Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ordinal 1109 could not be located infection


  • This topic is locked This topic is locked
33 replies to this topic

#1 chowbaby

chowbaby

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 13 April 2012 - 09:59 AM

Hi,

My computer has been infected with the ordinal 1109 could not be located virus and cannot seem to figure out how to remove/fix it on my computer! Please help!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 PM

Posted 14 April 2012 - 12:33 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chowbaby

chowbaby
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 16 April 2012 - 06:35 AM

Posts:
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec AntiVirus
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Windows Defender
Java™ 6 Update 22
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Symantec AntiVirus DefWatch.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Owner at 7:27:33 on 2012-04-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.484 [GMT -4:00]
.
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\comcasttb\CIDGlobalLight.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://xfinity.comcast.net/?
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Download] "c:\documents and settings\owner\local settings\application data\supportsoft\ddoctorv2\owner\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.cartoonnetwork.com/games/dexter/botbrigade/index.html"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Enterprise
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
dPolicies-explorer: NoDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C1FF31C3-7189-4D69-8AFF-7E36851B749D} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-2-15 361472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-24 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120330.002\naveng.sys [2012-3-30 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120330.002\navex15.sys [2012-3-30 1576312]
S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-11 135664]
S2 ndasbus;S616mgmt;c:\windows\system32\svchost.exe -k netsvcs [2006-5-6 14336]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
S2 symantecantibotdriver;PCDRSRVC;c:\windows\system32\svchost.exe -k netsvcs [2006-5-6 14336]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-7-1 69692]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-11 135664]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
.
=============== Created Last 30 ================
.
2012-04-13 03:04:26 301056 ---ha-w- c:\documents and settings\all users\application data\NaDwLaiRnW.exe
2012-04-13 02:57:02 56200 ---ha-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{407f630a-a343-493f-833a-feb3049eb81d}\offreg.dll
2012-04-12 04:42:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-12 04:39:44 -------- d--h--w- c:\windows\system32\wbem\Repository
2012-04-12 04:39:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
.
==================== Find3M ====================
.
2012-04-14 19:01:39 0 ----a-w- c:\windows\system32\tpsrv.dll
2012-04-14 19:00:47 0 ----a-w- c:\windows\system32\msloop.dll
2009-09-07 03:00:09 19428 -c-ha-w- c:\program files\common files\ovozo.pif
2009-09-07 03:00:09 17953 -c-ha-w- c:\program files\common files\omatul.com
2009-09-07 02:50:58 17654 -c-ha-w- c:\program files\common files\jywiwot.sys
2009-09-07 02:50:58 17199 -c-ha-w- c:\program files\common files\qojoregocu.bin
.
============= FINISH: 7:28:53.06 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2006 11:30:34 PM
System Uptime: 4/16/2012 7:08:38 AM (0 hours ago)
.
Motherboard: Intel Corporation | | D102GGC2
Processor: Intel® Celeron® D CPU 3.20GHz | | 3200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 33.824 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.589 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1463: 1/13/2012 7:33:54 PM - System Checkpoint
RP1464: 1/14/2012 9:38:10 PM - System Checkpoint
RP1465: 1/16/2012 1:27:44 AM - System Checkpoint
RP1466: 1/17/2012 7:47:46 PM - System Checkpoint
RP1467: 1/19/2012 10:28:08 PM - System Checkpoint
RP1468: 1/21/2012 1:36:54 AM - System Checkpoint
RP1469: 1/22/2012 2:40:03 AM - System Checkpoint
RP1470: 1/23/2012 5:14:03 PM - System Checkpoint
RP1471: 1/25/2012 8:33:32 PM - System Checkpoint
RP1472: 1/26/2012 8:50:08 PM - System Checkpoint
RP1473: 1/28/2012 10:33:51 AM - System Checkpoint
RP1474: 1/29/2012 11:30:01 AM - System Checkpoint
RP1475: 1/31/2012 10:07:06 PM - System Checkpoint
RP1476: 2/1/2012 10:42:57 PM - System Checkpoint
RP1477: 2/3/2012 7:38:39 PM - System Checkpoint
RP1478: 2/4/2012 10:19:49 PM - System Checkpoint
RP1479: 2/5/2012 10:37:55 PM - System Checkpoint
RP1480: 2/7/2012 4:12:08 AM - System Checkpoint
RP1481: 2/8/2012 10:44:08 PM - System Checkpoint
RP1482: 2/10/2012 9:25:04 PM - System Checkpoint
RP1483: 2/12/2012 1:31:36 PM - System Checkpoint
RP1484: 2/13/2012 9:17:15 PM - System Checkpoint
RP1485: 2/15/2012 7:30:30 PM - System Checkpoint
RP1486: 2/15/2012 9:31:52 PM - Installed %1 %2.
RP1487: 2/17/2012 2:01:07 AM - System Checkpoint
RP1488: 2/18/2012 1:42:18 PM - System Checkpoint
RP1489: 2/19/2012 1:42:52 PM - System Checkpoint
RP1490: 2/20/2012 4:17:39 PM - System Checkpoint
RP1491: 2/21/2012 9:19:17 PM - System Checkpoint
RP1492: 2/22/2012 9:21:56 PM - System Checkpoint
RP1493: 2/24/2012 2:12:10 AM - System Checkpoint
RP1494: 2/25/2012 10:15:33 AM - System Checkpoint
RP1495: 2/26/2012 5:35:39 PM - System Checkpoint
RP1496: 2/28/2012 10:36:35 PM - System Checkpoint
RP1497: 3/1/2012 6:18:53 PM - System Checkpoint
RP1498: 3/3/2012 9:57:38 AM - System Checkpoint
RP1499: 3/4/2012 2:50:48 PM - System Checkpoint
RP1500: 3/7/2012 11:40:57 PM - System Checkpoint
RP1501: 3/9/2012 3:03:33 AM - System Checkpoint
RP1502: 3/10/2012 12:15:51 PM - System Checkpoint
RP1503: 3/11/2012 3:20:41 PM - System Checkpoint
RP1504: 3/12/2012 8:00:52 PM - System Checkpoint
RP1505: 3/13/2012 10:02:45 PM - System Checkpoint
RP1506: 3/15/2012 8:57:11 PM - System Checkpoint
RP1507: 3/16/2012 11:47:14 PM - System Checkpoint
RP1508: 3/18/2012 10:47:22 AM - System Checkpoint
RP1509: 3/20/2012 9:45:21 PM - System Checkpoint
RP1510: 3/22/2012 7:55:40 PM - System Checkpoint
RP1511: 3/23/2012 9:43:55 PM - System Checkpoint
RP1512: 3/25/2012 12:45:21 AM - System Checkpoint
RP1513: 3/27/2012 8:02:46 PM - System Checkpoint
RP1514: 3/28/2012 8:11:27 PM - System Checkpoint
RP1515: 3/29/2012 9:33:54 PM - System Checkpoint
RP1516: 3/31/2012 3:08:42 AM - System Checkpoint
RP1517: 4/1/2012 7:47:52 AM - System Checkpoint
RP1518: 4/2/2012 11:21:13 PM - System Checkpoint
RP1519: 4/5/2012 11:55:43 PM - System Checkpoint
RP1520: 4/7/2012 12:13:39 AM - System Checkpoint
RP1521: 4/8/2012 4:23:32 PM - System Checkpoint
RP1522: 4/10/2012 10:00:35 PM - System Checkpoint
RP1523: 4/12/2012 12:38:20 AM - Restore Operation
.
==== Installed Programs ======================
.
ÁTorrent
3ivx MPEG-4 5.0.3 (remove only)
4Videosoft Video Converter Platinum
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Agere Systems PCI-SV92PP Soft Modem
AIM 6
AOL Coach Version 2.0(Build:20041026.5 en)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ATI Display Driver
AviSynth 2.5
Bonjour
Browser Address Error Redirector
CA Pest Patrol Realtime Protection
CDisplay 1.8
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.0
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Digital Photo Navigator 1.0
DivX Web Player
Doom 3
DVD Solution
Easy Solve
EPSON Print CD
EPSON Printer Software
EPSON R280 User's Guide
FlipShare
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
Java™ 6 Update 22
Lexmark 2400 Series
Lexmark Toolbar
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Power2Go 4.0
PowerDVD
QuickSFV (Remove only)
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
Symantec AntiVirus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WBFS Manager 2.5
WebEx
WebFldrs XP
Windows Backup Utility
Windows Defender
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Mobile« Device Handbook
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WinZip 14.0
.
==== Event Viewer Messages From Past Week ========
.
4/16/2012 7:18:05 AM, error: Service Control Manager [7023] - The IAimTV5 service terminated with the following error: The specified module could not be found.
4/16/2012 7:17:05 AM, error: Service Control Manager [7023] - The Sfng32 service terminated with the following error: The specified module could not be found.
4/16/2012 6:52:09 AM, error: System Error [1003] - Error code 1000000a, parameter1 006c615f, parameter2 00000002, parameter3 00000000, parameter4 804ffeeb.
4/16/2012 6:52:07 AM, error: System Error [1003] - Error code 1000000a, parameter1 8c7ab000, parameter2 00000002, parameter3 00000001, parameter4 80536aa0.
4/16/2012 6:52:00 AM, error: System Error [1003] - Error code 1000000a, parameter1 6d61726e, parameter2 00000002, parameter3 00000000, parameter4 80529822.
4/16/2012 6:51:56 AM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ee391.
4/16/2012 6:51:50 AM, error: System Error [1003] - Error code 100000d0, parameter1 39310340, parameter2 00000002, parameter3 00000000, parameter4 80543c86.
4/14/2012 5:19:32 PM, error: Service Control Manager [7023] - The Ino_flpy service terminated with the following error: The specified module could not be found.
4/14/2012 5:04:27 PM, error: Service Control Manager [7023] - The Awlegacy service terminated with the following error: The specified module could not be found.
4/14/2012 4:48:25 PM, error: Service Control Manager [7023] - The Vmusb service terminated with the following error: The specified module could not be found.
4/14/2012 4:32:22 PM, error: Service Control Manager [7023] - The Captureservice service terminated with the following error: The specified module could not be found.
4/14/2012 4:31:22 PM, error: Service Control Manager [7023] - The Tfsnudf service terminated with the following error: The specified module could not be found.
4/14/2012 4:02:46 PM, error: Service Control Manager [7023] - The RR2Vbi service terminated with the following error: The specified module could not be found.
4/14/2012 3:46:44 PM, error: Service Control Manager [7023] - The Incdrec service terminated with the following error: The specified module could not be found.
4/14/2012 3:45:44 PM, error: Service Control Manager [7023] - The DivisCTS service terminated with the following error: The specified module could not be found.
4/14/2012 3:17:10 PM, error: Service Control Manager [7023] - The UCTblHid service terminated with the following error: The specified module could not be found.
4/14/2012 3:16:07 PM, error: Service Control Manager [7023] - The Qkbfiltr service terminated with the following error: The specified module could not be found.
4/14/2012 3:02:35 PM, error: Service Control Manager [7023] - The Spcflt service terminated with the following error: The specified module could not be found.
4/14/2012 2:47:31 PM, error: Service Control Manager [7023] - The Aolavupd service terminated with the following error: The specified module could not be found.
4/14/2012 2:46:30 PM, error: Service Control Manager [7023] - The NetTcpActivator service terminated with the following error: The specified module could not be found.
4/14/2012 12:20:15 AM, error: Service Control Manager [7023] - The Pae_avs service terminated with the following error: The specified module could not be found.
4/14/2012 12:04:31 AM, error: Service Control Manager [7023] - The Db2licd service terminated with the following error: The specified module could not be found.
4/13/2012 9:40:46 PM, error: Service Control Manager [7023] - The HidBth service terminated with the following error: The specified module could not be found.
4/13/2012 9:25:40 PM, error: Service Control Manager [7023] - The MA_CMIDI service terminated with the following error: The specified module could not be found.
4/13/2012 9:10:38 PM, error: Service Control Manager [7023] - The Ccs service terminated with the following error: The specified module could not be found.
4/13/2012 8:55:30 PM, error: Service Control Manager [7023] - The USB28xxOEM service terminated with the following error: The specified module could not be found.
4/13/2012 8:54:54 PM, error: System Error [1003] - Error code 1000000a, parameter1 ff3e3f1e, parameter2 00000002, parameter3 00000000, parameter4 804ffeeb.
4/13/2012 8:53:39 PM, error: Service Control Manager [7023] - The C-dillasrv service terminated with the following error: The specified module could not be found.
4/13/2012 8:53:37 PM, error: Service Control Manager [7023] - The MRESP50a64 service terminated with the following error: The specified module could not be found.
4/13/2012 8:53:37 PM, error: Service Control Manager [7023] - The Irmon service terminated with the following error: The specified module could not be found.
4/13/2012 8:53:37 PM, error: Service Control Manager [7023] - The Deventagent service terminated with the following error: The specified module could not be found.
4/13/2012 8:53:37 PM, error: Service Control Manager [7023] - The DELL_A02 service terminated with the following error: The specified module could not be found.
4/13/2012 8:53:37 PM, error: Service Control Manager [7023] - The Cmpci service terminated with the following error: The specified module could not be found.
4/13/2012 8:52:59 PM, error: SRService [104] - The System Restore initialization process failed.
4/13/2012 7:23:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/13/2012 6:59:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SAVRT SAVRTPEL SPBBCDrv SYMTDI
4/13/2012 6:59:33 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
4/13/2012 6:54:47 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
4/13/2012 3:50:24 PM, error: Service Control Manager [7023] - The Hidgame service terminated with the following error: The specified module could not be found.
4/13/2012 3:34:19 PM, error: Service Control Manager [7023] - The Brmfbags service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:22 PM, error: Service Control Manager [7023] - The Zpjava service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:22 PM, error: Service Control Manager [7023] - The Trackcam4 service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:22 PM, error: Service Control Manager [7023] - The S217bus service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:22 PM, error: Service Control Manager [7023] - The Regdefend service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:22 PM, error: Service Control Manager [7023] - The PCDRSRVC service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:22 PM, error: Service Control Manager [7023] - The Nchssvad service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:22 PM, error: Service Control Manager [7023] - The AN983 service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
4/13/2012 3:23:21 PM, error: Service Control Manager [7024] - The FlipShare Server service terminated with service-specific error 1 (0x1).
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The W8335XP service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The Usrbridg service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The S616mgmt service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The Roxliveshare service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The QPCapSvc service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The Qmofiltr service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The Lgsnd_filter service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The Iastor service terminated with the following error: The specified module could not be found.
4/13/2012 3:23:21 PM, error: Service Control Manager [7023] - The Hcf_msft service terminated with the following error: The specified module could not be found.
4/13/2012 11:49:18 PM, error: Service Control Manager [7023] - The Btwdndis service terminated with the following error: The specified module could not be found.
4/13/2012 11:47:29 PM, error: Service Control Manager [7023] - The SNPSTD3 service terminated with the following error: The specified module could not be found.
4/12/2012 12:34:38 AM, error: Service Control Manager [7023] - The Interactivelogon service terminated with the following error: The specified module could not be found.
4/12/2012 12:34:36 AM, error: Service Control Manager [7023] - The TeamViewer service terminated with the following error: The specified module could not be found.
4/12/2012 12:34:36 AM, error: Service Control Manager [7023] - The Scarddrv service terminated with the following error: The specified module could not be found.
4/12/2012 12:34:36 AM, error: Service Control Manager [7023] - The K750obex service terminated with the following error: The specified module could not be found.
4/12/2012 12:34:36 AM, error: Service Control Manager [7023] - The CAMCHALA service terminated with the following error: The specified module could not be found.
4/12/2012 12:34:36 AM, error: Service Control Manager [7023] - The Avgems service terminated with the following error: The specified module could not be found.
4/12/2012 12:34:36 AM, error: Service Control Manager [7023] - The Amon service terminated with the following error: The specified module could not be found.
4/12/2012 11:56:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip
4/12/2012 11:56:01 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2012 11:56:01 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2012 11:56:01 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2012 11:56:01 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2012 11:56:01 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2012 11:56:01 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2012 11:55:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/11/2012 10:16:34 PM, error: Service Control Manager [7023] - The Nuvvid2 service terminated with the following error: The specified module could not be found.
4/11/2012 10:15:32 PM, error: Service Control Manager [7023] - The Vwd service terminated with the following error: The specified module could not be found.
4/11/2012 10:11:32 PM, error: Service Control Manager [7023] - The X4HSX32 service terminated with the following error: The specified module could not be found.
4/11/2012 10:10:33 PM, error: Service Control Manager [7023] - The CTEDSPIO.DLL service terminated with the following error: The specified module could not be found.
4/11/2012 10:06:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PrismXL service to connect.
4/11/2012 10:06:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FlipShare Service service to connect.
4/11/2012 10:06:32 PM, error: Service Control Manager [7000] - The FlipShare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#4 chowbaby

chowbaby
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 16 April 2012 - 06:42 AM

All my programs have been wiped out or it is now hidden and I am unable to go into my accessory files.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 PM

Posted 16 April 2012 - 12:03 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 chowbaby

chowbaby
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 16 April 2012 - 02:15 PM

Gringo,
My computer was supposed to close down and the message said not to manually close down - it has been infected by the ??Root?? infection which said it was really bad. Not sure what to do now? Computer is stuck at trying to close down. Help! It also keeps rebooting and redirecting me to other websites when I am reviewing the bleepingcomputer site. Please advise!!

#7 chowbaby

chowbaby
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 16 April 2012 - 02:22 PM

It has been about 1/2 hour or so...

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 PM

Posted 16 April 2012 - 05:48 PM

restart the computer and let me know if combofix startsup after the restart



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 chowbaby

chowbaby
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 17 April 2012 - 12:06 AM

Sorry it took me a bit of time - I restarted the computer and it has restarted with combofix...waiting for the system to execute.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 PM

Posted 17 April 2012 - 12:29 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 chowbaby

chowbaby
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 17 April 2012 - 12:36 AM

ComboFix 12-04-16.02 - Owner 04/17/2012 1:05:28.1.1 - x86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Administrator.RICH\WINDOWS
C:\Documents and Settings\All Users\Application Data\NaDwLaiRnW.exe
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
C:\Documents and Settings\Default User\WINDOWS
C:\Documents and Settings\Owner\Desktop\Setup.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\aborolyzo.vbs
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\imywu.dl
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ineruwu.bat
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\zymoc.sys
C:\Documents and Settings\Owner\Recent\DBOLE.tmp
C:\Documents and Settings\Owner\Recent\energy.tmp
C:\Documents and Settings\Owner\Recent\FS.tmp
C:\Documents and Settings\Owner\Recent\kernel32.tmp
C:\Documents and Settings\Owner\Recent\PE.tmp
C:\Documents and Settings\Owner\Recent\runddlkey.tmp
C:\Documents and Settings\Owner\Recent\sld.tmp
C:\Documents and Settings\Owner\Recent\SM.tmp
C:\Documents and Settings\Owner\Recent\tjd.tmp
C:\Documents and Settings\Owner\WINDOWS
C:\Program Files\Common Files\naba.db
C:\WINDOWS\$NtUninstallKB6876$
C:\WINDOWS\$NtUninstallKB6876$\1248415925\@
C:\WINDOWS\$NtUninstallKB6876$\1248415925\cfg.ini
C:\WINDOWS\$NtUninstallKB6876$\1248415925\Desktop.ini
C:\WINDOWS\$NtUninstallKB6876$\1248415925\L\evpbxyye
C:\WINDOWS\$NtUninstallKB6876$\1248415925\oemid
C:\WINDOWS\$NtUninstallKB6876$\1248415925\U\00000001.@
C:\WINDOWS\$NtUninstallKB6876$\1248415925\U\00000002.@
C:\WINDOWS\$NtUninstallKB6876$\1248415925\U\00000004.@
C:\WINDOWS\$NtUninstallKB6876$\1248415925\U\80000000.@
C:\WINDOWS\$NtUninstallKB6876$\1248415925\U\80000004.@
C:\WINDOWS\$NtUninstallKB6876$\1248415925\U\80000032.@
C:\WINDOWS\$NtUninstallKB6876$\1248415925\version
C:\WINDOWS\$NtUninstallKB6876$\2073050748
C:\WINDOWS\EventSystem.log
C:\WINDOWS\hyjicowek.exe
C:\WINDOWS\system32\config\systemprofile\WINDOWS
C:\WINDOWS\system32\dds_trash_log.cmd
C:\WINDOWS\system32\Filters
C:\WINDOWS\system32\Filters\AviSplitter.ax
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\andreas_78er.matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\andreas_doppelte_99er.matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\andreas_einfache_99er.matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Bulletproof's High Quality Matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\CG-Animation Matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\hvs-best-picture.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\hvs-better-picture.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\hvs-good-picture.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Low Bitrate Matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\MPEG.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\pvcd.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Soulhunters V3.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Soulhunters V5.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Standard.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Ultimate Matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Ultra Low Bitrate Matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\custom matrices\Very Low Bitrate Matrix.xcm
C:\WINDOWS\system32\Filters\ffdshow\dict\Czech.dic
C:\WINDOWS\system32\Filters\ffdshow\dict\dicts.txt
C:\WINDOWS\system32\Filters\ffdshow\dict\Greek.dic
C:\WINDOWS\system32\Filters\ffdshow\dict\Polski.dic
C:\WINDOWS\system32\Filters\ffdshow\ff_kernelDeint.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_liba52.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_libdts.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_libfaad2.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_libmad.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_realaac.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_samplerate.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_theora.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_tremor.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_unrar.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_wmv9.dll
C:\WINDOWS\system32\Filters\ffdshow\ff_x264.dll
C:\WINDOWS\system32\Filters\ffdshow\ffdshow.ax
C:\WINDOWS\system32\Filters\ffdshow\ffdshow.ax.manifest
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1028.tc
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1029.cz
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1031.de
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1033.en
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1034.es
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1036.fr
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1038.hu
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1040.it
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1041.ja
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1041.jp
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1045.pl
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1046.br
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1049.ru
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1051.sk
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.1053.se
C:\WINDOWS\system32\Filters\ffdshow\languages\ffdshow.2052.sc
C:\WINDOWS\system32\Filters\ffdshow\libavcodec.dll
C:\WINDOWS\system32\Filters\ffdshow\libmpeg2_ff.dll
C:\WINDOWS\system32\Filters\ffdshow\libmplayer.dll
C:\WINDOWS\system32\Filters\ffdshow\reg\ffdshow.reg
C:\WINDOWS\system32\Filters\ffdshow\reg\reg.exe
C:\WINDOWS\system32\Filters\ffdshow\reg\rempc.reg
C:\WINDOWS\system32\Filters\ffdshow\TomsMoComp_ff.dll
C:\WINDOWS\system32\Filters\FLVSplitter.ax
C:\WINDOWS\system32\Filters\MatroskaSplitter.ax
C:\WINDOWS\system32\Filters\MP4Splitter.ax
C:\WINDOWS\system32\Filters\Quicktime.ax
C:\WINDOWS\system32\Filters\RealMediaSplitter.ax
C:\WINDOWS\system32\Filters\VSFilter.dll
C:\WINDOWS\system32\msloop.dll
C:\WINDOWS\system32\tpsrv.dll
C:\WINDOWS\ugawu.dll
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))


2012-04-16 18:58:36 . 2011-07-15 13:29:35 457856 -c--a-w- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2012-04-13 02:57:02 . 2012-04-13 02:57:02 56200 ---ha-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{407F630A-A343-493F-833A-FEB3049EB81D}\offreg.dll
2012-04-12 04:39:44 . 2012-04-12 04:39:44 -------- d--h--w- C:\WINDOWS\system32\wbem\Repository
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-09-07 03:00:09 . 2009-09-07 03:00:09 19428 -c-ha-w- C:\Program Files\Common Files\ovozo.pif
2009-09-07 03:00:09 . 2009-09-07 03:00:09 17953 -c-ha-w- C:\Program Files\Common Files\omatul.com
2009-09-07 02:50:58 . 2009-09-07 02:50:58 17654 -c-ha-w- C:\Program Files\Common Files\jywiwot.sys
2009-09-07 02:50:58 . 2009-09-07 02:50:58 17199 -c-ha-w- C:\Program Files\Common Files\qojoregocu.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2009-05-19 05:23:16 49968]
"ComcastAntispyClient"="C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 17:25:52 1589208]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 17:39:52 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-12 00:04:00 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 10:01:32 32768]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 07:34:42 16143872]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 06:42:26 212992]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 16:11:54 291760]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 16:11:58 82864]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 17:27:06 106496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 00:26:04 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-28 01:33:44 125168]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 22:38:18 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-12-13 22:16:18 421160]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 22:17:16 47904]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 08:44:43 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 16:44:46 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 19:38:52 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\lxcrcoms.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer

R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49:44 PM 616408]
R2 pcCMService;pcCMService;C:\Program Files\Common Files\Motive\pcCMService.exe [2/15/2012 7:19:38 PM 361472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [11/24/2007 9:26:24 PM 24652]
R2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 7:19:58 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/30/2012 8:05:16 PM 106104]
S2 FlipShareServer;FlipShare Server;C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22:42 PM 1085440]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [7/11/2010 9:55:39 PM 135664]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\drivers\el575ND5.sys [7/1/2006 12:44:58 AM 69692]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [7/11/2010 9:55:39 PM 135664]
S3 SavRoam;SAVRoam;C:\Program Files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33:38 PM 116464]

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Fd16_700
se44mdfl
comhost
isdrv122
nocashio
askernel
psimsvc
regmanserv
NMSCFG
symantecantibotdriver
transarcafsdaemon
zebrceb
ngdbserv
cdrbsvsd
avp
z800mdfl
prfldsvc
AmdLLD
BUFADPT
sit_prt
CTEDSPIO.DLL
hprfdev
vserial
servicelayer
nuvaud2
epson_pm_rpcv4_01
aswupdsv
PNRPSvc
MaVctrl
mfesmfk
tga
WDM_YAMAHAAC97
foldersize
RR2Ctrl
inort
aexnsclient
nvidesm
oracle_load_balancer_60_client-forms6i
backupexecalertserver
w22n51
Sk9920nt
vcomm
imonnt
buslogic
procexp111
dlcc_device
CA561
s7otranx
WimFltr
ndasbus
kbstuff
adiusbaw
tosrfcom
UimBus
szkg
roxupnpserver
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


Contents of the 'Scheduled Tasks' folder

2012-04-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12]

2012-04-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12 01:55:39 . 2010-07-12 01:55:35]

2012-04-16 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12 01:55:39 . 2010-07-12 01:55:35]

2006-12-06 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2006-05-07 00:36:30 . 2008-04-14 00:12:31]

2006-12-06 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2006-05-07 00:36:30 . 2008-04-14 00:12:31]

2006-12-06 C:\WINDOWS\Tasks\ISP signup reminder 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2006-05-07 00:36:30 . 2008-04-14 00:12:31]

2012-04-17 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20:06 . 2006-11-03 23:20:06]


------- Supplementary Scan -------

uStart Page = hxxp://xfinity.comcast.net/?
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Download - C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\ssGet.exe
HKLM-Run-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
HKLM-Run-ddoctorv2 - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe


Gringo,

what should I do next? which malware is good to maintain and how can I prevent this from happening again?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 PM

Posted 17 April 2012 - 12:51 AM

Greetings

what should I do next? which malware is good to maintain and how can I prevent this from happening again?

we will get into all that soon - how is the computer doing now?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 chowbaby

chowbaby
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 17 April 2012 - 03:48 AM

