3-29 1576312]
    R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-3-5 6607744]
    R3 Tq_91Assistant;Tq_91Assistant;c:\program files\netdragon\91 mobile\iphone\Tq_91Assistant.sys [2011-10-12 14248]
    S0 92490461;92490461;c:\windows\system32\drivers\93517887.sys --> c:\windows\system32\drivers\93517887.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 cpuz132;cpuz132;\??\c:\docume~1\scott\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\scott\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 cpuz134;cpuz134;\??\c:\docume~1\scott\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\scott\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
    S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2011-6-23 30008]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-5-2 44432]
    S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
    S3 EraserUtilDrv11110;EraserUtilDrv11110;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11110.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11110.sys [?]
    S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi11.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI11.sys [?]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2010-3-4 900736]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-1-14 18432]
    S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2010-2-16 132695]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-27 27064]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-3 14336]
    S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
    S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
    S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-8-31 92216]
    S4 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
    S4 rma;Radia Management Agent;c:\novadigm\managementagent\nvdkit.exe [2005-9-19 1968446]
    S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2011-12-16 25504]
    S4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2011-12-16 27584]
    S4 VYHTONMFEYDV;VYHTONMFEYDV;c:\docume~1\scott\locals~1\temp\vyhtonmfeydv.exe --> c:\docume~1\scott\locals~1\temp\VYHTONMFEYDV.exe [?]
    S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
    .
    =============== Created Last 30 ================
    .
    2012-03-30 00:09:07 -------- d-----w- c:\documents and settings\scott\ADMINCOPY
    2012-03-24 08:14:22 -------- d-----w- c:\program files\iPod
    2012-03-24 08:13:52 -------- d-----w- c:\program files\iTunes
    2012-03-23 23:20:11 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
    2012-03-23 05:28:14 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-03-23 05:28:14 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-23 05:08:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-21 07:47:40 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
    2012-03-20 22:29:16 -------- d-----w- C:\2a1760332fdbeb9d829e7d
    2012-03-20 11:55:58 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
    2012-03-20 11:55:58 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdi.sys
    2012-03-20 11:55:58 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
    2012-03-20 11:55:58 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
    2012-03-20 11:55:57 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
    2012-03-20 11:55:57 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
    2012-03-20 11:55:57 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
    2012-03-20 11:55:57 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
    2012-03-20 11:55:09 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
    2012-03-20 09:36:28 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    .
    ==================== Find3M ====================
    .
    2012-03-23 05:07:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-21 15:13:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 22:54:24.09 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    I still need Attach.txt part of DDS.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Final log pasted per instructions

    And Finally, here's the attach.txt Log (I hope I'm doing this correctly)
    I had to split the paste jobs up due to length.

    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/16/2010 10:05:17 PM
    System Uptime: 3/29/2012 9:06:31 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30AD
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | U10 | 1995/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 22.102 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Microsoft Tun Miniport Adapter #2
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp
    .
    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description: Mobile Intel(R) 945 Express Chipset Family
    Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_30AD103C&REV_03\3&B1BFB68&0&10
    Manufacturer: Intel Corporation
    Name: Mobile Intel(R) 945 Express Chipset Family
    PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_30AD103C&REV_03\3&B1BFB68&0&10
    Service: ialm
    .
    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description: Mobile Intel(R) 945 Express Chipset Family
    Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_30AD103C&REV_03\3&B1BFB68&0&11
    Manufacturer: Intel Corporation
    Name: Mobile Intel(R) 945 Express Chipset Family
    PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_30AD103C&REV_03\3&B1BFB68&0&11
    Service: ialm
    .
    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
    Device ID: ACPI\PNP0303\4&28738126&0
    Manufacturer: Hewlett-Packard Development Company, L.P.
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
    PNP Device ID: ACPI\PNP0303\4&28738126&0
    Service: i8042prt
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Synaptics PS/2 Port TouchPad
    Device ID: ACPI\SYN0122\4&28738126&0
    Manufacturer: Synaptics
    Name: Synaptics PS/2 Port TouchPad
    PNP Device ID: ACPI\SYN0122\4&28738126&0
    Service: i8042prt
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Microsoft
    Name: Microsoft Tun Miniport Adapter #3
    PNP Device ID: ROOT\NET\0000
    Service: tunmp
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    91 PC Suite for iPhone
    Acrobat.com
    ActivClient Mini
    Active Disk
    Adobe Acrobat 7.0 Professional
    Adobe Acrobat 7.1.0 Professional
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Agere Systems HDA Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AuthenTec Fingerprint Sensor Minimum Install
    Belarc Advisor 8.1
    Bing Bar
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Comcast Access
    ConvertXtoDVD 4.0.10.324
    Credential Manager for HP ProtectTools
    Dell Resource CD
    Device Access Manager for HP ProtectTools
    Driver Detective
    Dropbox
    Embedded Security for HP ProtectTools
    Epson Event Manager
    EPSON NX510 Series Printer Uninstall
    EPSON Scan
    EpsonNet Print
    FileHippo.com Update Checker
    Google Chrome
    Google Earth Pro
    Google Quick Search Box
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    HP Backup and Recovery Manager Installer
    HP Battery Check
    HP BIOS Configuration for ProtectTools 2.00 E1
    HP Java Card Security for ProtectTools 1.00 B4
    HP Product Detection
    HP ProtectTools Security Manager
    HP Quick Launch Buttons 6.30 J1
    HP Smart Card Security for ProtectTools 5.00 D4
    HP SoftPaq Download Manager
    HP Wireless Assistant
    Intel Matrix Storage Manager
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    IomegaWare 4.0.3
    iPhoneBrowser
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    LightScribe System Software 1.10.19.1
    Logitech MouseWare 9.80
    Logitech Vid
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Baseline Security Analyzer 2.2
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Fix it Center
    Microsoft IntelliPoint 7.0
    Microsoft IntelliType Pro 8.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.3
    Microsoft Office XP Media Content
    Microsoft Office XP Professional
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Mozilla Firefox 9.0.1 (x86 en-US)
    mProSafe
    MSVCRT
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MUSICMATCH® Jukebox
    muvee Reveal Seagate Edition
    mWlsSafe
    Norton Security Suite
    OGA Notifier 2.0.0048.0
    OneTouch Version 2.2
    PaperPort 7.0
    Prerequirements
    QuickTime
    Revo Uninstaller 1.93
    Revo Uninstaller Pro 2.5.3
    Safari
    Samsung AllShare
    Seagate Manager Installer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2124261)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2290570)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975254)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976323)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    SIW version 2010.07.14
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    System Requirements Lab for Intel
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Ultra DVD Creator 2.7.0227
    Uniblue RegistryBooster 2009
    Uniblue SpeedUpMyPC 2009
    Uniblue System Tweaker
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    USB Compound Device
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 2.0.1
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0 MUI pack
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    WinSCP 4.3.2
    Yahoo! Mail Advisor
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/29/2012 8:47:26 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    3/29/2012 5:44:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
    3/29/2012 5:43:47 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    3/29/2012 5:37:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service IFXTCS with arguments "-Service" in order to run the server: {FBCD9C01-72CB-47BB-99DD-2317551491DE}
    3/29/2012 5:02:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    3/29/2012 5:02:44 PM, error: Service Control Manager [7022] - The Windows Time service hung on starting.
    3/29/2012 5:02:42 PM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
    3/29/2012 5:00:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    3/29/2012 5:00:08 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 2 (0x2).
    3/29/2012 5:00:06 PM, error: RemoteAccess [20103] - Unable to load C:\WINDOWS\System32\iprtrmgr.dll.
    3/29/2012 5:00:02 PM, error: Service Control Manager [7001] - The Bluetooth Service service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
    3/29/2012 4:59:58 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/29/2012 4:59:24 PM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
    3/29/2012 4:58:39 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    3/29/2012 4:44:50 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/29/2012 3:55:23 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MOM-8F62C184B39 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CEAE3D2B-EEE. The master browser is stopping or an election is being forced.
    3/29/2012 3:40:46 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/29/2012 3:37:32 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/29/2012 3:36:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
    3/29/2012 12:31:06 PM, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Update\1.3.21.69\GoogleUpdateOnDemand.exe" -Embedding
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Very well.
    Please read my previous reply.
     
  7. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Ok, I just DL'd those 2, and will run them now...

    1 ? though... Do I need to disable my Norton stuff while running the AVAST prog?

    Also, when I try and boot into "Normal" mode, sometimes my system freezes up and occassionally won't start up correctly for like 3 or 4 attempts...

    It starts fine in "Selective Startup" Mode...
    So my ? is, do I HAVE to start up under Normal mode, or does it really matter?

    Are there any services that I need to disable before running these?
    Would turning off or disabling my "Bios System Startup Password Prompt" make a difference? (I notice that sometimes after I enter my PW, it powers down instead of Logging on)
     
  8. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    You don't have to disable anything.
    Normal mode would be preferred but both programs will run from any mode.
     
  9. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Ok, here's the aswMBR Log...


