Solved Infected w/ Trojan.zeroaccess!inf cannot remove! WinXP Pro SP3

scotpig

Posts: 25   +0
Hello, My Laptop running XP Pro, sp3... Norton Security Suite Keeps on finding a Trojan during my daily scan... I have followed instructions via Symantec websites' Removal 411 and Dloaded the FixTDSS.exe, ran it, and it says it's clean...And the next day it has returned...
I have also tried Kaspersky's free removal tool and it still keeps showing up.

When prompted to restart, sometimes my system freezes, forcing me to perform a Hard Boot, and sometimes it just doesn't auto restart, it just turns off.
When that happens, i.e.- shutting down incompletely, does that negate the scan performed prior? Or do I need to do it all over again until it restarts properly, does that even matter?

I'm currently scanning thru the self help/Malware Removal Guides, but any direct, specific assistance from anyone would be greatly appreciated...

Thanks in Advance!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Required Logs Pasted per instructions

Here's my MBAM scan Log...


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Scott :: DADS [administrator]

Protection: Enabled

3/28/2012 3:26:07 PM
mbam-log-2012-03-28 (15-26-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 397261
Time elapsed: 4 hour(s), 37 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Now here's the gmer.exe log...


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-30 03:05:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST98823A rev.7.24
Running: gmer.exe.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\pxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT 848E8D48 ZwAlertResumeThread
SSDT 84A19150 ZwAlertThread
SSDT 84A7EA48 ZwAllocateVirtualMemory
SSDT 849E3A60 ZwAssignProcessToJobObject
SSDT 84A82460 ZwConnectPort
SSDT \??\C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys ZwCreateFile [0xF78489A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF626A710]
SSDT 84A05030 ZwCreateMutant
SSDT 84A0CBB8 ZwCreateSymbolicLinkObject
SSDT 84A33918 ZwCreateThread
SSDT 849E3B40 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF626A990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF626AEF0]
SSDT 84A4D4D8 ZwDuplicateObject
SSDT 84BE8610 ZwFreeVirtualMemory
SSDT 84A05C70 ZwImpersonateAnonymousToken
SSDT 84A05D50 ZwImpersonateThread
SSDT 84CBAAA0 ZwLoadDriver
SSDT 84A3AB00 ZwMapViewOfSection
SSDT 849ED238 ZwOpenEvent
SSDT 84A091F0 ZwOpenProcess
SSDT 84C5EF30 ZwOpenProcessToken
SSDT 84A0F068 ZwOpenSection
SSDT 84A4C170 ZwOpenThread
SSDT 849EC348 ZwProtectVirtualMemory
SSDT 849C73E8 ZwResumeThread
SSDT 849C2D78 ZwSetContextThread
SSDT 85EAD4E8 ZwSetInformationProcess
SSDT 849DF280 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF626B140]
SSDT 84A0F100 ZwSuspendProcess
SSDT 849C7480 ZwSuspendThread
SSDT 84C85120 ZwTerminateProcess
SSDT 84A36B00 ZwTerminateThread
SSDT 84C5A270 ZwUnmapViewOfSection
SSDT 84A63C58 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C28 805044C4 4 Bytes [48, EA, A7, 84]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 4 Bytes [E8, 73, 9C, 84]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F74 80504810 4 Bytes CALL 8ED632E9
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Scott\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2404] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2404] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\explorer.exe[3020] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\explorer.exe[3020] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3084] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe[3088] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe[3088] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[3320] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[3320] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe[3668] shell32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe[3668] shell32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 0041C110 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 0041C180 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 0041C000 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 0041BF50 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 0041C0D0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 0041BF90 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 0041C040 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 0041BFC0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 0041C080 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3840] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 0041BF10 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe[4000] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe[4000] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4484] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4484] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Documents and Settings\Scott\Desktop\VIRUS REMOVAL FOLDER\march 2012 new dl's\gmer.exe.exe[5316] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Documents and Settings\Scott\Desktop\VIRUS REMOVAL FOLDER\march 2012 new dl's\gmer.exe.exe[5316] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@FolderType Documents
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MinPos1280x800(1).x -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MinPos1280x800(1).y -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MaxPos1280x800(1).x -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@MaxPos1280x800(1).y -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).left 88
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).top 88
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).right 888
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WinPos1280x800(1).bottom 688
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Rev 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@WFlags 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ShowCmd 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@FFlags 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@HotKey 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Buttons -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Links 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Address -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Vid {65F125E5-7BE1-4810-BA9D-D271C8432CE3}
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Mode 6
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ScrollPos1280x800(1).x 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@ScrollPos1280x800(1).y 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Sort 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@SortDir 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\723\Shell@Col -1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB32952$\1018300276 0 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129 0 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\bckfg.tmp 868 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\cfg.ini 240 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\keywords 357 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\L 0 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\L\lelapezm 52480 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U 0 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\U\80000032.@ 115200 bytes
File C:\WINDOWS\$NtUninstallKB32952$\252809129\version 868 bytes

---- EOF - GMER 1.0.15 ----

Here's the DDS.txt Log...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Scott at 22:52:42 on 2012-03-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.190 [GMT -7:00]
.
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ActivIdentity\ActivClient Mini\acevents.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NetDragon\91 Mobile\iPhone\iTunesMonitor.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [Epson Stylus NX510(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_S7E8.tmp" /EF "HKCU"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: ackpbsc - c:\program files\actividentity\activclient mini\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient mini\acunlock.dll
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\djykcujg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - plugin: c:\documents and settings\scott\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-3-20 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-3-20 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-16 820856]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2011-6-23 38816]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-3-20 136312]
R2 acachsrv;ActivClient Authentication Service;c:\program files\actividentity\activclient mini\acachsrv.exe [2006-4-12 81920]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient mini\accoca.exe [2006-5-2 135168]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-3 14336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-24 652360]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-3-20 130008]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2011-3-9 23200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-22 106104]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-2-18 97280]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120328.002\IDSXpx86.sys [2012-3-28 356280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-6-23 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-24 20464]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120329.002\NAVENG.SYS [2012-3-29 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120329.002\NAVEX15.SYS [2012-3-29 1576312]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-3-5 6607744]
R3 Tq_91Assistant;Tq_91Assistant;c:\program files\netdragon\91 mobile\iphone\Tq_91Assistant.sys [2011-10-12 14248]
S0 92490461;92490461;c:\windows\system32\drivers\93517887.sys --> c:\windows\system32\drivers\93517887.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz132;cpuz132;\??\c:\docume~1\scott\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\scott\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\scott\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\scott\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2011-6-23 30008]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-5-2 44432]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
S3 EraserUtilDrv11110;EraserUtilDrv11110;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11110.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11110.sys [?]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi11.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI11.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2010-3-4 900736]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-1-14 18432]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2010-2-16 132695]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-27 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-3 14336]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-8-31 92216]
S4 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S4 rma;Radia Management Agent;c:\novadigm\managementagent\nvdkit.exe [2005-9-19 1968446]
S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2011-12-16 25504]
S4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2011-12-16 27584]
S4 VYHTONMFEYDV;VYHTONMFEYDV;c:\docume~1\scott\locals~1\temp\vyhtonmfeydv.exe --> c:\docume~1\scott\locals~1\temp\VYHTONMFEYDV.exe [?]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
.
=============== Created Last 30 ================
.
2012-03-30 00:09:07 -------- d-----w- c:\documents and settings\scott\ADMINCOPY
2012-03-24 08:14:22 -------- d-----w- c:\program files\iPod
2012-03-24 08:13:52 -------- d-----w- c:\program files\iTunes
2012-03-23 23:20:11 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2012-03-23 05:28:14 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-23 05:28:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-23 05:08:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-21 07:47:40 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-20 22:29:16 -------- d-----w- C:\2a1760332fdbeb9d829e7d
2012-03-20 11:55:58 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-03-20 11:55:58 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdi.sys
2012-03-20 11:55:58 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-03-20 11:55:58 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-03-20 11:55:57 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-03-20 11:55:57 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-03-20 11:55:57 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-03-20 11:55:57 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-03-20 11:55:09 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-03-20 09:36:28 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-03-23 05:07:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 15:13:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 22:54:24.09 ===============
 
I still need Attach.txt part of DDS.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Final log pasted per instructions

And Finally, here's the attach.txt Log (I hope I'm doing this correctly)
I had to split the paste jobs up due to length.

