Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Need help

Unread postby bjones20005 » November 25th, 2011, 4:03 pm

Received this email from Comcast and need help as the the tools they point to don't find anything.

Dear XFINITY Customer,
Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot. A bot is a malicious form of software that is used to send spam, host a phishing site, or steal your identity by monitoring your keystrokes without your knowledge. It may be possible you are unaware that your computer is infected with a bot.
We strongly recommend you visit XFINITY.com/BotAssistance for important information on how to remove malicious software from your computer(s).
We appreciate your prompt attention to this important security notice.
Sincerely,
Constant Guard from XFINITY

I have 2 PCs on my home network. Not sure which is the culprit but have been having issues where my internet connection dies and the only way to get it back is to power down everything (Modem, Router, and both PCs) and bring it all back online. Also my router is constantly blocking connections on odd ports from multiple countries.

Your help is very much appreciated.

Here is the first page of the log from my router.

Code: Select all
Nov/25/2011 14:30:27	Drop UDP packet from WAN	178.85.210.63:60480	174.54.123.244:61028	Rule: Default deny
Nov/25/2011 14:30:12	Drop UDP packet from WAN	2.124.230.253:31063	174.54.123.244:60054	Rule: Default deny
Nov/25/2011 14:30:09	Drop UDP packet from WAN	71.168.205.187:44374	174.54.123.244:33007	Rule: Default deny
Nov/25/2011 14:29:51	Drop UDP packet from WAN	178.164.232.176:27528	174.54.123.244:61028	Rule: Default deny
Nov/25/2011 14:29:49	Drop UDP packet from WAN	83.149.35.143:11180	174.54.123.244:61028	Rule: Default deny
Nov/25/2011 14:29:48	Drop UDP packet from WAN	85.72.230.70:19645	174.54.123.244:61028	Rule: Default deny
Nov/25/2011 14:29:48	Drop UDP packet from WAN	213.200.59.158:58746	174.54.123.244:61028	Rule: Default deny
Nov/25/2011 14:29:45	Drop UDP packet from WAN	86.100.75.5:16781	174.54.123.244:61028	Rule: Default deny
Nov/25/2011 14:29:35	Drop UDP packet from WAN	82.135.219.53:44458	174.54.123.244:61028	Rule: Default deny
Nov/25/2011 14:29:14	Drop UDP packet from WAN	77.219.203.193:18315	174.54.123.244:61028	Rule: Default deny