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-30 20:17:11
    -----------------------------
    20:17:11.281 OS Version: Windows 5.1.2600 Service Pack 3
    20:17:11.281 Number of processors: 2 586 0xF06
    20:17:11.281 ComputerName: DADS UserName:
    20:17:12.375 Initialize success
    20:45:29.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    20:45:29.250 Disk 0 Vendor: ST98823A 7.24 Size: 76319MB BusType: 3
    20:45:29.296 Disk 0 MBR read successfully
    20:45:29.328 Disk 0 MBR scan
    20:45:29.359 Disk 0 Windows XP default MBR code
    20:45:29.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
    20:45:29.406 Disk 0 scanning sectors +156295440
    20:45:29.515 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:45:41.687 Service scanning
    20:46:07.484 Modules scanning
    20:46:21.093 Disk 0 trace - called modules:
    20:46:21.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll iomdisk.sys ACPI.sys iastor.sys
    20:46:21.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87536030]
    20:46:21.281 3 CLASSPNP.SYS[f7547fd7] -> nt!IofCallDriver -> [0x875a49b0]
    20:46:21.312 5 hpdskflt.sys[f77a05ae] -> nt!IofCallDriver -> [0x875a4d78]
    20:46:21.375 7 iomdisk.sys[f77a7bc3] -> nt!IofCallDriver -> \Device\000000a7[0x8752da98]
    20:46:21.421 9 ACPI.sys[f73de620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86eae028]
    20:46:21.468 Scan finished successfully
    20:49:18.265 Disk 0 MBR has been saved successfully to "E:\VIRUS REMOVAL TOOLS\SCAN LOGS\MBR.dat"
    20:49:19.406 The log file has been saved successfully to "E:\VIRUS REMOVAL TOOLS\SCAN LOGS\aswMBR.txt"

    And now here's the Bootkit Remover Log...

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...

    Ok so that's finished... Now instead of me trying to start typing cmd lines, I think I'll wait for further assistance :)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  11. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Ok...I just ran this program the other night and it only came up with "suspicious objects" via unsigned Files...

    I just ran it now, and it came up with "Rootkit.Win32.PMax.gen"
    "service: rma"
    "Malware Object, high risk"
    Service Start: Disabled (0x4)
    File: C:/Novadigm?ManagementAgent/nvdkit.exe
    MD5: fc4ffde5abbfbd95ad7564db199e1864

    I have a couple ?'s...
    TDSSKILLER is defaulting to delete, there is no "cure" option in the dropdown box...There is only skip, quarantine, and delete.
    Do I need to Quarantine it first, reboot then delete?
    Do I just delete or will it just worm its way back in again?

    Under "service start" its listed as disabled..
    Do I need to enable the service first for a removal or cure to actually take effect?
    Would it be prudent to uninstall all "Novadigm" related progs, folders and registry entries, and if so, do I Uninstall the stuff before or after attempting removal?

    Sorry for all the questions, I'm just not sure what to do next and do not wanna make things worse. Thanks again my friend, I really do appreciate all your help!
     
  12. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    I can't advice without seeing the log.
    For now take no actions just run the scan.
     
  13. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Ok, here's the TDSS Log...
    I had to split this into 2 parts, so here's the 1st half...

    I still haven't attempted removal as far as delete, quarantine or skip...I'll wait for further instructions..And hey thanks again!