.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/16/2010 10:05:17 PM
System Uptime: 3/29/2012 9:06:31 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30AD
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | U10 | 1995/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 22.102 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Mobile Intel(R) 945 Express Chipset Family
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_30AD103C&REV_03\3&B1BFB68&0&10
Manufacturer: Intel Corporation
Name: Mobile Intel(R) 945 Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_30AD103C&REV_03\3&B1BFB68&0&10
Service: ialm
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Mobile Intel(R) 945 Express Chipset Family
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_30AD103C&REV_03\3&B1BFB68&0&11
Manufacturer: Intel Corporation
Name: Mobile Intel(R) 945 Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_30AD103C&REV_03\3&B1BFB68&0&11
Service: ialm
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Device ID: ACPI\PNP0303\4&28738126&0
Manufacturer: Hewlett-Packard Development Company, L.P.
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
PNP Device ID: ACPI\PNP0303\4&28738126&0
Service: i8042prt
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Synaptics PS/2 Port TouchPad
Device ID: ACPI\SYN0122\4&28738126&0
Manufacturer: Synaptics
Name: Synaptics PS/2 Port TouchPad
PNP Device ID: ACPI\SYN0122\4&28738126&0
Service: i8042prt
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #3
PNP Device ID: ROOT\NET\0000
Service: tunmp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
91 PC Suite for iPhone
Acrobat.com
ActivClient Mini
Active Disk
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Flash Player 11 ActiveX
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
Belarc Advisor 8.1
Bing Bar
Bonjour
Broadcom 440x 10/100 Integrated Controller
Comcast Access
ConvertXtoDVD 4.0.10.324
Credential Manager for HP ProtectTools
Dell Resource CD
Device Access Manager for HP ProtectTools
Driver Detective
Dropbox
Embedded Security for HP ProtectTools
Epson Event Manager
EPSON NX510 Series Printer Uninstall
EPSON Scan
EpsonNet Print
FileHippo.com Update Checker
Google Chrome
Google Earth Pro
Google Quick Search Box
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
HP Backup and Recovery Manager Installer
HP Battery Check
HP BIOS Configuration for ProtectTools 2.00 E1
HP Java Card Security for ProtectTools 1.00 B4
HP Product Detection
HP ProtectTools Security Manager
HP Quick Launch Buttons 6.30 J1
HP Smart Card Security for ProtectTools 5.00 D4
HP SoftPaq Download Manager
HP Wireless Assistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
IomegaWare 4.0.3
iPhoneBrowser
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LightScribe System Software 1.10.19.1
Logitech MouseWare 9.80
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft IntelliPoint 7.0
Microsoft IntelliType Pro 8.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 9.0.1 (x86 en-US)
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MUSICMATCH® Jukebox
muvee Reveal Seagate Edition
mWlsSafe
Norton Security Suite
OGA Notifier 2.0.0048.0
OneTouch Version 2.2
PaperPort 7.0
Prerequirements
QuickTime
Revo Uninstaller 1.93
Revo Uninstaller Pro 2.5.3
Safari
Samsung AllShare
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
SIW version 2010.07.14
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Ultra DVD Creator 2.7.0227
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue System Tweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
USB Compound Device
VC80CRTRedist - 8.0.50727.4053
VLC media player 2.0.1
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.3.2
Yahoo! Mail Advisor
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/29/2012 8:47:26 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/29/2012 5:44:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
3/29/2012 5:43:47 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
3/29/2012 5:37:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service IFXTCS with arguments "-Service" in order to run the server: {FBCD9C01-72CB-47BB-99DD-2317551491DE}
3/29/2012 5:02:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/29/2012 5:02:44 PM, error: Service Control Manager [7022] - The Windows Time service hung on starting.
3/29/2012 5:02:42 PM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
3/29/2012 5:00:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
3/29/2012 5:00:08 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 2 (0x2).
3/29/2012 5:00:06 PM, error: RemoteAccess [20103] - Unable to load C:\WINDOWS\System32\iprtrmgr.dll.
3/29/2012 5:00:02 PM, error: Service Control Manager [7001] - The Bluetooth Service service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 4:59:58 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/29/2012 4:59:24 PM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
3/29/2012 4:58:39 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
3/29/2012 4:44:50 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/29/2012 3:55:23 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MOM-8F62C184B39 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CEAE3D2B-EEE. The master browser is stopping or an election is being forced.
3/29/2012 3:40:46 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/29/2012 3:37:32 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/29/2012 3:36:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
3/29/2012 12:31:06 PM, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Update\1.3.21.69\GoogleUpdateOnDemand.exe" -Embedding
.
==== End Of File ===========================
 
Ok, I just DL'd those 2, and will run them now...

1 ? though... Do I need to disable my Norton stuff while running the AVAST prog?

Also, when I try and boot into "Normal" mode, sometimes my system freezes up and occassionally won't start up correctly for like 3 or 4 attempts...

It starts fine in "Selective Startup" Mode...
So my ? is, do I HAVE to start up under Normal mode, or does it really matter?

Are there any services that I need to disable before running these?
Would turning off or disabling my "Bios System Startup Password Prompt" make a difference? (I notice that sometimes after I enter my PW, it powers down instead of Logging on)
 
You don't have to disable anything.
Normal mode would be preferred but both programs will run from any mode.
 
Ok, here's the aswMBR Log...


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 20:17:11
-----------------------------
20:17:11.281 OS Version: Windows 5.1.2600 Service Pack 3
20:17:11.281 Number of processors: 2 586 0xF06
20:17:11.281 ComputerName: DADS UserName:
20:17:12.375 Initialize success
20:45:29.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:45:29.250 Disk 0 Vendor: ST98823A 7.24 Size: 76319MB BusType: 3
20:45:29.296 Disk 0 MBR read successfully
20:45:29.328 Disk 0 MBR scan
20:45:29.359 Disk 0 Windows XP default MBR code
20:45:29.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
20:45:29.406 Disk 0 scanning sectors +156295440
20:45:29.515 Disk 0 scanning C:\WINDOWS\system32\drivers
20:45:41.687 Service scanning
20:46:07.484 Modules scanning
20:46:21.093 Disk 0 trace - called modules:
20:46:21.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll iomdisk.sys ACPI.sys iastor.sys
20:46:21.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87536030]
20:46:21.281 3 CLASSPNP.SYS[f7547fd7] -> nt!IofCallDriver -> [0x875a49b0]
20:46:21.312 5 hpdskflt.sys[f77a05ae] -> nt!IofCallDriver -> [0x875a4d78]
20:46:21.375 7 iomdisk.sys[f77a7bc3] -> nt!IofCallDriver -> \Device\000000a7[0x8752da98]
20:46:21.421 9 ACPI.sys[f73de620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86eae028]
20:46:21.468 Scan finished successfully
20:49:18.265 Disk 0 MBR has been saved successfully to "E:\VIRUS REMOVAL TOOLS\SCAN LOGS\MBR.dat"
20:49:19.406 The log file has been saved successfully to "E:\VIRUS REMOVAL TOOLS\SCAN LOGS\aswMBR.txt"

And now here's the Bootkit Remover Log...

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

Ok so that's finished... Now instead of me trying to start typing cmd lines, I think I'll wait for further assistance :)
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Ok...I just ran this program the other night and it only came up with "suspicious objects" via unsigned Files...

I just ran it now, and it came up with "Rootkit.Win32.PMax.gen"
"service: rma"
"Malware Object, high risk"
Service Start: Disabled (0x4)
File: C:/Novadigm?ManagementAgent/nvdkit.exe
MD5: fc4ffde5abbfbd95ad7564db199e1864

I have a couple ?'s...
TDSSKILLER is defaulting to delete, there is no "cure" option in the dropdown box...There is only skip, quarantine, and delete.
Do I need to Quarantine it first, reboot then delete?
Do I just delete or will it just worm its way back in again?

Under "service start" its listed as disabled..
Do I need to enable the service first for a removal or cure to actually take effect?
Would it be prudent to uninstall all "Novadigm" related progs, folders and registry entries, and if so, do I Uninstall the stuff before or after attempting removal?

Sorry for all the questions, I'm just not sure what to do next and do not wanna make things worse. Thanks again my friend, I really do appreciate all your help!
 
I can't advice without seeing the log.
For now take no actions just run the scan.
 
Ok, here's the TDSS Log...
I had to split this into 2 parts, so here's the 1st half...

I still haven't attempted removal as far as delete, quarantine or skip...I'll wait for further instructions..And hey thanks again!


