Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Bytes Found traojan Agent, but outgoing still exist

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Bytes Found traojan Agent, but outgoing still exist

Unread postby 1james1 » October 23rd, 2012, 1:38 pm

My system crawled to a halt several days ago. After installing malware Bytes, the program found Trojan.agent. now everytime I can get my computer started Malware Bytes stops an outgoing to IP 206.161.121.126 or 206.161.121.124 or 206.161.121.123. Norton Anti virus finds nothing. At times, the computer will not allow me to open programs, but will allow me to access files(?) I am learning as I go. Thank you.

Here is the DDS log--thank you


DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by James Allemand at 10:16:48 on 2012-10-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2549.1441 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\James Allemand\Local Settings\Application Data\Akamai\netsession_win.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\James Allemand\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\20.1.1.5\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\20.1.1.5\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smb
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = 127.0.0.1:9421;*.local;<local>
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smb
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\bearsharetb\BearShareDx.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\norton antivirus\engine\20.1.1.5\ips\IPSBHO.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: IEHlprObjClass: {CE7C3CF0-4B15-11D1-ABED-709549C10000} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - c:\program files\norton safe web lite\engine\1.0.1.8\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Safe Web Lite: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - c:\program files\norton safe web lite\engine\1.0.1.8\CoIEPlg.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\bearsharetb\BearShareDx.dll
TB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - c:\program files\norton safe web lite\engine\1.0.1.8\CoIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "c:\documents and settings\james allemand\local settings\application data\akamai\netsession_win.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCo ... taller.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/dow ... ysinfo.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://navigatela.lacity.org/download/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8471419421
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://wimpro.cce.hp.com/ChatEntry/dow ... msxml4.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Pla ... _Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4C26401D-5DD6-4673-AE5E-ABE95893ADB0} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1401010.005\SymDS.sys [2012-10-19 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1401010.005\SymEFA.sys [2012-10-19 926880]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-9-13 995488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1401010.005\ccSetx86.sys [2012-10-19 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1401010.005\Ironx86.sys [2012-10-19 175264]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-18 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-10 676936]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\20.1.1.5\ccSvcHst.exe [2012-10-19 143928]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-7-12 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-17 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\ipsdefs\20121019.001\IDSXpx86.sys [2012-10-19 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-10 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-23 40776]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121021.008\NAVENG.SYS [2012-10-22 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121021.008\NAVEX15.SYS [2012-10-22 1601184]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/07/20 10:35:28;c:\program files\cyberlink\powerdvd10\navfilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250808]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-12 80824]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-8 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-12 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-23 17:08:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-19 23:36:46 926880 ----a-r- c:\windows\system32\drivers\nav\1401010.005\SymEFA.sys
2012-10-19 23:36:46 394656 ----a-r- c:\windows\system32\drivers\nav\1401010.005\symtdi.sys
2012-10-19 23:36:46 350368 ----a-r- c:\windows\system32\drivers\nav\1401010.005\symtdiv.sys
2012-10-19 23:36:46 338592 ----a-r- c:\windows\system32\drivers\nav\1401010.005\symnets.sys
2012-10-19 23:36:46 21400 ----a-r- c:\windows\system32\drivers\nav\1401010.005\SymELAM.sys
2012-10-19 23:36:45 585888 ----a-r- c:\windows\system32\drivers\nav\1401010.005\srtsp.sys
2012-10-19 23:36:45 368288 ----a-r- c:\windows\system32\drivers\nav\1401010.005\SymDS.sys
2012-10-19 23:36:45 32888 ----a-r- c:\windows\system32\drivers\nav\1401010.005\srtspx.sys
2012-10-19 23:36:45 175264 ----a-r- c:\windows\system32\drivers\nav\1401010.005\Ironx86.sys
2012-10-19 23:36:45 134304 ----a-r- c:\windows\system32\drivers\nav\1401010.005\ccSetx86.sys
2012-10-19 23:36:23 8942 ----a-r- c:\windows\system32\drivers\nav\1401010.005\SymVTcer.dat
2012-10-19 23:36:21 -------- d-----w- c:\windows\system32\drivers\nav\1401010.005
2012-09-26 20:45:29 -------- d-----w- c:\documents and settings\james allemand\application data\Berlitz
2012-09-26 20:32:59 -------- d-----w- c:\program files\Berlitz
2012-09-26 20:32:58 -------- d-----w- c:\documents and settings\all users\application data\Berlitz
2012-09-25 20:11:49 -------- d-----w- c:\documents and settings\james allemand\local settings\application data\PCHealth
.
==================== Find3M ====================
.
2012-10-19 23:39:27 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-10 18:58:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 18:58:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 17:03:25 60304 ----a-w- c:\documents and settings\james allemand\g2mdlhlpx.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDS721616PLA380 rev.P22OAB3A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A47A4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a48193c]; MOV EAX, [0x8a481ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8A92DAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000006f[0x8A908F18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> [0x8A8F6D98]
\Driver\atapi[0x8A496648] -> IRP_MJ_CREATE -> 0x8A47A4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A47A2E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:18:44.68 ===============