    15:11:02.0203 6844 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    15:11:04.0218 6844 ============================================================
    15:11:04.0218 6844 Current date / time: 2012/03/31 15:11:04.0218
    15:11:04.0218 6844 SystemInfo:
    15:11:04.0218 6844
    15:11:04.0218 6844 OS Version: 5.1.2600 ServicePack: 3.0
    15:11:04.0218 6844 Product type: Workstation
    15:11:04.0218 6844 ComputerName: DADS
    15:11:04.0218 6844 UserName: Scott
    15:11:04.0218 6844 Windows directory: C:\WINDOWS
    15:11:04.0218 6844 System windows directory: C:\WINDOWS
    15:11:04.0218 6844 Processor architecture: Intel x86
    15:11:04.0218 6844 Number of processors: 2
    15:11:04.0218 6844 Page size: 0x1000
    15:11:04.0218 6844 Boot type: Normal boot
    15:11:04.0218 6844 ============================================================
    15:11:06.0406 6844 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
    15:11:06.0421 6844 \Device\Harddisk0\DR0:
    15:11:06.0437 6844 MBR used
    15:11:06.0437 6844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E0D1
    15:11:06.0500 6844 Initialize success
    15:11:06.0500 6844 ============================================================
    15:11:29.0375 3076 ============================================================
    15:11:29.0375 3076 Scan started
    15:11:29.0375 3076 Mode: Manual; SigCheck; TDLFS;
    15:11:29.0375 3076 ============================================================
    15:11:29.0609 3076 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
    15:11:29.0984 3076 6to4 - ok
    15:11:30.0125 3076 92490461 - ok
    15:11:30.0156 3076 Abiosdsk - ok
    15:11:30.0171 3076 abp480n5 - ok
    15:11:30.0281 3076 acachsrv (68db31fd0fcffffb64e2d113561836d3) C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
    15:11:30.0328 3076 acachsrv ( UnsignedFile.Multi.Generic ) - warning
    15:11:30.0328 3076 acachsrv - detected UnsignedFile.Multi.Generic (1)
    15:11:30.0468 3076 Accelerometer (8356dd18da15d9c42a8584e1841844fe) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
    15:11:30.0484 3076 Accelerometer - ok
    15:11:30.0593 3076 accoca (e23e5964e1aaba08070af897ed0d52a2) C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
    15:11:30.0656 3076 accoca ( UnsignedFile.Multi.Generic ) - warning
    15:11:30.0656 3076 accoca - detected UnsignedFile.Multi.Generic (1)
    15:11:30.0718 3076 ACDaemon - ok
    15:11:30.0859 3076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    15:11:31.0671 3076 ACPI - ok
    15:11:31.0875 3076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    15:11:32.0000 3076 ACPIEC - ok
    15:11:32.0109 3076 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    15:11:32.0171 3076 ADIHdAudAddService - ok
    15:11:32.0281 3076 Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    15:11:32.0296 3076 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
    15:11:32.0296 3076 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
    15:11:32.0359 3076 adpu160m - ok
    15:11:32.0437 3076 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
    15:11:32.0468 3076 AEAudio - ok
    15:11:32.0515 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    15:11:32.0656 3076 aec - ok
    15:11:32.0734 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    15:11:32.0781 3076 AFD - ok
    15:11:32.0828 3076 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\WINDOWS\system32\agrsmsvc.exe
    15:11:32.0875 3076 AgereModemAudio - ok
    15:11:32.0968 3076 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    15:11:33.0140 3076 AgereSoftModem - ok
    15:11:33.0171 3076 Aha154x - ok
    15:11:33.0187 3076 aic78u2 - ok
    15:11:33.0218 3076 aic78xx - ok
    15:11:33.0265 3076 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    15:11:33.0421 3076 Alerter - ok
    15:11:33.0484 3076 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    15:11:33.0546 3076 ALG - ok
    15:11:33.0593 3076 AliIde - ok
    15:11:33.0609 3076 amsint - ok
    15:11:33.0765 3076 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:11:33.0796 3076 Apple Mobile Device - ok
    15:11:33.0843 3076 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    15:11:33.0921 3076 AppMgmt - ok
    15:11:34.0046 3076 ASBroker (2eeda27c19259c2340324ef7180d086b) C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    15:11:34.0062 3076 ASBroker ( UnsignedFile.Multi.Generic ) - warning
    15:11:34.0062 3076 ASBroker - detected UnsignedFile.Multi.Generic (1)
    15:11:34.0078 3076 asc - ok
    15:11:34.0109 3076 asc3350p - ok
    15:11:34.0140 3076 asc3550 - ok
    15:11:34.0203 3076 ASChannel (bb3c0521ecca4bb17ac55eb640df0fa5) C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
    15:11:34.0218 3076 ASChannel ( UnsignedFile.Multi.Generic ) - warning
    15:11:34.0218 3076 ASChannel - detected UnsignedFile.Multi.Generic (1)
    15:11:34.0437 3076 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    15:11:34.0468 3076 aspnet_state - ok
    15:11:34.0578 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    15:11:34.0765 3076 AsyncMac - ok
    15:11:34.0859 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    15:11:34.0968 3076 atapi - ok
    15:11:34.0984 3076 Atdisk - ok
    15:11:35.0031 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    15:11:35.0156 3076 Atmarpc - ok
    15:11:35.0203 3076 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
    15:11:35.0328 3076 ATSWPDRV - ok
    15:11:35.0390 3076 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    15:11:35.0531 3076 AudioSrv - ok
    15:11:35.0609 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    15:11:35.0718 3076 audstub - ok
    15:11:35.0781 3076 b57w2k (fbc80c5ad5d6995614cd99d505ec812d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    15:11:35.0812 3076 b57w2k - ok
    15:11:35.0812 3076 backupclientsvc - ok
    15:11:35.0875 3076 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    15:11:35.0890 3076 BANTExt ( UnsignedFile.Multi.Generic ) - warning
    15:11:35.0890 3076 BANTExt - detected UnsignedFile.Multi.Generic (1)
    15:11:36.0015 3076 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    15:11:36.0046 3076 BBSvc - ok
    15:11:36.0109 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    15:11:36.0250 3076 Beep - ok
    15:11:36.0578 3076 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
    15:11:36.0656 3076 BHDrvx86 - ok
    15:11:36.0781 3076 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    15:11:37.0062 3076 BITS - ok
    15:11:37.0156 3076 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    15:11:37.0187 3076 Bonjour Service - ok
    15:11:37.0328 3076 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    15:11:37.0437 3076 Browser - ok
    15:11:37.0515 3076 btaudio (d6407b9a012205e5754866e145165c29) C:\WINDOWS\system32\drivers\btaudio.sys
    15:11:37.0531 3076 btaudio - ok
    15:11:37.0593 3076 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
    15:11:37.0609 3076 BTDriver - ok
    15:11:37.0687 3076 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    15:11:37.0718 3076 BTKRNL - ok
    15:11:37.0953 3076 btwdins (13ba08998aba2a7f23c28eed0ce8c176) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    15:11:37.0984 3076 btwdins - ok
    15:11:38.0109 3076 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    15:11:38.0125 3076 BTWDNDIS - ok
    15:11:38.0171 3076 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
    15:11:38.0187 3076 btwhid - ok
    15:11:38.0218 3076 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys
    15:11:38.0234 3076 BTWUSB - ok
    15:11:38.0250 3076 cavasm - ok
    15:11:38.0296 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    15:11:38.0421 3076 cbidf2k - ok
    15:11:38.0453 3076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    15:11:38.0578 3076 CCDECODE - ok
    15:11:38.0593 3076 cd20xrnt - ok
    15:11:38.0656 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    15:11:38.0765 3076 Cdaudio - ok
    15:11:38.0812 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    15:11:38.0921 3076 Cdfs - ok
    15:11:38.0968 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    15:11:39.0078 3076 Cdrom - ok
    15:11:39.0125 3076 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    15:11:39.0140 3076 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
    15:11:39.0140 3076 cercsr6 - detected UnsignedFile.Multi.Generic (1)
    15:11:39.0156 3076 Changer - ok
    15:11:39.0203 3076 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    15:11:39.0312 3076 CiSvc - ok
    15:11:39.0328 3076 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    15:11:39.0453 3076 ClipSrv - ok
    15:11:39.0593 3076 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:11:39.0609 3076 clr_optimization_v2.0.50727_32 - ok
    15:11:39.0718 3076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:11:39.0734 3076 clr_optimization_v4.0.30319_32 - ok
    15:11:39.0828 3076 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    15:11:39.0953 3076 CmBatt - ok
    15:11:39.0968 3076 CmdIde - ok
    15:11:40.0031 3076 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    15:11:40.0187 3076 Compbatt - ok
    15:11:40.0203 3076 COMSysApp - ok
    15:11:40.0250 3076 Cpqarray - ok
    15:11:40.0328 3076 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    15:11:40.0359 3076 cpudrv - ok
    15:11:40.0515 3076 cpuz132 - ok
    15:11:40.0531 3076 cpuz134 - ok
    15:11:40.0593 3076 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    15:11:40.0703 3076 CryptSvc - ok
    15:11:40.0734 3076 dac2w2k - ok
    15:11:40.0765 3076 dac960nt - ok
    15:11:40.0812 3076 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
    15:11:40.0875 3076 DAMDrv - ok
    15:11:40.0921 3076 dc3d (91c1736e77cff029302728b431d0eedb) C:\WINDOWS\system32\DRIVERS\dc3d.sys
    15:11:40.0937 3076 dc3d - ok
    15:11:41.0015 3076 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    15:11:41.0078 3076 DcomLaunch - ok
    15:11:41.0125 3076 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    15:11:41.0265 3076 Dhcp - ok
    15:11:41.0359 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    15:11:41.0468 3076 Disk - ok
    15:11:41.0484 3076 dmadmin - ok
    15:11:41.0546 3076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    15:11:41.0687 3076 dmboot - ok
    15:11:41.0703 3076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    15:11:41.0843 3076 dmio - ok
    15:11:41.0875 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    15:11:41.0984 3076 dmload - ok
    15:11:42.0031 3076 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    15:11:42.0171 3076 dmserver - ok
    15:11:42.0250 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    15:11:42.0390 3076 DMusic - ok
    15:11:42.0437 3076 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    15:11:42.0531 3076 Dnscache - ok
    15:11:42.0578 3076 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    15:11:42.0718 3076 Dot3svc - ok