15:11:02.0203 6844 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:11:04.0218 6844 ============================================================
15:11:04.0218 6844 Current date / time: 2012/03/31 15:11:04.0218
15:11:04.0218 6844 SystemInfo:
15:11:04.0218 6844
15:11:04.0218 6844 OS Version: 5.1.2600 ServicePack: 3.0
15:11:04.0218 6844 Product type: Workstation
15:11:04.0218 6844 ComputerName: DADS
15:11:04.0218 6844 UserName: Scott
15:11:04.0218 6844 Windows directory: C:\WINDOWS
15:11:04.0218 6844 System windows directory: C:\WINDOWS
15:11:04.0218 6844 Processor architecture: Intel x86
15:11:04.0218 6844 Number of processors: 2
15:11:04.0218 6844 Page size: 0x1000
15:11:04.0218 6844 Boot type: Normal boot
15:11:04.0218 6844 ============================================================
15:11:06.0406 6844 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:11:06.0421 6844 \Device\Harddisk0\DR0:
15:11:06.0437 6844 MBR used
15:11:06.0437 6844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E0D1
15:11:06.0500 6844 Initialize success
15:11:06.0500 6844 ============================================================
15:11:29.0375 3076 ============================================================
15:11:29.0375 3076 Scan started
15:11:29.0375 3076 Mode: Manual; SigCheck; TDLFS;
15:11:29.0375 3076 ============================================================
15:11:29.0609 3076 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
15:11:29.0984 3076 6to4 - ok
15:11:30.0125 3076 92490461 - ok
15:11:30.0156 3076 Abiosdsk - ok
15:11:30.0171 3076 abp480n5 - ok
15:11:30.0281 3076 acachsrv (68db31fd0fcffffb64e2d113561836d3) C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
15:11:30.0328 3076 acachsrv ( UnsignedFile.Multi.Generic ) - warning
15:11:30.0328 3076 acachsrv - detected UnsignedFile.Multi.Generic (1)
15:11:30.0468 3076 Accelerometer (8356dd18da15d9c42a8584e1841844fe) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
15:11:30.0484 3076 Accelerometer - ok
15:11:30.0593 3076 accoca (e23e5964e1aaba08070af897ed0d52a2) C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
15:11:30.0656 3076 accoca ( UnsignedFile.Multi.Generic ) - warning
15:11:30.0656 3076 accoca - detected UnsignedFile.Multi.Generic (1)
15:11:30.0718 3076 ACDaemon - ok
15:11:30.0859 3076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:11:31.0671 3076 ACPI - ok
15:11:31.0875 3076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:11:32.0000 3076 ACPIEC - ok
15:11:32.0109 3076 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:11:32.0171 3076 ADIHdAudAddService - ok
15:11:32.0281 3076 Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:11:32.0296 3076 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:11:32.0296 3076 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:11:32.0359 3076 adpu160m - ok
15:11:32.0437 3076 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
15:11:32.0468 3076 AEAudio - ok
15:11:32.0515 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:11:32.0656 3076 aec - ok
15:11:32.0734 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:11:32.0781 3076 AFD - ok
15:11:32.0828 3076 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\WINDOWS\system32\agrsmsvc.exe
15:11:32.0875 3076 AgereModemAudio - ok
15:11:32.0968 3076 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:11:33.0140 3076 AgereSoftModem - ok
15:11:33.0171 3076 Aha154x - ok
15:11:33.0187 3076 aic78u2 - ok
15:11:33.0218 3076 aic78xx - ok
15:11:33.0265 3076 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:11:33.0421 3076 Alerter - ok
15:11:33.0484 3076 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:11:33.0546 3076 ALG - ok
15:11:33.0593 3076 AliIde - ok
15:11:33.0609 3076 amsint - ok
15:11:33.0765 3076 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:11:33.0796 3076 Apple Mobile Device - ok
15:11:33.0843 3076 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:11:33.0921 3076 AppMgmt - ok
15:11:34.0046 3076 ASBroker (2eeda27c19259c2340324ef7180d086b) C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
15:11:34.0062 3076 ASBroker ( UnsignedFile.Multi.Generic ) - warning
15:11:34.0062 3076 ASBroker - detected UnsignedFile.Multi.Generic (1)
15:11:34.0078 3076 asc - ok
15:11:34.0109 3076 asc3350p - ok
15:11:34.0140 3076 asc3550 - ok
15:11:34.0203 3076 ASChannel (bb3c0521ecca4bb17ac55eb640df0fa5) C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
15:11:34.0218 3076 ASChannel ( UnsignedFile.Multi.Generic ) - warning
15:11:34.0218 3076 ASChannel - detected UnsignedFile.Multi.Generic (1)
15:11:34.0437 3076 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:11:34.0468 3076 aspnet_state - ok
15:11:34.0578 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:11:34.0765 3076 AsyncMac - ok
15:11:34.0859 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:11:34.0968 3076 atapi - ok
15:11:34.0984 3076 Atdisk - ok
15:11:35.0031 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:11:35.0156 3076 Atmarpc - ok
15:11:35.0203 3076 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
15:11:35.0328 3076 ATSWPDRV - ok
15:11:35.0390 3076 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:11:35.0531 3076 AudioSrv - ok
15:11:35.0609 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:11:35.0718 3076 audstub - ok
15:11:35.0781 3076 b57w2k (fbc80c5ad5d6995614cd99d505ec812d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:11:35.0812 3076 b57w2k - ok
15:11:35.0812 3076 backupclientsvc - ok
15:11:35.0875 3076 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
15:11:35.0890 3076 BANTExt ( UnsignedFile.Multi.Generic ) - warning
15:11:35.0890 3076 BANTExt - detected UnsignedFile.Multi.Generic (1)
15:11:36.0015 3076 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:11:36.0046 3076 BBSvc - ok
15:11:36.0109 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:11:36.0250 3076 Beep - ok
15:11:36.0578 3076 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
15:11:36.0656 3076 BHDrvx86 - ok
15:11:36.0781 3076 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:11:37.0062 3076 BITS - ok
15:11:37.0156 3076 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:11:37.0187 3076 Bonjour Service - ok
15:11:37.0328 3076 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:11:37.0437 3076 Browser - ok
15:11:37.0515 3076 btaudio (d6407b9a012205e5754866e145165c29) C:\WINDOWS\system32\drivers\btaudio.sys
15:11:37.0531 3076 btaudio - ok
15:11:37.0593 3076 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
15:11:37.0609 3076 BTDriver - ok
15:11:37.0687 3076 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:11:37.0718 3076 BTKRNL - ok
15:11:37.0953 3076 btwdins (13ba08998aba2a7f23c28eed0ce8c176) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:11:37.0984 3076 btwdins - ok
15:11:38.0109 3076 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:11:38.0125 3076 BTWDNDIS - ok
15:11:38.0171 3076 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
15:11:38.0187 3076 btwhid - ok
15:11:38.0218 3076 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys
15:11:38.0234 3076 BTWUSB - ok
15:11:38.0250 3076 cavasm - ok
15:11:38.0296 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:11:38.0421 3076 cbidf2k - ok
15:11:38.0453 3076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:11:38.0578 3076 CCDECODE - ok
15:11:38.0593 3076 cd20xrnt - ok
15:11:38.0656 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:11:38.0765 3076 Cdaudio - ok
15:11:38.0812 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:11:38.0921 3076 Cdfs - ok
15:11:38.0968 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:11:39.0078 3076 Cdrom - ok
15:11:39.0125 3076 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
15:11:39.0140 3076 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
15:11:39.0140 3076 cercsr6 - detected UnsignedFile.Multi.Generic (1)
15:11:39.0156 3076 Changer - ok
15:11:39.0203 3076 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:11:39.0312 3076 CiSvc - ok
15:11:39.0328 3076 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:11:39.0453 3076 ClipSrv - ok
15:11:39.0593 3076 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:11:39.0609 3076 clr_optimization_v2.0.50727_32 - ok
15:11:39.0718 3076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:11:39.0734 3076 clr_optimization_v4.0.30319_32 - ok
15:11:39.0828 3076 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:11:39.0953 3076 CmBatt - ok
15:11:39.0968 3076 CmdIde - ok
15:11:40.0031 3076 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:11:40.0187 3076 Compbatt - ok
15:11:40.0203 3076 COMSysApp - ok
15:11:40.0250 3076 Cpqarray - ok
15:11:40.0328 3076 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:11:40.0359 3076 cpudrv - ok
15:11:40.0515 3076 cpuz132 - ok
15:11:40.0531 3076 cpuz134 - ok
15:11:40.0593 3076 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:11:40.0703 3076 CryptSvc - ok
15:11:40.0734 3076 dac2w2k - ok
15:11:40.0765 3076 dac960nt - ok
15:11:40.0812 3076 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
15:11:40.0875 3076 DAMDrv - ok
15:11:40.0921 3076 dc3d (91c1736e77cff029302728b431d0eedb) C:\WINDOWS\system32\DRIVERS\dc3d.sys
15:11:40.0937 3076 dc3d - ok
15:11:41.0015 3076 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:11:41.0078 3076 DcomLaunch - ok
15:11:41.0125 3076 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:11:41.0265 3076 Dhcp - ok
15:11:41.0359 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:11:41.0468 3076 Disk - ok
15:11:41.0484 3076 dmadmin - ok
15:11:41.0546 3076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:11:41.0687 3076 dmboot - ok
15:11:41.0703 3076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:11:41.0843 3076 dmio - ok
15:11:41.0875 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:11:41.0984 3076 dmload - ok
15:11:42.0031 3076 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:11:42.0171 3076 dmserver - ok
15:11:42.0250 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:11:42.0390 3076 DMusic - ok
15:11:42.0437 3076 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:11:42.0531 3076 Dnscache - ok
15:11:42.0578 3076 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:11:42.0718 3076 Dot3svc - ok