I just realixed that this attach log needed to be included!!!!!!!! Sorry.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/16/2008 4:09:46 PM
System Uptime: 10/23/2012 10:04:01 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 104.424 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP614: 7/23/2012 11:32:38 AM - Software Distribution Service 3.0
RP615: 7/24/2012 10:11:23 AM - Software Distribution Service 3.0
RP616: 7/24/2012 11:11:39 AM - Software Distribution Service 3.0
RP617: 7/26/2012 12:21:10 PM - System Checkpoint
RP618: 7/26/2012 4:53:48 PM - Software Distribution Service 3.0
RP619: 8/1/2012 9:45:54 AM - Software Distribution Service 3.0
RP620: 8/1/2012 1:13:11 PM - Software Distribution Service 3.0
RP621: 8/2/2012 4:26:48 PM - Software Distribution Service 3.0
RP622: 8/3/2012 2:02:51 PM - Software Distribution Service 3.0
RP623: 8/7/2012 5:29:39 PM - System Checkpoint
RP624: 8/8/2012 3:00:16 AM - Software Distribution Service 3.0
RP625: 8/8/2012 10:53:37 AM - Software Distribution Service 3.0
RP626: 8/15/2012 5:17:10 PM - System Checkpoint
RP627: 8/15/2012 8:07:28 PM - Software Distribution Service 3.0
RP628: 8/16/2012 3:16:43 PM - Software Distribution Service 3.0
RP629: 8/21/2012 6:46:29 PM - Software Distribution Service 3.0
RP630: 8/22/2012 5:23:09 PM - Software Distribution Service 3.0
RP631: 8/23/2012 5:19:43 PM - Software Distribution Service 3.0
RP632: 8/24/2012 5:45:57 PM - Software Distribution Service 3.0
RP633: 8/28/2012 1:18:45 PM - System Checkpoint
RP634: 8/28/2012 3:32:11 PM - Software Distribution Service 3.0
RP635: 8/29/2012 3:44:17 PM - Software Distribution Service 3.0
RP636: 9/4/2012 10:15:03 AM - System Checkpoint
RP637: 9/4/2012 11:07:48 AM - Software Distribution Service 3.0
RP638: 9/5/2012 1:14:21 PM - System Checkpoint
RP639: 9/5/2012 2:02:45 PM - Software Distribution Service 3.0
RP640: 9/6/2012 3:57:19 PM - Software Distribution Service 3.0
RP641: 9/10/2012 2:11:41 PM - Software Distribution Service 3.0
RP642: 9/11/2012 2:41:14 PM - System Checkpoint
RP643: 9/11/2012 3:57:34 PM - Software Distribution Service 3.0
RP644: 9/12/2012 4:50:57 PM - Software Distribution Service 3.0
RP645: 9/13/2012 4:19:26 PM - Software Distribution Service 3.0
RP646: 9/14/2012 2:08:03 PM - Software Distribution Service 3.0
RP647: 9/17/2012 2:01:56 PM - Software Distribution Service 3.0
RP648: 9/18/2012 3:28:35 PM - Software Distribution Service 3.0
RP649: 9/20/2012 12:40:17 PM - System Checkpoint
RP650: 9/20/2012 4:51:47 PM - Software Distribution Service 3.0
RP651: 9/21/2012 6:28:06 PM - System Checkpoint
RP652: 9/22/2012 3:00:18 AM - Software Distribution Service 3.0
RP653: 9/23/2012 3:00:23 AM - Software Distribution Service 3.0
RP654: 9/25/2012 1:06:53 PM - Software Distribution Service 3.0
RP655: 9/25/2012 7:44:25 PM - Software Distribution Service 3.0
RP656: 9/26/2012 1:32:58 PM - Installed Berlitz Learning System
RP657: 9/26/2012 1:37:34 PM - Installed Berlitz Before You Know It Flash Cards
RP658: 9/26/2012 2:33:10 PM - Software Distribution Service 3.0
RP659: 9/27/2012 4:27:05 PM - System Checkpoint
RP660: 9/27/2012 5:25:28 PM - Software Distribution Service 3.0
RP661: 9/28/2012 2:06:58 PM - Software Distribution Service 3.0
RP662: 10/1/2012 11:23:50 AM - System Checkpoint
RP663: 10/1/2012 2:11:20 PM - Software Distribution Service 3.0
RP664: 10/3/2012 1:31:34 PM - System Checkpoint
RP665: 10/3/2012 6:24:49 PM - Software Distribution Service 3.0
RP666: 10/4/2012 5:53:16 PM - Software Distribution Service 3.0
RP667: 10/5/2012 4:00:10 PM - Software Distribution Service 3.0
RP668: 10/8/2012 10:14:42 AM - System Checkpoint
RP669: 10/8/2012 12:08:14 PM - Software Distribution Service 3.0
RP670: 10/9/2012 8:25:45 AM - Software Distribution Service 3.0
RP671: 10/10/2012 1:42:01 PM - System Checkpoint
RP672: 10/11/2012 1:34:56 PM - Software Distribution Service 3.0
RP673: 10/11/2012 4:24:29 PM - Software Distribution Service 3.0
RP674: 10/16/2012 10:55:32 AM - Software Distribution Service 3.0
RP675: 10/16/2012 12:57:20 PM - Removed Berlitz Learning System
RP676: 10/16/2012 1:05:32 PM - Software Distribution Service 3.0
RP677: 10/16/2012 1:21:26 PM - Removed Berlitz Before You Know It Flash Cards
RP678: 10/16/2012 2:05:29 PM - Removed Samsung Kies
RP679: 10/17/2012 10:36:03 AM - Removed iTunes
RP680: 10/17/2012 10:52:05 AM - Software Distribution Service 3.0
RP681: 10/18/2012 11:27:30 AM - Software Distribution Service 3.0
RP682: 10/18/2012 11:41:01 AM - Software Distribution Service 3.0
RP683: 10/19/2012 7:38:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
2x1/4x1 USB Peripheral Switch
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon Kindle
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Bing Bar
Bonjour
Browser Address Error Redirector
CFLR Suite 2008-1
Collier TopForm
Collier TopForm 6
Collier TopForm Update
Collier TopForm™ & File 11
Compatibility Pack for the 2007 Office system
Corporate DocuPAK
Critical Update for Windows Media Player 11 (KB959772)
CustomPrint
Dell Driver Reset Tool
Dell Software Uninstall
DLwin
EPSON Copy Utility
EPSON Photo Print
EPSON Scanner Reference Guide
EPSON Smart Panel
EPSON TWAIN 5
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 5.1.0.880
High Definition Audio Driver Package - KB835221
HotDocs Player 10
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstallMgr
Intel AppUp(SM) center
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kensington MouseWorks
LG Burning Tool
LG CyberLink BD Advisor
LG CyberLink Blu-ray Disc Suite
LG CyberLink MediaEspresso
LG CyberLink MediaShow
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG CyberLink YouCam
LG Tool Kit
Malwarebytes Anti-Malware version 1.65.1.1000
MediaBar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server Compact 4.0 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Norton AntiVirus
Norton Safe Web Lite
Norton Security Scan
OpenOffice.org Installer 1.0
PowerDVD
Presto! PixExpress
Quicken 2009
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
SAMSUNG USB Driver for Mobile Phones
ScanToWeb
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
System Checkup 3.0
Uniblue RegistryBooster 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Help and Support Tool
Verizon High Speed Internet
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VIVA MEDIA GAME CENTER
Vz In Home Agent
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/22/2012 12:30:27 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/22/2012 12:19:43 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
10/19/2012 3:45:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
10/19/2012 3:45:20 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NSL service.
10/19/2012 3:44:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NAV service.
10/19/2012 3:34:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/19/2012 10:17:35 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/18/2012 9:27:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
10/18/2012 9:27:22 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 9:27:22 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 9:27:22 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 9:27:22 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 9:27:22 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 9:27:22 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 9:27:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/18/2012 9:26:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/18/2012 5:40:28 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 5:16:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor Lbd
10/18/2012 4:41:29 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/18/2012 4:17:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
10/18/2012 12:26:54 PM, error: W32Time [21] - The time service is configured to use one or more input providers, however, none of the input providers are available. The time service has no source of accurate time.
10/18/2012 12:25:18 PM, error: W32Time [45] - The time provider NtpServer encountered an error and was forced to shut down. The error was: 0x80070006
10/18/2012 12:25:18 PM, error: W32Time [44] - The time provider NtpClient encountered an error and was forced to shut down. The error was: 0x80070006
10/18/2012 11:22:00 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 11:11:15 AM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The I/O operation has been aborted because of either a thread exit or an application request.
10/18/2012 11:11:15 AM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service has not been started.
10/17/2012 10:40:53 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm
Advertisement
Register to Remove

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby askey127 » October 24th, 2012, 11:14 am

Hi 1James1,
A lot to do here in the beginning, but you will find it fairly easy. Just take one step ata time, in order.

Mediabar is a P2P filesharing application that will positively get your computer infected.
-----------------------------------------------------------
Don't use any Registry Boosters, Optimizers, Helpers, or Cleaners.
The risk of corrupting the machine far outweighs any potential benefits.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.3.1
Browser Address Error Redirector
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) 6 Update 5
Java(TM) 6 Update 7
MediaBar
Uniblue RegistryBooster 2009
SearchAssist
<== may not show up in the Installed Programs list


Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Under Java Platform, Standard Edition, labeled Java SE 7 Update 9, click on the button labeled JRE Download. Do NOT choose the button labeled "JDK Download". If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform jre-7u9-windows-i586.exe for 32-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1.4 are vulnerable.
Go HERE to download AdbeRdr1014_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby 1james1 » October 24th, 2012, 3:49 pm

Thank you for your time. I have performed all requested tasks...at a serious disadvantage, since I had to force close the computer by pushing the power key when it was frozen MULTIPLE times....at any rate. logs are below. Thanks again.

OTL logfile created on: 10/24/2012 12:31:34 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\James Allemand\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 66.86% Memory free
3.82 Gb Paging File | 3.22 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 103.54 Gb Free Space | 69.50% Space Free | Partition Type: NTFS
Drive D: | 583.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 976.13 Mb Total Space | 62.80 Mb Free Space | 6.43% Space Free | Partition Type: FAT