    15:11:42.0750 3076 dpti2o - ok
    15:11:42.0828 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    15:11:42.0953 3076 drmkaud - ok
    15:11:42.0984 3076 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    15:11:43.0109 3076 E100B - ok
    15:11:43.0171 3076 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    15:11:43.0296 3076 EapHost - ok
    15:11:43.0421 3076 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    15:11:43.0437 3076 eeCtrl - ok
    15:11:43.0515 3076 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    15:11:43.0546 3076 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
    15:11:43.0546 3076 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
    15:11:43.0671 3076 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    15:11:43.0734 3076 EPSON_EB_RPCV4_01 - ok
    15:11:43.0781 3076 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    15:11:43.0812 3076 EPSON_PM_RPCV4_01 - ok
    15:11:43.0875 3076 EraserUtilDrv11010 - ok
    15:11:43.0921 3076 EraserUtilDrv11110 - ok
    15:11:43.0953 3076 EraserUtilDrvI11 - ok
    15:11:44.0015 3076 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    15:11:44.0031 3076 EraserUtilRebootDrv - ok
    15:11:44.0171 3076 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    15:11:44.0296 3076 ERSvc - ok
    15:11:44.0421 3076 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    15:11:44.0453 3076 Eventlog - ok
    15:11:44.0546 3076 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    15:11:44.0609 3076 EventSystem - ok
    15:11:44.0781 3076 EvtEng (ddebcc0aa7bd3eb02abce6b3d8536dea) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    15:11:44.0890 3076 EvtEng - ok
    15:11:45.0046 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    15:11:45.0218 3076 Fastfat - ok
    15:11:45.0281 3076 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    15:11:45.0359 3076 FastUserSwitchingCompatibility - ok
    15:11:45.0453 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    15:11:45.0562 3076 Fdc - ok
    15:11:45.0593 3076 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    15:11:45.0609 3076 FilterService - ok
    15:11:45.0656 3076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    15:11:45.0765 3076 Fips - ok
    15:11:45.0812 3076 FLCDLOCK (224138e0ccdf7ce3281298473f6fd1d2) C:\WINDOWS\system32\flcdlock.exe
    15:11:45.0843 3076 FLCDLOCK ( UnsignedFile.Multi.Generic ) - warning
    15:11:45.0843 3076 FLCDLOCK - detected UnsignedFile.Multi.Generic (1)
    15:11:45.0921 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    15:11:46.0031 3076 Flpydisk - ok
    15:11:46.0109 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    15:11:46.0234 3076 FltMgr - ok
    15:11:46.0328 3076 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    15:11:46.0343 3076 FontCache3.0.0.0 - ok
    15:11:46.0500 3076 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    15:11:46.0515 3076 FreeAgentGoNext Service - ok
    15:11:46.0593 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    15:11:46.0734 3076 Fs_Rec - ok
    15:11:46.0781 3076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    15:11:47.0015 3076 Ftdisk - ok
    15:11:47.0093 3076 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    15:11:47.0109 3076 GEARAspiWDM - ok
    15:11:47.0187 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    15:11:47.0296 3076 Gpc - ok
    15:11:47.0375 3076 GTIPCI21 (cea72ac01892b12514d15e21ef1bc75d) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
    15:11:47.0437 3076 GTIPCI21 - ok
    15:11:47.0562 3076 gupdate - ok
    15:11:47.0578 3076 gupdatem - ok
    15:11:47.0671 3076 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    15:11:47.0687 3076 gusvc - ok
    15:11:47.0734 3076 HBtnKey (cef316dbbd1b3845a6d53ed620eb1aeb) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
    15:11:47.0750 3076 HBtnKey - ok
    15:11:47.0828 3076 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    15:11:48.0000 3076 HDAudBus - ok
    15:11:48.0078 3076 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    15:11:48.0234 3076 helpsvc - ok
    15:11:48.0312 3076 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    15:11:48.0453 3076 HidServ - ok
    15:11:48.0546 3076 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    15:11:48.0703 3076 HidUsb - ok
    15:11:48.0750 3076 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    15:11:48.0875 3076 hkmsvc - ok
    15:11:49.0031 3076 HPDrvMntSvc.exe (d0f60ce40d7d4720220f1e08374ab355) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    15:11:49.0031 3076 HPDrvMntSvc.exe - ok
    15:11:49.0093 3076 hpdskflt (c1ae4bc866aaf10d8bbb182b35c14986) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
    15:11:49.0109 3076 hpdskflt - ok
    15:11:49.0125 3076 hpn - ok
    15:11:49.0187 3076 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
    15:11:49.0265 3076 HpqKbFiltr - ok
    15:11:49.0421 3076 hpqwmiex (d34958999080832002e32ba0a76bbb9c) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    15:11:49.0468 3076 hpqwmiex - ok
    15:11:49.0578 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    15:11:49.0671 3076 HTTP - ok
    15:11:49.0718 3076 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    15:11:49.0875 3076 HTTPFilter - ok
    15:11:49.0921 3076 i2omgmt - ok
    15:11:49.0968 3076 i2omp - ok
    15:11:50.0000 3076 i8042prt - ok
    15:11:50.0281 3076 IAANTMon (0b66a9a2137213075f753579e7d573a5) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    15:11:50.0328 3076 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
    15:11:50.0328 3076 IAANTMon - detected UnsignedFile.Multi.Generic (1)
    15:11:50.0546 3076 iastor (f4037a3fedb92dd97c95f320766ea5c9) C:\WINDOWS\system32\drivers\iastor.sys
    15:11:50.0687 3076 iastor - ok
    15:11:51.0578 3076 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:11:52.0562 3076 idsvc - ok
    15:11:53.0531 3076 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120330.002\IDSxpx86.sys
    15:11:54.0031 3076 IDSxpx86 - ok
    15:11:54.0750 3076 IFXSpMgtSrv (29ba1bcc6bde337e7c8f81cc8d401cbd) C:\WINDOWS\system32\ifxspmgt.exe
    15:11:55.0375 3076 IFXSpMgtSrv - ok
    15:11:55.0562 3076 IFXTCS (02b893d0b89e0b28881a1cab6f337a0b) C:\WINDOWS\system32\IFXTCS.exe
    15:11:55.0671 3076 IFXTCS - ok
    15:11:55.0734 3076 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
    15:11:55.0796 3076 IFXTPM - ok
    15:11:55.0921 3076 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    15:11:56.0031 3076 IISADMIN - ok
    15:11:56.0156 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    15:11:56.0328 3076 Imapi - ok
    15:11:56.0375 3076 ImapiService (661a7bb512a6fa96c811d896c1ecac2c) C:\WINDOWS\system32\imapihp.exe
    15:11:56.0437 3076 ImapiService ( UnsignedFile.Multi.Generic ) - warning
    15:11:56.0437 3076 ImapiService - detected UnsignedFile.Multi.Generic (1)
    15:11:56.0500 3076 ini910u - ok
    15:11:56.0531 3076 IntelIde - ok
    15:11:56.0593 3076 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    15:11:56.0687 3076 intelppm - ok
    15:11:56.0812 3076 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
    15:11:56.0828 3076 iomdisk ( UnsignedFile.Multi.Generic ) - warning
    15:11:56.0828 3076 iomdisk - detected UnsignedFile.Multi.Generic (1)
    15:11:56.0953 3076 Iomega App Services (19ef7fb809d3073ee60f85464e9c4c51) C:\PROGRA~1\Iomega\System32\AppServices.exe
    15:11:56.0968 3076 Iomega App Services ( UnsignedFile.Multi.Generic ) - warning
    15:11:56.0968 3076 Iomega App Services - detected UnsignedFile.Multi.Generic (1)
    15:11:57.0062 3076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    15:11:57.0171 3076 Ip6Fw - ok
    15:11:57.0281 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    15:11:57.0421 3076 IpFilterDriver - ok
    15:11:57.0484 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    15:11:57.0593 3076 IpInIp - ok
    15:11:57.0625 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    15:11:57.0734 3076 IpNat - ok
    15:11:57.0859 3076 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
    15:11:57.0968 3076 iPod Service - ok
    15:11:58.0093 3076 Iprip (f08d74ec300b8ba60ca953c58a24d19e) C:\WINDOWS\System32\iprip.dll
    15:11:58.0187 3076 Iprip - ok
    15:11:58.0265 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    15:11:58.0406 3076 IPSec - ok
    15:11:58.0453 3076 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    15:11:58.0546 3076 irda - ok
    15:11:58.0593 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    15:11:58.0640 3076 IRENUM - ok
    15:11:58.0718 3076 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
    15:11:58.0781 3076 Irmon - ok
    15:11:58.0859 3076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    15:11:58.0968 3076 isapnp - ok
    15:11:59.0140 3076 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    15:11:59.0156 3076 JavaQuickStarterService - ok
    15:11:59.0265 3076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    15:11:59.0390 3076 Kbdclass - ok
    15:11:59.0453 3076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    15:11:59.0593 3076 kbdhid - ok
    15:11:59.0625 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    15:11:59.0750 3076 kmixer - ok
    15:11:59.0796 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    15:11:59.0875 3076 KSecDD - ok
    15:11:59.0921 3076 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    15:11:59.0984 3076 lanmanserver - ok
    15:12:00.0031 3076 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    15:12:00.0062 3076 lanmanworkstation - ok
    15:12:00.0093 3076 lbrtfdc - ok
    15:12:00.0187 3076 LHidFlt2 (03976c309ede05d39017c05b817cd94f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
    15:12:00.0234 3076 LHidFlt2 - ok
    15:12:00.0296 3076 LHidUsb (25688115843c4028686a96d88bc28007) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
    15:12:00.0359 3076 LHidUsb - ok
    15:12:00.0468 3076 LightScribeService (8577ca80212a3ee1cf2fd1fc91e1cff6) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    15:12:00.0484 3076 LightScribeService - ok
    15:12:00.0609 3076 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    15:12:00.0781 3076 LmHosts - ok
    15:12:00.0859 3076 LMouFlt2 (26407519fca64ec4091fe1f815b4afc4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
    15:12:00.0906 3076 LMouFlt2 - ok
    15:12:00.0968 3076 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    15:12:00.0984 3076 lvpopflt - ok
    15:12:01.0078 3076 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    15:12:01.0093 3076 LVPr2Mon - ok
    15:12:01.0234 3076 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    15:12:01.0250 3076 LVPrcSrv - ok
    15:12:01.0328 3076 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    15:12:01.0359 3076 LVRS - ok
    15:12:01.0609 3076 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    15:12:02.0031 3076 LVUVC - ok