04:12:22.0343 3532 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
04:12:22.0656 3532 ============================================================
04:12:22.0656 3532 Current date / time: 2012/04/17 04:12:22.0656
04:12:22.0656 3532 SystemInfo:
04:12:22.0656 3532
04:12:22.0656 3532 OS Version: 5.1.2600 ServicePack: 3.0
04:12:22.0656 3532 Product type: Workstation
04:12:22.0656 3532 ComputerName: RICH
04:12:22.0656 3532 UserName: Owner
04:12:22.0656 3532 Windows directory: C:\WINDOWS
04:12:22.0656 3532 System windows directory: C:\WINDOWS
04:12:22.0656 3532 Processor architecture: Intel x86
04:12:22.0656 3532 Number of processors: 1
04:12:22.0656 3532 Page size: 0x1000
04:12:22.0656 3532 Boot type: Normal boot
04:12:22.0656 3532 ============================================================
04:12:24.0015 3532 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
04:12:24.0015 3532 \Device\Harddisk0\DR0:
04:12:24.0015 3532 MBR used
04:12:24.0015 3532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x8E6C05, BlocksNum 0x129D9EB1
04:12:24.0015 3532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x8E6BC6
04:12:24.0046 3532 Initialize success
04:12:24.0046 3532 ============================================================
04:12:29.0750 3928 ============================================================
04:12:29.0750 3928 Scan started
04:12:29.0750 3928 Mode: Manual;
04:12:29.0750 3928 ============================================================
04:12:30.0062 3928 Abiosdsk - ok
04:12:30.0078 3928 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
04:12:30.0093 3928 abp480n5 - ok
04:12:30.0125 3928 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:12:30.0125 3928 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
04:12:30.0125 3928 ACPI ( Virus.Win32.Rloader.a ) - infected
04:12:30.0125 3928 ACPI - detected Virus.Win32.Rloader.a (0)
04:12:30.0140 3928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
04:12:30.0140 3928 ACPIEC - ok
04:12:30.0171 3928 adiusbaw - ok
04:12:30.0203 3928 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
04:12:30.0203 3928 adpu160m - ok
04:12:30.0250 3928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:12:30.0250 3928 aec - ok
04:12:30.0265 3928 aexnsclient - ok
04:12:30.0312 3928 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
04:12:30.0312 3928 Afc - ok
04:12:30.0390 3928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:12:30.0406 3928 AFD - ok
04:12:30.0515 3928 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
04:12:30.0531 3928 AgereSoftModem - ok
04:12:30.0593 3928 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
04:12:30.0593 3928 agp440 - ok
04:12:30.0656 3928 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
04:12:30.0656 3928 agpCPQ - ok
04:12:30.0687 3928 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
04:12:30.0687 3928 Aha154x - ok
04:12:30.0703 3928 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
04:12:30.0703 3928 aic78u2 - ok
04:12:30.0734 3928 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
04:12:30.0734 3928 aic78xx - ok
04:12:30.0781 3928 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
04:12:30.0781 3928 Alerter - ok
04:12:30.0812 3928 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
04:12:30.0812 3928 ALG - ok
04:12:30.0859 3928 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
04:12:30.0859 3928 AliIde - ok
04:12:30.0890 3928 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
04:12:30.0890 3928 alim1541 - ok
04:12:30.0968 3928 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
04:12:30.0968 3928 amdagp - ok
04:12:31.0000 3928 AmdLLD - ok
04:12:31.0015 3928 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
04:12:31.0015 3928 amsint - ok
04:12:31.0140 3928 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
04:12:31.0140 3928 AntiSpywareService - ok
04:12:31.0234 3928 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:12:31.0234 3928 Apple Mobile Device - ok
04:12:31.0281 3928 AppMgmt - ok
04:12:31.0328 3928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:12:31.0328 3928 Arp1394 - ok
04:12:31.0359 3928 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
04:12:31.0359 3928 asc - ok
04:12:31.0390 3928 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
04:12:31.0390 3928 asc3350p - ok
04:12:31.0406 3928 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
04:12:31.0406 3928 asc3550 - ok
04:12:31.0453 3928 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
04:12:31.0453 3928 ASCTRM - ok
04:12:31.0500 3928 askernel - ok
04:12:31.0578 3928 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
04:12:31.0578 3928 aspnet_state - ok
04:12:31.0609 3928 aswupdsv - ok
04:12:31.0656 3928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:12:31.0656 3928 AsyncMac - ok
04:12:31.0718 3928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:12:31.0718 3928 atapi - ok
04:12:31.0750 3928 Atdisk - ok
04:12:31.0796 3928 Ati HotKey Poller (1d4edb435c59ba0193683739a95e59a6) C:\WINDOWS\system32\Ati2evxx.exe
04:12:31.0796 3928 Ati HotKey Poller - ok
04:12:31.0843 3928 ATI Smart (2da0a78e4bb2eb8722ff696e580a0db9) C:\WINDOWS\system32\ati2sgag.exe
04:12:31.0859 3928 ATI Smart - ok
04:12:32.0015 3928 ati2mtag (1caba9ea8adc5e9a5eba3882f6a90f9b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
04:12:32.0046 3928 ati2mtag - ok
04:12:32.0156 3928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:12:32.0156 3928 Atmarpc - ok
04:12:32.0187 3928 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
04:12:32.0203 3928 AudioSrv - ok
04:12:32.0218 3928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:12:32.0218 3928 audstub - ok
04:12:32.0296 3928 Automatic LiveUpdate Scheduler (0fcfbd0edaa188b3d652ddce6d16d866) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
04:12:32.0296 3928 Automatic LiveUpdate Scheduler - ok
04:12:32.0375 3928 backupexecalertserver - ok
04:12:32.0437 3928 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
04:12:32.0453 3928 BCM43XX - ok
04:12:32.0484 3928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:12:32.0484 3928 Beep - ok
04:12:32.0546 3928 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
04:12:32.0546 3928 BITS - ok
04:12:32.0625 3928 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
04:12:32.0640 3928 Bonjour Service - ok
04:12:32.0734 3928 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
04:12:32.0734 3928 Browser - ok
04:12:32.0750 3928 BUFADPT - ok
04:12:32.0765 3928 CA561 - ok
04:12:32.0781 3928 catchme - ok
04:12:32.0828 3928 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
04:12:32.0828 3928 cbidf - ok
04:12:32.0859 3928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:12:32.0859 3928 cbidf2k - ok
04:12:32.0968 3928 ccEvtMgr (0a6786c95a6f8715aa4285e3c27f201f) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
04:12:32.0968 3928 ccEvtMgr - ok
04:12:33.0000 3928 ccSetMgr (3b4898cf051bb04fb76e94361e336a83) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
04:12:33.0015 3928 ccSetMgr - ok
04:12:33.0093 3928 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
04:12:33.0093 3928 cd20xrnt - ok
04:12:33.0125 3928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:12:33.0125 3928 Cdaudio - ok
04:12:33.0156 3928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:12:33.0156 3928 Cdfs - ok
04:12:33.0187 3928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:12:33.0187 3928 Cdrom - ok
04:12:33.0218 3928 Changer - ok
04:12:33.0250 3928 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
04:12:33.0250 3928 CiSvc - ok
04:12:33.0312 3928 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
04:12:33.0328 3928 ClipSrv - ok
04:12:33.0390 3928 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:12:33.0390 3928 clr_optimization_v2.0.50727_32 - ok
04:12:33.0500 3928 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
04:12:33.0500 3928 CmBatt - ok
04:12:33.0531 3928 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
04:12:33.0531 3928 CmdIde - ok
04:12:33.0546 3928 comhost - ok
04:12:33.0578 3928 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
04:12:33.0578 3928 Compbatt - ok
04:12:33.0609 3928 COMSysApp - ok
04:12:33.0640 3928 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
04:12:33.0640 3928 Cpqarray - ok
04:12:33.0671 3928 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
04:12:33.0671 3928 CryptSvc - ok
04:12:33.0750 3928 CTEDSPIO.DLL - ok
04:12:33.0781 3928 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
04:12:33.0796 3928 dac2w2k - ok
04:12:33.0812 3928 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
04:12:33.0812 3928 dac960nt - ok
04:12:33.0859 3928 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
04:12:33.0875 3928 DcomLaunch - ok
04:12:33.0953 3928 DefWatch (1f709c66d8aadff35530c56ee261c462) C:\Program Files\Symantec AntiVirus\DefWatch.exe
04:12:33.0968 3928 DefWatch - ok
04:12:34.0046 3928 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
04:12:34.0046 3928 Dhcp - ok
04:12:34.0109 3928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:12:34.0109 3928 Disk - ok
04:12:34.0140 3928 dlcc_device - ok
04:12:34.0156 3928 dmadmin - ok
04:12:34.0203 3928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:12:34.0218 3928 dmboot - ok
04:12:34.0328 3928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:12:34.0343 3928 dmio - ok
04:12:34.0359 3928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:12:34.0375 3928 dmload - ok
04:12:34.0406 3928 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
04:12:34.0406 3928 dmserver - ok
04:12:34.0531 3928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:12:34.0531 3928 DMusic - ok
04:12:34.0562 3928 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
04:12:34.0562 3928 Dnscache - ok
04:12:34.0609 3928 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
04:12:34.0609 3928 Dot3svc - ok
04:12:34.0718 3928 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
04:12:34.0718 3928 dpti2o - ok
04:12:34.0750 3928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:12:34.0750 3928 drmkaud - ok
04:12:34.0781 3928 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
04:12:34.0796 3928 EapHost - ok
04:12:34.0875 3928 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:12:34.0890 3928 eeCtrl - ok
04:12:35.0015 3928 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys
04:12:35.0015 3928 el575nd5 - ok
04:12:35.0046 3928 epson_pm_rpcv4_01 - ok
04:12:35.0140 3928 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:12:35.0140 3928 EraserUtilRebootDrv - ok
04:12:35.0218 3928 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
04:12:35.0218 3928 ERSvc - ok
04:12:35.0250 3928 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
04:12:35.0265 3928 Eventlog - ok
04:12:35.0312 3928 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
04:12:35.0312 3928 EventSystem - ok
04:12:35.0390 3928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:12:35.0390 3928 Fastfat - ok
04:12:35.0484 3928 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:12:35.0484 3928 FastUserSwitchingCompatibility - ok
04:12:35.0500 3928 Fd16_700 - ok
04:12:35.0531 3928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:12:35.0531 3928 Fdc - ok
04:12:35.0593 3928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:12:35.0593 3928 Fips - ok
04:12:35.0671 3928 FlipShare Service (869bde240b7fe9c7b25bd80df85641c8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
04:12:35.0671 3928 FlipShare Service - ok
04:12:35.0734 3928 FlipShareServer (9c330b7ddee9492373041e75da01f80c) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
04:12:35.0765 3928 FlipShareServer - ok
04:12:35.0875 3928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
04:12:35.0875 3928 Flpydisk - ok
04:12:35.0906 3928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:12:35.0906 3928 FltMgr - ok
04:12:35.0937 3928 foldersize - ok
04:12:36.0000 3928 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
04:12:36.0000 3928 FontCache3.0.0.0 - ok
04:12:36.0093 3928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:12:36.0093 3928 Fs_Rec - ok
04:12:36.0125 3928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:12:36.0140 3928 Ftdisk - ok
04:12:36.0171 3928 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
04:12:36.0171 3928 GearAspiWDM - ok
04:12:36.0218 3928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:12:36.0218 3928 Gpc - ok
04:12:36.0328 3928 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
04:12:36.0328 3928 gupdate - ok
04:12:36.0343 3928 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
04:12:36.0343 3928 gupdatem - ok
04:12:36.0390 3928 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
04:12:36.0390 3928 gusvc - ok
04:12:36.0500 3928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
04:12:36.0515 3928 HDAudBus - ok
04:12:36.0578 3928 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
04:12:36.0578 3928 helpsvc - ok
04:12:36.0640 3928 HidServ - ok
04:12:36.0703 3928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:12:36.0703 3928 HidUsb - ok
04:12:36.0750 3928 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
04:12:36.0750 3928 hkmsvc - ok
04:12:36.0843 3928 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
04:12:36.0843 3928 hpn - ok
04:12:36.0859 3928 hprfdev - ok
04:12:36.0937 3928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:12:36.0937 3928 HTTP - ok
04:12:36.0984 3928 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
04:12:36.0984 3928 HTTPFilter - ok
04:12:37.0093 3928 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
04:12:37.0093 3928 i2omgmt - ok
04:12:37.0125 3928 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
04:12:37.0125 3928 i2omp - ok
04:12:37.0171 3928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:12:37.0171 3928 i8042prt - ok
04:12:37.0250 3928 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:12:37.0281 3928 idsvc - ok
04:12:37.0375 3928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:12:37.0375 3928 Imapi - ok
04:12:37.0437 3928 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
04:12:37.0437 3928 ImapiService - ok
04:12:37.0531 3928 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
04:12:37.0531 3928 ini910u - ok
04:12:37.0562 3928 inort - ok
04:12:37.0718 3928 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
04:12:37.0812 3928 IntcAzAudAddService - ok
04:12:37.0953 3928 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
04:12:37.0953 3928 IntelIde - ok
04:12:37.0984 3928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:12:37.0984 3928 intelppm - ok
04:12:38.0015 3928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:12:38.0015 3928 Ip6Fw - ok
04:12:38.0109 3928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:12:38.0109 3928 IpFilterDriver - ok
04:12:38.0140 3928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:12:38.0156 3928 IpInIp - ok
04:12:38.0171 3928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:12:38.0171 3928 IpNat - ok
04:12:38.0234 3928 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe
04:12:38.0250 3928 iPod Service - ok
04:12:38.0359 3928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:12:38.0359 3928 IPSec - ok
04:12:38.0390 3928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:12:38.0390 3928 IRENUM - ok
04:12:38.0421 3928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:12:38.0421 3928 isapnp - ok
04:12:38.0484 3928 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
04:12:38.0500 3928 ITMRTSVC - ok
04:12:38.0625 3928 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
04:12:38.0625 3928 JavaQuickStarterService - ok
04:12:38.0765 3928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:12:38.0765 3928 Kbdclass - ok
04:12:38.0781 3928 kbstuff - ok
04:12:38.0828 3928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:12:38.0843 3928 kmixer - ok
04:12:38.0890 3928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:12:38.0890 3928 KSecDD - ok
04:12:38.0984 3928 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
04:12:38.0984 3928 lanmanserver - ok
04:12:39.0031 3928 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
04:12:39.0031 3928 lanmanworkstation - ok
04:12:39.0078 3928 lbrtfdc - ok
04:12:39.0203 3928 LiveUpdate (fb3a35318ca7f6a10fa3c3826a69affe) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
04:12:39.0250 3928 LiveUpdate - ok
04:12:39.0328 3928 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
04:12:39.0328 3928 LmHosts - ok
04:12:39.0343 3928 lxcr_device - ok
04:12:39.0375 3928 MaVctrl - ok
04:12:39.0406 3928 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
04:12:39.0406 3928 Messenger - ok
04:12:39.0421 3928 mfesmfk - ok
04:12:39.0468 3928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:12:39.0484 3928 mnmdd - ok
04:12:39.0531 3928 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
04:12:39.0531 3928 mnmsrvc - ok
04:12:39.0625 3928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:12:39.0625 3928 Modem - ok
04:12:39.0656 3928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:12:39.0656 3928 Mouclass - ok
04:12:39.0687 3928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:12:39.0687 3928 MountMgr - ok
04:12:39.0765 3928 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
04:12:39.0765 3928 mraid35x - ok
04:12:39.0843 3928 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
04:12:39.0859 3928 MREMP50 - ok
04:12:39.0859 3928 MREMPR5 - ok
04:12:39.0875 3928 MRENDIS5 - ok
04:12:39.0890 3928 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
04:12:39.0890 3928 MRESP50 - ok
04:12:39.0968 3928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:12:39.0968 3928 MRxDAV - ok
04:12:40.0093 3928 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:12:40.0093 3928 MRxSmb - ok
04:12:40.0140 3928 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
04:12:40.0140 3928 MSDTC - ok
04:12:40.0218 3928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:12:40.0218 3928 Msfs - ok
04:12:40.0281 3928 MSIServer - ok
04:12:40.0312 3928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:12:40.0312 3928 MSKSSRV - ok
04:12:40.0343 3928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:12:40.0343 3928 MSPCLOCK - ok
04:12:40.0406 3928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:12:40.0406 3928 MSPQM - ok
04:12:40.0437 3928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:12:40.0437 3928 mssmbios - ok
04:12:40.0531 3928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:12:40.0531 3928 Mup - ok
04:12:40.0593 3928 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
04:12:40.0593 3928 napagent - ok
04:12:40.0718 3928 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120330.002\naveng.sys
04:12:40.0734 3928 NAVENG - ok
04:12:40.0796 3928 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120330.002\navex15.sys
04:12:40.0812 3928 NAVEX15 - ok
04:12:40.0875 3928 ndasbus - ok
04:12:40.0968 3928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:12:40.0968 3928 NDIS - ok
04:12:41.0015 3928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:12:41.0015 3928 NdisTapi - ok
04:12:41.0046 3928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:12:41.0046 3928 Ndisuio - ok
04:12:41.0171 3928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:12:41.0171 3928 NdisWan - ok
04:12:41.0203 3928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:12:41.0203 3928 NDProxy - ok
04:12:41.0250 3928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:12:41.0250 3928 NetBIOS - ok
04:12:41.0359 3928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:12:41.0375 3928 NetBT - ok
04:12:41.0421 3928 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
04:12:41.0421 3928 NetDDE - ok
04:12:41.0437 3928 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
04:12:41.0437 3928 NetDDEdsdm - ok
04:12:41.0500 3928 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:12:41.0500 3928 Netlogon - ok
04:12:41.0546 3928 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
04:12:41.0546 3928 Netman - ok
04:12:41.0609 3928 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:12:41.0609 3928 NetTcpPortSharing - ok
04:12:41.0734 3928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:12:41.0734 3928 NIC1394 - ok
04:12:41.0781 3928 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
04:12:41.0781 3928 Nla - ok
04:12:41.0843 3928 NMSCFG - ok
04:12:41.0875 3928 nocashio - ok
04:12:41.0968 3928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:12:41.0968 3928 Npfs - ok
04:12:42.0015 3928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:12:42.0031 3928 Ntfs - ok
04:12:42.0109 3928 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:12:42.0109 3928 NtLmSsp - ok
04:12:42.0156 3928 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
04:12:42.0171 3928 NtmsSvc - ok
04:12:42.0203 3928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:12:42.0203 3928 Null - ok
04:12:42.0218 3928 nuvaud2 - ok
04:12:42.0250 3928 nvidesm - ok
04:12:42.0281 3928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:12:42.0281 3928 NwlnkFlt - ok
04:12:42.0312 3928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:12:42.0312 3928 NwlnkFwd - ok
04:12:42.0406 3928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:12:42.0406 3928 ohci1394 - ok
04:12:42.0421 3928 oracle_load_balancer_60_client-forms6i - ok
04:12:42.0484 3928 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:12:42.0484 3928 ose - ok
04:12:42.0578 3928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:12:42.0578 3928 Parport - ok
04:12:42.0656 3928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:12:42.0656 3928 PartMgr - ok
04:12:42.0750 3928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:12:42.0750 3928 ParVdm - ok
04:12:42.0843 3928 pcCMService (9c049acd0cb71931af89e055427dfac9) C:\Program Files\Common Files\Motive\pcCMService.exe
04:12:42.0843 3928 pcCMService - ok
04:12:42.0906 3928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:12:42.0906 3928 PCI - ok
04:12:42.0984 3928 PCIDump - ok
04:12:43.0046 3928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:12:43.0046 3928 PCIIde - ok
04:12:43.0062 3928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
04:12:43.0078 3928 Pcmcia - ok
04:12:43.0109 3928 PDCOMP - ok
04:12:43.0140 3928 PDFRAME - ok
04:12:43.0156 3928 PDRELI - ok
04:12:43.0234 3928 PDRFRAME - ok
04:12:43.0265 3928 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
04:12:43.0265 3928 perc2 - ok
04:12:43.0312 3928 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
04:12:43.0312 3928 perc2hib - ok
04:12:43.0375 3928 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
04:12:43.0375 3928 PlugPlay - ok
04:12:43.0437 3928 PNRPSvc - ok
04:12:43.0468 3928 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:12:43.0468 3928 PolicyAgent - ok
04:12:43.0531 3928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:12:43.0531 3928 PptpMiniport - ok
04:12:43.0562 3928 prfldsvc - ok
04:12:43.0625 3928 PrismXL (33d7285f12d934268a34206dfc4ad1b3) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
04:12:43.0640 3928 PrismXL - ok
04:12:43.0703 3928 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:12:43.0703 3928 ProtectedStorage - ok
04:12:43.0781 3928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:12:43.0781 3928 PSched - ok
04:12:43.0812 3928 psimsvc - ok
04:12:43.0843 3928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:12:43.0843 3928 Ptilink - ok
04:12:43.0906 3928 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
04:12:43.0906 3928 ql1080 - ok
04:12:43.0984 3928 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
04:12:43.0984 3928 Ql10wnt - ok
04:12:44.0015 3928 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
04:12:44.0015 3928 ql12160 - ok
04:12:44.0062 3928 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
04:12:44.0062 3928 ql1240 - ok
04:12:44.0093 3928 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
04:12:44.0093 3928 ql1280 - ok
04:12:44.0156 3928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:12:44.0156 3928 RasAcd - ok
04:12:44.0218 3928 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
04:12:44.0218 3928 RasAuto - ok
04:12:44.0250 3928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:12:44.0265 3928 Rasl2tp - ok
04:12:44.0312 3928 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
04:12:44.0312 3928 RasMan - ok
04:12:44.0390 3928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:12:44.0390 3928 RasPppoe - ok
04:12:44.0437 3928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:12:44.0437 3928 Raspti - ok
04:12:44.0515 3928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:12:44.0515 3928 Rdbss - ok
04:12:44.0593 3928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:12:44.0593 3928 RDPCDD - ok
04:12:44.0640 3928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:12:44.0640 3928 rdpdr - ok
04:12:44.0703 3928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
04:12:44.0703 3928 RDPWD - ok
04:12:44.0765 3928 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
04:12:44.0765 3928 RDSessMgr - ok
04:12:44.0843 3928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:12:44.0859 3928 redbook - ok
04:12:44.0875 3928 regmanserv - ok
04:12:44.0921 3928 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
04:12:44.0921 3928 RemoteAccess - ok
04:12:44.0968 3928 roxupnpserver - ok
04:12:45.0000 3928 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
04:12:45.0000 3928 RpcLocator - ok
04:12:45.0078 3928 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
04:12:45.0078 3928 RpcSs - ok
04:12:45.0109 3928 RR2Ctrl - ok
04:12:45.0140 3928 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
04:12:45.0156 3928 RSVP - ok
04:12:45.0234 3928 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
04:12:45.0234 3928 RTL8023xp - ok
04:12:45.0328 3928 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
04:12:45.0328 3928 rtl8139 - ok
04:12:45.0375 3928 s7otranx - ok
04:12:45.0406 3928 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:12:45.0406 3928 SamSs - ok
04:12:45.0484 3928 SavRoam (3525fdcfc567e807a337c61aff366be8) C:\Program Files\Symantec AntiVirus\SavRoam.exe
04:12:45.0484 3928 SavRoam - ok
04:12:45.0515 3928 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
04:12:45.0531 3928 SAVRT - ok
04:12:45.0562 3928 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
04:12:45.0562 3928 SAVRTPEL - ok
04:12:45.0656 3928 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
04:12:45.0656 3928 SCardSvr - ok
04:12:45.0703 3928 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
04:12:45.0703 3928 Schedule - ok
04:12:45.0765 3928 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
04:12:45.0765 3928 sdbus - ok
04:12:45.0828 3928 se44mdfl - ok
04:12:45.0875 3928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:12:45.0875 3928 Secdrv - ok
04:12:45.0906 3928 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
04:12:45.0921 3928 seclogon - ok
04:12:45.0953 3928 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
04:12:45.0953 3928 SENS - ok
04:12:46.0015 3928 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:12:46.0015 3928 Serenum - ok
04:12:46.0093 3928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:12:46.0093 3928 Serial - ok
04:12:46.0109 3928 servicelayer - ok
04:12:46.0156 3928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:12:46.0156 3928 Sfloppy - ok
04:12:46.0203 3928 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
04:12:46.0218 3928 SharedAccess - ok
04:12:46.0265 3928 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:12:46.0265 3928 ShellHWDetection - ok
04:12:46.0359 3928 Simbad - ok
04:12:46.0406 3928 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
04:12:46.0406 3928 sisagp - ok
04:12:46.0421 3928 sit_prt - ok
04:12:46.0437 3928 Sk9920nt - ok
04:12:46.0531 3928 SNDSrvc (0d411eea92751c1ecd8453892f41e726) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
04:12:46.0546 3928 SNDSrvc - ok
04:12:46.0640 3928 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
04:12:46.0640 3928 Sparrow - ok
04:12:46.0718 3928 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
04:12:46.0734 3928 SPBBCDrv - ok
04:12:46.0796 3928 SPBBCSvc (c830007369e18a54aed23b5bb3afa2ba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
04:12:46.0812 3928 SPBBCSvc - ok
04:12:46.0921 3928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:12:46.0921 3928 splitter - ok
04:12:46.0984 3928 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
04:12:46.0984 3928 Spooler - ok
04:12:47.0015 3928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:12:47.0015 3928 sr - ok
04:12:47.0093 3928 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
04:12:47.0109 3928 srservice - ok
04:12:47.0171 3928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:12:47.0187 3928 Srv - ok
04:12:47.0218 3928 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
04:12:47.0218 3928 SSDPSRV - ok
04:12:47.0312 3928 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
04:12:47.0328 3928 stisvc - ok
04:12:47.0375 3928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:12:47.0375 3928 swenum - ok
04:12:47.0406 3928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:12:47.0406 3928 swmidi - ok
04:12:47.0484 3928 SwPrv - ok
04:12:47.0609 3928 Symantec AntiVirus (8fdaadf204a4f29214da1b03342e2735) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
04:12:47.0640 3928 Symantec AntiVirus - ok
04:12:47.0703 3928 symantecantibotdriver - ok
04:12:47.0765 3928 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
04:12:47.0765 3928 symc810 - ok
04:12:47.0812 3928 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
04:12:47.0812 3928 symc8xx - ok
04:12:47.0859 3928 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
04:12:47.0859 3928 SymEvent - ok
04:12:47.0953 3928 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
04:12:47.0953 3928 SYMREDRV - ok
04:12:48.0015 3928 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
04:12:48.0015 3928 SYMTDI - ok
04:12:48.0062 3928 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
04:12:48.0062 3928 sym_hi - ok
04:12:48.0125 3928 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
04:12:48.0125 3928 sym_u3 - ok
04:12:48.0171 3928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:12:48.0171 3928 sysaudio - ok
04:12:48.0203 3928 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
04:12:48.0218 3928 SysmonLog - ok
04:12:48.0234 3928 szkg - ok
04:12:48.0265 3928 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
04:12:48.0281 3928 TapiSrv - ok
04:12:48.0375 3928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:12:48.0390 3928 Tcpip - ok
04:12:48.0437 3928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:12:48.0437 3928 TDPIPE - ok
04:12:48.0531 3928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:12:48.0531 3928 TDTCP - ok
04:12:48.0546 3928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:12:48.0562 3928 TermDD - ok
04:12:48.0656 3928 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
04:12:48.0656 3928 TermService - ok
04:12:48.0703 3928 tga - ok
04:12:48.0812 3928 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:12:48.0812 3928 Themes - ok
04:12:48.0953 3928 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
04:12:48.0968 3928 TosIde - ok
04:12:48.0984 3928 tosrfcom - ok
04:12:49.0000 3928 transarcafsdaemon - ok
04:12:49.0046 3928 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
04:12:49.0046 3928 TrkWks - ok
04:12:49.0125 3928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:12:49.0125 3928 Udfs - ok
04:12:49.0156 3928 UimBus - ok
04:12:49.0203 3928 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
04:12:49.0203 3928 ultra - ok
04:12:49.0234 3928 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
04:12:49.0234 3928 UMWdf - ok
04:12:49.0312 3928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:12:49.0328 3928 Update - ok
04:12:49.0375 3928 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
04:12:49.0375 3928 upnphost - ok
04:12:49.0406 3928 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
04:12:49.0406 3928 UPS - ok
04:12:49.0500 3928 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
04:12:49.0500 3928 USBAAPL - ok
04:12:49.0578 3928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:12:49.0578 3928 usbccgp - ok
04:12:49.0609 3928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:12:49.0609 3928 usbehci - ok
04:12:49.0687 3928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:12:49.0703 3928 usbhub - ok
04:12:49.0812 3928 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
04:12:49.0812 3928 usbohci - ok
04:12:49.0875 3928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:12:49.0875 3928 usbprint - ok
04:12:49.0953 3928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:12:49.0953 3928 usbscan - ok
04:12:50.0031 3928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:12:50.0031 3928 USBSTOR - ok
04:12:50.0078 3928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:12:50.0078 3928 usbuhci - ok
04:12:50.0109 3928 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
04:12:50.0109 3928 usb_rndisx - ok
04:12:50.0156 3928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:12:50.0156 3928 VgaSave - ok
04:12:50.0203 3928 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
04:12:50.0203 3928 viaagp - ok
04:12:50.0250 3928 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
04:12:50.0250 3928 ViaIde - ok
04:12:50.0296 3928 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
04:12:50.0296 3928 Viewpoint Manager Service - ok
04:12:50.0359 3928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:12:50.0359 3928 VolSnap - ok
04:12:50.0390 3928 vserial - ok
04:12:50.0453 3928 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
04:12:50.0453 3928 VSS - ok
04:12:50.0500 3928 w22n51 - ok
04:12:50.0546 3928 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
04:12:50.0546 3928 W32Time - ok
04:12:50.0609 3928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:12:50.0625 3928 Wanarp - ok
04:12:50.0687 3928 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
04:12:50.0687 3928 wanatw - ok
04:12:50.0718 3928 WDICA - ok
04:12:50.0765 3928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:12:50.0765 3928 wdmaud - ok
04:12:50.0796 3928 WDM_YAMAHAAC97 - ok
04:12:50.0828 3928 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
04:12:50.0843 3928 WebClient - ok
04:12:50.0875 3928 WimFltr - ok
04:12:50.0953 3928 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
04:12:50.0953 3928 WinDefend - ok
04:12:51.0062 3928 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
04:12:51.0062 3928 winmgmt - ok
04:12:51.0109 3928 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
04:12:51.0109 3928 WmdmPmSN - ok
04:12:51.0156 3928 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
04:12:51.0156 3928 WmiApSrv - ok
04:12:51.0234 3928 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
04:12:51.0234 3928 WpdUsb - ok
04:12:51.0265 3928 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
04:12:51.0265 3928 WS2IFSL - ok
04:12:51.0312 3928 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
04:12:51.0312 3928 wscsvc - ok
04:12:51.0375 3928 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
04:12:51.0375 3928 wuauserv - ok
04:12:51.0437 3928 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
04:12:51.0437 3928 WZCSVC - ok
04:12:51.0484 3928 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
04:12:51.0500 3928 xmlprov - ok
04:12:51.0546 3928 z800mdfl - ok
04:12:51.0578 3928 zebrceb - ok
04:12:51.0609 3928 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
04:12:51.0640 3928 \Device\Harddisk0\DR0 - ok
04:12:51.0656 3928 Boot (0x1200) (1e14b1ee44197de30608d2dda56bb387) \Device\Harddisk0\DR0\Partition0
04:12:51.0656 3928 \Device\Harddisk0\DR0\Partition0 - ok
04:12:51.0671 3928 Boot (0x1200) (ff118433d2ef0a123a89b36c3d51f00a) \Device\Harddisk0\DR0\Partition1
04:12:51.0671 3928 \Device\Harddisk0\DR0\Partition1 - ok
04:12:51.0671 3928 ============================================================
04:12:51.0671 3928 Scan finished
04:12:51.0671 3928 ============================================================
04:12:51.0687 2420 Detected object count: 1
04:12:51.0687 2420 Actual detected object count: 1
04:13:27.0281 2420 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
04:13:28.0562 2420 Backup copy found, using it..
04:13:28.0593 2420 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
04:13:28.0593 2420 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
04:13:34.0375 0824 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 04:18:34
-----------------------------
04:18:34.812 OS Version: Windows 5.1.2600 Service Pack 3
04:18:34.812 Number of processors: 1 586 0x604
04:18:34.812 ComputerName: RICH UserName:
04:18:35.406 Initialize success
04:26:57.484 AVAST engine defs: 12041700
04:27:04.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
04:27:04.937 Disk 0 Vendor: HDT722516DLAT80 V43OA96A Size: 157066MB BusType: 3
04:27:04.953 Disk 0 MBR read successfully
04:27:04.953 Disk 0 MBR scan
04:27:04.984 Disk 0 unknown MBR code
04:27:05.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152499 MB offset 9333765
04:27:05.000 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4557 MB offset 63
04:27:05.000 Disk 0 scanning sectors +321653430
04:27:05.078 Disk 0 scanning C:\WINDOWS\system32\drivers
04:27:21.156 Service scanning
04:27:42.093 Modules scanning
04:27:49.937 Disk 0 trace - called modules:
04:27:49.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk28.tmp hal.dll atapi.sys pciide.sys PCIIDEX.SYS
04:27:50.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaedab8]
04:27:50.453 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\0000009b[0x8aaef9e8]
04:27:50.453 5 tsk28.tmp[b9f68620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x8ab1a940]
04:27:51.046 AVAST engine scan C:\WINDOWS
04:28:19.859 AVAST engine scan C:\WINDOWS\system32
04:31:53.437 AVAST engine scan C:\WINDOWS\system32\drivers
04:32:14.640 AVAST engine scan C:\Documents and Settings\Owner
04:32:45.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
04:32:45.390 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Gringo,