Computer Name: DF7ZY0G1 | User Name: James Allemand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/24 11:47:45 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/24 10:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Allemand\Desktop\OTL.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\James Allemand\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/29 12:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\20.1.1.5\ccSvcHst.exe
PRC - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/22 22:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/08/18 11:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/24 11:47:45 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/10 11:58:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/10 12:13:59 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/08/29 12:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\20.1.1.5\ccSvcHst.exe -- (NAV)
SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_B91CB6D3)
SRV - [2010/05/22 22:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
SRV - [2005/05/23 14:20:58 | 000,487,424 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\system32\DKabcoms.exe -- (dkab_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/19 16:39:27 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/19 15:31:04 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20121023.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/10/19 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20121023.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/19 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20121023.021\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/05 11:23:26 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20121005.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/15 11:06:38 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/15 11:06:37 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/10 18:26:42 | 000,585,888 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1401010.005\srtsp.sys -- (SRTSP)
DRV - [2012/08/07 22:18:19 | 000,926,880 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1401010.005\SymEFA.sys -- (SymEFA)
DRV - [2012/08/07 11:42:43 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1401010.005\ccSetx86.sys -- (ccSet_NAV)
DRV - [2012/07/27 20:25:32 | 000,368,288 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1401010.005\SymDS.sys -- (SymDS)
DRV - [2012/07/27 20:05:21 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1401010.005\Ironx86.sys -- (SymIRON)
DRV - [2012/07/22 18:34:24 | 000,394,656 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1401010.005\symtdi.sys -- (SYMTDI)
DRV - [2012/06/04 00:59:20 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/06/04 00:59:20 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/05/24 22:36:55 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1401010.005\srtspx.sys -- (SRTSPX)
DRV - [2010/03/17 13:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 13:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/24 05:40:12 | 000,080,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/04/13 11:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/06/13 18:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/08/18 11:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 11:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 11:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 11:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 11:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 11:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 11:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 11:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 08:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 08:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/03/31 17:46:42 | 000,091,776 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmw_sys.sys -- (KMW_SYS)
DRV - [2005/03/31 17:45:30 | 000,005,760 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmw_kbd.sys -- (KMW_KBD)
DRV - [2005/03/31 17:45:14 | 000,010,496 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmw_usb.sys -- (KMW_USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\SearchScopes,DefaultScope = {659CAD8D-909E-4F82-B6F4-EC9109B9D6E2}
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\SearchScopes\{659CAD8D-909E-4F82-B6F4-EC9109B9D6E2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGIE_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=N_yWj-Tt ... 7GqmvTk?q={searchTerms}
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=US&ver=1
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\ [2010/07/12 08:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/21 09:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\ [2012/10/19 16:44:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.204\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\James Allemand\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\James Allemand\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\James Allemand\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\20.1.1.5\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\KENSIN~1\MouseWorks\IE_KMW.DLL File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006..\Run: [Akamai NetSession Interface] C:\Documents and Settings\James Allemand\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCo ... taller.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/dow ... ysinfo.cab (SysData Class)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://navigatela.lacity.org/download/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8471419421 (MUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://wimpro.cce.hp.com/ChatEntry/dow ... msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Pla ... _Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C26401D-5DD6-4673-AE5E-ABE95893ADB0}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James Allemand\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Allemand\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/21 15:57:38 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7bba909c-1edc-11de-8607-001d0994fbb6}\Shell - "" = AutoRun
O33 - MountPoints2\{7bba909c-1edc-11de-8607-001d0994fbb6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bba909c-1edc-11de-8607-001d0994fbb6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c5460d57-e8dd-11de-86bf-001d0994fbb6}\Shell - "" = AutoRun
O33 - MountPoints2\{c5460d57-e8dd-11de-86bf-001d0994fbb6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5460d57-e8dd-11de-86bf-001d0994fbb6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/24 11:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/10/24 11:48:13 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/24 11:48:13 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/24 11:48:13 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/24 11:48:13 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/24 11:48:04 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/24 11:48:04 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/24 11:48:04 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/24 10:14:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Allemand\Desktop\OTL.exe
[2012/10/18 10:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/10/15 12:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/10/15 12:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/10/10 15:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Allemand\Desktop\DATA BUILDING DEPT C NORWALK
[2012/09/26 13:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Allemand\Application Data\Berlitz
[2012/09/26 13:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Berlitz
[2012/09/26 13:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Berlitz
[2012/09/25 13:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Allemand\Local Settings\Application Data\PCHealth
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/24 12:27:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/10/24 12:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 11:57:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/24 11:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/24 11:55:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3818217218-3749770451-1570557115-1006.job
[2012/10/24 11:54:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/24 11:54:50 | 2673,000,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 11:47:46 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/24 11:47:44 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/24 11:47:44 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/24 11:47:44 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/24 11:47:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/24 11:47:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/24 11:47:44 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/24 10:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Allemand\Desktop\OTL.exe
[2012/10/23 14:44:57 | 000,003,645 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2012/10/22 13:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/10/22 11:25:41 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/10/22 09:29:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/19 19:10:33 | 000,010,074 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1401010.005\VT20121008.022
[2012/10/19 16:42:12 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\James Allemand\Desktop\Norton Installation Files.lnk
[2012/10/19 16:41:02 | 000,703,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1401010.005\Cat.DB
[2012/10/19 16:39:27 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/10/19 16:39:27 | 000,007,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/10/19 16:39:27 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/10/19 15:55:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/18 17:42:16 | 000,051,716 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/18 16:45:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/18 11:46:30 | 000,507,448 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/18 11:46:30 | 000,090,116 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/17 10:18:17 | 000,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/16 12:53:01 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\James Allemand\Desktop\Shortcut to Add or Remove Programs.lnk
[2012/10/16 12:45:05 | 000,000,301 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2012/10/11 13:46:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/10 17:45:21 | 000,332,381 | ---- | M] () -- C:\Documents and Settings\James Allemand\My Documents\fw001.pdf
[2012/10/10 11:58:20 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/10 11:58:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/08 11:23:37 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\James Allemand\Desktop\Postage Price Calculator (2).url
[2012/10/05 14:10:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/03 11:23:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\James Allemand\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/27 10:07:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3818217218-3749770451-1570557115-1006.job
[2012/09/26 14:07:45 | 000,024,064 | -H-- | M] () -- C:\Documents and Settings\James Allemand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/24 12:27:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/10/24 12:27:26 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/10/19 16:13:49 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\James Allemand\Desktop\Norton Installation Files.lnk
[2012/10/19 16:07:51 | 2673,000,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/19 15:55:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/18 17:42:16 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/18 16:45:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/16 12:53:01 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\James Allemand\Desktop\Shortcut to Add or Remove Programs.lnk
[2012/10/10 17:43:55 | 000,332,381 | ---- | C] () -- C:\Documents and Settings\James Allemand\My Documents\fw001.pdf
[2012/09/13 10:03:24 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\James Allemand\g2mdlhlpx.exe
[2012/07/20 10:47:44 | 000,000,301 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2012/07/11 16:57:53 | 000,487,174 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3818217218-3749770451-1570557115-1006-0.dat
[2012/07/11 16:57:52 | 000,243,726 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/02/16 11:08:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/17 10:53:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Allemand\Local Settings\Application Data\{0659ED10-E0C2-49B2-9315-5C4C5C601EB7}
[2011/12/28 13:53:04 | 000,038,485 | ---- | C] () -- C:\Documents and Settings\James Allemand\Application Data\Comma Separated Values (DOS).ADR
[2011/09/13 08:44:57 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2010/10/15 08:46:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\James Allemand\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/15 08:41:10 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/12/09 11:05:11 | 000,013,017 | ---- | C] () -- C:\Documents and Settings\James Allemand\Application Data\Comma Separated Values (DOS).CAL
[2008/08/27 15:24:17 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\James Allemand\Application Data\$_hpcst$.hpc
[2008/04/17 10:19:35 | 000,024,064 | -H-- | C] () -- C:\Documents and Settings\James Allemand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/10 11:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/10/24 08:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/09/26 13:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Berlitz
[2008/09/03 10:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CFLR
[2008/09/03 10:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DissoMaster
[2011/08/17 15:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/03/27 09:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/10/16 14:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/07/20 10:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/20 14:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2011/08/22 12:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/16 12:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\Berlitz
[2008/09/03 10:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\CFLR
[2008/09/03 10:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\DissoMaster
[2009/01/06 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\EPSON
[2008/05/12 22:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\FileMaker
[2011/08/17 15:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\iolo
[2008/04/16 17:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\Kensington
[2008/06/11 14:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\LimeWire
[2012/07/11 16:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\Samsung
[2012/05/07 09:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\Tific
[2009/05/26 15:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\Uniblue
[2009/04/17 13:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\vzsmbtb
[2012/07/20 14:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Allemand\Application Data\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby 1james1 » October 24th, 2012, 3:50 pm

OTL Extras logfile created on: 10/24/2012 12:31:34 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\James Allemand\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 66.86% Memory free
3.82 Gb Paging File | 3.22 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 103.54 Gb Free Space | 69.50% Space Free | Partition Type: NTFS
Drive D: | 583.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 976.13 Mb Total Space | 62.80 Mb Free Space | 6.43% Space Free | Partition Type: FAT

Computer Name: DF7ZY0G1 | User Name: James Allemand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3818217218-3749770451-1570557115-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1043:TCP" = 1043:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe" = C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Enabled:CyberLink PowerDVD 10.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\DKabcoms.exe" = C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP -- (Dell)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\diyonline\eDraw.exe" = C:\diyonline\eDraw.exe:*:Enabled:Sprinkler Designer
"C:\Documents and Settings\James Allemand\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\James Allemand\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe" = C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Enabled:CyberLink PowerDVD 10.0 -- (CyberLink Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CC0A3D1-96BE-49A5-9BA5-EB464B2AB38B}" = Collier TopForm Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Blu-ray Disc Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = LG CyberLink BD Advisor
"{2F141715-E144-48C0-8562-D193B7AB85BC}" = Microsoft SQL Server Compact 4.0 ENU
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3267C6EC-BB10-4AEE-B3B4-CC7D58039C8D}" = CFLR Suite 2008-1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.0
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.8.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3752427-9AAA-4B1C-B428-01723E0E9FFA}" = 2x1/4x1 USB Peripheral Switch
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
"{AA206D11-3BEA-4EB8-B371-134857C72F11}" = Collier TopForm
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD
"{E1E8CA86-39EB-4B67-950A-F34D04546FF7}" = HotDocs Player 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"{EB3A9D10-41E8-11D7-8033-002078E12827}" = DLwin
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F190B1D0-A60A-4FB9-B69E-B328C2426FE3}" = Collier TopForm Update
"{F21D97C0-EDEE-11D3-A5A3-00C04F5C8D67}" = Collier TopForm 6
"{F226B596-E4BB-4E0B-8884-B417EAEF9A72}" = Presto! PixExpress
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface Service
"Amazon Kindle" = Amazon Kindle
"Corporate DocuPAK" = Corporate DocuPAK
"CustomPrint" = CustomPrint
"Dell_HostCD" = Dell Software Uninstall
"EPSON Photo Print" = EPSON Photo Print
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"Intel AppUp(SM) center 18167" = Intel AppUp(SM) center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NST" = Norton Safe Web Lite
"RealPlayer 15.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON Scanner Reference Guide
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3818217218-3749770451-1570557115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0cda548fb39019f7" = Collier TopForm™ & File 11
"Akamai" = Akamai NetSession Interface
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2012 11:59:59 AM | Computer Name = DF7ZY0G1 | Source = MsiInstaller | ID = 11500
Description =

Error - 10/24/2012 12:00:36 PM | Computer Name = DF7ZY0G1 | Source = MsiInstaller | ID = 11500
Description =

Error - 10/24/2012 2:02:09 PM | Computer Name = DF7ZY0G1 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2012 2:04:27 PM | Computer Name = DF7ZY0G1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2012 2:41:53 PM | Computer Name = DF7ZY0G1 | Source = MsiInstaller | ID = 11500
Description =