    ***** END OF 1st HALF*****
     
  14. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    And now here's the 2nd half...


    15:12:02.0187 3076 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
    15:12:02.0234 3076 MatSvc - ok
    15:12:02.0328 3076 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    15:12:02.0343 3076 MBAMProtector - ok
    15:12:02.0421 3076 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    15:12:02.0468 3076 MBAMService - ok
    15:12:02.0484 3076 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    15:12:02.0625 3076 Messenger - ok
    15:12:02.0703 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    15:12:02.0843 3076 mnmdd - ok
    15:12:02.0890 3076 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    15:12:03.0015 3076 mnmsrvc - ok
    15:12:03.0078 3076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    15:12:03.0187 3076 Modem - ok
    15:12:03.0265 3076 mosuport (349f92f27c7e9f2af4db418a4b3eac00) C:\WINDOWS\system32\DRIVERS\mosuport.sys
    15:12:03.0390 3076 mosuport ( UnsignedFile.Multi.Generic ) - warning
    15:12:03.0390 3076 mosuport - detected UnsignedFile.Multi.Generic (1)
    15:12:03.0421 3076 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
    15:12:03.0468 3076 motmodem - ok
    15:12:03.0531 3076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    15:12:03.0640 3076 Mouclass - ok
    15:12:03.0703 3076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    15:12:03.0859 3076 mouhid - ok
    15:12:03.0921 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    15:12:04.0062 3076 MountMgr - ok
    15:12:04.0078 3076 mraid35x - ok
    15:12:04.0125 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    15:12:04.0281 3076 MRxDAV - ok
    15:12:04.0343 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    15:12:04.0437 3076 MRxSmb - ok
    15:12:04.0484 3076 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    15:12:04.0625 3076 MSDTC - ok
    15:12:04.0718 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    15:12:04.0859 3076 Msfs - ok
    15:12:04.0921 3076 MSFtpsvc (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    15:12:04.0984 3076 MSFtpsvc - ok
    15:12:05.0000 3076 MSIServer - ok
    15:12:05.0046 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    15:12:05.0187 3076 MSKSSRV - ok
    15:12:05.0218 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    15:12:05.0312 3076 MSPCLOCK - ok
    15:12:05.0328 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    15:12:05.0453 3076 MSPQM - ok
    15:12:05.0531 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15:12:05.0640 3076 mssmbios - ok
    15:12:05.0687 3076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    15:12:05.0812 3076 MSTEE - ok
    15:12:05.0859 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    15:12:05.0906 3076 Mup - ok
    15:12:05.0953 3076 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
    15:12:05.0984 3076 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
    15:12:05.0984 3076 MxlW2k - detected UnsignedFile.Multi.Generic (1)
    15:12:06.0156 3076 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    15:12:06.0203 3076 N360 - ok
    15:12:06.0640 3076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    15:12:06.0796 3076 NABTSFEC - ok
    15:12:06.0906 3076 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    15:12:07.0031 3076 napagent - ok
    15:12:07.0375 3076 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120330.036\NAVENG.SYS
    15:12:07.0390 3076 NAVENG - ok
    15:12:07.0640 3076 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120330.036\NAVEX15.SYS
    15:12:07.0796 3076 NAVEX15 - ok
    15:12:07.0953 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    15:12:08.0156 3076 NDIS - ok
    15:12:08.0203 3076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    15:12:08.0296 3076 NdisIP - ok
    15:12:08.0343 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    15:12:08.0390 3076 NdisTapi - ok
    15:12:08.0437 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    15:12:08.0546 3076 Ndisuio - ok
    15:12:08.0609 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    15:12:08.0703 3076 NdisWan - ok
    15:12:08.0750 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    15:12:08.0796 3076 NDProxy - ok
    15:12:08.0859 3076 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
    15:12:08.0890 3076 Netaapl - ok
    15:12:08.0937 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    15:12:09.0046 3076 NetBIOS - ok
    15:12:09.0109 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    15:12:09.0218 3076 NetBT - ok
    15:12:09.0281 3076 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    15:12:09.0390 3076 NetDDE - ok
    15:12:09.0406 3076 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    15:12:09.0500 3076 NetDDEdsdm - ok
    15:12:09.0546 3076 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:12:09.0640 3076 Netlogon - ok
    15:12:09.0687 3076 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    15:12:09.0812 3076 Netman - ok
    15:12:09.0968 3076 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:12:09.0984 3076 NetTcpPortSharing - ok
    15:12:10.0109 3076 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
    15:12:10.0281 3076 NETw4x32 - ok
    15:12:10.0500 3076 NETw5x32 (3bdc90d9b12b685944f2b0896af5413c) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    15:12:11.0078 3076 NETw5x32 ( UnsignedFile.Multi.Generic ) - warning
    15:12:11.0078 3076 NETw5x32 - detected UnsignedFile.Multi.Generic (1)
    15:12:11.0140 3076 NetWlan5 (9a6a0193c0f6a79f191171816976fc73) C:\WINDOWS\system32\DRIVERS\NetWlan5.sys
    15:12:11.0312 3076 NetWlan5 - ok
    15:12:11.0531 3076 NETwLx32 (cbd6918929b5edacff9c782536019bbb) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
    15:12:12.0000 3076 NETwLx32 - ok
    15:12:12.0093 3076 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    15:12:12.0140 3076 Nla - ok
    15:12:12.0234 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    15:12:12.0359 3076 Npfs - ok
    15:12:12.0406 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    15:12:12.0562 3076 Ntfs - ok
    15:12:12.0625 3076 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:12:12.0718 3076 NtLmSsp - ok
    15:12:12.0796 3076 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    15:12:12.0937 3076 NtmsSvc - ok
    15:12:13.0015 3076 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    15:12:13.0031 3076 NuidFltr - ok
    15:12:13.0078 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    15:12:13.0187 3076 Null - ok
    15:12:13.0234 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    15:12:13.0375 3076 NwlnkFlt - ok
    15:12:13.0406 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    15:12:13.0546 3076 NwlnkFwd - ok
    15:12:13.0546 3076 OMCI - ok
    15:12:13.0609 3076 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) C:\WINDOWS\system32\p2pgasvc.dll
    15:12:13.0750 3076 p2pgasvc - ok
    15:12:13.0812 3076 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
    15:12:13.0984 3076 p2pimsvc - ok
    15:12:14.0015 3076 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
    15:12:14.0125 3076 p2psvc - ok
    15:12:14.0218 3076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    15:12:14.0343 3076 Parport - ok
    15:12:14.0375 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    15:12:14.0515 3076 PartMgr - ok
    15:12:14.0531 3076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    15:12:14.0656 3076 ParVdm - ok
    15:12:14.0671 3076 PCA - ok
    15:12:14.0734 3076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    15:12:14.0843 3076 PCI - ok
    15:12:14.0875 3076 PCIDump - ok
    15:12:14.0937 3076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    15:12:15.0046 3076 PCIIde - ok
    15:12:15.0093 3076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    15:12:15.0203 3076 Pcmcia - ok
    15:12:15.0250 3076 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    15:12:15.0250 3076 pcouffin ( UnsignedFile.Multi.Generic ) - warning
    15:12:15.0250 3076 pcouffin - detected UnsignedFile.Multi.Generic (1)
    15:12:15.0265 3076 PDCOMP - ok
    15:12:15.0281 3076 PDFRAME - ok
    15:12:15.0312 3076 PDRELI - ok
    15:12:15.0328 3076 PDRFRAME - ok
    15:12:15.0359 3076 perc2 - ok
    15:12:15.0375 3076 perc2hib - ok
    15:12:15.0484 3076 PersonalSecureDrive (f21b077b1fba7aa331fa1087078d92e8) C:\WINDOWS\System32\drivers\psd.sys
    15:12:15.0500 3076 PersonalSecureDrive - ok
    15:12:15.0515 3076 PersonalSecureDriveService (c30a73c602c09bc8404a18497ad24145) C:\WINDOWS\system32\IfxPsdSv.exe
    15:12:15.0531 3076 PersonalSecureDriveService - ok
    15:12:15.0593 3076 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    15:12:15.0609 3076 PlugPlay - ok
    15:12:15.0687 3076 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
    15:12:15.0781 3076 PNRPSvc - ok
    15:12:15.0875 3076 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
    15:12:15.0875 3076 Point32 - ok
    15:12:15.0953 3076 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:12:16.0046 3076 PolicyAgent - ok
    15:12:16.0109 3076 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
    15:12:16.0140 3076 ppsio2 ( UnsignedFile.Multi.Generic ) - warning
    15:12:16.0140 3076 ppsio2 - detected UnsignedFile.Multi.Generic (1)
    15:12:16.0203 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    15:12:16.0328 3076 PptpMiniport - ok
    15:12:16.0375 3076 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:12:16.0500 3076 ProtectedStorage - ok
    15:12:16.0578 3076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    15:12:16.0703 3076 PSched - ok
    15:12:16.0718 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    15:12:16.0843 3076 Ptilink - ok
    15:12:16.0875 3076 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    15:12:16.0890 3076 PxHelp20 - ok
    15:12:16.0906 3076 ql1080 - ok
    15:12:16.0921 3076 Ql10wnt - ok
    15:12:16.0953 3076 ql12160 - ok
    15:12:16.0968 3076 ql1240 - ok
    15:12:17.0000 3076 ql1280 - ok
    15:12:17.0031 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    15:12:17.0125 3076 RasAcd - ok
    15:12:17.0187 3076 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    15:12:17.0296 3076 RasAuto - ok
    15:12:17.0359 3076 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    15:12:17.0421 3076 Rasirda - ok
    15:12:17.0437 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    15:12:17.0546 3076 Rasl2tp - ok
    15:12:17.0609 3076 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    15:12:17.0718 3076 RasMan - ok
    15:12:17.0781 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    15:12:17.0890 3076 RasPppoe - ok
    15:12:17.0937 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    15:12:18.0046 3076 Raspti - ok
    15:12:18.0078 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    15:12:18.0187 3076 Rdbss - ok
    15:12:18.0234 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    15:12:18.0328 3076 RDPCDD - ok
    15:12:18.0375 3076 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    15:12:18.0484 3076 rdpdr - ok
    15:12:18.0562 3076 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    15:12:18.0578 3076 RDPWD - ok
    15:12:18.0625 3076 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    15:12:18.0718 3076 RDSessMgr - ok
    15:12:18.0781 3076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    15:12:18.0890 3076 redbook - ok
    15:12:19.0046 3076 RegSrvc (5608ed3957105bc14e3c426bb27ac5a1) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    15:12:19.0078 3076 RegSrvc - ok
    15:12:19.0218 3076 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    15:12:19.0359 3076 RemoteAccess - ok
    15:12:19.0406 3076 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    15:12:19.0562 3076 RemoteRegistry - ok
    15:12:19.0656 3076 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
    15:12:19.0671 3076 Revoflt - ok
    15:12:19.0812 3076 rma (fc4ffde5abbfbd95ad7564db199e1864) C:/Novadigm/ManagementAgent/nvdkit.exe
    15:12:20.0218 3076 rma ( Rootkit.Win32.PMax.gen ) - infected
    15:12:20.0218 3076 rma - detected Rootkit.Win32.PMax.gen (0)
    15:12:20.0234 3076 rootrepeal - ok
    15:12:20.0265 3076 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    15:12:20.0375 3076 RpcLocator - ok
    15:12:20.0437 3076 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    15:12:20.0453 3076 RpcSs - ok
    15:12:20.0515 3076 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    15:12:20.0640 3076 RSVP - ok