Here are the DDS logs from both PCs

PC1
DDS.txt
Code: Select all
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514
Run by Bob at 14:11:09 on 2011-11-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3966.2711 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
E:\Windows\system32\wininit.exe
E:\Windows\system32\lsm.exe
E:\Windows\system32\svchost.exe -k DcomLaunch
E:\Windows\system32\nvvsvc.exe
E:\Windows\system32\svchost.exe -k RPCSS
E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
E:\Windows\system32\svchost.exe -k netsvcs
E:\Windows\system32\svchost.exe -k LocalService
E:\Windows\system32\svchost.exe -k NetworkService
E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
E:\Windows\system32\nvvsvc.exe
E:\Windows\System32\spoolsv.exe
E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
E:\Windows\system32\svchost.exe -k imgsvc
E:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Windows\system32\taskhost.exe
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Program Files\Logitech\SetPointP\SetPoint.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
E:\Program Files\NVIDIA Corporation\Display\nvtray.exe
E:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
E:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Windows\System32\svchost.exe -k LocalServicePeerNet
E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
E:\Windows\system32\AUDIODG.EXE
E:\Windows\system32\DllHost.exe
E:\Windows\system32\DllHost.exe
E:\Windows\system32\DllHost.exe
E:\Windows\SysWOW64\cmd.exe
E:\Windows\system32\conhost.exe
E:\Windows\SysWOW64\cscript.exe
E:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
uRun: [NCsoft] 
uRun: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "E:\Users\Ken\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [UnlockerAssistant] "E:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
Trusted Zone: battlefield.com\battlelog
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{54A73671-3873-47D4-AF51-A85ACEDEAB77} : DhcpNameServer = 192.168.0.1
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [UnlockerAssistant] "E:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;E:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> E:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;E:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> E:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
R1 IDSVia64;IDSVia64;E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111124.030\IDSviA64.sys [2011-11-24 488568]
R1 nm3;Microsoft Network Monitor 3 Driver;E:\Windows\system32\DRIVERS\nm3.sys --> E:\Windows\system32\DRIVERS\nm3.sys [?]
R1 SymIRON;Symantec Iron Driver;E:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> E:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;E:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> E:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R2 cpuz135;cpuz135;\??\E:\Windows\system32\drivers\cpuz135_x64.sys --> E:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 N360;Norton Security Suite;E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-8-10 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-10 2253120]
R2 UNS;Intel(R) Management & Security Application User Notification Service;E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-10 2320920]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;E:\Windows\system32\DRIVERS\dtsoftbus01.sys --> E:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 HECIx64;Intel(R) Management Engine Interface;E:\Windows\system32\DRIVERS\HECIx64.sys --> E:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt64win7.sys --> E:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 dmvsc;dmvsc;E:\Windows\system32\drivers\dmvsc.sys --> E:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-16 1038088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys --> E:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;E:\Windows\system32\drivers\synth3dvsc.sys --> E:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;E:\Windows\system32\drivers\terminpt.sys --> E:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;E:\Windows\system32\drivers\TsUsbGD.sys --> E:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;E:\Windows\system32\drivers\tsusbhub.sys --> E:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;E:\Windows\system32\Wat\WatAdminSvc.exe --> E:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-25 18:21:55	--------	d-----w-	E:\Users\Ken\AppData\Roaming\Malwarebytes
2011-11-25 18:21:24	--------	d-----w-	E:\ProgramData\Malwarebytes
2011-11-25 18:21:19	25416	----a-w-	E:\Windows\System32\drivers\mbam.sys
2011-11-25 16:59:21	388096	----a-r-	E:\Users\Ken\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-25 16:59:20	--------	d-----w-	E:\Program Files (x86)\Trend Micro
2011-11-25 15:45:32	--------	d-----w-	E:\Program Files\Microsoft Network Monitor 3
2011-11-25 15:33:09	--------	d-----w-	E:\Users\Ken\AppData\Local\Immunet
2011-11-25 15:33:09	--------	d-----w-	E:\ProgramData\Immunet
2011-11-23 04:33:13	--------	d-----w-	E:\Program Files (x86)\Origin Games
2011-11-22 23:35:02	21992	----a-w-	E:\Windows\System32\drivers\cpuz135_x64.sys
2011-11-22 23:35:02	--------	d-----w-	E:\Program Files\CPUID
2011-11-22 07:57:05	--------	d-----w-	E:\MC Server 1.0.0
2011-11-21 06:20:23	--------	d-----w-	E:\Windows\RazorDOX
2011-11-17 14:22:11	--------	d-----w-	E:\Skyrim Prima Guide PDFs
2011-11-15 17:45:00	270912	----a-w-	E:\Windows\System32\drivers\dtsoftbus01.sys
2011-11-13 03:12:04	--------	d-----w-	E:\MW3
2011-11-10 22:54:06	--------	d-----w-	E:\Users\Ken\AppData\Local\Skyrim
2011-11-10 22:46:29	--------	d-----w-	E:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-10 18:13:17	--------	d-----w-	E:\Users\Ken\AppData\Local\FileServe Manager
2011-11-10 18:13:00	--------	d-----w-	E:\ProgramData\FileServe Limited
2011-11-10 18:02:30	--------	d-----w-	E:\ProgramData\Web Installer
2011-11-10 14:11:55	74272	----a-w-	E:\Windows\System32\RtNicProp64.dll
2011-11-10 14:11:55	565352	----a-w-	E:\Windows\System32\drivers\Rt64win7.sys
2011-11-10 14:11:55	107552	----a-w-	E:\Windows\System32\RTNUninst64.dll
2011-11-10 14:06:37	53248	----a-w-	E:\Windows\SysWow64\CSVer.dll
2011-11-10 14:04:17	15416	----a-w-	E:\Windows\System32\drivers\ASACPI.sys
2011-11-10 14:02:40	21712	----a-w-	E:\Windows\SysWow64\drivers\DrvAgent64.SYS
2011-11-10 14:02:40	--------	d-----w-	E:\Users\Ken\AppData\Local\eSupport.com