Error - 10/24/2012 2:41:57 PM | Computer Name = DF7ZY0G1 | Source = MsiInstaller | ID = 11500
Description =

Error - 10/24/2012 2:41:57 PM | Computer Name = DF7ZY0G1 | Source = MsiInstaller | ID = 11500
Description =

Error - 10/24/2012 2:41:58 PM | Computer Name = DF7ZY0G1 | Source = MsiInstaller | ID = 11500
Description =

Error - 10/24/2012 2:41:59 PM | Computer Name = DF7ZY0G1 | Source = MsiInstaller | ID = 11500
Description =

Error - 10/24/2012 3:01:11 PM | Computer Name = DF7ZY0G1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/24/2012 12:24:21 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:21 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:22 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:22 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:22 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:22 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:22 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:22 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:22 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/24/2012 12:24:22 PM | Computer Name = DF7ZY0G1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby askey127 » October 25th, 2012, 8:50 am

1james1,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=US&ver=1
    IE - HKU\S-1-5-21-3818217218-3749770451-1570557115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\LimeWire\LimeWire.exe" =-
    "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" =-
    
    :Files
    C:\Documents and Settings\James Allemand\Application Data\Uniblue
    C:\Documents and Settings\All Users\Application Data\TEMP
    C:\Documents and Settings\James Allemand\Application Data\LimeWire
    C:\Documents and Settings\James Allemand\Application Data\Uniblue
    C:\Program Files\LimeWire
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    ipconfig /flushdns /c
    
    :Commands
    
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

So we will be looking for logs from OTL, RogueKiller and TDSSKiller
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby 1james1 » October 25th, 2012, 2:36 pm

Hello. I attempted to perform the first task... but the Computer would not allow me to access the internet...when it did it would freeze causing me to force restart it. Finally, it allowed me to access the internet one time, and I was able to get to the malware website to copy the commands. But then it froze again, thereby preventing me access everytime thereafter....in fact, it started to freeze my email (which happened to be the way that I was accessing this website).

With no way of accesing the Code in your post, I thought that I could try to access the commands via laptop and copy them onto a flash drive then cut and paste to OTL--remember that the computer allows access to files and not programs....but after inserting thumbdrive into computer, the computer recognized it off of the task bar...but did not see the thumbdrive anywhere esle......I think that the thumbdrive is now not working!

Hence I am posting this from a laptop and not the original computer. I was able to access the OTL software, and typed in the code information that you provided me with (with "VERY GREAT CAREFULNESS"). The OTL started with "Killing processes. DO NOT INTERRUPT . . ." I will see where this takes me. Do you think that somehow the thumbdrive is now infected? How long should the OTL program run?
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby askey127 » October 25th, 2012, 3:36 pm

If OTL will not run properly, please try to run RogueKiller and/or TDSSKiller.
If you have to download them to a flash on another machine, do it.
If nothing will run you can try them in SAFE mode.

It is not clear whether this machine can be rescued without a complete Reformat/Re-Install.
We'll see.
Do you have a clean machine available to do downloads? If so, can it burn a CD?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby 1james1 » October 25th, 2012, 9:40 pm

This has been an all day exercise....but here is summation.
After turning off computer from being frozen on OTL, ...a message appeared in task bar... +- error on disc. run disc check ( I suspect probably becuase I have had to force turn it off everytime it froze.) At any rate, the disc check found errors.. and it restarted fine...it actually felt good. I started OTL again thinking that it would run....no. it froze. Force turn off.

When it came back up I ran the Roguekiller application...after prescan and ok to license...on scan it gave me "blue screen of death (i call it)" at any rate... in the message portion it stated atapi.sys was a problem area...I took a picture of it before restarting and can attach it or send it if you want it! On restart it became frozen. I will attempt to restart again (in safe mode) ..... and keep you posted.

As for thumbdrive I am afraid to plug it into another computer for fear of it being corrupt...what do you think. As for writeable cd rom drive on another machine. Yes. i have access!

And please dont tell me that a "clean install" is an option now....I don't want that route!!!! Especially after the time invested here...


Thank you.
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby askey127 » October 26th, 2012, 6:43 am

1james1,
You may want to print out these instructions first.

We will fix it if we can. It depends on what we find, and the scans to determine what's happening have been a battle, as you know.

If you have access to another clean machine (friend, family, other..) I would create a CD from Windows Defender Offline.
The routine is to download the large .iso file from Microsoft, use it to burn a CD, then boot the machine using the CD.
The download site can also burn a CD directly, without having to use the .iso file and CD burning software.
The resulting CD has its own boot system, and can clean rootkits and trojans from a machine without having to start Windows.
The site is here:
https://blogs.technet.com/b/security/archive/2012/09/19/microsoft-s-free-security-tools-windows-defender-offline.aspx?Redirected=true
The machine BIOS needs to be set to boot from a CD first, before the Hard Drive. Most machines are set to do so.

Whether you can do the above or not, please run the following tests/repairs.
-----------------------------------------------------------
Check Hard Disk For Errors
Press Start->Run, then type or copy/paste the following command into the box and press OK:
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

-----------------------------------------------------------
Hard Disk Repair
IF Chkdsk has found any errors having to do with bad sectors in your file system, or if it reports that it cannot continue in Read-Only Mode, it needs to run a different sequence on reboot to do repairs. It can't repair the file system while Windows is running.
DO NOT START THIS SEQUENCE UNLESS YOU CAN DO WITHOUT THE MACHINE FOR AN HOUR OR TWO. It may not take that long , but could, depending on the number of files and folders.
It will not relinquish control until it is done. You cannot stop it, and it would be a BIG mistake to pull the plug.

If it's present on your Desktop, please delete your original file Checkhd.txt
Go To Start, Run and type cmd
hit <Enter>
Type this black text into the command window at the prompt:
chkdsk c: /F /R <==notice the /F and /R , with one space between c: and /F, another between /F and /R
hit <Enter>
You will get a message that the volume is locked, with a request to do the repair on Reboot.
Answer Y
Then type exit to close the Command window.
Go to Start, Turn Off Computer and choose Reboot
It will scan again when it boots up and make the repairs as the first part of the reboot process.
-----------------------------------------------------------
If You Ran a Hard Disk Repair, Check the Disk For Errors Again
Press Start->Run, then type or copy/paste the following command into the box and press OK:
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
If it's very long just post the last 30-50 lines.

Please let me see the log(s) if possible. Don't draw any conclusions on your own.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby 1james1 » October 26th, 2012, 6:52 pm

1) I ran the Windows defender....it found undesirable program "program:Win32/PowerRegScheduler"

2) ran check disk. logs is here:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

156199994 KB total disk space.
46458540 KB in 156921 files.
55992 KB in 15759 indexes.
0 KB in bad sectors.
460074 KB in use by the system.
65536 KB occupied by the log file.
109225388 KB available on disk.

4096 bytes in each allocation unit.
39049998 total allocation units on disk.
27306347 allocation units available on disk.
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
Recovering orphaned file NCWMRC~1.DB- (72038) into directory file 117029.
Recovering orphaned file ncwmrc.db-journal (72038) into directory file 117029.
Recovering orphaned file IRONST~1.LOG (72039) into directory file 141998.
Recovering orphaned file IronState.dat.log (72039) into directory file 141998.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

156199994 KB total disk space.
46574816 KB in 157259 files.
56112 KB in 15788 indexes.
0 KB in bad sectors.
460078 KB in use by the system.
65536 KB occupied by the log file.
109108988 KB available on disk.

4096 bytes in each allocation unit.
39049998 total allocation units on disk.
27277247 allocation units available on disk.
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby 1james1 » October 26th, 2012, 7:15 pm

I went back and the "roguekiller.exe" stated that it was not a valid windows32 program.