15:11:42.0750 3076 dpti2o - ok
15:11:42.0828 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:11:42.0953 3076 drmkaud - ok
15:11:42.0984 3076 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:11:43.0109 3076 E100B - ok
15:11:43.0171 3076 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:11:43.0296 3076 EapHost - ok
15:11:43.0421 3076 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:11:43.0437 3076 eeCtrl - ok
15:11:43.0515 3076 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
15:11:43.0546 3076 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
15:11:43.0546 3076 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
15:11:43.0671 3076 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
15:11:43.0734 3076 EPSON_EB_RPCV4_01 - ok
15:11:43.0781 3076 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
15:11:43.0812 3076 EPSON_PM_RPCV4_01 - ok
15:11:43.0875 3076 EraserUtilDrv11010 - ok
15:11:43.0921 3076 EraserUtilDrv11110 - ok
15:11:43.0953 3076 EraserUtilDrvI11 - ok
15:11:44.0015 3076 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:11:44.0031 3076 EraserUtilRebootDrv - ok
15:11:44.0171 3076 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:11:44.0296 3076 ERSvc - ok
15:11:44.0421 3076 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:11:44.0453 3076 Eventlog - ok
15:11:44.0546 3076 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:11:44.0609 3076 EventSystem - ok
15:11:44.0781 3076 EvtEng (ddebcc0aa7bd3eb02abce6b3d8536dea) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:11:44.0890 3076 EvtEng - ok
15:11:45.0046 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:11:45.0218 3076 Fastfat - ok
15:11:45.0281 3076 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:11:45.0359 3076 FastUserSwitchingCompatibility - ok
15:11:45.0453 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:11:45.0562 3076 Fdc - ok
15:11:45.0593 3076 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
15:11:45.0609 3076 FilterService - ok
15:11:45.0656 3076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:11:45.0765 3076 Fips - ok
15:11:45.0812 3076 FLCDLOCK (224138e0ccdf7ce3281298473f6fd1d2) C:\WINDOWS\system32\flcdlock.exe
15:11:45.0843 3076 FLCDLOCK ( UnsignedFile.Multi.Generic ) - warning
15:11:45.0843 3076 FLCDLOCK - detected UnsignedFile.Multi.Generic (1)
15:11:45.0921 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:11:46.0031 3076 Flpydisk - ok
15:11:46.0109 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:11:46.0234 3076 FltMgr - ok
15:11:46.0328 3076 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:11:46.0343 3076 FontCache3.0.0.0 - ok
15:11:46.0500 3076 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
15:11:46.0515 3076 FreeAgentGoNext Service - ok
15:11:46.0593 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:11:46.0734 3076 Fs_Rec - ok
15:11:46.0781 3076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:11:47.0015 3076 Ftdisk - ok
15:11:47.0093 3076 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:11:47.0109 3076 GEARAspiWDM - ok
15:11:47.0187 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:11:47.0296 3076 Gpc - ok
15:11:47.0375 3076 GTIPCI21 (cea72ac01892b12514d15e21ef1bc75d) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
15:11:47.0437 3076 GTIPCI21 - ok
15:11:47.0562 3076 gupdate - ok
15:11:47.0578 3076 gupdatem - ok
15:11:47.0671 3076 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:11:47.0687 3076 gusvc - ok
15:11:47.0734 3076 HBtnKey (cef316dbbd1b3845a6d53ed620eb1aeb) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
15:11:47.0750 3076 HBtnKey - ok
15:11:47.0828 3076 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:11:48.0000 3076 HDAudBus - ok
15:11:48.0078 3076 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:11:48.0234 3076 helpsvc - ok
15:11:48.0312 3076 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:11:48.0453 3076 HidServ - ok
15:11:48.0546 3076 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:11:48.0703 3076 HidUsb - ok
15:11:48.0750 3076 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:11:48.0875 3076 hkmsvc - ok
15:11:49.0031 3076 HPDrvMntSvc.exe (d0f60ce40d7d4720220f1e08374ab355) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:11:49.0031 3076 HPDrvMntSvc.exe - ok
15:11:49.0093 3076 hpdskflt (c1ae4bc866aaf10d8bbb182b35c14986) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
15:11:49.0109 3076 hpdskflt - ok
15:11:49.0125 3076 hpn - ok
15:11:49.0187 3076 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
15:11:49.0265 3076 HpqKbFiltr - ok
15:11:49.0421 3076 hpqwmiex (d34958999080832002e32ba0a76bbb9c) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
15:11:49.0468 3076 hpqwmiex - ok
15:11:49.0578 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:11:49.0671 3076 HTTP - ok
15:11:49.0718 3076 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:11:49.0875 3076 HTTPFilter - ok
15:11:49.0921 3076 i2omgmt - ok
15:11:49.0968 3076 i2omp - ok
15:11:50.0000 3076 i8042prt - ok
15:11:50.0281 3076 IAANTMon (0b66a9a2137213075f753579e7d573a5) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
15:11:50.0328 3076 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
15:11:50.0328 3076 IAANTMon - detected UnsignedFile.Multi.Generic (1)
15:11:50.0546 3076 iastor (f4037a3fedb92dd97c95f320766ea5c9) C:\WINDOWS\system32\drivers\iastor.sys
15:11:50.0687 3076 iastor - ok
15:11:51.0578 3076 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:11:52.0562 3076 idsvc - ok
15:11:53.0531 3076 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120330.002\IDSxpx86.sys
15:11:54.0031 3076 IDSxpx86 - ok
15:11:54.0750 3076 IFXSpMgtSrv (29ba1bcc6bde337e7c8f81cc8d401cbd) C:\WINDOWS\system32\ifxspmgt.exe
15:11:55.0375 3076 IFXSpMgtSrv - ok
15:11:55.0562 3076 IFXTCS (02b893d0b89e0b28881a1cab6f337a0b) C:\WINDOWS\system32\IFXTCS.exe
15:11:55.0671 3076 IFXTCS - ok
15:11:55.0734 3076 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
15:11:55.0796 3076 IFXTPM - ok
15:11:55.0921 3076 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
15:11:56.0031 3076 IISADMIN - ok
15:11:56.0156 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:11:56.0328 3076 Imapi - ok
15:11:56.0375 3076 ImapiService (661a7bb512a6fa96c811d896c1ecac2c) C:\WINDOWS\system32\imapihp.exe
15:11:56.0437 3076 ImapiService ( UnsignedFile.Multi.Generic ) - warning
15:11:56.0437 3076 ImapiService - detected UnsignedFile.Multi.Generic (1)
15:11:56.0500 3076 ini910u - ok
15:11:56.0531 3076 IntelIde - ok
15:11:56.0593 3076 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:11:56.0687 3076 intelppm - ok
15:11:56.0812 3076 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
15:11:56.0828 3076 iomdisk ( UnsignedFile.Multi.Generic ) - warning
15:11:56.0828 3076 iomdisk - detected UnsignedFile.Multi.Generic (1)
15:11:56.0953 3076 Iomega App Services (19ef7fb809d3073ee60f85464e9c4c51) C:\PROGRA~1\Iomega\System32\AppServices.exe
15:11:56.0968 3076 Iomega App Services ( UnsignedFile.Multi.Generic ) - warning
15:11:56.0968 3076 Iomega App Services - detected UnsignedFile.Multi.Generic (1)
15:11:57.0062 3076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:11:57.0171 3076 Ip6Fw - ok
15:11:57.0281 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:11:57.0421 3076 IpFilterDriver - ok
15:11:57.0484 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:11:57.0593 3076 IpInIp - ok
15:11:57.0625 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:11:57.0734 3076 IpNat - ok
15:11:57.0859 3076 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
15:11:57.0968 3076 iPod Service - ok
15:11:58.0093 3076 Iprip (f08d74ec300b8ba60ca953c58a24d19e) C:\WINDOWS\System32\iprip.dll
15:11:58.0187 3076 Iprip - ok
15:11:58.0265 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:11:58.0406 3076 IPSec - ok
15:11:58.0453 3076 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
15:11:58.0546 3076 irda - ok
15:11:58.0593 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:11:58.0640 3076 IRENUM - ok
15:11:58.0718 3076 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
15:11:58.0781 3076 Irmon - ok
15:11:58.0859 3076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:11:58.0968 3076 isapnp - ok
15:11:59.0140 3076 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
15:11:59.0156 3076 JavaQuickStarterService - ok
15:11:59.0265 3076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:11:59.0390 3076 Kbdclass - ok
15:11:59.0453 3076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:11:59.0593 3076 kbdhid - ok
15:11:59.0625 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:11:59.0750 3076 kmixer - ok
15:11:59.0796 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:11:59.0875 3076 KSecDD - ok
15:11:59.0921 3076 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:11:59.0984 3076 lanmanserver - ok
15:12:00.0031 3076 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:12:00.0062 3076 lanmanworkstation - ok
15:12:00.0093 3076 lbrtfdc - ok
15:12:00.0187 3076 LHidFlt2 (03976c309ede05d39017c05b817cd94f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
15:12:00.0234 3076 LHidFlt2 - ok
15:12:00.0296 3076 LHidUsb (25688115843c4028686a96d88bc28007) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
15:12:00.0359 3076 LHidUsb - ok
15:12:00.0468 3076 LightScribeService (8577ca80212a3ee1cf2fd1fc91e1cff6) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:12:00.0484 3076 LightScribeService - ok
15:12:00.0609 3076 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:12:00.0781 3076 LmHosts - ok
15:12:00.0859 3076 LMouFlt2 (26407519fca64ec4091fe1f815b4afc4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
15:12:00.0906 3076 LMouFlt2 - ok
15:12:00.0968 3076 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
15:12:00.0984 3076 lvpopflt - ok
15:12:01.0078 3076 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
15:12:01.0093 3076 LVPr2Mon - ok
15:12:01.0234 3076 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
15:12:01.0250 3076 LVPrcSrv - ok
15:12:01.0328 3076 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
15:12:01.0359 3076 LVRS - ok
15:12:01.0609 3076 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:12:02.0031 3076 LVUVC - ok