If I don't hear back from you by 9:30am this morning, I won't be back for several days as I am heading out to a conference but will be back. Wanted you to know that I am not ingoring you.

Thank you!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 PM

Posted 17 April 2012 - 03:52 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
C:\Program Files\Common Files\ovozo.pif
C:\Program Files\Common Files\omatul.com
C:\Program Files\Common Files\jywiwot.sys
C:\Program Files\Common Files\qojoregocu.bin

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chowbaby

chowbaby
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 17 April 2012 - 04:25 AM

ComboFix 12-04-16.02 - Owner 04/17/2012 5:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.912 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\program files\Common Files\jywiwot.sys"
"c:\program files\Common Files\omatul.com"
"c:\program files\Common Files\ovozo.pif"
"c:\program files\Common Files\qojoregocu.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\jywiwot.sys
c:\program files\Common Files\omatul.com
c:\program files\Common Files\ovozo.pif
c:\program files\Common Files\qojoregocu.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 08:13 . 2012-04-17 08:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-17 05:49 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9695A4FA-B6B5-49E0-9AFB-4E9844B6FD41}\mpengine.dll
2012-04-16 18:58 . 2011-07-15 13:29 457856 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2012-04-16 18:58 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-12 04:39 . 2012-04-12 04:39 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 08:14 . 2004-08-04 06:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-23 14:18 . 2009-10-02 23:28 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-17_05.23.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-17 09:18 . 2012-04-17 09:18 16384 c:\windows\temp\Perflib_Perfdata_e70.dat
+ 2006-05-07 00:24 . 2012-04-17 08:44 72598 c:\windows\system32\perfc009.dat
- 2006-05-07 00:24 . 2012-03-12 23:37 72598 c:\windows\system32\perfc009.dat
+ 2012-04-17 05:26 . 2012-04-17 05:50 1690 c:\windows\SoftwareDistribution\EventCache\{EA67556C-2AEA-4075-9987-7020A54C41BE}.bin
+ 2006-05-07 00:24 . 2012-04-17 08:44 444848 c:\windows\system32\perfh009.dat
- 2006-05-07 00:24 . 2012-03-12 23:37 444848 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [2/15/2012 7:19 PM 361472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/24/2007 9:26 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/30/2012 8:05 PM 106104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2010 9:55 PM 135664]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2010 9:55 PM 135664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Fd16_700
se44mdfl
comhost
isdrv122
nocashio
askernel
psimsvc
regmanserv
NMSCFG
symantecantibotdriver
transarcafsdaemon
zebrceb
ngdbserv
cdrbsvsd
avp
z800mdfl
prfldsvc
AmdLLD
BUFADPT
sit_prt
CTEDSPIO.DLL
hprfdev
vserial
servicelayer
nuvaud2
epson_pm_rpcv4_01
aswupdsv
PNRPSvc
MaVctrl
mfesmfk
tga
WDM_YAMAHAAC97
foldersize
RR2Ctrl
inort
aexnsclient
nvidesm
oracle_load_balancer_60_client-forms6i
backupexecalertserver
w22n51
Sk9920nt
vcomm
imonnt
buslogic
procexp111
dlcc_device
CA561
s7otranx
WimFltr
ndasbus
kbstuff
adiusbaw
tosrfcom
UimBus
szkg
roxupnpserver
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 01:55]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 01:55]
.
2006-12-06 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]
.
2006-12-06 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]
.
2006-12-06 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]
.
2012-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-84070531.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 05:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'explorer.exe'(1460)
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinZip\wzshlstb.dll
c:\program files\QuickSFV\QSFVShll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-17 05:22:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 09:22
ComboFix2.txt 2012-04-17 05:36
.
Pre-Run: 39,214,338,048 bytes free
Post-Run: 39,260,774,400 bytes free
.
- - End Of File - - 91242F0760FADFB4A898BD20B2086E7B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users