Was able to get tdsskiller. to run. here is the log

16:01:37.0812 2408 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:01:38.0140 2408 ============================================================
16:01:38.0140 2408 Current date / time: 2012/10/26 16:01:38.0140
16:01:38.0140 2408 SystemInfo:
16:01:38.0140 2408
16:01:38.0140 2408 OS Version: 5.1.2600 ServicePack: 3.0
16:01:38.0140 2408 Product type: Workstation
16:01:38.0140 2408 ComputerName: DF7ZY0G1
16:01:38.0140 2408 UserName: James Allemand
16:01:38.0140 2408 Windows directory: C:\WINDOWS
16:01:38.0140 2408 System windows directory: C:\WINDOWS
16:01:38.0140 2408 Processor architecture: Intel x86
16:01:38.0140 2408 Number of processors: 2
16:01:38.0140 2408 Page size: 0x1000
16:01:38.0140 2408 Boot type: Normal boot
16:01:38.0140 2408 ============================================================
16:01:41.0203 2408 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:01:41.0218 2408 ============================================================
16:01:41.0218 2408 \Device\Harddisk0\DR0:
16:01:41.0218 2408 MBR partitions:
16:01:41.0218 2408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x129ED876
16:01:41.0218 2408 ============================================================
16:01:41.0296 2408 C: <-> \Device\Harddisk0\DR0\Partition1
16:01:41.0296 2408 ============================================================
16:01:41.0296 2408 Initialize success
16:01:41.0296 2408 ============================================================
16:02:10.0718 3452 ============================================================
16:02:10.0718 3452 Scan started
16:02:10.0718 3452 Mode: Manual;
16:02:10.0718 3452 ============================================================
16:02:10.0875 3452 ================ Scan system memory ========================
16:02:10.0875 3452 System memory - ok
16:02:10.0890 3452 ================ Scan services =============================
16:02:10.0968 3452 Abiosdsk - ok
16:02:11.0000 3452 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:02:11.0000 3452 abp480n5 - ok
16:02:11.0046 3452 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:02:11.0046 3452 ACPI - ok
16:02:11.0078 3452 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:02:11.0109 3452 ACPIEC - ok
16:02:11.0187 3452 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:02:11.0187 3452 AdobeFlashPlayerUpdateSvc - ok
16:02:11.0218 3452 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:02:11.0234 3452 adpu160m - ok
16:02:11.0265 3452 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:02:11.0281 3452 aec - ok
16:02:11.0312 3452 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:02:11.0343 3452 AFD - ok
16:02:11.0375 3452 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:02:11.0390 3452 agp440 - ok
16:02:11.0406 3452 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:02:11.0406 3452 agpCPQ - ok
16:02:11.0437 3452 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:02:11.0453 3452 Aha154x - ok
16:02:11.0468 3452 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:02:11.0500 3452 aic78u2 - ok
16:02:11.0515 3452 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:02:11.0546 3452 aic78xx - ok
16:02:11.0750 3452 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
16:02:11.0750 3452 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
16:02:11.0765 3452 Akamai ( HiddenFile.Multi.Generic ) - warning
16:02:11.0765 3452 Akamai - detected HiddenFile.Multi.Generic (1)
16:02:11.0812 3452 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:02:11.0875 3452 Alerter - ok
16:02:11.0890 3452 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:02:11.0890 3452 ALG - ok
16:02:11.0921 3452 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:02:11.0937 3452 AliIde - ok
16:02:11.0953 3452 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:02:11.0953 3452 alim1541 - ok
16:02:11.0968 3452 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:02:11.0968 3452 amdagp - ok
16:02:11.0984 3452 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:02:11.0984 3452 amsint - ok
16:02:12.0046 3452 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:02:12.0046 3452 Apple Mobile Device - ok
16:02:12.0062 3452 AppMgmt - ok
16:02:12.0093 3452 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:02:12.0125 3452 asc - ok
16:02:12.0156 3452 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:02:12.0156 3452 asc3350p - ok
16:02:12.0187 3452 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:02:12.0187 3452 asc3550 - ok
16:02:12.0281 3452 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:02:12.0296 3452 aspnet_state - ok
16:02:12.0328 3452 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:02:12.0328 3452 AsyncMac - ok
16:02:12.0359 3452 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:02:12.0359 3452 atapi - ok
16:02:12.0375 3452 Atdisk - ok
16:02:12.0406 3452 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:02:12.0406 3452 Atmarpc - ok
16:02:12.0453 3452 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:02:12.0453 3452 AudioSrv - ok
16:02:12.0500 3452 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:02:12.0500 3452 audstub - ok
16:02:12.0562 3452 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:02:12.0593 3452 BBSvc - ok
16:02:12.0625 3452 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:02:12.0640 3452 BBUpdate - ok
16:02:12.0656 3452 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:02:12.0671 3452 Beep - ok
16:02:12.0843 3452 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20121005.002\BHDrvx86.sys
16:02:12.0859 3452 BHDrvx86 - ok
16:02:12.0921 3452 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:02:12.0953 3452 BITS - ok
16:02:13.0000 3452 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:02:13.0015 3452 Bonjour Service - ok
16:02:13.0046 3452 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:02:13.0062 3452 Browser - ok
16:02:13.0093 3452 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:02:13.0093 3452 cbidf - ok
16:02:13.0093 3452 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:02:13.0109 3452 cbidf2k - ok
16:02:13.0156 3452 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NAV C:\WINDOWS\system32\drivers\NAV\1401010.005\ccSetx86.sys
16:02:13.0156 3452 ccSet_NAV - ok
16:02:13.0187 3452 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:02:13.0187 3452 cd20xrnt - ok
16:02:13.0218 3452 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:02:13.0218 3452 Cdaudio - ok
16:02:13.0250 3452 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:02:13.0265 3452 Cdfs - ok
16:02:13.0281 3452 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:02:13.0281 3452 Cdrom - ok
16:02:13.0281 3452 Changer - ok
16:02:13.0312 3452 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:02:13.0312 3452 CiSvc - ok
16:02:13.0343 3452 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:02:13.0343 3452 ClipSrv - ok
16:02:13.0468 3452 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_B91CB6D3 C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
16:02:13.0468 3452 CLKMSVC10_B91CB6D3 - ok
16:02:13.0546 3452 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:02:13.0578 3452 clr_optimization_v2.0.50727_32 - ok
16:02:13.0593 3452 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:02:13.0640 3452 clr_optimization_v4.0.30319_32 - ok
16:02:13.0687 3452 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:02:13.0687 3452 CmdIde - ok
16:02:13.0703 3452 COMSysApp - ok
16:02:13.0750 3452 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:02:13.0750 3452 Cpqarray - ok
16:02:13.0796 3452 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:02:13.0796 3452 CryptSvc - ok
16:02:13.0843 3452 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:02:13.0843 3452 dac2w2k - ok
16:02:13.0859 3452 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:02:13.0859 3452 dac960nt - ok
16:02:13.0890 3452 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:02:13.0906 3452 DcomLaunch - ok
16:02:13.0906 3452 dgderdrv - ok
16:02:13.0937 3452 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
16:02:13.0937 3452 dg_ssudbus - ok
16:02:13.0984 3452 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:02:13.0984 3452 Dhcp - ok
16:02:14.0000 3452 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:02:14.0015 3452 Disk - ok
16:02:14.0015 3452 dkab_device - ok
16:02:14.0062 3452 [ 0659E6E0A95564F958D9DF7313F7701E ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
16:02:14.0078 3452 DLABMFSM - ok
16:02:14.0109 3452 [ 8691C78908F0BD66170669DB268369F2 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:02:14.0125 3452 DLABOIOM - ok
16:02:14.0140 3452 [ 76167B5EB2DFFC729EDC36386876B40B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:02:14.0140 3452 DLACDBHM - ok
16:02:14.0156 3452 [ 5615744A1056933B90E6AC54FEB86F35 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
16:02:14.0156 3452 DLADResM - ok
16:02:14.0156 3452 [ 1AECA2AFA5005CE4A550CF8EB55A8C88 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:02:14.0156 3452 DLAIFS_M - ok
16:02:14.0171 3452 [ 840E7F6ABB885C72B9FFDDB022EF5B6D ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:02:14.0171 3452 DLAOPIOM - ok
16:02:14.0187 3452 [ 0294D18731AC05DA80132CE88F8A876B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:02:14.0203 3452 DLAPoolM - ok
16:02:14.0203 3452 [ 91886FED52A3F9966207BCE46CFD794F ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
16:02:14.0203 3452 DLARTL_M - ok
16:02:14.0218 3452 [ CCA4E121D599D7D1706A30F603731E59 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:02:14.0218 3452 DLAUDFAM - ok
16:02:14.0234 3452 [ 7DAB85C33135DF24419951DA4E7D38E5 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:02:14.0234 3452 DLAUDF_M - ok
16:02:14.0250 3452 dmadmin - ok
16:02:14.0281 3452 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:02:14.0296 3452 dmboot - ok
16:02:14.0343 3452 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:02:14.0343 3452 dmio - ok
16:02:14.0375 3452 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:02:14.0375 3452 dmload - ok
16:02:14.0421 3452 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:02:14.0437 3452 dmserver - ok
16:02:14.0484 3452 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:02:14.0484 3452 DMusic - ok
16:02:14.0500 3452 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:02:14.0515 3452 Dnscache - ok
16:02:14.0546 3452 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:02:14.0578 3452 Dot3svc - ok
16:02:14.0625 3452 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:02:14.0625 3452 dpti2o - ok
16:02:14.0640 3452 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:02:14.0640 3452 drmkaud - ok
16:02:14.0656 3452 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:02:14.0656 3452 DRVMCDB - ok
16:02:14.0687 3452 [ 6E6AB29D3C06E64CE81FEACDA85394B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:02:14.0703 3452 DRVNDDM - ok
16:02:14.0734 3452 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:02:14.0750 3452 E100B - ok
16:02:14.0812 3452 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:02:14.0828 3452 e1express - ok
16:02:14.0859 3452 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:02:14.0984 3452 EapHost - ok
16:02:15.0046 3452 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:02:15.0046 3452 eeCtrl - ok
16:02:15.0078 3452 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
16:02:15.0078 3452 EraserUtilDrv11220 - ok
16:02:15.0109 3452 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:02:15.0109 3452 ERSvc - ok
16:02:15.0140 3452 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:02:15.0140 3452 Eventlog - ok
16:02:15.0171 3452 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:02:15.0171 3452 EventSystem - ok
16:02:15.0203 3452 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:02:15.0250 3452 Fastfat - ok
16:02:15.0296 3452 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:02:15.0296 3452 FastUserSwitchingCompatibility - ok
16:02:15.0328 3452 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:02:15.0328 3452 Fax - ok
16:02:15.0343 3452 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:02:15.0343 3452 Fdc - ok
16:02:15.0359 3452 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:02:15.0359 3452 Fips - ok
16:02:15.0390 3452 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:02:15.0406 3452 Flpydisk - ok
16:02:15.0437 3452 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:02:15.0437 3452 FltMgr - ok
16:02:15.0546 3452 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:02:15.0562 3452 FontCache3.0.0.0 - ok
16:02:15.0578 3452 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:02:15.0593 3452 Fs_Rec - ok
16:02:15.0625 3452 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:02:15.0625 3452 Ftdisk - ok
16:02:15.0718 3452 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
16:02:15.0750 3452 GoogleDesktopManager-051210-111108 - ok