***** END OF 1st HALF*****
 
And now here's the 2nd half...


15:12:02.0187 3076 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
15:12:02.0234 3076 MatSvc - ok
15:12:02.0328 3076 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:12:02.0343 3076 MBAMProtector - ok
15:12:02.0421 3076 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:12:02.0468 3076 MBAMService - ok
15:12:02.0484 3076 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:12:02.0625 3076 Messenger - ok
15:12:02.0703 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:12:02.0843 3076 mnmdd - ok
15:12:02.0890 3076 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:12:03.0015 3076 mnmsrvc - ok
15:12:03.0078 3076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:12:03.0187 3076 Modem - ok
15:12:03.0265 3076 mosuport (349f92f27c7e9f2af4db418a4b3eac00) C:\WINDOWS\system32\DRIVERS\mosuport.sys
15:12:03.0390 3076 mosuport ( UnsignedFile.Multi.Generic ) - warning
15:12:03.0390 3076 mosuport - detected UnsignedFile.Multi.Generic (1)
15:12:03.0421 3076 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
15:12:03.0468 3076 motmodem - ok
15:12:03.0531 3076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:12:03.0640 3076 Mouclass - ok
15:12:03.0703 3076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:12:03.0859 3076 mouhid - ok
15:12:03.0921 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:12:04.0062 3076 MountMgr - ok
15:12:04.0078 3076 mraid35x - ok
15:12:04.0125 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:12:04.0281 3076 MRxDAV - ok
15:12:04.0343 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:12:04.0437 3076 MRxSmb - ok
15:12:04.0484 3076 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:12:04.0625 3076 MSDTC - ok
15:12:04.0718 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:12:04.0859 3076 Msfs - ok
15:12:04.0921 3076 MSFtpsvc (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
15:12:04.0984 3076 MSFtpsvc - ok
15:12:05.0000 3076 MSIServer - ok
15:12:05.0046 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:12:05.0187 3076 MSKSSRV - ok
15:12:05.0218 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:12:05.0312 3076 MSPCLOCK - ok
15:12:05.0328 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:12:05.0453 3076 MSPQM - ok
15:12:05.0531 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:12:05.0640 3076 mssmbios - ok
15:12:05.0687 3076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:12:05.0812 3076 MSTEE - ok
15:12:05.0859 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:12:05.0906 3076 Mup - ok
15:12:05.0953 3076 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
15:12:05.0984 3076 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
15:12:05.0984 3076 MxlW2k - detected UnsignedFile.Multi.Generic (1)
15:12:06.0156 3076 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
15:12:06.0203 3076 N360 - ok
15:12:06.0640 3076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:12:06.0796 3076 NABTSFEC - ok
15:12:06.0906 3076 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:12:07.0031 3076 napagent - ok
15:12:07.0375 3076 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120330.036\NAVENG.SYS
15:12:07.0390 3076 NAVENG - ok
15:12:07.0640 3076 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120330.036\NAVEX15.SYS
15:12:07.0796 3076 NAVEX15 - ok
15:12:07.0953 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:12:08.0156 3076 NDIS - ok
15:12:08.0203 3076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:12:08.0296 3076 NdisIP - ok
15:12:08.0343 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:12:08.0390 3076 NdisTapi - ok
15:12:08.0437 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:12:08.0546 3076 Ndisuio - ok
15:12:08.0609 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:12:08.0703 3076 NdisWan - ok
15:12:08.0750 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:12:08.0796 3076 NDProxy - ok
15:12:08.0859 3076 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
15:12:08.0890 3076 Netaapl - ok
15:12:08.0937 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:12:09.0046 3076 NetBIOS - ok
15:12:09.0109 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:12:09.0218 3076 NetBT - ok
15:12:09.0281 3076 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:12:09.0390 3076 NetDDE - ok
15:12:09.0406 3076 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:12:09.0500 3076 NetDDEdsdm - ok
15:12:09.0546 3076 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:12:09.0640 3076 Netlogon - ok
15:12:09.0687 3076 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:12:09.0812 3076 Netman - ok
15:12:09.0968 3076 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:12:09.0984 3076 NetTcpPortSharing - ok
15:12:10.0109 3076 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
15:12:10.0281 3076 NETw4x32 - ok
15:12:10.0500 3076 NETw5x32 (3bdc90d9b12b685944f2b0896af5413c) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
15:12:11.0078 3076 NETw5x32 ( UnsignedFile.Multi.Generic ) - warning
15:12:11.0078 3076 NETw5x32 - detected UnsignedFile.Multi.Generic (1)
15:12:11.0140 3076 NetWlan5 (9a6a0193c0f6a79f191171816976fc73) C:\WINDOWS\system32\DRIVERS\NetWlan5.sys
15:12:11.0312 3076 NetWlan5 - ok
15:12:11.0531 3076 NETwLx32 (cbd6918929b5edacff9c782536019bbb) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
15:12:12.0000 3076 NETwLx32 - ok
15:12:12.0093 3076 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:12:12.0140 3076 Nla - ok
15:12:12.0234 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:12:12.0359 3076 Npfs - ok
15:12:12.0406 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:12:12.0562 3076 Ntfs - ok
15:12:12.0625 3076 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:12:12.0718 3076 NtLmSsp - ok
15:12:12.0796 3076 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:12:12.0937 3076 NtmsSvc - ok
15:12:13.0015 3076 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:12:13.0031 3076 NuidFltr - ok
15:12:13.0078 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:12:13.0187 3076 Null - ok
15:12:13.0234 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:12:13.0375 3076 NwlnkFlt - ok
15:12:13.0406 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:12:13.0546 3076 NwlnkFwd - ok
15:12:13.0546 3076 OMCI - ok
15:12:13.0609 3076 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) C:\WINDOWS\system32\p2pgasvc.dll
15:12:13.0750 3076 p2pgasvc - ok
15:12:13.0812 3076 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
15:12:13.0984 3076 p2pimsvc - ok
15:12:14.0015 3076 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
15:12:14.0125 3076 p2psvc - ok
15:12:14.0218 3076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:12:14.0343 3076 Parport - ok
15:12:14.0375 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:12:14.0515 3076 PartMgr - ok
15:12:14.0531 3076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:12:14.0656 3076 ParVdm - ok
15:12:14.0671 3076 PCA - ok
15:12:14.0734 3076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:12:14.0843 3076 PCI - ok
15:12:14.0875 3076 PCIDump - ok
15:12:14.0937 3076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:12:15.0046 3076 PCIIde - ok
15:12:15.0093 3076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:12:15.0203 3076 Pcmcia - ok
15:12:15.0250 3076 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
15:12:15.0250 3076 pcouffin ( UnsignedFile.Multi.Generic ) - warning
15:12:15.0250 3076 pcouffin - detected UnsignedFile.Multi.Generic (1)
15:12:15.0265 3076 PDCOMP - ok
15:12:15.0281 3076 PDFRAME - ok
15:12:15.0312 3076 PDRELI - ok
15:12:15.0328 3076 PDRFRAME - ok
15:12:15.0359 3076 perc2 - ok
15:12:15.0375 3076 perc2hib - ok
15:12:15.0484 3076 PersonalSecureDrive (f21b077b1fba7aa331fa1087078d92e8) C:\WINDOWS\System32\drivers\psd.sys
15:12:15.0500 3076 PersonalSecureDrive - ok
15:12:15.0515 3076 PersonalSecureDriveService (c30a73c602c09bc8404a18497ad24145) C:\WINDOWS\system32\IfxPsdSv.exe
15:12:15.0531 3076 PersonalSecureDriveService - ok
15:12:15.0593 3076 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:12:15.0609 3076 PlugPlay - ok
15:12:15.0687 3076 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
15:12:15.0781 3076 PNRPSvc - ok
15:12:15.0875 3076 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
15:12:15.0875 3076 Point32 - ok
15:12:15.0953 3076 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:12:16.0046 3076 PolicyAgent - ok
15:12:16.0109 3076 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
15:12:16.0140 3076 ppsio2 ( UnsignedFile.Multi.Generic ) - warning
15:12:16.0140 3076 ppsio2 - detected UnsignedFile.Multi.Generic (1)
15:12:16.0203 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:12:16.0328 3076 PptpMiniport - ok
15:12:16.0375 3076 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:12:16.0500 3076 ProtectedStorage - ok
15:12:16.0578 3076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:12:16.0703 3076 PSched - ok
15:12:16.0718 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:12:16.0843 3076 Ptilink - ok
15:12:16.0875 3076 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:12:16.0890 3076 PxHelp20 - ok
15:12:16.0906 3076 ql1080 - ok
15:12:16.0921 3076 Ql10wnt - ok
15:12:16.0953 3076 ql12160 - ok
15:12:16.0968 3076 ql1240 - ok
15:12:17.0000 3076 ql1280 - ok
15:12:17.0031 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:12:17.0125 3076 RasAcd - ok
15:12:17.0187 3076 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:12:17.0296 3076 RasAuto - ok
15:12:17.0359 3076 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:12:17.0421 3076 Rasirda - ok
15:12:17.0437 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:12:17.0546 3076 Rasl2tp - ok
15:12:17.0609 3076 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:12:17.0718 3076 RasMan - ok
15:12:17.0781 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:12:17.0890 3076 RasPppoe - ok
15:12:17.0937 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:12:18.0046 3076 Raspti - ok
15:12:18.0078 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:12:18.0187 3076 Rdbss - ok
15:12:18.0234 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:12:18.0328 3076 RDPCDD - ok
15:12:18.0375 3076 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:12:18.0484 3076 rdpdr - ok
15:12:18.0562 3076 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:12:18.0578 3076 RDPWD - ok
15:12:18.0625 3076 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:12:18.0718 3076 RDSessMgr - ok
15:12:18.0781 3076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:12:18.0890 3076 redbook - ok
15:12:19.0046 3076 RegSrvc (5608ed3957105bc14e3c426bb27ac5a1) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:12:19.0078 3076 RegSrvc - ok
15:12:19.0218 3076 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:12:19.0359 3076 RemoteAccess - ok
15:12:19.0406 3076 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:12:19.0562 3076 RemoteRegistry - ok
15:12:19.0656 3076 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:12:19.0671 3076 Revoflt - ok
15:12:19.0812 3076 rma (fc4ffde5abbfbd95ad7564db199e1864) C:/Novadigm/ManagementAgent/nvdkit.exe
15:12:20.0218 3076 rma ( Rootkit.Win32.PMax.gen ) - infected
15:12:20.0218 3076 rma - detected Rootkit.Win32.PMax.gen (0)
15:12:20.0234 3076 rootrepeal - ok
15:12:20.0265 3076 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:12:20.0375 3076 RpcLocator - ok
15:12:20.0437 3076 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:12:20.0453 3076 RpcSs - ok
15:12:20.0515 3076 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:12:20.0640 3076 RSVP - ok
15:12:20.0812 3076 S24EventMonitor (b67d13453f33f569ba6cab45447ad724) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
15:12:20.0906 3076 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
15:12:20.0906 3076 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
15:12:21.0046 3076 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:12:21.0062 3076 s24trans ( UnsignedFile.Multi.Generic ) - warning
15:12:21.0062 3076 s24trans - detected UnsignedFile.Multi.Generic (1)
15:12:21.0125 3076 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:12:21.0265 3076 SamSs - ok
15:12:21.0453 3076 SamsungAllShareV2.0 (8325093bdae38247a8482ab0a1bc37ce) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
15:12:21.0484 3076 SamsungAllShareV2.0 - ok
15:12:21.0593 3076 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:12:21.0750 3076 SCardSvr - ok
15:12:21.0828 3076 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:12:21.0953 3076 Schedule - ok
15:12:22.0015 3076 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:12:22.0125 3076 sdbus - ok
15:12:22.0250 3076 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:12:22.0265 3076 SeaPort - ok
15:12:22.0343 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:12:22.0421 3076 Secdrv - ok
15:12:22.0453 3076 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:12:22.0578 3076 seclogon - ok
15:12:22.0625 3076 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:12:22.0750 3076 SENS - ok
15:12:22.0796 3076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:12:22.0921 3076 Serial - ok
15:12:23.0015 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:12:23.0140 3076 Sfloppy - ok
15:12:23.0203 3076 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:12:23.0328 3076 SharedAccess - ok
15:12:23.0375 3076 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:12:23.0390 3076 ShellHWDetection - ok
15:12:23.0406 3076 Simbad - ok
15:12:23.0546 3076 SimpleSlideShowServer (002efe99e9117d8c9feb17ce9cc6af82) C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
15:12:23.0562 3076 SimpleSlideShowServer - ok
15:12:23.0625 3076 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe
15:12:23.0734 3076 SimpTcp - ok
15:12:23.0781 3076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:12:23.0906 3076 SLIP - ok
15:12:23.0937 3076 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
15:12:24.0000 3076 SMCIRDA - ok
15:12:24.0109 3076 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
15:12:24.0156 3076 SMTPSVC - ok
15:12:24.0203 3076 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
15:12:24.0328 3076 SNMP - ok
15:12:24.0359 3076 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
15:12:24.0468 3076 SNMPTRAP - ok
15:12:24.0484 3076 Sparrow - ok
15:12:24.0546 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:12:24.0640 3076 splitter - ok
15:12:24.0687 3076 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:12:24.0734 3076 Spooler - ok
15:12:24.0765 3076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:12:24.0843 3076 sr - ok
15:12:24.0906 3076 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:12:24.0968 3076 srservice - ok
15:12:25.0093 3076 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
15:12:25.0125 3076 SRTSP - ok
15:12:25.0171 3076 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
15:12:25.0171 3076 SRTSPX - ok
15:12:25.0265 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:12:25.0312 3076 Srv - ok
15:12:25.0375 3076 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:12:25.0437 3076 SSDPSRV - ok
15:12:25.0515 3076 StatusAgent4 (773940b8d50439391ffa619b3eef01a3) C:\WINDOWS\system32\SAgent4.exe
15:12:25.0546 3076 StatusAgent4 ( UnsignedFile.Multi.Generic ) - warning
15:12:25.0546 3076 StatusAgent4 - detected UnsignedFile.Multi.Generic (1)
15:12:25.0671 3076 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:12:26.0015 3076 stisvc - ok
15:12:26.0421 3076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:12:26.0562 3076 streamip - ok
15:12:27.0000 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:12:27.0187 3076 swenum - ok
15:12:27.0593 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:12:27.0718 3076 swmidi - ok
15:12:27.0859 3076 SwPrv - ok
15:12:28.0093 3076 symc810 - ok
15:12:28.0281 3076 symc8xx - ok
15:12:28.0453 3076 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
15:12:28.0484 3076 SymDS - ok
15:12:28.0562 3076 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
15:12:28.0625 3076 SymEFA - ok
15:12:28.0703 3076 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
15:12:28.0718 3076 SymEvent - ok
15:12:28.0734 3076 SYMFW - ok
15:12:28.0750 3076 SYMIDS - ok
15:12:28.0828 3076 SymIM (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
15:12:28.0843 3076 SymIM - ok
15:12:28.0859 3076 SymIMMP (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
15:12:28.0859 3076 SymIMMP - ok
15:12:28.0906 3076 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
15:12:28.0921 3076 SymIRON - ok
15:12:28.0921 3076 SYMNDIS - ok
15:12:29.0000 3076 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
15:12:29.0031 3076 SYMTDI - ok
15:12:29.0046 3076 sym_hi - ok
15:12:29.0062 3076 sym_u3 - ok
15:12:29.0140 3076 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:12:29.0203 3076 SynTP - ok
15:12:29.0234 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:12:29.0343 3076 sysaudio - ok
15:12:29.0390 3076 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:12:29.0484 3076 SysmonLog - ok
15:12:29.0546 3076 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:12:29.0656 3076 TapiSrv - ok
15:12:29.0750 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:12:29.0781 3076 Tcpip - ok
15:12:29.0859 3076 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
15:12:29.0875 3076 Tcpip6 - ok
15:12:29.0921 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:12:30.0031 3076 TDPIPE - ok
15:12:30.0078 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:12:30.0171 3076 TDTCP - ok
15:12:30.0203 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:12:30.0312 3076 TermDD - ok
15:12:30.0359 3076 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:12:30.0484 3076 TermService - ok
15:12:30.0531 3076 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:12:30.0546 3076 Themes - ok
15:12:30.0609 3076 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\WINDOWS\system32\drivers\tifm21.sys
15:12:30.0671 3076 tifm21 - ok
15:12:30.0718 3076 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:12:30.0796 3076 TlntSvr - ok
15:12:30.0796 3076 TosIde - ok
15:12:30.0921 3076 Tq_91Assistant (8dc050d1558e0cc1593b63765c5c5fcf) C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys
15:12:30.0953 3076 Tq_91Assistant - ok
15:12:31.0000 3076 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:12:31.0109 3076 TrkWks - ok
15:12:31.0171 3076 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
15:12:31.0296 3076 tunmp - ok
15:12:31.0312 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:12:31.0421 3076 Udfs - ok
15:12:31.0468 3076 ultra - ok
15:12:31.0531 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:12:31.0656 3076 Update - ok
15:12:31.0703 3076 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:12:31.0750 3076 upnphost - ok
15:12:31.0781 3076 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:12:31.0890 3076 UPS - ok
15:12:31.0953 3076 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:12:31.0953 3076 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
15:12:31.0953 3076 USBAAPL - detected UnsignedFile.Multi.Generic (1)
15:12:32.0000 3076 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:12:32.0109 3076 usbaudio - ok
15:12:32.0156 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:12:32.0265 3076 usbccgp - ok
15:12:32.0296 3076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:12:32.0406 3076 usbehci - ok
15:12:32.0453 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:12:32.0546 3076 usbhub - ok
15:12:32.0609 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:12:32.0703 3076 usbscan - ok
15:12:32.0750 3076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:12:32.0859 3076 USBSTOR - ok
15:12:32.0890 3076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:12:33.0000 3076 usbuhci - ok
15:12:33.0031 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:12:33.0140 3076 VgaSave - ok
15:12:33.0156 3076 ViaIde - ok
15:12:33.0203 3076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:12:33.0312 3076 VolSnap - ok
15:12:33.0375 3076 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:12:33.0421 3076 VSS - ok
15:12:33.0609 3076 VYHTONMFEYDV - ok
15:12:33.0656 3076 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:12:33.0750 3076 W32Time - ok
15:12:33.0843 3076 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
15:12:33.0906 3076 W3SVC - ok
15:12:33.0984 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:12:34.0125 3076 Wanarp - ok
15:12:34.0296 3076 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:12:34.0343 3076 Wdf01000 - ok
15:12:34.0343 3076 WDICA - ok
15:12:34.0406 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:12:34.0562 3076 wdmaud - ok
15:12:34.0640 3076 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:12:34.0796 3076 WebClient - ok
15:12:34.0875 3076 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:12:35.0015 3076 winmgmt - ok
15:12:35.0093 3076 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
15:12:35.0296 3076 WinRM - ok
15:12:35.0500 3076 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:12:35.0640 3076 wlidsvc - ok
15:12:35.0781 3076 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:12:35.0859 3076 WmdmPmSN - ok
15:12:35.0921 3076 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:12:36.0000 3076 Wmi - ok
15:12:36.0109 3076 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:12:36.0296 3076 WmiAcpi - ok
15:12:36.0390 3076 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:12:36.0515 3076 WmiApSrv - ok
15:12:36.0625 3076 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:12:36.0703 3076 WMPNetworkSvc - ok
15:12:36.0968 3076 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:12:37.0062 3076 WPFFontCache_v0400 - ok
15:12:37.0140 3076 WSearch - ok
15:12:37.0265 3076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:12:37.0453 3076 WSTCODEC - ok
15:12:37.0500 3076 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:12:37.0609 3076 wuauserv - ok
15:12:37.0656 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:12:37.0703 3076 WudfPf - ok
15:12:37.0734 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:12:37.0750 3076 WudfRd - ok
15:12:37.0781 3076 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:12:37.0796 3076 WudfSvc - ok
15:12:37.0859 3076 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:12:38.0046 3076 WZCSVC - ok
15:12:38.0093 3076 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:12:38.0203 3076 xmlprov - ok
15:12:38.0312 3076 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:12:38.0406 3076 YahooAUService - ok
15:12:38.0531 3076 _IOMEGA_ACTIVE_DISK_SERVICE_ (b624180218bb196ad9869d5d6b454318) C:\Program Files\Iomega\AutoDisk\ADService.exe
15:12:38.0562 3076 _IOMEGA_ACTIVE_DISK_SERVICE_ ( UnsignedFile.Multi.Generic ) - warning
15:12:38.0562 3076 _IOMEGA_ACTIVE_DISK_SERVICE_ - detected UnsignedFile.Multi.Generic (1)
15:12:38.0593 3076 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:12:38.0843 3076 \Device\Harddisk0\DR0 - ok
15:12:38.0859 3076 Boot (0x1200) (8ef0719d069556ff4bdfe02646bfa2fd) \Device\Harddisk0\DR0\Partition0
15:12:38.0859 3076 \Device\Harddisk0\DR0\Partition0 - ok
15:12:38.0875 3076 ============================================================
15:12:38.0875 3076 Scan finished
15:12:38.0875 3076 ============================================================
15:12:39.0031 7984 Detected object count: 24
15:12:39.0031 7984 Actual detected object count: 24
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Ok, it's running now...
After running for 2 minutes it popped up this infobox...
"You are infected with Rootkit.Zeroacess, it is embedded within the tcp/ip stack...

It just installed recovery console, rebooted, and now backing up registry

I'll post back here when it's completed...
Wow working on a Sunday Broni...You're awesome
 
ok, combofix just finished, but a couple things I noticed after the initial reboot...
After 2 or 3 mins after reboot, all the autostart progs started popping up...
I thought I had previously disabled them...
Spybot S&D started auto-updating, lightscribe software, scanner/printer software, and a couple others...

I'll paste the log below, I was just worried about any possible conflicts from those autostart items, since the Combofix box said not to run any progs during process...
Damn it.......

ComboFix 12-04-01.01 - Scott 04/01/2012 15:15:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.531 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
ADS - ntoskrnl.exe: deleted 88 bytes in 2 streams.
ADS - explorer.exe: deleted 88 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Scott\WINDOWS
c:\windows\$NtUninstallKB32952$
c:\windows\$NtUninstallKB32952$\1018300276
c:\windows\$NtUninstallKB32952$\252809129\@
c:\windows\$NtUninstallKB32952$\252809129\bckfg.tmp
c:\windows\$NtUninstallKB32952$\252809129\cfg.ini
c:\windows\$NtUninstallKB32952$\252809129\Desktop.ini
c:\windows\$NtUninstallKB32952$\252809129\keywords
c:\windows\$NtUninstallKB32952$\252809129\kwrd.dll
c:\windows\$NtUninstallKB32952$\252809129\L\lelapezm
c:\windows\$NtUninstallKB32952$\252809129\lsflt7.ver
c:\windows\$NtUninstallKB32952$\252809129\U\00000001.@
c:\windows\$NtUninstallKB32952$\252809129\U\00000002.@
c:\windows\$NtUninstallKB32952$\252809129\U\00000004.@
c:\windows\$NtUninstallKB32952$\252809129\U\80000000.@
c:\windows\$NtUninstallKB32952$\252809129\U\80000004.@
c:\windows\$NtUninstallKB32952$\252809129\U\80000032.@
c:\windows\$NtUninstallKB32952$\252809129\version
c:\windows\system32\Cache
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-03-31 03:12 . 2012-03-31 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2012-03-30 00:09 . 2012-03-30 00:09 -------- d-----w- c:\documents and settings\Scott\ADMINCOPY
2012-03-24 08:14 . 2012-03-24 08:14 -------- d-----w- c:\program files\iPod
2012-03-24 08:13 . 2012-03-24 08:15 -------- d-----w- c:\program files\iTunes
2012-03-23 23:20 . 2012-03-23 23:20 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2012-03-23 05:28 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-23 05:09 . 2012-03-23 05:09 -------- d-----w- c:\program files\Common Files\Java
2012-03-23 05:08 . 2012-03-23 05:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-21 10:57 . 2012-03-21 10:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixTDSS
2012-03-21 07:47 . 2012-03-30 11:52 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-20 22:29 . 2012-03-20 22:29 -------- d-----w- C:\2a1760332fdbeb9d829e7d
2012-03-20 11:55 . 2012-03-20 20:33 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 05:07 . 2011-04-22 21:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 15:13 . 2005-03-29 20:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-03 09:22 . 2004-08-04 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2010-02-17 05:58 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-21 07:24 . 2011-12-25 13:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-22 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"PPWebCap"="c:\progra~1\ScanSoft\PaperPort\PPWebCap.exe" [2000-09-06 40960]
"iPhone PC Suite"="c:\program files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [2011-11-22 3932584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-20 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1206544]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2011-06-23 677144]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-10 806912]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2000-10-12 73728]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-21 53248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 1778064]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-12-02 126976]
"EEventManager"="c:\progra~1\Epson Software\Event Manager\EEventManager.exe" [2009-04-07 673616]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"CognizanceTS"="c:\progra~1\Hewlett-Packard\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2011-12-16 284560]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"accrdsub"="c:\program files\ActivIdentity\ActivClient Mini\accrdsub.exe" [2006-04-21 176128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-8 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2006-04-27 22:43 98304 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2006-04-14 22:55 94208 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 08:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck AUTONTFS C: PAGE=MIN DIRS=NONE MFT=MIN
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FlexService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Scott\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\NetDragon\\91 Mobile\\iPhone\\iPhone PC Suite.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
"16281:TCP"= 16281:TCP:*:Disabled:ares
"5985:TCP"= 5985:TCP:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [3/20/2012 4:55 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [3/20/2012 4:55 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/16/2012 7:13 PM 820856]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [6/23/2011 1:53 PM 38816]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [3/20/2012 4:55 AM 136312]
R2 acachsrv;ActivClient Authentication Service;c:\program files\ActivIdentity\ActivClient Mini\acachsrv.exe [4/12/2006 4:43 PM 81920]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient Mini\accoca.exe [5/2/2006 4:28 PM 135168]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/3/2004 10:00 PM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/24/2011 9:14 PM 652360]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [3/20/2012 4:55 AM 130008]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [3/9/2011 5:30 PM 23200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/22/2012 10:45 PM 106104]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/18/2010 2:02 AM 97280]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120330.002\IDSXpx86.sys [3/30/2012 7:36 PM 356280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/23/2011 1:53 PM 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/24/2011 9:13 PM 20464]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [3/5/2011 12:48 AM 6607744]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/11/2010 1:22 AM 47360]
S0 92490461;92490461;c:\windows\system32\drivers\93517887.sys --> c:\windows\system32\drivers\93517887.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:12 AM 135664]
S2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:12 AM 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 cpuz134;cpuz134;\??\c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [6/23/2011 1:41 PM 30008]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [5/2/2011 1:14 PM 44432]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 EraserUtilDrv11110;EraserUtilDrv11110;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [?]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [3/4/2010 8:29 PM 900736]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1/14/2011 3:03 PM 18432]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2/16/2010 11:12 PM 132695]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/27/2011 11:29 PM 27064]
S3 Tq_91Assistant;Tq_91Assistant;c:\program files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [10/12/2011 5:45 PM 14248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/3/2004 10:00 PM 14336]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 9:06 AM 172131]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [8/31/2010 12:16 PM 92216]
S4 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/3/2004 10:00 PM 14336]
S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [12/16/2011 4:26 PM 25504]
S4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [12/16/2011 4:26 PM 27584]
S4 VYHTONMFEYDV;VYHTONMFEYDV;c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe --> c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe [?]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 10:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
incdfs
VrAcFil
ISAMSvc
Pnp680r
backupclientsvc
cavasm
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 22:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]
.
2010-02-21 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 21:51]
.
2011-05-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2010-07-22 00:07]
.
2011-12-24 c:\windows\Tasks\User_Feed_Synchronization-{3A5E7D81-63E7-4CF0-9574-ED7741785D2B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\djykcujg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKCU-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE
HKLM-Run-USBDetector - c:\usbstorage\USBDetector.exe
HKLM-Run-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
HKLM-Run-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
SafeBoot-49242019.sys
SafeBoot-92490461.sys
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\drivers\tsk197.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1824)
c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aclog.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acauth.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\asphatrc.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\netprovcredman.dll
c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
.
- - - - - - - > 'explorer.exe'(5184)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btmmhook.dll
c:\program files\Iomega\DriveIcons\IMGHOOK.DLL
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\locator.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\System32\snmptrap.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\Logi_MwX.Exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
.
**************************************************************************
.
Completion time: 2012-04-01 17:43:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 00:43
.
Pre-Run: 23,127,564,288 bytes free
Post-Run: 24,250,433,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9C172B771BD025E1597554597170CB30
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe

Rootkit::
c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe

Folder::

Driver::
VYHTONMFEYDV

Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok, I dragged the CFScript onto the combofix desktop icon per the instructions...
Combofix then ran for awhile, then rebooted...
When system restarted, I got this error message... ""Find3m.exe has generated errors" when I clicked on technical details of the error msg box, it said it was the "ntkrnl.dll" that had the error.

Not sure how important that is..
So then it rebooted again, and now combofix started again upon reboot...
Now it's running, and (seems) to be either running extremely slow or frozen up on the initial screen...

Any chance I'll have to redo the entire drag n' drop process again?
What should I do if this doesn't show any progress after say 30 mins to an hour?
 
Ok, so it just finished, and here's the log pasted below...
I'm just hoping that previous error didn't interfere with the whole cleaning process...



ComboFix 12-04-01.01 - Scott 04/02/2012 13:11:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.184 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
FILE ::
"c:\docume~1\Scott\LOCALS~1\Temp\VYHTONMFEYDV.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\mcsysmon.dll
c:\windows\system32\SrvcEKIOMngr.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VYHTONMFEYDV
-------\Service_VYHTONMFEYDV
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 10:20 . 2012-04-02 10:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Intel Corporation
2012-04-02 10:18 . 2012-04-02 10:18 -------- d-----w- c:\program files\Common Files\Intel Corporation
2012-04-02 10:18 . 2009-07-06 17:41 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-03-31 03:12 . 2012-03-31 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2012-03-30 00:09 . 2012-03-30 00:09 -------- d-----w- c:\documents and settings\Scott\ADMINCOPY
2012-03-24 08:14 . 2012-03-24 08:14 -------- d-----w- c:\program files\iPod
2012-03-24 08:13 . 2012-03-24 08:15 -------- d-----w- c:\program files\iTunes
2012-03-23 23:20 . 2012-03-23 23:20 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2012-03-23 05:28 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-23 05:09 . 2012-03-23 05:09 -------- d-----w- c:\program files\Common Files\Java
2012-03-23 05:08 . 2012-03-23 05:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-21 10:57 . 2012-03-21 10:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixTDSS
2012-03-21 07:47 . 2012-03-30 11:52 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-20 22:29 . 2012-03-20 22:29 -------- d-----w- C:\2a1760332fdbeb9d829e7d
2012-03-20 11:55 . 2012-03-20 20:33 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 05:07 . 2011-04-22 21:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 15:13 . 2005-03-29 20:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-03 09:22 . 2004-08-04 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2010-02-17 05:58 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-21 07:24 . 2011-12-25 13:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_00.28.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-02 20:51 . 2012-04-02 20:51 16384 c:\windows\Temp\Perflib_Perfdata_f30.dat
+ 2012-04-02 10:17 . 2012-04-02 10:17 16384 c:\windows\Temp\Perflib_Perfdata_ef0.dat
+ 2012-04-02 20:53 . 2012-04-02 20:53 16384 c:\windows\Temp\Perflib_Perfdata_af8.dat
+ 2012-04-02 10:19 . 2012-04-02 10:19 16384 c:\windows\Temp\Perflib_Perfdata_954.dat
+ 2012-04-02 20:51 . 2012-04-02 20:51 16384 c:\windows\Temp\Perflib_Perfdata_37c.dat
+ 2012-04-02 02:58 . 2012-04-02 02:58 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\8be0779797618954d5a2c476e3051384\IAStorDataMgrSvc.ni.exe
+ 2012-04-02 02:58 . 2012-04-02 02:58 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b21efbbf908e76f478fecf0dac91b797\IAStorCommon.ni.dll
+ 2012-04-02 20:51 . 2009-10-07 09:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-04-02 00:25 . 2009-10-07 09:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-04-02 02:57 . 2010-11-06 06:39 354840 c:\windows\system32\ReinstallBackups\0009\DriverFiles\iaStor.sys
+ 2011-07-30 10:33 . 2012-04-02 20:53 227085 c:\windows\system32\inetsrv\MetaBase.bin
+ 2012-04-02 02:57 . 2011-05-20 16:43 461592 c:\windows\system32\DRVSTORE\iaAHCI_0651BCB6BBBF94976389C3257187CBCCD78E818A\iaStor.sys
+ 2008-05-07 22:40 . 2011-05-20 16:43 461592 c:\windows\system32\drivers\iaStor.sys
+ 2012-04-02 02:58 . 2012-04-02 02:58 172544 c:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f3ad09a901d7bf18707558d9400e4bde\IsdiInterop.ni.dll
+ 2012-04-02 02:58 . 2012-04-02 02:58 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ba565724f08e76b19d13c54655eec652\IAStorUtil.ni.dll
+ 2012-04-02 02:58 . 2012-04-02 02:58 225792 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\414ec8d76f2127a2a2ad42e4c23eeeea\IAStorDataMgr.ni.dll
+ 2011-05-06 01:58 . 2009-07-06 18:10 5854752 c:\windows\system32\drivers\igxpmp32.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-20 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1206544]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2011-06-23 677144]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"accrdsub"="c:\program files\ActivIdentity\ActivClient Mini\accrdsub.exe" [2006-04-21 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-16 137752]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2006-04-27 22:43 98304 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2006-04-14 22:55 94208 ----a-w- c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 08:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck AUTONTFS C: PAGE=MIN DIRS=NONE MFT=MIN
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FlexService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Scott\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\NetDragon\\91 Mobile\\iPhone\\iPhone PC Suite.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
"16281:TCP"= 16281:TCP:*:Disabled:ares
"5985:TCP"= 5985:TCP:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [3/20/2012 4:55 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [3/20/2012 4:55 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/16/2012 7:13 PM 820856]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [6/23/2011 1:53 PM 38816]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [3/20/2012 4:55 AM 136312]
R2 acachsrv;ActivClient Authentication Service;c:\program files\ActivIdentity\ActivClient Mini\acachsrv.exe [4/12/2006 4:43 PM 81920]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient Mini\accoca.exe [5/2/2006 4:28 PM 135168]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/3/2004 10:00 PM 14336]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [4/1/2012 7:58 PM 13592]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/24/2011 9:14 PM 652360]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [3/20/2012 4:55 AM 130008]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [3/9/2011 5:30 PM 23200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/22/2012 10:45 PM 106104]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/18/2010 2:02 AM 97280]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120330.002\IDSXpx86.sys [3/30/2012 7:36 PM 356280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/23/2011 1:53 PM 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/24/2011 9:13 PM 20464]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [3/5/2011 12:48 AM 6607744]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/11/2010 1:22 AM 47360]
S0 92490461;92490461;c:\windows\system32\drivers\93517887.sys --> c:\windows\system32\drivers\93517887.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:12 AM 135664]
S2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:12 AM 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 cpuz134;cpuz134;\??\c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [6/23/2011 1:41 PM 30008]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [5/2/2011 1:14 PM 44432]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 EraserUtilDrv11110;EraserUtilDrv11110;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [?]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [3/4/2010 8:29 PM 900736]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1/14/2011 3:03 PM 18432]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2/16/2010 11:12 PM 132695]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/27/2011 11:29 PM 27064]
S3 Tq_91Assistant;Tq_91Assistant;c:\program files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [10/12/2011 5:45 PM 14248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/3/2004 10:00 PM 14336]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 9:06 AM 172131]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [8/31/2010 12:16 PM 92216]
S4 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/3/2004 10:00 PM 14336]
S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [12/16/2011 4:26 PM 25504]
S4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [12/16/2011 4:26 PM 27584]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 10:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
incdfs
VrAcFil
ISAMSvc
Pnp680r
backupclientsvc
cavasm
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 22:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-22 15:35]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 18:12]
.
2010-02-21 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 21:51]
.
2011-05-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2010-07-22 00:07]
.
2011-12-24 c:\windows\Tasks\User_Feed_Synchronization-{3A5E7D81-63E7-4CF0-9574-ED7741785D2B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\djykcujg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 13:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\drivers\tsk197.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1868)
c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aclog.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acauth.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\asphatrc.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\netprovcredman.dll
c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
.
- - - - - - - > 'explorer.exe'(6640)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
c:\progra~1\Spybot - Search & Destroy\SDHelper.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\qedit.dll
c:\windows\system32\AVERM.dll
c:\program files\Samsung\AllShare\FunCodecFilter.ax
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\locator.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\System32\snmptrap.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-04-02 14:08:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 21:07
ComboFix2.txt 2012-04-02 00:43
.
Pre-Run: 24,235,380,736 bytes free
Post-Run: 24,035,938,304 bytes free
.
- - End Of File - - 251EE9F374DEF83F85EE006DC110D8A3
 
Very good :)

How is computer doing?

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Wow, ok just now Norton did a scan in the background, and this popped up...

Security History/Unresolved Security Risks/
"srvcekiomngr.dll" (Trojan.Zeroaccess!inf) detected by autodetect) Manual removal required - ***was found yesterday at 3:26 PM***

and

"mcsysmon.dll" (Trojan.Zeroaccess!inf) detected by autodetect) Manual removal required - ***was found March 30th at 5:35 AM***

It also just advised me that it Quarantined "combofix.exe" (Trojan.ADH.2) at 2:33 PM today!?!? Hopefully this is all old news and isn't really there anymore.

Should I clear all the previous scan results & activity and do a new full system scan?
ALSO... At any point, am I to re-enable my system restore service during this process?
 
Norton found those two files in Combofix quarantine folder as they were just removed by Combofix.

Disregard my previous reply asking you to run TDSSKiller again.

Instead...

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
srvcekiomngr.dll
mcsysmon.dll
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Very good :)

How is computer doing?

Well, it seems to be fine thus far as far as rebooting without delay and starting up in a timely fashion...I'm also no longer receiving the MBAM warnings that said "Blocked Outgoing Connection Attempts" to different ip addys every coupole mins...So that's a good sign I reckon. :)

But the Norton popup warnings are a little disconcerting, lol...
I'll run the TDSSKILLER now and paste the results here momentarily...
And hey, thanks again Broni...
 
Back