Required Logs Pasted per instructions
Here's my MBAM scan Log...
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.28.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Scott :: DADS [administrator]
Protection: Enabled
3/28/2012 3:26:07 PM
mbam-log-2012-03-28 (15-26-07).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 397261
Time elapsed: 4 hour(s), 37 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Now here's the gmer.exe log...
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-03-30 03:05:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST98823A rev.7.24
Running: gmer.exe.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----
SSDT 848E8D48 ZwAlertResumeThread
SSDT 84A19150 ZwAlertThread
SSDT 84A7EA48 ZwAllocateVirtualMemory
SSDT 849E3A60 ZwAssignProcessToJobObject
SSDT 84A82460 ZwConnectPort
SSDT \??\C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys ZwCreateFile [0xF78489A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF626A710]
SSDT 84A05030 ZwCreateMutant
SSDT 84A0CBB8 ZwCreateSymbolicLinkObject
SSDT 84A33918 ZwCreateThread
SSDT 849E3B40 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF626A990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF626AEF0]
SSDT 84A4D4D8 ZwDuplicateObject
SSDT 84BE8610 ZwFreeVirtualMemory
SSDT 84A05C70 ZwImpersonateAnonymousToken
SSDT 84A05D50 ZwImpersonateThread
SSDT 84CBAAA0 ZwLoadDriver
SSDT 84A3AB00 ZwMapViewOfSection
SSDT 849ED238 ZwOpenEvent
SSDT 84A091F0 ZwOpenProcess
SSDT 84C5EF30 ZwOpenProcessToken
SSDT 84A0F068 ZwOpenSection
SSDT 84A4C170 ZwOpenThread
SSDT 849EC348 ZwProtectVirtualMemory
SSDT 849C73E8 ZwResumeThread
SSDT 849C2D78 ZwSetContextThread
SSDT 85EAD4E8 ZwSetInformationProcess
SSDT 849DF280 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF626B140]
SSDT 84A0F100 ZwSuspendProcess
SSDT 849C7480 ZwSuspendThread
SSDT 84C85120 ZwTerminateProcess
SSDT 84A36B00 ZwTerminateThread
SSDT 84C5A270 ZwUnmapViewOfSection
SSDT 84A63C58 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C28 805044C4 4 Bytes [48, EA, A7, 84]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 4 Bytes [E8, 73, 9C, 84]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F74 80504810 4 Bytes CALL 8ED632E9
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Scott\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2404] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2404] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\explorer.exe[3020] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\explorer.exe[3020] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3084] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe[3088] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe[3088] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[3320] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[3320] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe[3668] shell32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe[3668] shell32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 0041C110 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 0041C180 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 0041C000 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 0041BF50 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 0041C0D0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 0041BF90 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 0041C040 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 0041BFC0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 0041C080 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 0041BF10 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe[4000] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe[4000] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4484] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4484] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Documents and Settings\Scott\Desktop\VIRUS REMOVAL FOLDER\march 2012 new dl's\gmer.exe.exe[5316] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Documents and Settings\Scott\Desktop\VIRUS REMOVAL FOLDER\march 2012 new dl's\gmer.exe.exe[5316] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@FolderType Documents
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MinPos1280x800(1).x -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MinPos1280x800(1).y -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MaxPos1280x800(1).x -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MaxPos1280x800(1).y -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).left 88
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).top 88
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).right 888
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).bottom 688
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Rev 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WFlags 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ShowCmd 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@FFlags 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@HotKey 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Buttons -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Links 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Address -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Vid {65F125E5-7BE1-4810-BA9D-D271C8432CE3}
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Mode 6
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ScrollPos1280x800(1).x 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ScrollPos1280x800(1).y 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Sort 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@SortDir 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Col -1
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB32952$\1018300276 0 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129 0 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\bckfg.tmp 868 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\cfg.ini 240 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\keywords 357 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\L 0 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\L\lelapezm 52480 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U 0 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000032.@ 115200 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\version 868 bytes
---- EOF - GMER 1.0.15 ----
Here's the DDS.txt Log...
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Scott at 22:52:42 on 2012-03-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.190 [GMT -7:00]
.
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ActivIdentity\ActivClient Mini\acevents.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [Epson Stylus NX510(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_S7E8.tmp" /EF "HKCU"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: ackpbsc - c:\program files\actividentity\activclient mini\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient mini\acunlock.dll
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\djykcujg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - plugin: c:\documents and settings\scott\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-3-20 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-3-20 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-16 820856]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2011-6-23 38816]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-3-20 136312]
R2 acachsrv;ActivClient Authentication Service;c:\program files\actividentity\activclient mini\acachsrv.exe [2006-4-12 81920]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient mini\accoca.exe [2006-5-2 135168]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-3 14336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-24 652360]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-3-20 130008]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2011-3-9 23200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-22 106104]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-2-18 97280]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120328.002\IDSXpx86.sys [2012-3-28 356280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-6-23 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-24 20464]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120329.002\NAVENG.SYS [2012-3-29 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120329.002\NAVEX15.SYS [2012-3-29 1576312]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-3-5 6607744]
R3 Tq_91Assistant;Tq_91Assistant;c:\program files\netdragon\91 mobile\iphone\Tq_91Assistant.sys [2011-10-12 14248]
S0 92490461;92490461;c:\windows\system32\drivers\93517887.sys --> c:\windows\system32\drivers\93517887.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz132;cpuz132;\??\c:\docume~1\scott\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\scott\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\scott\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\scott\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2011-6-23 30008]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-5-2 44432]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
S3 EraserUtilDrv11110;EraserUtilDrv11110;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11110.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11110.sys [?]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi11.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI11.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2010-3-4 900736]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-1-14 18432]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2010-2-16 132695]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-27 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-3 14336]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-8-31 92216]
S4 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S4 rma;Radia Management Agent;c:\novadigm\managementagent\nvdkit.exe [2005-9-19 1968446]
S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2011-12-16 25504]
S4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2011-12-16 27584]
S4 VYHTONMFEYDV;VYHTONMFEYDV;c:\docume~1\scott\locals~1\temp\vyhtonmfeydv.exe --> c:\docume~1\scott\locals~1\temp\VYHTONMFEYDV.exe [?]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
.
=============== Created Last 30 ================
.
2012-03-30 00:09:07 -------- d-----w- c:\documents and settings\scott\ADMINCOPY
2012-03-24 08:14:22 -------- d-----w- c:\program files\iPod
2012-03-24 08:13:52 -------- d-----w- c:\program files\iTunes
2012-03-23 23:20:11 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2012-03-23 05:28:14 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-23 05:28:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-23 05:08:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-21 07:47:40 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-20 22:29:16 -------- d-----w- C:\2a1760332fdbeb9d829e7d
2012-03-20 11:55:58 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-03-20 11:55:58 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdi.sys
2012-03-20 11:55:58 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-03-20 11:55:58 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-03-20 11:55:57 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-03-20 11:55:57 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-03-20 11:55:57 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-03-20 11:55:57 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-03-20 11:55:09 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-03-20 09:36:28 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-03-23 05:07:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 15:13:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 22:54:24.09 ===============