16:02:15.0796 3452 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:02:15.0828 3452 Gpc - ok
16:02:15.0906 3452 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:02:15.0906 3452 gupdate - ok
16:02:15.0906 3452 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:02:15.0906 3452 gupdatem - ok
16:02:15.0968 3452 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:02:15.0984 3452 gusvc - ok
16:02:16.0000 3452 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:02:16.0000 3452 HDAudBus - ok
16:02:16.0078 3452 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:02:16.0078 3452 helpsvc - ok
16:02:16.0078 3452 HidServ - ok
16:02:16.0093 3452 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:02:16.0093 3452 HidUsb - ok
16:02:16.0125 3452 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:02:16.0156 3452 hkmsvc - ok
16:02:16.0171 3452 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:02:16.0171 3452 hpn - ok
16:02:16.0218 3452 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:02:16.0218 3452 HTTP - ok
16:02:16.0234 3452 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:02:16.0250 3452 HTTPFilter - ok
16:02:16.0281 3452 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:02:16.0281 3452 i2omgmt - ok
16:02:16.0312 3452 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:02:16.0312 3452 i2omp - ok
16:02:16.0328 3452 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:02:16.0343 3452 i8042prt - ok
16:02:16.0515 3452 [ 28423512370705AEDA6A652FEDB25468 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:02:16.0718 3452 ialm - ok
16:02:16.0750 3452 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
16:02:16.0765 3452 iaStor - ok
16:02:16.0875 3452 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:02:16.0890 3452 idsvc - ok
16:02:16.0984 3452 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20121025.001\IDSxpx86.sys
16:02:16.0984 3452 IDSxpx86 - ok
16:02:17.0015 3452 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:02:17.0046 3452 Imapi - ok
16:02:17.0093 3452 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:02:17.0093 3452 ImapiService - ok
16:02:17.0125 3452 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:02:17.0125 3452 ini910u - ok
16:02:17.0281 3452 [ 17BBBABB21F86B650B2626045A9D016C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:02:17.0312 3452 IntcAzAudAddService - ok
16:02:17.0359 3452 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:02:17.0390 3452 IntelIde - ok
16:02:17.0437 3452 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:02:17.0437 3452 intelppm - ok
16:02:17.0468 3452 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:02:17.0484 3452 Ip6Fw - ok
16:02:17.0531 3452 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:02:17.0531 3452 IpFilterDriver - ok
16:02:17.0593 3452 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:02:17.0609 3452 IpInIp - ok
16:02:17.0656 3452 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:02:17.0656 3452 IpNat - ok
16:02:17.0687 3452 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:02:17.0687 3452 IPSec - ok
16:02:17.0750 3452 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:02:17.0750 3452 IRENUM - ok
16:02:17.0781 3452 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:02:17.0796 3452 isapnp - ok
16:02:17.0890 3452 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:02:17.0890 3452 JavaQuickStarterService - ok
16:02:17.0921 3452 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:02:17.0937 3452 Kbdclass - ok
16:02:17.0937 3452 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:02:17.0953 3452 kbdhid - ok
16:02:17.0968 3452 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:02:17.0968 3452 kmixer - ok
16:02:18.0000 3452 [ 9609C5F86CE5F49C6C5731974105F7C2 ] KMW_KBD C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
16:02:18.0031 3452 KMW_KBD - ok
16:02:18.0062 3452 [ 6B44706B79DFC0F1C14B4C91B01D724B ] KMW_SYS C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
16:02:18.0062 3452 KMW_SYS - ok
16:02:18.0078 3452 [ A4D76C1D1DE7BDFBB7343CEF418F165B ] KMW_USB C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
16:02:18.0109 3452 KMW_USB - ok
16:02:18.0125 3452 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:02:18.0156 3452 KSecDD - ok
16:02:18.0203 3452 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:02:18.0203 3452 lanmanserver - ok
16:02:18.0218 3452 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:02:18.0234 3452 lanmanworkstation - ok
16:02:18.0234 3452 Lbd - ok
16:02:18.0250 3452 lbrtfdc - ok
16:02:18.0281 3452 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:02:18.0281 3452 LmHosts - ok
16:02:18.0296 3452 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:02:18.0312 3452 MBAMProtector - ok
16:02:18.0359 3452 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:02:18.0390 3452 MBAMScheduler - ok
16:02:18.0406 3452 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:02:18.0453 3452 MBAMService - ok
16:02:18.0500 3452 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
16:02:18.0500 3452 McciCMService - ok
16:02:18.0546 3452 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:02:18.0562 3452 Messenger - ok
16:02:18.0593 3452 [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf C:\WINDOWS\system32\DRIVERS\mf.sys
16:02:18.0625 3452 mf - ok
16:02:18.0656 3452 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:02:18.0687 3452 mnmdd - ok
16:02:18.0734 3452 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:02:18.0750 3452 mnmsrvc - ok
16:02:18.0796 3452 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:02:18.0796 3452 Modem - ok
16:02:18.0828 3452 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:02:18.0828 3452 Mouclass - ok
16:02:18.0890 3452 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:02:18.0890 3452 mouhid - ok
16:02:18.0906 3452 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:02:18.0906 3452 MountMgr - ok
16:02:18.0937 3452 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:02:18.0937 3452 mraid35x - ok
16:02:18.0968 3452 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:02:18.0984 3452 MREMP50 - ok
16:02:18.0984 3452 MREMP50a64 - ok
16:02:19.0000 3452 MREMPR5 - ok
16:02:19.0000 3452 MRENDIS5 - ok
16:02:19.0031 3452 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:02:19.0046 3452 MRESP50 - ok
16:02:19.0062 3452 MRESP50a64 - ok
16:02:19.0078 3452 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:02:19.0078 3452 MRxDAV - ok
16:02:19.0125 3452 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:02:19.0140 3452 MRxSmb - ok
16:02:19.0171 3452 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:02:19.0171 3452 MSDTC - ok
16:02:19.0187 3452 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:02:19.0187 3452 Msfs - ok
16:02:19.0203 3452 MSIServer - ok
16:02:19.0218 3452 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:02:19.0218 3452 MSKSSRV - ok
16:02:19.0265 3452 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:02:19.0265 3452 MSPCLOCK - ok
16:02:19.0265 3452 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:02:19.0281 3452 MSPQM - ok
16:02:19.0312 3452 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:02:19.0312 3452 mssmbios - ok
16:02:19.0343 3452 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:02:19.0343 3452 Mup - ok
16:02:19.0390 3452 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:02:19.0390 3452 napagent - ok
16:02:19.0484 3452 [ DFD8873E4DC08E621A8366C6CD98AB28 ] NAV C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\20.1.1.5\ccSvcHst.exe
16:02:19.0484 3452 NAV - ok
16:02:19.0546 3452 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20121026.002\NAVENG.SYS
16:02:19.0562 3452 NAVENG - ok
16:02:19.0609 3452 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20121026.002\NAVEX15.SYS
16:02:19.0625 3452 NAVEX15 - ok
16:02:19.0656 3452 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:02:19.0656 3452 NDIS - ok
16:02:19.0687 3452 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:02:19.0703 3452 NdisTapi - ok
16:02:19.0750 3452 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:02:19.0750 3452 Ndisuio - ok
16:02:19.0750 3452 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:02:19.0765 3452 NdisWan - ok
16:02:19.0796 3452 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:02:19.0796 3452 NDProxy - ok
16:02:19.0812 3452 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:02:19.0812 3452 NetBIOS - ok
16:02:19.0828 3452 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:02:19.0843 3452 NetBT - ok
16:02:19.0875 3452 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:02:19.0875 3452 NetDDE - ok
16:02:19.0890 3452 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:02:19.0890 3452 NetDDEdsdm - ok
16:02:19.0921 3452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:02:19.0921 3452 Netlogon - ok
16:02:19.0953 3452 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:02:19.0953 3452 Netman - ok
16:02:19.0984 3452 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:02:20.0015 3452 NetTcpPortSharing - ok
16:02:20.0031 3452 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:02:20.0046 3452 Nla - ok
16:02:20.0062 3452 [ 241C985DE3AB9F73568FE3B181DC70F4 ] NmPar C:\WINDOWS\system32\DRIVERS\NmPar.sys
16:02:20.0078 3452 NmPar - ok
16:02:20.0093 3452 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:02:20.0109 3452 Npfs - ok
16:02:20.0171 3452 [ 436E7B2E6F42C2717C1D670220D03336 ] NSL C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
16:02:20.0171 3452 NSL - ok
16:02:20.0203 3452 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:02:20.0218 3452 Ntfs - ok
16:02:20.0218 3452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:02:20.0234 3452 NtLmSsp - ok
16:02:20.0281 3452 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:02:20.0281 3452 NtmsSvc - ok
16:02:20.0312 3452 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:02:20.0312 3452 Null - ok
16:02:20.0375 3452 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:02:20.0406 3452 nv - ok
16:02:20.0421 3452 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:02:20.0453 3452 NwlnkFlt - ok
16:02:20.0484 3452 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:02:20.0484 3452 NwlnkFwd - ok
16:02:20.0546 3452 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:02:20.0546 3452 ose - ok
16:02:20.0593 3452 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:02:20.0609 3452 Parport - ok
16:02:20.0640 3452 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:02:20.0640 3452 PartMgr - ok
16:02:20.0671 3452 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:02:20.0687 3452 ParVdm - ok
16:02:20.0703 3452 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:02:20.0703 3452 PCI - ok
16:02:20.0703 3452 PCIDump - ok
16:02:20.0718 3452 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:02:20.0718 3452 PCIIde - ok
16:02:20.0750 3452 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:02:20.0750 3452 Pcmcia - ok
16:02:20.0765 3452 PDCOMP - ok
16:02:20.0765 3452 PDFRAME - ok
16:02:20.0781 3452 PDRELI - ok
16:02:20.0796 3452 PDRFRAME - ok
16:02:20.0812 3452 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:02:20.0812 3452 perc2 - ok
16:02:20.0843 3452 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:02:20.0843 3452 perc2hib - ok
16:02:20.0890 3452 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:02:20.0890 3452 PlugPlay - ok
16:02:20.0906 3452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:02:20.0906 3452 PolicyAgent - ok
16:02:20.0937 3452 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:02:20.0937 3452 PptpMiniport - ok
16:02:20.0937 3452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:02:20.0937 3452 ProtectedStorage - ok
16:02:20.0968 3452 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:02:20.0968 3452 PSched - ok
16:02:20.0968 3452 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:02:20.0984 3452 Ptilink - ok
16:02:21.0015 3452 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:02:21.0015 3452 PxHelp20 - ok
16:02:21.0046 3452 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:02:21.0046 3452 ql1080 - ok
16:02:21.0062 3452 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:02:21.0062 3452 Ql10wnt - ok
16:02:21.0078 3452 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:02:21.0078 3452 ql12160 - ok
16:02:21.0093 3452 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:02:21.0093 3452 ql1240 - ok
16:02:21.0109 3452 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:02:21.0125 3452 ql1280 - ok
16:02:21.0140 3452 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:02:21.0140 3452 RasAcd - ok
16:02:21.0171 3452 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:02:21.0187 3452 RasAuto - ok
16:02:21.0203 3452 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:02:21.0203 3452 Rasl2tp - ok
16:02:21.0250 3452 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:02:21.0250 3452 RasMan - ok