2011-11-10 14:00:16	--------	d-----w-	E:\Program Files (x86)\Common Files\postureAgent
2011-11-10 14:00:09	56344	----a-w-	E:\Windows\System32\drivers\HECIx64.sys
2011-11-10 13:58:29	--------	d-----w-	E:\Intel
2011-11-10 13:28:37	--------	d-----w-	E:\Windows\SysWow64\RTCOM
2011-11-10 13:26:59	65024	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-11-10 13:26:58	69715	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-10 13:26:58	274432	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-10 13:26:58	204800	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-10 13:26:57	757760	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-10 13:26:57	5632	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-10 13:26:55	200836	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-10 13:26:54	331908	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-10 13:13:49	--------	d-----w-	E:\Program Files (x86)\Realtek
2011-11-10 08:54:18	837952	----a-w-	E:\Windows\System32\easyupdatusapiu64.dll
2011-11-10 08:54:18	5067584	----a-w-	E:\Windows\System32\nvsvc64.dll
2011-11-10 08:54:18	3074368	----a-w-	E:\Windows\System32\nvsvcr.dll
2011-11-10 08:54:18	222528	----a-w-	E:\Windows\System32\nvmctray.dll
2011-11-10 08:54:18	1640768	----a-w-	E:\Windows\System32\nvvsvc.exe
2011-11-10 08:54:18	137536	----a-w-	E:\Windows\System32\nvshext.dll
2011-11-10 08:54:18	10406208	----a-w-	E:\Windows\System32\nvcpl.dll
2011-11-10 08:54:08	--------	d-----w-	E:\ProgramData\NVIDIA Corporation
2011-11-10 06:43:52	280904	----a-w-	E:\Windows\SysWow64\PnkBstrB.exe
2011-11-10 06:43:52	280904	----a-w-	E:\Windows\SysWow64\PnkBstrB.ex0
2011-11-10 06:43:50	280904	----a-w-	E:\Windows\SysWow64\PnkBstrB.xtr
2011-11-10 06:43:44	75136	----a-w-	E:\Windows\SysWow64\PnkBstrA.exe
2011-11-08 02:49:01	--------	d-----w-	E:\Users\Ken\AppData\Local\ESN Sonar
2011-11-07 10:06:08	28160	----a-w-	E:\Windows\System32\xbcdr.dll
2011-11-07 10:06:08	27608	----a-w-	E:\Windows\System32\drivers\xbcd.sys
2011-11-07 10:06:08	27136	----a-w-	E:\Windows\SysWow64\xbcdif.dll
2011-11-07 10:06:08	27136	----a-w-	E:\Windows\System32\xbcdif.dll
2011-11-07 10:06:08	23552	----a-w-	E:\Windows\SysWow64\xbcdr.dll
2011-11-07 10:06:08	230400	----a-w-	E:\Windows\SysWow64\xbcdsu.dll
2011-11-07 10:06:08	230400	----a-w-	E:\Windows\System32\xbcdsu.dll
2011-11-07 10:06:08	--------	d-----w-	E:\ProgramData\XBCDSU
2011-11-07 10:06:08	--------	d-----w-	E:\Program Files (x86)\XBCD
2011-11-06 19:23:51	--------	d-----w-	E:\Users\Ken\AppData\Local\PunkBuster
2011-11-06 19:14:44	--------	d-----w-	E:\Windows\SysWow64\Wat
2011-11-06 19:14:43	--------	d-----w-	E:\Windows\System32\Wat
2011-11-06 18:18:53	2580552	----a-w-	E:\Windows\SysWow64\pbsvc.exe
2011-11-06 17:28:32	--------	d-----w-	E:\Program Files (x86)\Battlelog Web Plugins
2011-11-06 17:14:33	--------	d-----w-	E:\ProgramData\EA Core
2011-11-06 10:08:59	520544	----a-w-	E:\Windows\System32\d3dx10_41.dll
2011-11-06 08:26:25	--------	d-----w-	E:\Users\Ken\AppData\Roaming\Origin
2011-11-06 08:26:23	--------	d-----w-	E:\Users\Ken\AppData\Local\Origin
2011-11-06 08:24:55	--------	d-----w-	E:\ProgramData\Origin
2011-11-06 08:24:55	--------	d-----w-	E:\ProgramData\Electronic Arts
2011-11-06 08:24:37	--------	d-----w-	E:\Program Files (x86)\Origin
2011-11-01 13:37:25	--------	d-----w-	E:\Program Files (x86)\Bethesda Softworks
2011-11-01 13:36:05	753664	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-11-01 13:36:05	69714	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-11-01 13:36:05	63488	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-11-01 13:36:05	5632	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-11-01 13:36:05	274432	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-11-01 13:36:05	184320	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-11-01 13:36:04	331908	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-11-01 13:36:04	200836	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-11-01 13:35:54	--------	d-----w-	E:\Users\Ken\AppData\Local\Oblivion
2011-11-01 08:13:39	--------	d-----w-	E:\MCS 2P
2011-10-29 15:45:37	--------	d-----w-	E:\Program Files (x86)\Cheat Engine 6.1
2011-10-26 22:12:58	--------	d-----w-	E:\Users\Ken\.swt
.
==================== Find3M  ====================
.
2011-11-22 23:00:24	18960	----a-w-	E:\Windows\System32\drivers\LNonPnP.sys
2011-11-06 19:15:07	419840	----a-w-	E:\Windows\System32\systemcpl.dll
2011-11-06 19:15:07	14848	----a-w-	E:\Windows\System32\slwga.dll
2011-11-06 19:15:07	13824	----a-w-	E:\Windows\SysWow64\slwga.dll
2011-11-06 19:15:06	833024	----a-w-	E:\Windows\SysWow64\user32.dll
2011-11-06 19:15:06	1008640	----a-w-	E:\Windows\System32\user32.dll
2011-10-21 02:44:57	21840	----a-w-	E:\Windows\SysWow64\SIntfNT.dll
2011-10-21 02:44:56	17212	----a-w-	E:\Windows\SysWow64\SIntf32.dll
2011-10-21 02:44:56	12067	----a-w-	E:\Windows\SysWow64\SIntf16.dll
2011-10-21 02:29:58	94208	----a-w-	E:\Windows\DIIUnin.exe
2011-10-21 02:29:58	2829	----a-w-	E:\Windows\DIIUnin.pif
2011-10-19 00:53:14	2957544	----a-w-	E:\Windows\System32\drivers\RTKVHD64.sys
2011-10-18 23:10:30	99432	----a-w-	E:\Windows\System32\RCoInst64.dll
2011-10-18 18:55:50	331880	----a-w-	E:\Windows\System32\RtlCPAPI64.dll
2011-10-18 18:47:22	1914472	----a-w-	E:\Windows\System32\RtkApi64.dll
2011-10-18 16:05:00	2528872	----a-w-	E:\Windows\System32\RtPgEx64.dll
2011-10-17 22:30:38	3213928	----a-w-	E:\Windows\System32\RtkAPO64.dll
2011-10-15 05:54:52	321856	----a-w-	E:\Windows\SysWow64\nvStreaming.exe
2011-10-14 18:43:48	1873920	----a-w-	E:\Windows\System32\RCoRes64.dat
2011-10-05 05:52:06	414368	----a-w-	E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06:03	472808	----a-w-	E:\Windows\SysWow64\deployJava1.dll
2011-09-11 08:00:08	525544	----a-w-	E:\Windows\System32\deployJava1.dll
2011-09-02 19:21:40	221024	----a-w-	E:\Windows\System32\SFNHK64.dll
2011-09-02 19:21:38	78688	----a-w-	E:\Windows\System32\SFAPO64.dll
2011-09-02 19:21:36	81248	----a-w-	E:\Windows\System32\SFCOM64.dll
2011-09-02 06:30:46	55064	----a-w-	E:\Windows\System32\LMouFiltCoInst.dll
2011-09-02 06:30:46	42776	----a-w-	E:\Windows\System32\drivers\LUsbFilt.sys
2011-09-02 06:30:36	60696	----a-w-	E:\Windows\System32\drivers\LMouFilt.Sys
2011-09-02 06:30:36	1845528	----a-w-	E:\Windows\System32\LkmdfCoInst.dll
2011-09-02 06:30:24	66840	----a-w-	E:\Windows\System32\drivers\LHidFilt.Sys
2011-09-01 00:12:00	1698408	----a-w-	E:\Windows\RtlExUpd.dll
.
============= FINISH: 14:11:35.54 ===============


PC1
Attach.txt
Code: Select all
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514
Run by Bob at 14:11:09 on 2011-11-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3966.2711 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
E:\Windows\system32\wininit.exe
E:\Windows\system32\lsm.exe
E:\Windows\system32\svchost.exe -k DcomLaunch
E:\Windows\system32\nvvsvc.exe
E:\Windows\system32\svchost.exe -k RPCSS
E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
E:\Windows\system32\svchost.exe -k netsvcs
E:\Windows\system32\svchost.exe -k LocalService
E:\Windows\system32\svchost.exe -k NetworkService
E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
E:\Windows\system32\nvvsvc.exe
E:\Windows\System32\spoolsv.exe
E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
E:\Windows\system32\svchost.exe -k imgsvc
E:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Windows\system32\taskhost.exe
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Program Files\Logitech\SetPointP\SetPoint.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
E:\Program Files\NVIDIA Corporation\Display\nvtray.exe
E:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
E:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Windows\System32\svchost.exe -k LocalServicePeerNet
E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
E:\Windows\system32\AUDIODG.EXE
E:\Windows\system32\DllHost.exe
E:\Windows\system32\DllHost.exe
E:\Windows\system32\DllHost.exe
E:\Windows\SysWOW64\cmd.exe
E:\Windows\system32\conhost.exe
E:\Windows\SysWOW64\cscript.exe
E:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
uRun: [NCsoft] 
uRun: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "E:\Users\Ken\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [UnlockerAssistant] "E:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
Trusted Zone: battlefield.com\battlelog
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{54A73671-3873-47D4-AF51-A85ACEDEAB77} : DhcpNameServer = 192.168.0.1
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [UnlockerAssistant] "E:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;E:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> E:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;E:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> E:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
R1 IDSVia64;IDSVia64;E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111124.030\IDSviA64.sys [2011-11-24 488568]
R1 nm3;Microsoft Network Monitor 3 Driver;E:\Windows\system32\DRIVERS\nm3.sys --> E:\Windows\system32\DRIVERS\nm3.sys [?]
R1 SymIRON;Symantec Iron Driver;E:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> E:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;E:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> E:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R2 cpuz135;cpuz135;\??\E:\Windows\system32\drivers\cpuz135_x64.sys --> E:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 N360;Norton Security Suite;E:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-8-10 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-10 2253120]
R2 UNS;Intel(R) Management & Security Application User Notification Service;E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-10 2320920]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;E:\Windows\system32\DRIVERS\dtsoftbus01.sys --> E:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 HECIx64;Intel(R) Management Engine Interface;E:\Windows\system32\DRIVERS\HECIx64.sys --> E:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt64win7.sys --> E:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 dmvsc;dmvsc;E:\Windows\system32\drivers\dmvsc.sys --> E:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-16 1038088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys --> E:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;E:\Windows\system32\drivers\synth3dvsc.sys --> E:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;E:\Windows\system32\drivers\terminpt.sys --> E:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;E:\Windows\system32\drivers\TsUsbGD.sys --> E:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;E:\Windows\system32\drivers\tsusbhub.sys --> E:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;E:\Windows\system32\Wat\WatAdminSvc.exe --> E:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-25 18:21:55	--------	d-----w-	E:\Users\Ken\AppData\Roaming\Malwarebytes
2011-11-25 18:21:24	--------	d-----w-	E:\ProgramData\Malwarebytes
2011-11-25 18:21:19	25416	----a-w-	E:\Windows\System32\drivers\mbam.sys
2011-11-25 16:59:21	388096	----a-r-	E:\Users\Ken\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-25 16:59:20	--------	d-----w-	E:\Program Files (x86)\Trend Micro
2011-11-25 15:45:32	--------	d-----w-	E:\Program Files\Microsoft Network Monitor 3
2011-11-25 15:33:09	--------	d-----w-	E:\Users\Ken\AppData\Local\Immunet
2011-11-25 15:33:09	--------	d-----w-	E:\ProgramData\Immunet
2011-11-23 04:33:13	--------	d-----w-	E:\Program Files (x86)\Origin Games
2011-11-22 23:35:02	21992	----a-w-	E:\Windows\System32\drivers\cpuz135_x64.sys
2011-11-22 23:35:02	--------	d-----w-	E:\Program Files\CPUID
2011-11-22 07:57:05	--------	d-----w-	E:\MC Server 1.0.0
2011-11-21 06:20:23	--------	d-----w-	E:\Windows\RazorDOX
2011-11-17 14:22:11	--------	d-----w-	E:\Skyrim Prima Guide PDFs
2011-11-15 17:45:00	270912	----a-w-	E:\Windows\System32\drivers\dtsoftbus01.sys
2011-11-13 03:12:04	--------	d-----w-	E:\MW3
2011-11-10 22:54:06	--------	d-----w-	E:\Users\Ken\AppData\Local\Skyrim
2011-11-10 22:46:29	--------	d-----w-	E:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-10 18:13:17	--------	d-----w-	E:\Users\Ken\AppData\Local\FileServe Manager
2011-11-10 18:13:00	--------	d-----w-	E:\ProgramData\FileServe Limited
2011-11-10 18:02:30	--------	d-----w-	E:\ProgramData\Web Installer
2011-11-10 14:11:55	74272	----a-w-	E:\Windows\System32\RtNicProp64.dll
2011-11-10 14:11:55	565352	----a-w-	E:\Windows\System32\drivers\Rt64win7.sys
2011-11-10 14:11:55	107552	----a-w-	E:\Windows\System32\RTNUninst64.dll
2011-11-10 14:06:37	53248	----a-w-	E:\Windows\SysWow64\CSVer.dll
2011-11-10 14:04:17	15416	----a-w-	E:\Windows\System32\drivers\ASACPI.sys
2011-11-10 14:02:40	21712	----a-w-	E:\Windows\SysWow64\drivers\DrvAgent64.SYS
2011-11-10 14:02:40	--------	d-----w-	E:\Users\Ken\AppData\Local\eSupport.com
2011-11-10 14:00:16	--------	d-----w-	E:\Program Files (x86)\Common Files\postureAgent
2011-11-10 14:00:09	56344	----a-w-	E:\Windows\System32\drivers\HECIx64.sys
2011-11-10 13:58:29	--------	d-----w-	E:\Intel
2011-11-10 13:28:37	--------	d-----w-	E:\Windows\SysWow64\RTCOM
2011-11-10 13:26:59	65024	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-11-10 13:26:58	69715	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-10 13:26:58	274432	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-10 13:26:58	204800	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-10 13:26:57	757760	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-10 13:26:57	5632	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-10 13:26:55	200836	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-10 13:26:54	331908	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-10 13:13:49	--------	d-----w-	E:\Program Files (x86)\Realtek
2011-11-10 08:54:18	837952	----a-w-	E:\Windows\System32\easyupdatusapiu64.dll
2011-11-10 08:54:18	5067584	----a-w-	E:\Windows\System32\nvsvc64.dll
2011-11-10 08:54:18	3074368	----a-w-	E:\Windows\System32\nvsvcr.dll
2011-11-10 08:54:18	222528	----a-w-	E:\Windows\System32\nvmctray.dll
2011-11-10 08:54:18	1640768	----a-w-	E:\Windows\System32\nvvsvc.exe
2011-11-10 08:54:18	137536	----a-w-	E:\Windows\System32\nvshext.dll
2011-11-10 08:54:18	10406208	----a-w-	E:\Windows\System32\nvcpl.dll
2011-11-10 08:54:08	--------	d-----w-	E:\ProgramData\NVIDIA Corporation
2011-11-10 06:43:52	280904	----a-w-	E:\Windows\SysWow64\PnkBstrB.exe
2011-11-10 06:43:52	280904	----a-w-	E:\Windows\SysWow64\PnkBstrB.ex0
2011-11-10 06:43:50	280904	----a-w-	E:\Windows\SysWow64\PnkBstrB.xtr
2011-11-10 06:43:44	75136	----a-w-	E:\Windows\SysWow64\PnkBstrA.exe
2011-11-08 02:49:01	--------	d-----w-	E:\Users\Ken\AppData\Local\ESN Sonar
2011-11-07 10:06:08	28160	----a-w-	E:\Windows\System32\xbcdr.dll
2011-11-07 10:06:08	27608	----a-w-	E:\Windows\System32\drivers\xbcd.sys
2011-11-07 10:06:08	27136	----a-w-	E:\Windows\SysWow64\xbcdif.dll
2011-11-07 10:06:08	27136	----a-w-	E:\Windows\System32\xbcdif.dll
2011-11-07 10:06:08	23552	----a-w-	E:\Windows\SysWow64\xbcdr.dll
2011-11-07 10:06:08	230400	----a-w-	E:\Windows\SysWow64\xbcdsu.dll
2011-11-07 10:06:08	230400	----a-w-	E:\Windows\System32\xbcdsu.dll
2011-11-07 10:06:08	--------	d-----w-	E:\ProgramData\XBCDSU
2011-11-07 10:06:08	--------	d-----w-	E:\Program Files (x86)\XBCD
2011-11-06 19:23:51	--------	d-----w-	E:\Users\Ken\AppData\Local\PunkBuster
2011-11-06 19:14:44	--------	d-----w-	E:\Windows\SysWow64\Wat
2011-11-06 19:14:43	--------	d-----w-	E:\Windows\System32\Wat
2011-11-06 18:18:53	2580552	----a-w-	E:\Windows\SysWow64\pbsvc.exe
2011-11-06 17:28:32	--------	d-----w-	E:\Program Files (x86)\Battlelog Web Plugins
2011-11-06 17:14:33	--------	d-----w-	E:\ProgramData\EA Core
2011-11-06 10:08:59	520544	----a-w-	E:\Windows\System32\d3dx10_41.dll
2011-11-06 08:26:25	--------	d-----w-	E:\Users\Ken\AppData\Roaming\Origin
2011-11-06 08:26:23	--------	d-----w-	E:\Users\Ken\AppData\Local\Origin
2011-11-06 08:24:55	--------	d-----w-	E:\ProgramData\Origin
2011-11-06 08:24:55	--------	d-----w-	E:\ProgramData\Electronic Arts
2011-11-06 08:24:37	--------	d-----w-	E:\Program Files (x86)\Origin
2011-11-01 13:37:25	--------	d-----w-	E:\Program Files (x86)\Bethesda Softworks
2011-11-01 13:36:05	753664	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-11-01 13:36:05	69714	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-11-01 13:36:05	63488	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-11-01 13:36:05	5632	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-11-01 13:36:05	274432	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-11-01 13:36:05	184320	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-11-01 13:36:04	331908	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-11-01 13:36:04	200836	----a-w-	E:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-11-01 13:35:54	--------	d-----w-	E:\Users\Ken\AppData\Local\Oblivion
2011-11-01 08:13:39	--------	d-----w-	E:\MCS 2P
2011-10-29 15:45:37	--------	d-----w-	E:\Program Files (x86)\Cheat Engine 6.1
2011-10-26 22:12:58	--------	d-----w-	E:\Users\Ken\.swt
.
==================== Find3M  ====================
.
2011-11-22 23:00:24	18960	----a-w-	E:\Windows\System32\drivers\LNonPnP.sys
2011-11-06 19:15:07	419840	----a-w-	E:\Windows\System32\systemcpl.dll
2011-11-06 19:15:07	14848	----a-w-	E:\Windows\System32\slwga.dll
2011-11-06 19:15:07	13824	----a-w-	E:\Windows\SysWow64\slwga.dll
2011-11-06 19:15:06	833024	----a-w-	E:\Windows\SysWow64\user32.dll
2011-11-06 19:15:06	1008640	----a-w-	E:\Windows\System32\user32.dll
2011-10-21 02:44:57	21840	----a-w-	E:\Windows\SysWow64\SIntfNT.dll
2011-10-21 02:44:56	17212	----a-w-	E:\Windows\SysWow64\SIntf32.dll
2011-10-21 02:44:56	12067	----a-w-	E:\Windows\SysWow64\SIntf16.dll
2011-10-21 02:29:58	94208	----a-w-	E:\Windows\DIIUnin.exe
2011-10-21 02:29:58	2829	----a-w-	E:\Windows\DIIUnin.pif
2011-10-19 00:53:14	2957544	----a-w-	E:\Windows\System32\drivers\RTKVHD64.sys
2011-10-18 23:10:30	99432	----a-w-	E:\Windows\System32\RCoInst64.dll
2011-10-18 18:55:50	331880	----a-w-	E:\Windows\System32\RtlCPAPI64.dll
2011-10-18 18:47:22	1914472	----a-w-	E:\Windows\System32\RtkApi64.dll
2011-10-18 16:05:00	2528872	----a-w-	E:\Windows\System32\RtPgEx64.dll
2011-10-17 22:30:38	3213928	----a-w-	E:\Windows\System32\RtkAPO64.dll
2011-10-15 05:54:52	321856	----a-w-	E:\Windows\SysWow64\nvStreaming.exe
2011-10-14 18:43:48	1873920	----a-w-	E:\Windows\System32\RCoRes64.dat
2011-10-05 05:52:06	414368	----a-w-	E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06:03	472808	----a-w-	E:\Windows\SysWow64\deployJava1.dll
2011-09-11 08:00:08	525544	----a-w-	E:\Windows\System32\deployJava1.dll
2011-09-02 19:21:40	221024	----a-w-	E:\Windows\System32\SFNHK64.dll
2011-09-02 19:21:38	78688	----a-w-	E:\Windows\System32\SFAPO64.dll
2011-09-02 19:21:36	81248	----a-w-	E:\Windows\System32\SFCOM64.dll
2011-09-02 06:30:46	55064	----a-w-	E:\Windows\System32\LMouFiltCoInst.dll
2011-09-02 06:30:46	42776	----a-w-	E:\Windows\System32\drivers\LUsbFilt.sys
2011-09-02 06:30:36	60696	----a-w-	E:\Windows\System32\drivers\LMouFilt.Sys
2011-09-02 06:30:36	1845528	----a-w-	E:\Windows\System32\LkmdfCoInst.dll
2011-09-02 06:30:24	66840	----a-w-	E:\Windows\System32\drivers\LHidFilt.Sys
2011-09-01 00:12:00	1698408	----a-w-	E:\Windows\RtlExUpd.dll
.
============= FINISH: 14:11:35.54 ===============


PC2
DDS.txt
Code: Select all
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_29
Run by Bob2 at 14:39:41 on 2011-11-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1348 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Qlock\qlock.exe
C:\Documents and Settings\Ken\Application Data\mjusbsp\magicJack.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = 
uStart Page = about:blank
uSearch Bar = 
uURLSearchHooks: H - No File
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\ken\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [cdloader] "c:\documents and settings\ken\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\ken\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
StartupFolder: c:\docume~1\ken\startm~1\programs\startup\toddle~1.lnk - c:\documents and settings\ken\application data\microsoft\installer\{7339e7e7-fb6a-46ec-8303-d31e655ef617}\_154754de.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{661012D1-C849-4E5E-8ECF-CDE3EAD4868E} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ken\application data\mozilla\firefox\profiles\flsepwqk.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\ken\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-11-18 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-11-18 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-9-26 13696]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-11-18 485512]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-11-18 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-11-18 126400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-18 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20111124.030\IDSXpx86.sys [2011-11-24 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20111125.002\NAVENG.SYS [2011-11-25 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20111125.002\NAVEX15.SYS [2011-11-25 1576312]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-26 1684736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-11 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-11 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-11 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-11 40552]
S3 TipCtrl;TipCtrl;"c:\program files\utipu\tipctrl.exe" --> c:\program files\utipu\TipCtrl.exe [?]
.
=============== Created Last 30 ================
.
2011-11-25 17:42:37	--------	d-----w-	c:\program files\Microsoft Network Monitor 3
2011-11-19 04:29:32	476904	----a-w-	c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-11-19 04:29:32	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-11-19 04:22:49	--------	d-----w-	C:\MW3
2011-11-18 18:17:21	--------	d-----w-	c:\program files\Toddler Keys
2011-11-18 08:21:26	--------	d-----w-	c:\program files\AMD APP
2011-11-18 08:19:28	956160	----a-w-	c:\windows\system32\ativvamv.dll
2011-11-18 08:19:28	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2011-11-18 08:11:07	221184	----a-w-	c:\windows\system32\wmpns.dll
2011-11-18 07:06:41	362360	----a-w-	c:\windows\system32\drivers\n360\0404000.00c\symtdi.sys
2011-11-18 07:06:41	340088	----a-w-	c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys
2011-11-18 07:06:41	328752	----a-r-	c:\windows\system32\drivers\n360\0404000.00c\symds.sys
2011-11-18 07:06:41	173176	----a-w-	c:\windows\system32\drivers\n360\0404000.00c\symefa.sys
2011-11-18 07:06:40	485512	----a-w-	c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys
2011-11-18 07:06:40	43696	----a-w-	c:\windows\system32\drivers\n360\0404000.00c\srtspx.sys
2011-11-18 07:06:40	325680	----a-w-	c:\windows\system32\drivers\n360\0404000.00c\srtsp.sys
2011-11-18 07:06:40	116784	----a-w-	c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys
2011-11-18 07:06:23	--------	d-----w-	c:\windows\system32\drivers\n360\0404000.00C
2011-11-18 07:05:43	617472	-c----w-	c:\windows\system32\dllcache\comctl32.dll
2011-11-18 05:59:16	--------	d-----w-	c:\documents and settings\all users\application data\magicJack
2011-11-18 05:59:05	45568	-c----w-	c:\windows\system32\dllcache\wab.exe
2011-11-18 05:57:52	--------	d-----w-	c:\documents and settings\ken\local settings\application data\magicJack
.
==================== Find3M  ====================
.
2011-10-26 03:01:40	7412736	----a-w-	c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:59:02	311296	----a-w-	c:\windows\system32\atiiiexx.dll
2011-10-26 02:30:50	57344	----a-w-	c:\windows\system32\aticalrt.dll
2011-10-26 02:30:40	53248	----a-w-	c:\windows\system32\aticalcl.dll
2011-10-26 02:27:26	5890048	----a-w-	c:\windows\system32\aticaldd.dll
2011-10-26 02:21:48	56832	----a-w-	c:\windows\system32\OpenVideo.dll
2011-10-26 02:21:34	56832	----a-w-	c:\windows\system32\OVDecoder.dll
2011-10-26 02:20:42	13950464	----a-w-	c:\windows\system32\amdocl.dll
2011-10-26 02:19:50	44032	----a-w-	c:\windows\system32\OpenCL.dll
2011-10-26 02:16:30	18968576	----a-w-	c:\windows\system32\atioglxx.dll
2011-10-26 02:06:02	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:04:50	304128	----a-w-	c:\windows\system32\ati2dvag.dll
2011-10-26 02:04:46	4004864	----a-w-	c:\windows\system32\ati3duag.dll
2011-10-26 01:44:50	3286400	----a-w-	c:\windows\system32\ativvaxx.dll
2011-10-26 01:44:08	212992	----a-w-	c:\windows\system32\atipdlxx.dll
2011-10-26 01:43:54	155648	----a-w-	c:\windows\system32\Oemdspif.dll
2011-10-26 01:43:46	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43:38	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2011-10-26 01:43:26	188416	----a-w-	c:\windows\system32\ati2evxx.dll
2011-10-26 01:42:08	643072	----a-w-	c:\windows\system32\ati2evxx.exe
2011-10-26 01:40:46	53248	----a-w-	c:\windows\system32\ATIDDC.DLL
2011-10-26 01:35:00	806912	----a-w-	c:\windows\system32\atikvmag.dll
2011-10-26 01:34:14	499712	----a-w-	c:\windows\system32\atiok3x2.dll
2011-10-26 01:30:52	229376	----a-w-	c:\windows\system32\atiadlxx.dll
2011-10-26 01:30:28	17408	----a-w-	c:\windows\system32\atitvo32.dll
2011-10-26 01:25:38	65024	----a-w-	c:\windows\system32\atimpc32.dll
2011-10-26 01:25:38	65024	----a-w-	c:\windows\system32\amdpcom32.dll
2011-10-26 01:24:58	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24:52	884736	----a-w-	c:\windows\system32\ati2cqag.dll
2011-10-10 14:22:41	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-10-03 07:37:52	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50	599040	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 16:41:20	611328	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-26 16:41:14	20480	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51	1858944	----a-w-	c:\windows\system32\win32k.sys
.
============= FINISH: 14:40:00.45 ===============


PC2
Attach.txt
Code: Select all
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/26/2009 8:10:16 AM
System Uptime: 11/24/2011 4:10:26 PM (22 hours ago)
.
Motherboard: BIOSTAR Group |  | A785GE
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 2999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 278.889 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&25A55F1D&0&0001
Manufacturer: 
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&25A55F1D&0&0001
Service: 
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AAC Decoder
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alarm 3.5.10
AMD APP SDK Runtime
AMD Processor Driver
ATI Catalyst Install Manager
Autodesk 3ds Max 2010 32-bit
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
AutoUpdate
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
Comcast Access
Connect
Counter-Strike: Source
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EVEMap
Foxit Reader
Google Chrome
H.264 Decoder
Half-Life 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
ImgBurn
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 29
kuler
Left 4 Dead 2 Demo
LimeWire 5.4.6
magicJack
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Splitter
MoreMotion Web Express 3.3
Mozilla Firefox (3.5.11)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
Norton Security Suite
NVIDIA PhysX
OpenOffice.org 3.1
PDF Settings CS4
Photoshop Camera Raw
Portal
Qlock Lite
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Source SDK
Steam
Suite Shared Configuration CS4
TeamSpeak 3 Client
The KMPlayer (remove only)
Toddler Keys
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XBCD 1.07
.
==== Event Viewer Messages From Past Week ========
.
11/18/2011 2:21:07 PM, error: Service Control Manager [7031]  - The Norton Security Suite service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
bjones20005
Member+
 
Posts: 19
Joined: February 15th, 2009, 11:42 am
Location: Scranton
Top
Advertisement
Register to Remove

Re: Need help

Unread postby maxi » November 25th, 2011, 4:22 pm

Hello bjones20005,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

Could you please post the logs from one computer first and once thats clean we can tackle the second computer.
In your next reply please post:
The two DDS logs from one computer only. (you can just copy and paste the two logs, No need to use the code box)

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.
Top

Re: Need help

Unread postby bjones20005 » November 25th, 2011, 4:29 pm

Sure thing. Let's start with the second one as the timing of this coincides with me getting it set up and running again. the motherboard in it had died I just got the replacement for it after about a year of not using it.

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Bob2 at 14:39:41 on 2011-11-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1348 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Qlock\qlock.exe
C:\Documents and Settings\Ken\Application Data\mjusbsp\magicJack.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = about:blank
uSearch Bar =
uURLSearchHooks: H - No File
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\ken\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [cdloader] "c:\documents and settings\ken\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\ken\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
StartupFolder: c:\docume~1\ken\startm~1\programs\startup\toddle~1.lnk - c:\documents and settings\ken\application data\microsoft\installer\{7339e7e7-fb6a-46ec-8303-d31e655ef617}\_154754de.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/de ... nodeal.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/sh ... Loader.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{661012D1-C849-4E5E-8ECF-CDE3EAD4868E} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ken\application data\mozilla\firefox\profiles\flsepwqk.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\ken\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-11-18 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-11-18 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-9-26 13696]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-11-18 485512]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-11-18 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-11-18 126400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-18 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20111124.030\IDSXpx86.sys [2011-11-24 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20111125.002\NAVENG.SYS [2011-11-25 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20111125.002\NAVEX15.SYS [2011-11-25 1576312]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-26 1684736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-11 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-11 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-11 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-11 40552]
S3 TipCtrl;TipCtrl;"c:\program files\utipu\tipctrl.exe" --> c:\program files\utipu\TipCtrl.exe [?]
.
=============== Created Last 30 ================
.
2011-11-25 17:42:37 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2011-11-19 04:29:32 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-11-19 04:29:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-19 04:22:49 -------- d-----w- C:\MW3
2011-11-18 18:17:21 -------- d-----w- c:\program files\Toddler Keys
2011-11-18 08:21:26 -------- d-----w- c:\program files\AMD APP
2011-11-18 08:19:28 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-11-18 08:19:28 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-18 08:11:07 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-18 07:06:41 362360 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\symtdi.sys
2011-11-18 07:06:41 340088 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys
2011-11-18 07:06:41 328752 ----a-r- c:\windows\system32\drivers\n360\0404000.00c\symds.sys
2011-11-18 07:06:41 173176 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\symefa.sys
2011-11-18 07:06:40 485512 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys
2011-11-18 07:06:40 43696 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\srtspx.sys
2011-11-18 07:06:40 325680 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\srtsp.sys
2011-11-18 07:06:40 116784 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys
2011-11-18 07:06:23 -------- d-----w- c:\windows\system32\drivers\n360\0404000.00C
2011-11-18 07:05:43 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-11-18 05:59:16 -------- d-----w- c:\documents and settings\all users\application data\magicJack
2011-11-18 05:59:05 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-11-18 05:57:52 -------- d-----w- c:\documents and settings\ken\local settings\application data\magicJack
.
==================== Find3M ====================
.
2011-10-26 03:01:40 7412736 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:59:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-10-26 02:30:50 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 02:30:40 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 02:27:26 5890048 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 02:21:48 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-26 02:21:34 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-26 02:20:42 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-26 02:19:50 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-26 02:16:30 18968576 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 02:06:02 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:04:50 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-10-26 02:04:46 4004864 ----a-w- c:\windows\system32\ati3duag.dll
2011-10-26 01:44:50 3286400 ----a-w- c:\windows\system32\ativvaxx.dll
2011-10-26 01:44:08 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:43:54 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:43:46 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:43:26 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-10-26 01:42:08 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-26 01:40:46 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-10-26 01:35:00 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-10-26 01:34:14 499712 ----a-w- c:\windows\system32\atiok3x2.dll
2011-10-26 01:30:52 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:30:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-10-26 01:25:38 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:25:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-26 01:24:58 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24:52 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:40:00.45 ===============

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/26/2009 8:10:16 AM
System Uptime: 11/24/2011 4:10:26 PM (22 hours ago)
.
Motherboard: BIOSTAR Group | | A785GE
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 2999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 278.889 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&25A55F1D&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&25A55F1D&0&0001
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AAC Decoder
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alarm 3.5.10
AMD APP SDK Runtime
AMD Processor Driver
ATI Catalyst Install Manager
Autodesk 3ds Max 2010 32-bit
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
AutoUpdate
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
Comcast Access
Connect
Counter-Strike: Source
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EVEMap
Foxit Reader
Google Chrome
H.264 Decoder
Half-Life 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
ImgBurn
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 29
kuler
Left 4 Dead 2 Demo
LimeWire 5.4.6
magicJack
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Splitter
MoreMotion Web Express 3.3
Mozilla Firefox (3.5.11)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
Norton Security Suite
NVIDIA PhysX
OpenOffice.org 3.1
PDF Settings CS4
Photoshop Camera Raw
Portal
Qlock Lite
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Source SDK
Steam
Suite Shared Configuration CS4
TeamSpeak 3 Client
The KMPlayer (remove only)
Toddler Keys
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XBCD 1.07
.
==== Event Viewer Messages From Past Week ========
.
11/18/2011 2:21:07 PM, error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
bjones20005
Member+
 
Posts: 19
Joined: February 15th, 2009, 11:42 am
Location: Scranton
Top

Re: Need help

Unread postby Cypher » November 28th, 2011, 8:31 am

bjones20005,

In a previous topic you were advised about the dangers of using P2P programs.
viewtopic.php?p=408790#p408790

Your logs indicate that you have resumed the use of one or more P2P programs.
LimeWire 5.4.6

As you have chosen to ignore this forum's P2P policy, this topic is now closed and will not be reopened.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 324 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index