    15:12:20.0812 3076 S24EventMonitor (b67d13453f33f569ba6cab45447ad724) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    15:12:20.0906 3076 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
    15:12:20.0906 3076 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
    15:12:21.0046 3076 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    15:12:21.0062 3076 s24trans ( UnsignedFile.Multi.Generic ) - warning
    15:12:21.0062 3076 s24trans - detected UnsignedFile.Multi.Generic (1)
    15:12:21.0125 3076 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:12:21.0265 3076 SamSs - ok
    15:12:21.0453 3076 SamsungAllShareV2.0 (8325093bdae38247a8482ab0a1bc37ce) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    15:12:21.0484 3076 SamsungAllShareV2.0 - ok
    15:12:21.0593 3076 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    15:12:21.0750 3076 SCardSvr - ok
    15:12:21.0828 3076 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    15:12:21.0953 3076 Schedule - ok
    15:12:22.0015 3076 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    15:12:22.0125 3076 sdbus - ok
    15:12:22.0250 3076 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    15:12:22.0265 3076 SeaPort - ok
    15:12:22.0343 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    15:12:22.0421 3076 Secdrv - ok
    15:12:22.0453 3076 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    15:12:22.0578 3076 seclogon - ok
    15:12:22.0625 3076 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    15:12:22.0750 3076 SENS - ok
    15:12:22.0796 3076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    15:12:22.0921 3076 Serial - ok
    15:12:23.0015 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    15:12:23.0140 3076 Sfloppy - ok
    15:12:23.0203 3076 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    15:12:23.0328 3076 SharedAccess - ok
    15:12:23.0375 3076 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    15:12:23.0390 3076 ShellHWDetection - ok
    15:12:23.0406 3076 Simbad - ok
    15:12:23.0546 3076 SimpleSlideShowServer (002efe99e9117d8c9feb17ce9cc6af82) C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
    15:12:23.0562 3076 SimpleSlideShowServer - ok
    15:12:23.0625 3076 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe
    15:12:23.0734 3076 SimpTcp - ok
    15:12:23.0781 3076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    15:12:23.0906 3076 SLIP - ok
    15:12:23.0937 3076 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    15:12:24.0000 3076 SMCIRDA - ok
    15:12:24.0109 3076 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    15:12:24.0156 3076 SMTPSVC - ok
    15:12:24.0203 3076 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
    15:12:24.0328 3076 SNMP - ok
    15:12:24.0359 3076 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
    15:12:24.0468 3076 SNMPTRAP - ok
    15:12:24.0484 3076 Sparrow - ok
    15:12:24.0546 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    15:12:24.0640 3076 splitter - ok
    15:12:24.0687 3076 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    15:12:24.0734 3076 Spooler - ok
    15:12:24.0765 3076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    15:12:24.0843 3076 sr - ok
    15:12:24.0906 3076 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    15:12:24.0968 3076 srservice - ok
    15:12:25.0093 3076 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
    15:12:25.0125 3076 SRTSP - ok
    15:12:25.0171 3076 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
    15:12:25.0171 3076 SRTSPX - ok
    15:12:25.0265 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    15:12:25.0312 3076 Srv - ok
    15:12:25.0375 3076 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    15:12:25.0437 3076 SSDPSRV - ok
    15:12:25.0515 3076 StatusAgent4 (773940b8d50439391ffa619b3eef01a3) C:\WINDOWS\system32\SAgent4.exe
    15:12:25.0546 3076 StatusAgent4 ( UnsignedFile.Multi.Generic ) - warning
    15:12:25.0546 3076 StatusAgent4 - detected UnsignedFile.Multi.Generic (1)
    15:12:25.0671 3076 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    15:12:26.0015 3076 stisvc - ok
    15:12:26.0421 3076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    15:12:26.0562 3076 streamip - ok
    15:12:27.0000 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    15:12:27.0187 3076 swenum - ok
    15:12:27.0593 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    15:12:27.0718 3076 swmidi - ok
    15:12:27.0859 3076 SwPrv - ok
    15:12:28.0093 3076 symc810 - ok
    15:12:28.0281 3076 symc8xx - ok
    15:12:28.0453 3076 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
    15:12:28.0484 3076 SymDS - ok
    15:12:28.0562 3076 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
    15:12:28.0625 3076 SymEFA - ok
    15:12:28.0703 3076 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    15:12:28.0718 3076 SymEvent - ok
    15:12:28.0734 3076 SYMFW - ok
    15:12:28.0750 3076 SYMIDS - ok
    15:12:28.0828 3076 SymIM (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    15:12:28.0843 3076 SymIM - ok
    15:12:28.0859 3076 SymIMMP (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    15:12:28.0859 3076 SymIMMP - ok
    15:12:28.0906 3076 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
    15:12:28.0921 3076 SymIRON - ok
    15:12:28.0921 3076 SYMNDIS - ok
    15:12:29.0000 3076 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
    15:12:29.0031 3076 SYMTDI - ok
    15:12:29.0046 3076 sym_hi - ok
    15:12:29.0062 3076 sym_u3 - ok
    15:12:29.0140 3076 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    15:12:29.0203 3076 SynTP - ok
    15:12:29.0234 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    15:12:29.0343 3076 sysaudio - ok
    15:12:29.0390 3076 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    15:12:29.0484 3076 SysmonLog - ok
    15:12:29.0546 3076 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    15:12:29.0656 3076 TapiSrv - ok
    15:12:29.0750 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    15:12:29.0781 3076 Tcpip - ok
    15:12:29.0859 3076 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    15:12:29.0875 3076 Tcpip6 - ok
    15:12:29.0921 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    15:12:30.0031 3076 TDPIPE - ok
    15:12:30.0078 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    15:12:30.0171 3076 TDTCP - ok
    15:12:30.0203 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    15:12:30.0312 3076 TermDD - ok
    15:12:30.0359 3076 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    15:12:30.0484 3076 TermService - ok
    15:12:30.0531 3076 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    15:12:30.0546 3076 Themes - ok
    15:12:30.0609 3076 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\WINDOWS\system32\drivers\tifm21.sys
    15:12:30.0671 3076 tifm21 - ok
    15:12:30.0718 3076 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    15:12:30.0796 3076 TlntSvr - ok
    15:12:30.0796 3076 TosIde - ok
    15:12:30.0921 3076 Tq_91Assistant (8dc050d1558e0cc1593b63765c5c5fcf) C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys
    15:12:30.0953 3076 Tq_91Assistant - ok
    15:12:31.0000 3076 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    15:12:31.0109 3076 TrkWks - ok
    15:12:31.0171 3076 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    15:12:31.0296 3076 tunmp - ok
    15:12:31.0312 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    15:12:31.0421 3076 Udfs - ok
    15:12:31.0468 3076 ultra - ok
    15:12:31.0531 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    15:12:31.0656 3076 Update - ok
    15:12:31.0703 3076 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    15:12:31.0750 3076 upnphost - ok
    15:12:31.0781 3076 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    15:12:31.0890 3076 UPS - ok
    15:12:31.0953 3076 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    15:12:31.0953 3076 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
    15:12:31.0953 3076 USBAAPL - detected UnsignedFile.Multi.Generic (1)
    15:12:32.0000 3076 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    15:12:32.0109 3076 usbaudio - ok
    15:12:32.0156 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    15:12:32.0265 3076 usbccgp - ok
    15:12:32.0296 3076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    15:12:32.0406 3076 usbehci - ok
    15:12:32.0453 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    15:12:32.0546 3076 usbhub - ok
    15:12:32.0609 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    15:12:32.0703 3076 usbscan - ok
    15:12:32.0750 3076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    15:12:32.0859 3076 USBSTOR - ok
    15:12:32.0890 3076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    15:12:33.0000 3076 usbuhci - ok
    15:12:33.0031 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    15:12:33.0140 3076 VgaSave - ok
    15:12:33.0156 3076 ViaIde - ok
    15:12:33.0203 3076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    15:12:33.0312 3076 VolSnap - ok
    15:12:33.0375 3076 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    15:12:33.0421 3076 VSS - ok
    15:12:33.0609 3076 VYHTONMFEYDV - ok
    15:12:33.0656 3076 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    15:12:33.0750 3076 W32Time - ok
    15:12:33.0843 3076 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    15:12:33.0906 3076 W3SVC - ok
    15:12:33.0984 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    15:12:34.0125 3076 Wanarp - ok
    15:12:34.0296 3076 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    15:12:34.0343 3076 Wdf01000 - ok
    15:12:34.0343 3076 WDICA - ok
    15:12:34.0406 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    15:12:34.0562 3076 wdmaud - ok
    15:12:34.0640 3076 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    15:12:34.0796 3076 WebClient - ok
    15:12:34.0875 3076 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    15:12:35.0015 3076 winmgmt - ok
    15:12:35.0093 3076 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
    15:12:35.0296 3076 WinRM - ok
    15:12:35.0500 3076 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    15:12:35.0640 3076 wlidsvc - ok
    15:12:35.0781 3076 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    15:12:35.0859 3076 WmdmPmSN - ok
    15:12:35.0921 3076 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    15:12:36.0000 3076 Wmi - ok
    15:12:36.0109 3076 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    15:12:36.0296 3076 WmiAcpi - ok
    15:12:36.0390 3076 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    15:12:36.0515 3076 WmiApSrv - ok
    15:12:36.0625 3076 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    15:12:36.0703 3076 WMPNetworkSvc - ok
    15:12:36.0968 3076 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:12:37.0062 3076 WPFFontCache_v0400 - ok
    15:12:37.0140 3076 WSearch - ok
    15:12:37.0265 3076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    15:12:37.0453 3076 WSTCODEC - ok
    15:12:37.0500 3076 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    15:12:37.0609 3076 wuauserv - ok
    15:12:37.0656 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    15:12:37.0703 3076 WudfPf - ok
    15:12:37.0734 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    15:12:37.0750 3076 WudfRd - ok
    15:12:37.0781 3076 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    15:12:37.0796 3076 WudfSvc - ok
    15:12:37.0859 3076 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    15:12:38.0046 3076 WZCSVC - ok
    15:12:38.0093 3076 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    15:12:38.0203 3076 xmlprov - ok
    15:12:38.0312 3076 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    15:12:38.0406 3076 YahooAUService - ok
    15:12:38.0531 3076 _IOMEGA_ACTIVE_DISK_SERVICE_ (b624180218bb196ad9869d5d6b454318) C:\Program Files\Iomega\AutoDisk\ADService.exe
    15:12:38.0562 3076 _IOMEGA_ACTIVE_DISK_SERVICE_ ( UnsignedFile.Multi.Generic ) - warning
    15:12:38.0562 3076 _IOMEGA_ACTIVE_DISK_SERVICE_ - detected UnsignedFile.Multi.Generic (1)
    15:12:38.0593 3076 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    15:12:38.0843 3076 \Device\Harddisk0\DR0 - ok
    15:12:38.0859 3076 Boot (0x1200) (8ef0719d069556ff4bdfe02646bfa2fd) \Device\Harddisk0\DR0\Partition0
    15:12:38.0859 3076 \Device\Harddisk0\DR0\Partition0 - ok
    15:12:38.0875 3076 ============================================================
    15:12:38.0875 3076 Scan finished
    15:12:38.0875 3076 ============================================================
    15:12:39.0031 7984 Detected object count: 24
    15:12:39.0031 7984 Actual detected object count: 24
     
  15. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Ok, it's running now...
    After running for 2 minutes it popped up this infobox...
    "You are infected with Rootkit.Zeroacess, it is embedded within the tcp/ip stack...

    It just installed recovery console, rebooted, and now backing up registry

    I'll post back here when it's completed...
    Wow working on a Sunday Broni...You're awesome
     
  17. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    ok, combofix just finished, but a couple things I noticed after the initial reboot...
    After 2 or 3 mins after reboot, all the autostart progs started popping up...
    I thought I had previously disabled them...
    Spybot S&D started auto-updating, lightscribe software, scanner/printer software, and a couple others...

    I'll paste the log below, I was just worried about any possible conflicts from those autostart items, since the Combofix box said not to run any progs during process...
    Damn it.......

    ComboFix 12-04-01.01 - Scott 04/01/2012 15:15:48.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.531 [GMT -7:00]
    Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    ADS - ntoskrnl.exe: deleted 88 bytes in 2 streams.
    ADS - explorer.exe: deleted 88 bytes in 2 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Scott\WINDOWS
    c:\windows\$NtUninstallKB32952$
    c:\windows\$NtUninstallKB32952$\1018300276
    c:\windows\$NtUninstallKB32952$\252809129\@
    c:\windows\$NtUninstallKB32952$\252809129\bckfg.tmp
    c:\windows\$NtUninstallKB32952$\252809129\cfg.ini
    c:\windows\$NtUninstallKB32952$\252809129\Desktop.ini
    c:\windows\$NtUninstallKB32952$\252809129\keywords
    c:\windows\$NtUninstallKB32952$\252809129\kwrd.dll
    c:\windows\$NtUninstallKB32952$\252809129\L\lelapezm
    c:\windows\$NtUninstallKB32952$\252809129\lsflt7.ver
    c:\windows\$NtUninstallKB32952$\252809129\U\00000001.@
    c:\windows\$NtUninstallKB32952$\252809129\U\00000002.@
    c:\windows\$NtUninstallKB32952$\252809129\U\00000004.@
    c:\windows\$NtUninstallKB32952$\252809129\U\80000000.@
    c:\windows\$NtUninstallKB32952$\252809129\U\80000004.@
    c:\windows\$NtUninstallKB32952$\252809129\U\80000032.@
    c:\windows\$NtUninstallKB32952$\252809129\version
    c:\windows\system32\Cache
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-31 03:12 . 2012-03-31 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
    2012-03-30 00:09 . 2012-03-30 00:09 -------- d-----w- c:\documents and settings\Scott\ADMINCOPY
    2012-03-24 08:14 . 2012-03-24 08:14 -------- d-----w- c:\program files\iPod
    2012-03-24 08:13 . 2012-03-24 08:15 -------- d-----w- c:\program files\iTunes
    2012-03-23 23:20 . 2012-03-23 23:20 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
    2012-03-23 05:28 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-23 05:09 . 2012-03-23 05:09 -------- d-----w- c:\program files\Common Files\Java
    2012-03-23 05:08 . 2012-03-23 05:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-21 10:57 . 2012-03-21 10:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixTDSS
    2012-03-21 07:47 . 2012-03-30 11:52 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
    2012-03-20 22:29 . 2012-03-20 22:29 -------- d-----w- C:\2a1760332fdbeb9d829e7d
    2012-03-20 11:55 . 2012-03-20 20:33 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-23 05:07 . 2011-04-22 21:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-21 15:13 . 2005-03-29 20:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-02-03 09:22 . 2004-08-04 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-09 16:20 . 2010-02-17 05:58 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-12-21 07:24 . 2011-12-25 13:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-22 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
    "PPWebCap"="c:\progra~1\ScanSoft\PaperPort\PPWebCap.exe" [2000-09-06 40960]
    "iPhone PC Suite"="c:\program files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [2011-11-22 3932584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-20 1400832]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1206544]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2011-06-23 677144]
    "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-10 806912]
    "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
    "OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2000-10-12 73728]
    "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-21 53248]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 1778064]
    "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-12-02 126976]
    "EEventManager"="c:\progra~1\Epson Software\Event Manager\EEventManager.exe" [2009-04-07 673616]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
    "CognizanceTS"="c:\progra~1\Hewlett-Packard\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2011-12-16 284560]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient Mini\accrdsub.exe" [2006-04-21 176128]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-8 607584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideShutdownScripts"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2006-04-27 22:43 98304 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2006-04-14 22:55 94208 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
    2007-06-08 16:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2007-02-07 08:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\APSHook.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck AUTONTFS C: PAGE=MIN DIRS=NONE MFT=MIN
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "FlexService"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Documents and Settings\\Scott\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\NetDragon\\91 Mobile\\iPhone\\iPhone PC Suite.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)
    "1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
    "16281:TCP"= 16281:TCP:*:Disabled:ares
    "5985:TCP"= 5985:TCP:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [3/20/2012 4:55 AM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [3/20/2012 4:55 AM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/16/2012 7:13 PM 820856]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [6/23/2011 1:53 PM 38816]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [3/20/2012 4:55 AM 136312]
    R2 acachsrv;ActivClient Authentication Service;c:\program files\ActivIdentity\ActivClient Mini\acachsrv.exe [4/12/2006 4:43 PM 81920]
    R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient Mini\accoca.exe [5/2/2006 4:28 PM 135168]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/3/2004 10:00 PM 14336]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/24/2011 9:14 PM 652360]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [3/20/2012 4:55 AM 130008]
    R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [3/9/2011 5:30 PM 23200]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/22/2012 10:45 PM 106104]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/18/2010 2:02 AM 97280]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120330.002\IDSXpx86.sys [3/30/2012 7:36 PM 356280]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/23/2011 1:53 PM 41216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/24/2011 9:13 PM 20464]
    R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [3/5/2011 12:48 AM 6607744]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/11/2010 1:22 AM 47360]
    S0 92490461;92490461;c:\windows\system32\drivers\93517887.sys --> c:\windows\system32\drivers\93517887.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:12 AM 135664]
    S2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:12 AM 135664]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
    S3 cpuz134;cpuz134;\??\c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [6/23/2011 1:41 PM 30008]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [5/2/2011 1:14 PM 44432]
    S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
    S3 EraserUtilDrv11110;EraserUtilDrv11110;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [?]
    S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [?]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
    S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [3/4/2010 8:29 PM 900736]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1/14/2011 3:03 PM 18432]
    S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2/16/2010 11:12 PM 132695]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/27/2011 11:29 PM 27064]
    S3 Tq_91Assistant;Tq_91Assistant;c:\program files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [10/12/2011 5:45 PM 14248]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/3/2004 10:00 PM 14336]
    S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 9:06 AM 172131]
    S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
    S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [8/31/2010 12:16 PM 92216]
    S4 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/3/2004 10:00 PM 14336]
    S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [12/16/2011 4:26 PM 25504]
    S4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [12/16/2011 4:26 PM 27584]
    S4 VYHTONMFEYDV;VYHTONMFEYDV;c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe --> c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe [?]
    S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 10:00 PM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    WINRM REG_MULTI_SZ WINRM
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    incdfs
    VrAcFil
    ISAMSvc
    Pnp680r
    backupclientsvc
    cavasm
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-10-18 22:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
    .
    2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]
    .
    2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]
    .
    2010-02-21 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 21:51]
    .
    2011-05-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
    - c:\program files\Microsoft IntelliType Pro\itype.exe [2010-07-22 00:07]
    .
    2011-12-24 c:\windows\Tasks\User_Feed_Synchronization-{3A5E7D81-63E7-4CF0-9574-ED7741785D2B}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\djykcujg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
    HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
    HKCU-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE
    HKLM-Run-USBDetector - c:\usbstorage\USBDetector.exe
    HKLM-Run-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
    HKLM-Run-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    SafeBoot-49242019.sys
    SafeBoot-92490461.sys
    SafeBoot-klmdb.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-01 17:28
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\drivers\tsk197.tmp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1824)
    c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
    c:\windows\system32\ACLIBEAY.dll
    c:\windows\system32\aclog.dll
    c:\windows\system32\acevtsub.dll
    c:\windows\system32\asphat32.dll
    c:\windows\system32\acauth.dll
    c:\windows\system32\acerrmes.dll
    c:\windows\system32\aspcom.dll
    c:\program files\ActivIdentity\ActivClient Mini\Resources\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient Mini\Resources\asphatrc.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
    c:\windows\system32\netprovcredman.dll
    c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
    c:\windows\system32\aipingui.dll
    c:\program files\ActivIdentity\ActivClient Mini\Resources\acunlockrc.dll
    c:\windows\system32\DeviceNP.dll
    c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
    c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
    .
    - - - - - - - > 'explorer.exe'(5184)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\btmmhook.dll
    c:\program files\Iomega\DriveIcons\IMGHOOK.DLL
    c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\netprovcredman.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
    c:\windows\System32\SCardSvr.exe
    c:\windows\system32\msdtc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\IfxPsdSv.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\windows\system32\locator.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\System32\snmp.exe
    c:\windows\System32\snmptrap.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\dllhost.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    c:\windows\Logi_MwX.Exe
    c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
    c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-01 17:43:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-02 00:43
    .
    Pre-Run: 23,127,564,288 bytes free
    Post-Run: 24,250,433,536 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 9C172B771BD025E1597554597170CB30
     
  18. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe
    
    Rootkit::
    c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe
    
    Folder::
    
    Driver::
    VYHTONMFEYDV
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Ok, I dragged the CFScript onto the combofix desktop icon per the instructions...
    Combofix then ran for awhile, then rebooted...
    When system restarted, I got this error message... ""Find3m.exe has generated errors" when I clicked on technical details of the error msg box, it said it was the "ntkrnl.dll" that had the error.

    Not sure how important that is..
    So then it rebooted again, and now combofix started again upon reboot...
    Now it's running, and (seems) to be either running extremely slow or frozen up on the initial screen...

    Any chance I'll have to redo the entire drag n' drop process again?
    What should I do if this doesn't show any progress after say 30 mins to an hour?
     
  20. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Ok, so it just finished, and here's the log pasted below...
    I'm just hoping that previous error didn't interfere with the whole cleaning process...



    ComboFix 12-04-01.01 - Scott 04/02/2012 13:11:06.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.184 [GMT -7:00]
    Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    FILE ::
    "c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\mcsysmon.dll
    c:\windows\system32\SrvcEKIOMngr.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_VYHTONMFEYDV
    -------\Service_VYHTONMFEYDV
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-02 10:20 . 2012-04-02 10:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Intel Corporation
    2012-04-02 10:18 . 2012-04-02 10:18 -------- d-----w- c:\program files\Common Files\Intel Corporation
    2012-04-02 10:18 . 2009-07-06 17:41 172032 ----a-w- c:\windows\system32\igfxres.dll
    2012-03-31 03:12 . 2012-03-31 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
    2012-03-30 00:09 . 2012-03-30 00:09 -------- d-----w- c:\documents and settings\Scott\ADMINCOPY
    2012-03-24 08:14 . 2012-03-24 08:14 -------- d-----w- c:\program files\iPod
    2012-03-24 08:13 . 2012-03-24 08:15 -------- d-----w- c:\program files\iTunes
    2012-03-23 23:20 . 2012-03-23 23:20 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
    2012-03-23 05:28 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-23 05:09 . 2012-03-23 05:09 -------- d-----w- c:\program files\Common Files\Java
    2012-03-23 05:08 . 2012-03-23 05:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-21 10:57 . 2012-03-21 10:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixTDSS
    2012-03-21 07:47 . 2012-03-30 11:52 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
    2012-03-20 22:29 . 2012-03-20 22:29 -------- d-----w- C:\2a1760332fdbeb9d829e7d
    2012-03-20 11:55 . 2012-03-20 20:33 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-23 05:07 . 2011-04-22 21:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-21 15:13 . 2005-03-29 20:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-02-03 09:22 . 2004-08-04 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-09 16:20 . 2010-02-17 05:58 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-12-21 07:24 . 2011-12-25 13:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-02_00.28.13 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-02 20:51 . 2012-04-02 20:51 16384 c:\windows\Temp\Perflib_Perfdata_f30.dat
    + 2012-04-02 10:17 . 2012-04-02 10:17 16384 c:\windows\Temp\Perflib_Perfdata_ef0.dat
    + 2012-04-02 20:53 . 2012-04-02 20:53 16384 c:\windows\Temp\Perflib_Perfdata_af8.dat
    + 2012-04-02 10:19 . 2012-04-02 10:19 16384 c:\windows\Temp\Perflib_Perfdata_954.dat
    + 2012-04-02 20:51 . 2012-04-02 20:51 16384 c:\windows\Temp\Perflib_Perfdata_37c.dat
    + 2012-04-02 02:58 . 2012-04-02 02:58 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\8be0779797618954d5a2c476e3051384\IAStorDataMgrSvc.ni.exe
    + 2012-04-02 02:58 . 2012-04-02 02:58 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b21efbbf908e76f478fecf0dac91b797\IAStorCommon.ni.dll
    + 2012-04-02 20:51 . 2009-10-07 09:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    - 2012-04-02 00:25 . 2009-10-07 09:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2012-04-02 02:57 . 2010-11-06 06:39 354840 c:\windows\system32\ReinstallBackups\0009\DriverFiles\iaStor.sys
    + 2011-07-30 10:33 . 2012-04-02 20:53 227085 c:\windows\system32\inetsrv\MetaBase.bin
    + 2012-04-02 02:57 . 2011-05-20 16:43 461592 c:\windows\system32\DRVSTORE\iaAHCI_0651BCB6BBBF94976389C3257187CBCCD78E818A\iaStor.sys
    + 2008-05-07 22:40 . 2011-05-20 16:43 461592 c:\windows\system32\drivers\iaStor.sys
    + 2012-04-02 02:58 . 2012-04-02 02:58 172544 c:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f3ad09a901d7bf18707558d9400e4bde\IsdiInterop.ni.dll
    + 2012-04-02 02:58 . 2012-04-02 02:58 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ba565724f08e76b19d13c54655eec652\IAStorUtil.ni.dll
    + 2012-04-02 02:58 . 2012-04-02 02:58 225792 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\414ec8d76f2127a2a2ad42e4c23eeeea\IAStorDataMgr.ni.dll
    + 2011-05-06 01:58 . 2009-07-06 18:10 5854752 c:\windows\system32\drivers\igxpmp32.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-22 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-20 1400832]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1206544]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2011-06-23 677144]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient Mini\accrdsub.exe" [2006-04-21 176128]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-16 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-16 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-16 137752]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideShutdownScripts"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2006-04-27 22:43 98304 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2006-04-14 22:55 94208 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
    2007-06-08 16:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2007-02-07 08:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\APSHook.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck AUTONTFS C: PAGE=MIN DIRS=NONE MFT=MIN
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "FlexService"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Documents and Settings\\Scott\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\NetDragon\\91 Mobile\\iPhone\\iPhone PC Suite.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)
    "1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
    "16281:TCP"= 16281:TCP:*:Disabled:ares
    "5985:TCP"= 5985:TCP:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [3/20/2012 4:55 AM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [3/20/2012 4:55 AM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/16/2012 7:13 PM 820856]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [6/23/2011 1:53 PM 38816]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [3/20/2012 4:55 AM 136312]
    R2 acachsrv;ActivClient Authentication Service;c:\program files\ActivIdentity\ActivClient Mini\acachsrv.exe [4/12/2006 4:43 PM 81920]
    R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient Mini\accoca.exe [5/2/2006 4:28 PM 135168]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/3/2004 10:00 PM 14336]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [4/1/2012 7:58 PM 13592]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/24/2011 9:14 PM 652360]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [3/20/2012 4:55 AM 130008]
    R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [3/9/2011 5:30 PM 23200]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/22/2012 10:45 PM 106104]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/18/2010 2:02 AM 97280]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120330.002\IDSXpx86.sys [3/30/2012 7:36 PM 356280]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/23/2011 1:53 PM 41216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/24/2011 9:13 PM 20464]
    R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [3/5/2011 12:48 AM 6607744]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/11/2010 1:22 AM 47360]
    S0 92490461;92490461;c:\windows\system32\drivers\93517887.sys --> c:\windows\system32\drivers\93517887.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:12 AM 135664]
    S2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:12 AM 135664]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
    S3 cpuz134;cpuz134;\??\c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [6/23/2011 1:41 PM 30008]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [5/2/2011 1:14 PM 44432]
    S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
    S3 EraserUtilDrv11110;EraserUtilDrv11110;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [?]
    S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [?]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
    S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [3/4/2010 8:29 PM 900736]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1/14/2011 3:03 PM 18432]
    S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2/16/2010 11:12 PM 132695]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/27/2011 11:29 PM 27064]
    S3 Tq_91Assistant;Tq_91Assistant;c:\program files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [10/12/2011 5:45 PM 14248]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/3/2004 10:00 PM 14336]
    S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 9:06 AM 172131]
    S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
    S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [8/31/2010 12:16 PM 92216]
    S4 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/3/2004 10:00 PM 14336]
    S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [12/16/2011 4:26 PM 25504]
    S4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [12/16/2011 4:26 PM 27584]
    S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 10:00 PM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    WINRM REG_MULTI_SZ WINRM
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    incdfs
    VrAcFil
    ISAMSvc
    Pnp680r
    backupclientsvc
    cavasm
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-10-18 22:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
    .
    2012-04-02 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-22 15:35]
    .
    2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]
    .
    2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]
    .
    2010-02-21 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 21:51]
    .
    2011-05-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
    - c:\program files\Microsoft IntelliType Pro\itype.exe [2010-07-22 00:07]
    .
    2011-12-24 c:\windows\Tasks\User_Feed_Synchronization-{3A5E7D81-63E7-4CF0-9574-ED7741785D2B}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\djykcujg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-02 13:54
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\drivers\tsk197.tmp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1868)
    c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
    c:\windows\system32\ACLIBEAY.dll
    c:\windows\system32\aclog.dll
    c:\windows\system32\acevtsub.dll
    c:\windows\system32\asphat32.dll
    c:\windows\system32\acauth.dll
    c:\windows\system32\acerrmes.dll
    c:\windows\system32\aspcom.dll
    c:\program files\ActivIdentity\ActivClient Mini\Resources\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient Mini\Resources\asphatrc.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
    c:\windows\system32\netprovcredman.dll
    c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
    c:\windows\system32\aipingui.dll
    c:\program files\ActivIdentity\ActivClient Mini\Resources\acunlockrc.dll
    c:\windows\system32\DeviceNP.dll
    c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
    c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
    .
    - - - - - - - > 'explorer.exe'(6640)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\netprovcredman.dll
    c:\progra~1\Spybot - Search & Destroy\SDHelper.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\qedit.dll
    c:\windows\system32\AVERM.dll
    c:\program files\Samsung\AllShare\FunCodecFilter.ax
    c:\windows\system32\igfxpph.dll
    c:\windows\system32\hccutils.DLL
    c:\windows\system32\igfxres.dll
    c:\windows\system32\igfxress.dll
    c:\windows\system32\igfxsrvc.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
    c:\windows\System32\SCardSvr.exe
    c:\windows\system32\msdtc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\IfxPsdSv.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\windows\system32\locator.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\System32\snmp.exe
    c:\windows\System32\snmptrap.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
    c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-02 14:08:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-02 21:07
    ComboFix2.txt 2012-04-02 00:43
    .
    Pre-Run: 24,235,380,736 bytes free
    Post-Run: 24,035,938,304 bytes free
    .
    - - End Of File - - 251EE9F374DEF83F85EE006DC110D8A3
     
  21. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Very good :)

    How is computer doing?

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  22. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

    Wow, ok just now Norton did a scan in the background, and this popped up...

    Security History/Unresolved Security Risks/
    "srvcekiomngr.dll" (Trojan.Zeroaccess!inf) detected by autodetect) Manual removal required - ***was found yesterday at 3:26 PM***

    and

    "mcsysmon.dll" (Trojan.Zeroaccess!inf) detected by autodetect) Manual removal required - ***was found March 30th at 5:35 AM***

    It also just advised me that it Quarantined "combofix.exe" (Trojan.ADH.2) at 2:33 PM today!?!? Hopefully this is all old news and isn't really there anymore.

    Should I clear all the previous scan results & activity and do a new full system scan?
    ALSO... At any point, am I to re-enable my system restore service during this process?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Norton found those two files in Combofix quarantine folder as they were just removed by Combofix.

    Disregard my previous reply asking you to run TDSSKiller again.

    Instead...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    srvcekiomngr.dll
    mcsysmon.dll
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. scotpig

    scotpig TS Rookie Topic Starter Posts: 25

     
  25. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    No need for TDSSKiller.
    Read my previous reply.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...