16:02:21.0250 3452 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:02:21.0250 3452 RasPppoe - ok
16:02:21.0265 3452 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:02:21.0265 3452 Raspti - ok
16:02:21.0281 3452 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:02:21.0296 3452 Rdbss - ok
16:02:21.0296 3452 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:02:21.0296 3452 RDPCDD - ok
16:02:21.0343 3452 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:02:21.0343 3452 rdpdr - ok
16:02:21.0390 3452 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:02:21.0390 3452 RDPWD - ok
16:02:21.0437 3452 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:02:21.0468 3452 RDSessMgr - ok
16:02:21.0484 3452 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:02:21.0484 3452 redbook - ok
16:02:21.0515 3452 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:02:21.0546 3452 RemoteAccess - ok
16:02:21.0640 3452 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:02:21.0640 3452 RichVideo - ok
16:02:21.0687 3452 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:02:21.0687 3452 RpcLocator - ok
16:02:21.0734 3452 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:02:21.0734 3452 RpcSs - ok
16:02:21.0781 3452 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:02:21.0796 3452 RSVP - ok
16:02:21.0843 3452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:02:21.0843 3452 SamSs - ok
16:02:21.0875 3452 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:02:21.0875 3452 SCardSvr - ok
16:02:21.0906 3452 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:02:21.0906 3452 Schedule - ok
16:02:21.0953 3452 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:02:21.0984 3452 Secdrv - ok
16:02:22.0015 3452 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:02:22.0015 3452 seclogon - ok
16:02:22.0031 3452 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:02:22.0031 3452 SENS - ok
16:02:22.0078 3452 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:02:22.0078 3452 serenum - ok
16:02:22.0109 3452 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:02:22.0109 3452 Serial - ok
16:02:22.0140 3452 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:02:22.0140 3452 Sfloppy - ok
16:02:22.0171 3452 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:02:22.0171 3452 SharedAccess - ok
16:02:22.0203 3452 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:02:22.0203 3452 ShellHWDetection - ok
16:02:22.0203 3452 Simbad - ok
16:02:22.0250 3452 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:02:22.0281 3452 sisagp - ok
16:02:22.0328 3452 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:02:22.0328 3452 Sparrow - ok
16:02:22.0359 3452 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:02:22.0359 3452 splitter - ok
16:02:22.0390 3452 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:02:22.0406 3452 Spooler - ok
16:02:22.0421 3452 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:02:22.0421 3452 sr - ok
16:02:22.0484 3452 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:02:22.0484 3452 srservice - ok
16:02:22.0562 3452 [ 5CAC2130C217FF7DDBE6D59AC6131F1D ] SRTSP C:\WINDOWS\System32\Drivers\NAV\1401010.005\SRTSP.SYS
16:02:22.0578 3452 SRTSP - ok
16:02:22.0609 3452 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\WINDOWS\system32\drivers\NAV\1401010.005\SRTSPX.SYS
16:02:22.0609 3452 SRTSPX - ok
16:02:22.0656 3452 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:02:22.0671 3452 Srv - ok
16:02:22.0718 3452 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:02:22.0718 3452 SSDPSRV - ok
16:02:22.0750 3452 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
16:02:22.0765 3452 ssudmdm - ok
16:02:22.0843 3452 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:02:22.0843 3452 stisvc - ok
16:02:22.0875 3452 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:02:22.0906 3452 stllssvr - ok
16:02:22.0937 3452 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:02:22.0953 3452 swenum - ok
16:02:22.0968 3452 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:02:22.0984 3452 swmidi - ok
16:02:22.0984 3452 SwPrv - ok
16:02:23.0000 3452 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:02:23.0000 3452 symc810 - ok
16:02:23.0046 3452 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:02:23.0046 3452 symc8xx - ok
16:02:23.0062 3452 SYMDNS - ok
16:02:23.0125 3452 [ 0004CCDD046A873CFF06427B06BE0B28 ] SymDS C:\WINDOWS\system32\drivers\NAV\1401010.005\SYMDS.SYS
16:02:23.0125 3452 SymDS - ok
16:02:23.0234 3452 [ 4C24298500C31E84F5FDFAE6339902CD ] SymEFA C:\WINDOWS\system32\drivers\NAV\1401010.005\SYMEFA.SYS
16:02:23.0250 3452 SymEFA - ok
16:02:23.0281 3452 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:02:23.0312 3452 SymEvent - ok
16:02:23.0312 3452 SYMFW - ok
16:02:23.0328 3452 SYMIDS - ok
16:02:23.0359 3452 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\WINDOWS\system32\drivers\NAV\1401010.005\Ironx86.SYS
16:02:23.0359 3452 SymIRON - ok
16:02:23.0375 3452 SYMNDIS - ok
16:02:23.0390 3452 SYMREDRV - ok
16:02:23.0406 3452 [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI C:\WINDOWS\System32\Drivers\NAV\1401010.005\SYMTDI.SYS
16:02:23.0406 3452 SYMTDI - ok
16:02:23.0421 3452 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:02:23.0421 3452 sym_hi - ok
16:02:23.0437 3452 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:02:23.0437 3452 sym_u3 - ok
16:02:23.0453 3452 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:02:23.0484 3452 sysaudio - ok
16:02:23.0531 3452 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:02:23.0546 3452 SysmonLog - ok
16:02:23.0578 3452 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:02:23.0578 3452 TapiSrv - ok
16:02:23.0625 3452 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:02:23.0671 3452 Tcpip - ok
16:02:23.0734 3452 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:02:23.0734 3452 TDPIPE - ok
16:02:23.0734 3452 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:02:23.0750 3452 TDTCP - ok
16:02:23.0781 3452 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:02:23.0796 3452 TermDD - ok
16:02:23.0828 3452 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:02:23.0843 3452 TermService - ok
16:02:23.0859 3452 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:02:23.0859 3452 Themes - ok
16:02:23.0875 3452 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:02:23.0875 3452 TosIde - ok
16:02:23.0890 3452 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:02:23.0906 3452 TrkWks - ok
16:02:23.0937 3452 [ 26C062A4480B9D7C26E1CE4BF50D10FC ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
16:02:23.0937 3452 TrueSight - ok
16:02:23.0953 3452 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:02:23.0953 3452 Udfs - ok
16:02:23.0968 3452 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:02:23.0968 3452 ultra - ok
16:02:24.0015 3452 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:02:24.0031 3452 Update - ok
16:02:24.0078 3452 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:02:24.0093 3452 upnphost - ok
16:02:24.0109 3452 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:02:24.0125 3452 UPS - ok
16:02:24.0156 3452 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:02:24.0156 3452 usbccgp - ok
16:02:24.0171 3452 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:02:24.0187 3452 usbehci - ok
16:02:24.0187 3452 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:02:24.0187 3452 usbhub - ok
16:02:24.0203 3452 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:02:24.0203 3452 usbprint - ok
16:02:24.0234 3452 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:02:24.0234 3452 usbscan - ok
16:02:24.0234 3452 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:02:24.0250 3452 USBSTOR - ok
16:02:24.0250 3452 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:02:24.0250 3452 usbuhci - ok
16:02:24.0265 3452 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
16:02:24.0281 3452 usb_rndisx - ok
16:02:24.0296 3452 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:02:24.0296 3452 VgaSave - ok
16:02:24.0296 3452 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:02:24.0312 3452 viaagp - ok
16:02:24.0312 3452 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:02:24.0312 3452 ViaIde - ok
16:02:24.0328 3452 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:02:24.0328 3452 VolSnap - ok
16:02:24.0375 3452 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:02:24.0406 3452 VSS - ok
16:02:24.0421 3452 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
16:02:24.0421 3452 w32time - ok
16:02:24.0453 3452 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:02:24.0453 3452 Wanarp - ok
16:02:24.0468 3452 WDICA - ok
16:02:24.0484 3452 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:02:24.0500 3452 wdmaud - ok
16:02:24.0515 3452 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:02:24.0515 3452 WebClient - ok
16:02:24.0593 3452 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:02:24.0593 3452 winmgmt - ok
16:02:24.0656 3452 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:02:24.0734 3452 WmdmPmSN - ok
16:02:24.0765 3452 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:02:24.0765 3452 WmiApSrv - ok
16:02:24.0843 3452 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:02:24.0859 3452 WMPNetworkSvc - ok
16:02:24.0937 3452 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:02:24.0968 3452 WPFFontCache_v0400 - ok
16:02:25.0000 3452 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:02:25.0015 3452 wscsvc - ok
16:02:25.0046 3452 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:02:25.0062 3452 wuauserv - ok
16:02:25.0078 3452 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:02:25.0109 3452 WudfPf - ok
16:02:25.0109 3452 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:02:25.0109 3452 WudfRd - ok
16:02:25.0140 3452 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:02:25.0140 3452 WudfSvc - ok
16:02:25.0187 3452 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:02:25.0203 3452 WZCSVC - ok
16:02:25.0218 3452 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:02:25.0250 3452 xmlprov - ok
16:02:25.0265 3452 ================ Scan global ===============================
16:02:25.0281 3452 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:02:25.0312 3452 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:02:25.0328 3452 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:02:25.0343 3452 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:02:25.0343 3452 [Global] - ok
16:02:25.0343 3452 ================ Scan MBR ==================================
16:02:25.0375 3452 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:02:25.0375 3452 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:02:25.0390 3452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:02:25.0390 3452 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:02:25.0390 3452 ================ Scan VBR ==================================
16:02:25.0437 3452 [ 2A0C78609C3943906707E831503DEED0 ] \Device\Harddisk0\DR0\Partition1
16:02:25.0437 3452 \Device\Harddisk0\DR0\Partition1 - ok
16:02:25.0437 3452 ============================================================
16:02:25.0437 3452 Scan finished
16:02:25.0437 3452 ============================================================
16:02:25.0468 1532 Detected object count: 2
16:02:25.0468 1532 Actual detected object count: 2
16:03:46.0015 1532 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:03:46.0015 1532 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:03:46.0718 1532 \Device\Harddisk0\DR0\# - copied to quarantine
16:03:46.0718 1532 \Device\Harddisk0\DR0 - copied to quarantine
16:03:46.0750 1532 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:03:46.0750 1532 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:03:46.0750 1532 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:03:46.0765 1532 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:03:46.0765 1532 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:03:46.0796 1532 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:03:46.0796 1532 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:03:46.0796 1532 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:03:46.0796 1532 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:03:46.0812 1532 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:03:46.0812 1532 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:03:46.0812 1532 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:03:46.0812 1532 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:03:46.0859 1532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:03:46.0859 1532 \Device\Harddisk0\DR0 - ok
16:03:50.0046 1532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:04:00.0328 2400 Deinitialize success
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby 1james1 » October 26th, 2012, 7:16 pm

There was another file in teh main C drive contents are here:

16:07:08.0375 1120 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:07:08.0953 1120 ============================================================
16:07:08.0953 1120 Current date / time: 2012/10/26 16:07:08.0953
16:07:08.0953 1120 SystemInfo:
16:07:08.0953 1120
16:07:08.0953 1120 OS Version: 5.1.2600 ServicePack: 3.0
16:07:08.0968 1120 Product type: Workstation
16:07:08.0968 1120 ComputerName: DF7ZY0G1
16:07:08.0968 1120 UserName: James Allemand
16:07:08.0968 1120 Windows directory: C:\WINDOWS
16:07:08.0968 1120 System windows directory: C:\WINDOWS
16:07:08.0968 1120 Processor architecture: Intel x86
16:07:08.0968 1120 Number of processors: 2
16:07:08.0968 1120 Page size: 0x1000
16:07:08.0968 1120 Boot type: Normal boot
16:07:08.0968 1120 ============================================================
16:07:11.0531 1120 BG loaded
16:07:11.0953 1120 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:07:11.0953 1120 ============================================================
16:07:11.0953 1120 \Device\Harddisk0\DR0:
16:07:11.0953 1120 MBR partitions:
16:07:11.0953 1120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x129ED876
16:07:11.0953 1120 ============================================================
16:07:12.0031 1120 C: <-> \Device\Harddisk0\DR0\Partition1
16:07:12.0031 1120 ============================================================
16:07:12.0031 1120 Initialize success
16:07:12.0031 1120 ============================================================
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby 1james1 » October 26th, 2012, 7:23 pm

FYI--I figured out that there was a "svchost.exe" process in task manager bar that ran aggressively whenever I attempted to get the computer to open a program....I cancelled that process everytime it started itself so that I could accomplish the above logs...

after running TDSkiller, it appears that the taskmanager is under control and each of the processes have a user listed under them--before they were blank.


Please advise what is next.
1james1
Active Member
 
Posts: 9
Joined: October 23rd, 2012, 1:24 pm

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby askey127 » October 27th, 2012, 6:18 am

1james1,
Except for downloads and enabling our tools, you need to stay off the Internet with this machine until this is resolved.
This is no sure thing.
-----------------------------------------------------------
I know you don't want to perform a Reformat/ReInstall of Windows, or a Full System recovery.
I need to post this so I can be certain you understand what's involved.


Your logs show signs of a Remote Access Infection on your computer.
16:02:25.0390 3452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
...and others
These indicate you have this named infection : .... Pihar.C Bootkit
Please take time to carefully read THIS topic, then let me know how you want to proceed.
---------------------------------------------
IF YOU HAVE NOT CHANGED YOUR MIND:
Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1 (32-bit)
Download Mirror #2 (32-bit)


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *toolbardtx.ini
    *toolbarguid.dat
    *toolbaruninstallIE.dat
    *toolbaruninstallStatIE.dat
    *toolbarversion.xml
     
    :regfind
    DNSGuard /s
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt
-------------------------------------------------
Run the ESET Online Scanner
(You can use either Internet Explorer or Mozilla FireFox for this scan.)
You will also need to disable your current installed Anti-Virus this way before you begin.

Easiest way is to right click on Norton Icon in System Tray and select Disable Antivirus Auto-Protect, select a duration and OK.
If no tray Icon, Start Norton, click on Settings > Antivirus > Auto-Protect to OFF > Apply > Set Duration ( 5 hours) > OK


  • Please go HERE to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
    All of the instructions below are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives IS checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • Give permission again if necessary.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard any more than necessary during the scan, otherwise it may stall.
  • When it completes, give it a few minutes to write the logfile, then click on Image
  • Use (My) Computer to navigate to C:\Program Files\ESET\Eset Online Scanner\log.txt.
  • Double click the log.txt file to open it in Notepad.
  • Copy and paste that log as a reply to this topic.

Don't forget to click the Norton icon in the system tray and turn it back on.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Bytes Found traojan Agent, but outgoing still ex

Unread postby askey127 » October 30th, 2012, 7:16 pm

Since the resolution of this problem will likely require a Reformat and Re-Installation of Windows, this topic will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 339 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware