iexplore.exe instances being created automatically [Archive]

View Full Version : iexplore.exe instances being created automatically

jdkuhl

2013-01-03, 23:23

Hello.

I have an issue where there are new instances of iexplore.exe are being created in the Windows Task Manager | Applications tab, however, I don't use Internet Explorer. They appear be routing to various ad related websites - I might have as many as 5 open at the same time. It begins to consume significant memory and slow down my computer. Chrome and Firefox create new instances, but there's no indication that they are being routed to places I don't visit - so this may be normal.

Scanned with Norton, Spy Bot, Windows Defender - shows up nothing.

DDS and aswMBR below; attach.zip attached. And thank you to the volunteers who solve problems like this - it's much appreciated!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by Justin at 14:42:49 on 2013-01-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.30 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\SFT\GuardedID\gidd.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061117
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=QNl33R_HMPqnY9HTI0muuoJ_kN0
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\5.2.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\documents and settings\all users\application data\white sky, inc\id vault\iebho1.12.1012.1\NativeBHO.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\justin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [eibpouol] "c:\documents and settings\justin\local settings\application data\dmldovpe.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [D-Link RangeBooster G WDA-2320] c:\program files\d-link\rangebooster g wda-2320\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\managerapp\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [aceton] "c:\windows\system32\rundll32.exe" "c:\documents and settings\justin\application data\aceton.dll",handle_as_unknown
mRun: [vcreac] "c:\windows\system32\rundll32.exe" "c:\documents and settings\justin\application data\vcreac.dll",Print
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EBDFBDCF-B4DC-4B6C-A580-AEB49F271D13} : DHCPNameServer = 192.168.1.1
Notify: GIDLogonXP - GIDLogonXP.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\justin\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - ExtSQL: !HIDDEN! 2013-01-03 10:42; {f7d2f3a1-6b58-48b6-93ce-e65066211dc1}; c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\extensions\{f7d2f3a1-6b58-48b6-93ce-e65066211dc1}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2013-1-3 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-12-28 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-2 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-2 1369624]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-25 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20130102.001\IDSXpx86.sys [2013-1-2 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20130102.023\NAVENG.SYS [2013-1-3 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20130102.023\NAVEX15.SYS [2013-1-3 1601184]
S2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-10-16 61552]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-2 168384]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2011-12-29 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-12-29 30576]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-6-17 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-6-17 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-6-17 136808]
.
=============== Created Last 30 ================
.
2013-01-03 16:30:40 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-01-03 16:30:20 -------- d-----w- c:\documents and settings\justin\local settings\application data\NPE
2013-01-02 23:52:30 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-01-02 23:52:17 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b4c7d934-e95c-4b49-9789-077f7d5de4df}\mpengine.dll
2013-01-02 23:52:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-02 13:21:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-01-02 13:19:59 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-02 13:19:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-23 18:41:04 300032 ----a-w- c:\documents and settings\justin\application data\aceton.dll
2012-12-23 18:40:28 586240 ----a-w- c:\documents and settings\justin\application data\vcreac.dll
2012-12-12 22:15:33 -------- d-----w- c:\documents and settings\justin\local settings\application data\HP
2012-12-05 00:58:28 -------- d-----w- c:\program files\iPod
2012-12-05 00:58:01 -------- d-----w- c:\program files\iTunes
2012-12-05 00:58:01 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x85F79AB8]
3 CLASSPNP[0xF74A7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000006a[0x85F59578]
5 ACPI[0xF7324620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP0T0L0-3[0x85EEDD98]
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
user != kernel MBR !!!
.
============= FINISH: 14:44:13.53 ===============

aswMBR:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-03 14:52:18
-----------------------------
14:52:18.718 OS Version: Windows 5.1.2600 Service Pack 3
14:52:18.718 Number of processors: 2 586 0x4B02
14:52:18.718 ComputerName: DGKWZ3C1 UserName: Justin
14:52:21.000 Initialize success
14:56:06.218 AVAST engine defs: 13010300
14:56:19.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:56:19.703 Disk 0 Vendor: Size: 0MB BusType: 0
14:56:19.750 Disk 0 MBR read successfully
14:56:19.750 Disk 0 MBR scan
14:56:19.843 Disk 0 unknown MBR code
14:56:19.843 Disk 0 MBR hidden
14:56:19.859 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:56:19.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147793 MB offset 80325
14:56:19.906 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
14:56:20.156 Disk 0 scanning C:\WINDOWS\system32\drivers
14:56:40.718 Service scanning
14:57:07.546 Modules scanning
14:57:20.343 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
14:57:25.171 Disk 0 trace - called modules:
14:57:25.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:57:25.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f79ab8]
14:57:25.187 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\0000006a[0x85f59578]
14:57:25.187 5 ACPI.sys[f7324620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85eedd98]
14:57:26.953 AVAST engine scan C:\WINDOWS
14:57:40.968 AVAST engine scan C:\WINDOWS\system32
15:01:42.375 AVAST engine scan C:\WINDOWS\system32\drivers
15:02:10.921 AVAST engine scan C:\Documents and Settings\Justin
15:59:23.375 AVAST engine scan C:\Documents and Settings\All Users
16:00:52.875 Scan finished successfully
16:02:19.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Justin\Desktop\MBR.dat"
16:02:19.468 The log file has been saved successfully to "C:\Documents and Settings\Justin\Desktop\aswMBR.txt"

shelf life

2013-01-06, 16:24

hi jdkuhl,

If you aren't launching and using IE then its not normal.
We will get a download to use:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
NOTE: The free version must be updated manually.

jdkuhl

2013-01-06, 23:29

Thank you for your help. I followed the instructions and the log is shown below. After restarting the computer, however, the iexplore.exe applications popped up in the Windows Task Manager and are redirecting to other websites. I'll wait for your direction...

Log shown below:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Justin :: DGKWZ3C1 [limited]

1/6/2013 1:55:32 PM
mbam-log-2013-01-06 (13-55-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359112
Time elapsed: 1 hour(s), 34 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vcreac (Trojan.RedirRdll2.Gen) -> Data: "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Justin\Application Data\vcreac.dll",Print -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

shelf life

2013-01-07, 00:28

ok. We will move on to tdsskiller:

Download:

tdsskiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) to your desktop

Click the icon, then on Change Parameters. Check the option: Detect TDLFS file system, then click ok and Start Scan

Once the scan is done you will find a .txt file in your root drive Local Disk (C) labeled as: TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (version,date time)

Please copy/paste the log file in your reply.

jdkuhl

2013-01-07, 00:33

Results from tdsskiller:

17:30:52.0109 6100 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:30:53.0828 6100 ============================================================
17:30:53.0828 6100 Current date / time: 2013/01/06 17:30:53.0828
17:30:53.0828 6100 SystemInfo:
17:30:53.0828 6100
17:30:53.0828 6100 OS Version: 5.1.2600 ServicePack: 3.0
17:30:53.0828 6100 Product type: Workstation
17:30:53.0828 6100 ComputerName: DGKWZ3C1
17:30:53.0828 6100 UserName: Justin
17:30:53.0828 6100 Windows directory: C:\WINDOWS
17:30:53.0828 6100 System windows directory: C:\WINDOWS
17:30:53.0828 6100 Processor architecture: Intel x86
17:30:53.0828 6100 Number of processors: 2
17:30:53.0828 6100 Page size: 0x1000
17:30:53.0828 6100 Boot type: Normal boot
17:30:53.0828 6100 ============================================================
17:30:55.0140 6100 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:30:55.0140 6100 ============================================================
17:30:55.0140 6100 \Device\Harddisk0\DR0:
17:30:55.0140 6100 MBR partitions:
17:30:55.0140 6100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x120A8A59
17:30:55.0140 6100 ============================================================
17:30:55.0171 6100 C: <-> \Device\Harddisk0\DR0\Partition1
17:30:55.0171 6100 ============================================================
17:30:55.0171 6100 Initialize success
17:30:55.0171 6100 ============================================================
17:31:15.0328 3876 ============================================================
17:31:15.0328 3876 Scan started
17:31:15.0328 3876 Mode: Manual; TDLFS;
17:31:15.0328 3876 ============================================================
17:31:15.0406 3876 ================ Scan system memory ========================
17:31:15.0421 3876 System memory - ok
17:31:15.0421 3876 ================ Scan services =============================
17:31:15.0546 3876 [ 886A8A267B39BF510DDD1838FDA9756E ] A3AB C:\WINDOWS\system32\DRIVERS\A3AB.sys
17:31:15.0562 3876 A3AB - ok
17:31:15.0562 3876 Abiosdsk - ok
17:31:15.0593 3876 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:31:15.0625 3876 abp480n5 - ok
17:31:15.0671 3876 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:31:15.0671 3876 ACPI - ok
17:31:15.0718 3876 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:31:15.0734 3876 ACPIEC - ok
17:31:15.0765 3876 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:31:15.0765 3876 adpu160m - ok
17:31:15.0781 3876 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:31:15.0781 3876 aec - ok
17:31:15.0828 3876 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:31:15.0843 3876 AFD - ok
17:31:15.0890 3876 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:31:15.0906 3876 agp440 - ok
17:31:15.0937 3876 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:31:15.0953 3876 agpCPQ - ok
17:31:15.0984 3876 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:31:16.0000 3876 Aha154x - ok
17:31:16.0015 3876 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:31:16.0031 3876 aic78u2 - ok
17:31:16.0046 3876 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:31:16.0046 3876 aic78xx - ok
17:31:16.0093 3876 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:31:16.0109 3876 Alerter - ok
17:31:16.0140 3876 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:31:16.0140 3876 ALG - ok
17:31:16.0171 3876 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:31:16.0187 3876 AliIde - ok
17:31:16.0234 3876 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:31:16.0234 3876 alim1541 - ok
17:31:16.0234 3876 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:31:16.0234 3876 amdagp - ok
17:31:16.0265 3876 [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:31:16.0265 3876 AmdK8 - ok
17:31:16.0281 3876 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
17:31:16.0281 3876 amsint - ok
17:31:16.0312 3876 [ 920298C7AEF97D8168D219D35975D295 ] ANIO C:\WINDOWS\system32\ANIO.SYS
17:31:16.0312 3876 ANIO - ok
17:31:16.0375 3876 [ 0477ABEF0547167B8E7A7E1747F02CD4 ] ANIWZCSdService C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
17:31:16.0375 3876 ANIWZCSdService - ok
17:31:16.0453 3876 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:31:16.0453 3876 Apple Mobile Device - ok
17:31:16.0500 3876 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:31:16.0531 3876 AppMgmt - ok
17:31:16.0546 3876 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
17:31:16.0546 3876 asc - ok
17:31:16.0562 3876 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:31:16.0593 3876 asc3350p - ok
17:31:16.0625 3876 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:31:16.0625 3876 asc3550 - ok
17:31:16.0718 3876 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:31:16.0765 3876 aspnet_state - ok
17:31:16.0812 3876 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:31:16.0812 3876 AsyncMac - ok
17:31:16.0843 3876 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:31:16.0843 3876 atapi - ok
17:31:16.0843 3876 Atdisk - ok
17:31:16.0875 3876 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:31:16.0875 3876 Atmarpc - ok
17:31:16.0921 3876 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:31:16.0937 3876 AudioSrv - ok
17:31:16.0968 3876 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:31:16.0968 3876 audstub - ok
17:31:16.0984 3876 [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:31:16.0984 3876 bcm4sbxp - ok
17:31:17.0031 3876 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:31:17.0046 3876 Beep - ok
17:31:17.0218 3876 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx86.sys
17:31:17.0281 3876 BHDrvx86 - ok
17:31:17.0359 3876 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:31:17.0421 3876 BITS - ok
17:31:17.0484 3876 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:31:17.0484 3876 Bonjour Service - ok
17:31:17.0546 3876 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:31:17.0546 3876 Browser - ok
17:31:17.0687 3876 [ CFA5F2B90FC2A3F38B297584C9E0D2B8 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
17:31:17.0812 3876 CarboniteService - ok
17:31:17.0843 3876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:31:17.0843 3876 cbidf - ok
17:31:17.0843 3876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:31:17.0843 3876 cbidf2k - ok
17:31:17.0906 3876 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:31:17.0937 3876 CCDECODE - ok
17:31:17.0968 3876 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:31:17.0968 3876 cd20xrnt - ok
17:31:18.0000 3876 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:31:18.0015 3876 Cdaudio - ok
17:31:18.0031 3876 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:31:18.0031 3876 Cdfs - ok
17:31:18.0078 3876 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:31:18.0093 3876 Cdrom - ok
17:31:18.0093 3876 Changer - ok
17:31:18.0140 3876 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:31:18.0171 3876 CiSvc - ok
17:31:18.0203 3876 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:31:18.0234 3876 ClipSrv - ok
17:31:18.0265 3876 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:31:18.0328 3876 clr_optimization_v2.0.50727_32 - ok
17:31:18.0359 3876 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:31:18.0359 3876 CmdIde - ok
17:31:18.0375 3876 COMSysApp - ok
17:31:18.0406 3876 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:31:18.0406 3876 Cpqarray - ok
17:31:18.0453 3876 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:31:18.0453 3876 CryptSvc - ok
17:31:18.0468 3876 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:31:18.0500 3876 dac2w2k - ok
17:31:18.0500 3876 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:31:18.0500 3876 dac960nt - ok
17:31:18.0562 3876 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:31:18.0562 3876 DcomLaunch - ok
17:31:18.0656 3876 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:31:18.0656 3876 Dhcp - ok
17:31:18.0671 3876 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:31:18.0671 3876 Disk - ok
17:31:18.0734 3876 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:31:18.0734 3876 DLABOIOM - ok
17:31:18.0750 3876 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:31:18.0750 3876 DLACDBHM - ok
17:31:18.0781 3876 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
17:31:18.0781 3876 DLADResN - ok
17:31:18.0796 3876 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:31:18.0812 3876 DLAIFS_M - ok
17:31:18.0843 3876 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:31:18.0843 3876 DLAOPIOM - ok
17:31:18.0875 3876 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:31:18.0875 3876 DLAPoolM - ok
17:31:18.0875 3876 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:31:18.0875 3876 DLARTL_N - ok
17:31:18.0921 3876 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:31:18.0921 3876 DLAUDFAM - ok
17:31:18.0968 3876 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:31:18.0968 3876 DLAUDF_M - ok
17:31:18.0984 3876 dmadmin - ok
17:31:19.0046 3876 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:31:19.0109 3876 dmboot - ok
17:31:19.0109 3876 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:31:19.0125 3876 dmio - ok
17:31:19.0140 3876 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:31:19.0140 3876 dmload - ok
17:31:19.0218 3876 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:31:19.0218 3876 dmserver - ok
17:31:19.0234 3876 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:31:19.0234 3876 DMusic - ok
17:31:19.0281 3876 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:31:19.0281 3876 Dnscache - ok
17:31:19.0343 3876 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:31:19.0375 3876 Dot3svc - ok
17:31:19.0406 3876 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:31:19.0421 3876 dpti2o - ok
17:31:19.0484 3876 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:31:19.0484 3876 drmkaud - ok
17:31:19.0500 3876 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:31:19.0500 3876 DRVMCDB - ok
17:31:19.0546 3876 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:31:19.0546 3876 DRVNDDM - ok
17:31:19.0640 3876 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
17:31:19.0640 3876 DSproct - ok
17:31:19.0656 3876 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:31:19.0656 3876 E100B - ok
17:31:19.0718 3876 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:31:19.0734 3876 EapHost - ok
17:31:19.0796 3876 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:31:19.0796 3876 eeCtrl - ok
17:31:19.0859 3876 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
17:31:19.0859 3876 ehRecvr - ok
17:31:19.0875 3876 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
17:31:19.0875 3876 ehSched - ok
17:31:19.0906 3876 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:31:19.0921 3876 EraserUtilRebootDrv - ok
17:31:19.0953 3876 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:31:19.0953 3876 ERSvc - ok
17:31:20.0000 3876 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:31:20.0046 3876 Eventlog - ok
17:31:20.0093 3876 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:31:20.0093 3876 EventSystem - ok
17:31:20.0109 3876 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:31:20.0125 3876 Fastfat - ok
17:31:20.0156 3876 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:31:20.0171 3876 FastUserSwitchingCompatibility - ok
17:31:20.0203 3876 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
17:31:20.0234 3876 Fax - ok
17:31:20.0265 3876 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:31:20.0265 3876 Fdc - ok
17:31:20.0281 3876 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:31:20.0281 3876 Fips - ok
17:31:20.0296 3876 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:31:20.0312 3876 Flpydisk - ok
17:31:20.0343 3876 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:31:20.0359 3876 FltMgr - ok
17:31:20.0453 3876 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:31:20.0453 3876 FontCache3.0.0.0 - ok
17:31:20.0500 3876 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:31:20.0515 3876 Fs_Rec - ok
17:31:20.0531 3876 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:31:20.0531 3876 Ftdisk - ok
17:31:20.0562 3876 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:31:20.0578 3876 GEARAspiWDM - ok
17:31:20.0625 3876 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\WINDOWS\system32\drivers\GIDv2.sys
17:31:20.0625 3876 GIDv2 - ok
17:31:20.0656 3876 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:31:20.0656 3876 Gpc - ok
17:31:20.0671 3876 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:31:20.0671 3876 HDAudBus - ok
17:31:20.0750 3876 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:31:20.0750 3876 helpsvc - ok
17:31:20.0812 3876 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:31:20.0812 3876 HidServ - ok
17:31:20.0859 3876 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:31:20.0859 3876 HidUsb - ok
17:31:20.0906 3876 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:31:20.0921 3876 hkmsvc - ok
17:31:20.0953 3876 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
17:31:20.0968 3876 hpn - ok
17:31:21.0062 3876 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:31:21.0062 3876 hpqcxs08 - ok
17:31:21.0078 3876 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:31:21.0078 3876 hpqddsvc - ok
17:31:21.0109 3876 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:31:21.0125 3876 HPZid412 - ok
17:31:21.0156 3876 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:31:21.0156 3876 HPZipr12 - ok
17:31:21.0156 3876 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:31:21.0187 3876 HPZius12 - ok
17:31:21.0218 3876 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:31:21.0218 3876 HSFHWBS2 - ok
17:31:21.0296 3876 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:31:21.0312 3876 HSF_DP - ok
17:31:21.0359 3876 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:31:21.0359 3876 HTTP - ok
17:31:21.0406 3876 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:31:21.0406 3876 HTTPFilter - ok
17:31:21.0421 3876 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:31:21.0421 3876 i2omgmt - ok
17:31:21.0437 3876 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:31:21.0437 3876 i2omp - ok
17:31:21.0484 3876 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:31:21.0484 3876 i8042prt - ok
17:31:21.0562 3876 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:31:21.0578 3876 IDriverT - ok
17:31:21.0625 3876 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:31:21.0656 3876 idsvc - ok
17:31:21.0781 3876 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130104.001\IDSxpx86.sys
17:31:21.0781 3876 IDSxpx86 - ok
17:31:21.0843 3876 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
17:31:21.0843 3876 IDVaultSvc - ok
17:31:21.0859 3876 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:31:21.0875 3876 Imapi - ok
17:31:21.0921 3876 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:31:21.0953 3876 ImapiService - ok
17:31:21.0984 3876 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:31:21.0984 3876 ini910u - ok
17:31:22.0015 3876 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:31:22.0015 3876 IntelIde - ok
17:31:22.0078 3876 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:31:22.0078 3876 intelppm - ok
17:31:22.0093 3876 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:31:22.0093 3876 Ip6Fw - ok
17:31:22.0125 3876 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:31:22.0125 3876 IpFilterDriver - ok
17:31:22.0140 3876 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:31:22.0140 3876 IpInIp - ok
17:31:22.0156 3876 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:31:22.0156 3876 IpNat - ok
17:31:22.0203 3876 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:31:22.0218 3876 iPod Service - ok
17:31:22.0265 3876 [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv C:\WINDOWS\system32\drivers\iPodDrv.sys
17:31:22.0375 3876 iPodDrv - ok
17:31:22.0421 3876 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:31:22.0421 3876 IPSec - ok
17:31:22.0468 3876 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:31:22.0468 3876 IRENUM - ok
17:31:22.0515 3876 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:31:22.0515 3876 isapnp - ok
17:31:22.0609 3876 [ A456937ACC87BB40D7E2331F1E3A2AC5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:31:22.0625 3876 JavaQuickStarterService - ok
17:31:22.0656 3876 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:31:22.0656 3876 Kbdclass - ok
17:31:22.0671 3876 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:31:22.0671 3876 kbdhid - ok
17:31:22.0687 3876 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:31:22.0703 3876 kmixer - ok
17:31:22.0734 3876 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:31:22.0734 3876 KSecDD - ok
17:31:22.0750 3876 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:31:22.0765 3876 lanmanserver - ok
17:31:22.0812 3876 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:31:22.0812 3876 lanmanworkstation - ok
17:31:22.0828 3876 lbrtfdc - ok
17:31:22.0875 3876 [ 03E12DBFACF1AEB86C553B0DB488FB81 ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys
17:31:22.0875 3876 libusb0 - ok
17:31:22.0906 3876 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:31:22.0921 3876 LmHosts - ok
17:31:22.0968 3876 [ C53C86727678B4CDF974C880D27EE7BB ] MaxBackServiceInt C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
17:31:22.0968 3876 MaxBackServiceInt - ok
17:31:23.0000 3876 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
17:31:23.0000 3876 McrdSvc - ok
17:31:23.0031 3876 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:31:23.0031 3876 MDM - ok
17:31:23.0046 3876 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:31:23.0062 3876 mdmxsdk - ok
17:31:23.0109 3876 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:31:23.0125 3876 Messenger - ok
17:31:23.0156 3876 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
17:31:23.0187 3876 MHN - ok
17:31:23.0203 3876 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:31:23.0218 3876 MHNDRV - ok
17:31:23.0250 3876 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:31:23.0250 3876 mnmdd - ok
17:31:23.0281 3876 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:31:23.0312 3876 mnmsrvc - ok
17:31:23.0328 3876 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:31:23.0343 3876 Modem - ok
17:31:23.0375 3876 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:31:23.0375 3876 MODEMCSA - ok
17:31:23.0375 3876 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:31:23.0375 3876 Mouclass - ok
17:31:23.0406 3876 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:31:23.0406 3876 mouhid - ok
17:31:23.0421 3876 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:31:23.0421 3876 MountMgr - ok
17:31:23.0468 3876 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:31:23.0484 3876 MozillaMaintenance - ok
17:31:23.0500 3876 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:31:23.0500 3876 mraid35x - ok
17:31:23.0515 3876 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:31:23.0515 3876 MRxDAV - ok
17:31:23.0546 3876 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:31:23.0562 3876 MRxSmb - ok
17:31:23.0656 3876 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
17:31:23.0656 3876 MSCamSvc - ok
17:31:23.0703 3876 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:31:23.0703 3876 MSDTC - ok
17:31:23.0718 3876 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:31:23.0718 3876 Msfs - ok
17:31:23.0750 3876 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
17:31:23.0750 3876 MSHUSBVideo - ok
17:31:23.0750 3876 MSIServer - ok
17:31:23.0781 3876 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:31:23.0781 3876 MSKSSRV - ok
17:31:23.0796 3876 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:31:23.0796 3876 MSPCLOCK - ok
17:31:23.0796 3876 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:31:23.0796 3876 MSPQM - ok
17:31:23.0828 3876 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:31:23.0828 3876 mssmbios - ok
17:31:23.0859 3876 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:31:23.0859 3876 MSTEE - ok
17:31:23.0875 3876 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:31:23.0875 3876 Mup - ok
17:31:23.0937 3876 [ C29F284FF7AB4ED38CE419A9424E52A2 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
17:31:23.0937 3876 MXOPSWD - ok
17:31:24.0031 3876 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
17:31:24.0046 3876 N360 - ok
17:31:24.0078 3876 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:31:24.0078 3876 NABTSFEC - ok
17:31:24.0125 3876 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:31:24.0156 3876 napagent - ok
17:31:24.0218 3876 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130105.017\NAVENG.SYS
17:31:24.0218 3876 NAVENG - ok
17:31:24.0296 3876 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130105.017\NAVEX15.SYS
17:31:24.0343 3876 NAVEX15 - ok
17:31:24.0390 3876 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:31:24.0390 3876 NDIS - ok
17:31:24.0453 3876 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:31:24.0453 3876 NdisIP - ok
17:31:24.0484 3876 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:31:24.0484 3876 NdisTapi - ok
17:31:24.0500 3876 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:31:24.0500 3876 Ndisuio - ok
17:31:24.0515 3876 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:31:24.0515 3876 NdisWan - ok
17:31:24.0546 3876 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:31:24.0546 3876 NDProxy - ok
17:31:24.0593 3876 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:31:24.0593 3876 Net Driver HPZ12 - ok
17:31:24.0625 3876 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:31:24.0625 3876 NetBIOS - ok
17:31:24.0640 3876 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:31:24.0640 3876 NetBT - ok
17:31:24.0687 3876 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:31:24.0703 3876 NetDDE - ok
17:31:24.0718 3876 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:31:24.0718 3876 NetDDEdsdm - ok
17:31:24.0750 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:31:24.0765 3876 Netlogon - ok
17:31:24.0812 3876 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:31:24.0812 3876 Netman - ok
17:31:24.0843 3876 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:31:24.0843 3876 NetTcpPortSharing - ok
17:31:24.0890 3876 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:31:24.0890 3876 Nla - ok
17:31:24.0953 3876 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:31:24.0953 3876 Npfs - ok
17:31:24.0984 3876 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:31:25.0015 3876 Ntfs - ok
17:31:25.0031 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:31:25.0031 3876 NtLmSsp - ok
17:31:25.0078 3876 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:31:25.0093 3876 NtmsSvc - ok
17:31:25.0156 3876 [ F778606B1E8C0567B1FFF5879AB38D8C ] NTService1 C:\Program Files\Maxtor\Utils\SyncServices.exe
17:31:25.0156 3876 NTService1 - ok
17:31:25.0171 3876 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:31:25.0171 3876 Null - ok
17:31:25.0500 3876 [ 774A0D43912F75DA99D32F2D9E6A674C ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:31:25.0781 3876 nv - ok
17:31:25.0828 3876 [ 75562456AA672BB5FE56D3C64C6D1C7D ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys
17:31:25.0890 3876 nvatabus - ok
17:31:25.0921 3876 [ 1D4781A5957300DC81B91161B45704BB ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
17:31:26.0000 3876 nvraid - ok
17:31:26.0031 3876 [ 6B665BDA473E2888A036D0BA5663B5A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:31:26.0031 3876 NVSvc - ok
17:31:26.0140 3876 [ 8BB901D3DBD7CA15C4D9F1EC98927379 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:31:26.0171 3876 nvUpdatusService - ok
17:31:26.0203 3876 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:31:26.0234 3876 NwlnkFlt - ok
17:31:26.0250 3876 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:31:26.0265 3876 NwlnkFwd - ok
17:31:26.0312 3876 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:31:26.0312 3876 ose - ok
17:31:26.0375 3876 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:31:26.0375 3876 Parport - ok
17:31:26.0421 3876 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:31:26.0421 3876 PartMgr - ok
17:31:26.0453 3876 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:31:26.0453 3876 ParVdm - ok
17:31:26.0484 3876 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:31:26.0484 3876 PCI - ok
17:31:26.0500 3876 PCIDump - ok
17:31:26.0515 3876 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:31:26.0515 3876 PCIIde - ok
17:31:26.0562 3876 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:31:26.0562 3876 Pcmcia - ok
17:31:26.0578 3876 PDCOMP - ok
17:31:26.0578 3876 PDFRAME - ok
17:31:26.0593 3876 PDRELI - ok
17:31:26.0593 3876 PDRFRAME - ok
17:31:26.0625 3876 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
17:31:26.0640 3876 perc2 - ok
17:31:26.0671 3876 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:31:26.0671 3876 perc2hib - ok
17:31:26.0718 3876 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:31:26.0718 3876 PlugPlay - ok
17:31:26.0765 3876 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:31:26.0765 3876 Pml Driver HPZ12 - ok
17:31:26.0781 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:31:26.0796 3876 PolicyAgent - ok
17:31:26.0828 3876 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:31:26.0843 3876 PptpMiniport - ok
17:31:26.0890 3876 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:31:26.0890 3876 Processor - ok
17:31:26.0890 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:31:26.0890 3876 ProtectedStorage - ok
17:31:26.0953 3876 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:31:26.0953 3876 PSched - ok
17:31:26.0984 3876 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:31:26.0984 3876 Ptilink - ok
17:31:27.0000 3876 [ 81088114178112618B1C414A65E50F7C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:31:27.0000 3876 PxHelp20 - ok
17:31:27.0031 3876 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:31:27.0031 3876 ql1080 - ok
17:31:27.0046 3876 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:31:27.0046 3876 Ql10wnt - ok
17:31:27.0078 3876 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:31:27.0109 3876 ql12160 - ok
17:31:27.0125 3876 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:31:27.0125 3876 ql1240 - ok
17:31:27.0140 3876 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:31:27.0140 3876 ql1280 - ok
17:31:27.0140 3876 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:31:27.0140 3876 RasAcd - ok
17:31:27.0187 3876 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:31:27.0187 3876 RasAuto - ok
17:31:27.0234 3876 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:31:27.0234 3876 Rasl2tp - ok
17:31:27.0265 3876 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:31:27.0265 3876 RasMan - ok
17:31:27.0296 3876 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:31:27.0296 3876 RasPppoe - ok
17:31:27.0312 3876 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:31:27.0312 3876 Raspti - ok
17:31:27.0343 3876 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:27.0343 3876 Rdbss - ok
17:31:27.0375 3876 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:27.0375 3876 RDPCDD - ok
17:31:27.0390 3876 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:31:27.0390 3876 rdpdr - ok
17:31:27.0453 3876 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:27.0468 3876 RDPWD - ok
17:31:27.0484 3876 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:31:27.0500 3876 RDSessMgr - ok
17:31:27.0500 3876 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:27.0500 3876 redbook - ok
17:31:27.0546 3876 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:31:27.0546 3876 RemoteAccess - ok
17:31:27.0609 3876 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:31:27.0609 3876 RemoteRegistry - ok
17:31:27.0640 3876 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:31:27.0640 3876 RpcLocator - ok
17:31:27.0671 3876 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:31:27.0687 3876 RpcSs - ok
17:31:27.0718 3876 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:31:27.0750 3876 RSVP - ok
17:31:27.0765 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:31:27.0765 3876 SamSs - ok
17:31:27.0828 3876 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:31:27.0828 3876 SCardSvr - ok
17:31:27.0843 3876 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:31:27.0875 3876 Schedule - ok
17:31:27.0968 3876 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
17:31:28.0015 3876 SDScannerService - ok
17:31:28.0078 3876 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:31:28.0125 3876 SDUpdateService - ok
17:31:28.0156 3876 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:31:28.0203 3876 SDWSCService - ok
17:31:28.0234 3876 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:28.0250 3876 Secdrv - ok
17:31:28.0281 3876 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:31:28.0281 3876 seclogon - ok
17:31:28.0312 3876 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:31:28.0312 3876 SENS - ok
17:31:28.0359 3876 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:31:28.0359 3876 serenum - ok
17:31:28.0406 3876 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:31:28.0406 3876 Serial - ok
17:31:28.0437 3876 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:28.0453 3876 Sfloppy - ok
17:31:28.0484 3876 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:31:28.0500 3876 SharedAccess - ok
17:31:28.0531 3876 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:31:28.0531 3876 ShellHWDetection - ok
17:31:28.0531 3876 Simbad - ok
17:31:28.0578 3876 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:31:28.0609 3876 sisagp - ok
17:31:28.0640 3876 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:31:28.0640 3876 SLIP - ok
17:31:28.0687 3876 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:31:28.0687 3876 Sparrow - ok
17:31:28.0734 3876 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:31:28.0734 3876 splitter - ok
17:31:28.0781 3876 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:31:28.0796 3876 Spooler - ok
17:31:28.0812 3876 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:28.0828 3876 sr - ok
17:31:28.0890 3876 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:31:28.0890 3876 srservice - ok
17:31:29.0000 3876 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
17:31:29.0015 3876 SRTSP - ok
17:31:29.0046 3876 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
17:31:29.0046 3876 SRTSPX - ok
17:31:29.0093 3876 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:29.0109 3876 Srv - ok
17:31:29.0140 3876 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
17:31:29.0156 3876 ssadbus - ok
17:31:29.0171 3876 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
17:31:29.0171 3876 ssadmdfl - ok
17:31:29.0218 3876 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
17:31:29.0234 3876 ssadmdm - ok
17:31:29.0281 3876 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:31:29.0296 3876 SSDPSRV - ok
17:31:29.0359 3876 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:31:29.0421 3876 STHDA - ok
17:31:29.0468 3876 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:31:29.0484 3876 stisvc - ok
17:31:29.0515 3876 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:31:29.0515 3876 streamip - ok
17:31:29.0562 3876 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:29.0562 3876 swenum - ok
17:31:29.0578 3876 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:31:29.0578 3876 swmidi - ok
17:31:29.0578 3876 SwPrv - ok
17:31:29.0625 3876 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
17:31:29.0625 3876 symc810 - ok
17:31:29.0656 3876 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:31:29.0656 3876 symc8xx - ok
17:31:29.0718 3876 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
17:31:29.0718 3876 SymDS - ok
17:31:29.0765 3876 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
17:31:29.0828 3876 SymEFA - ok
17:31:29.0875 3876 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:31:29.0875 3876 SymEvent - ok
17:31:29.0890 3876 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
17:31:29.0906 3876 SymIRON - ok
17:31:29.0953 3876 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
17:31:29.0968 3876 SYMTDI - ok
17:31:29.0984 3876 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:31:29.0984 3876 sym_hi - ok
17:31:30.0000 3876 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:31:30.0031 3876 sym_u3 - ok
17:31:30.0046 3876 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:30.0062 3876 sysaudio - ok
17:31:30.0109 3876 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:31:30.0140 3876 SysmonLog - ok
17:31:30.0187 3876 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:31:30.0187 3876 TapiSrv - ok
17:31:30.0234 3876 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:30.0234 3876 Tcpip - ok
17:31:30.0281 3876 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:30.0281 3876 TDPIPE - ok
17:31:30.0296 3876 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:30.0296 3876 TDTCP - ok
17:31:30.0312 3876 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:30.0312 3876 TermDD - ok
17:31:30.0343 3876 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:31:30.0359 3876 TermService - ok
17:31:30.0406 3876 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:31:30.0406 3876 Themes - ok
17:31:30.0453 3876 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:31:30.0468 3876 TlntSvr - ok
17:31:30.0484 3876 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
17:31:30.0484 3876 TosIde - ok
17:31:30.0500 3876 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:31:30.0515 3876 TrkWks - ok
17:31:30.0562 3876 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:31:30.0562 3876 Udfs - ok
17:31:30.0609 3876 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
17:31:30.0625 3876 ultra - ok
17:31:30.0687 3876 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:31:30.0687 3876 Update - ok
17:31:30.0734 3876 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:31:30.0765 3876 upnphost - ok
17:31:30.0781 3876 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:31:30.0796 3876 UPS - ok
17:31:30.0828 3876 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:31:30.0843 3876 USBAAPL - ok
17:31:30.0859 3876 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:31:30.0875 3876 usbaudio - ok
17:31:30.0921 3876 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:31:30.0937 3876 usbccgp - ok
17:31:30.0984 3876 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:30.0984 3876 usbehci - ok
17:31:31.0031 3876 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:31.0031 3876 usbhub - ok
17:31:31.0031 3876 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:31:31.0031 3876 usbohci - ok
17:31:31.0078 3876 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:31:31.0109 3876 usbprint - ok
17:31:31.0125 3876 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:31:31.0125 3876 usbscan - ok
17:31:31.0140 3876 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:31.0156 3876 USBSTOR - ok
17:31:31.0171 3876 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:31:31.0171 3876 usbuhci - ok
17:31:31.0203 3876 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:31:31.0203 3876 usbvideo - ok
17:31:31.0234 3876 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:31:31.0250 3876 VgaSave - ok
17:31:31.0296 3876 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:31:31.0296 3876 viaagp - ok
17:31:31.0328 3876 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:31:31.0328 3876 ViaIde - ok
17:31:31.0343 3876 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:31.0343 3876 VolSnap - ok
17:31:31.0406 3876 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:31:31.0421 3876 VSS - ok
17:31:31.0468 3876 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
17:31:31.0484 3876 w32time - ok
17:31:31.0640 3876 [ 5D81DFEDC21830764B02F12415AFAE2B ] wampapache c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
17:31:31.0656 3876 wampapache - ok
17:31:31.0703 3876 wampmysqld - ok
17:31:31.0718 3876 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:31.0750 3876 Wanarp - ok
17:31:31.0750 3876 wanatw - ok
17:31:31.0750 3876 WDICA - ok
17:31:31.0796 3876 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:31.0796 3876 wdmaud - ok
17:31:31.0859 3876 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:31:31.0859 3876 WebClient - ok
17:31:31.0906 3876 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:31:31.0921 3876 winachsf - ok
17:31:32.0000 3876 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
17:31:32.0000 3876 WinDefend - ok
17:31:32.0093 3876 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:32.0093 3876 winmgmt - ok
17:31:32.0140 3876 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:31:32.0156 3876 WmdmPmSN - ok
17:31:32.0218 3876 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:31:32.0265 3876 Wmi - ok
17:31:32.0312 3876 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:31:32.0312 3876 WmiApSrv - ok
17:31:32.0406 3876 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:31:32.0468 3876 WMPNetworkSvc - ok
17:31:32.0500 3876 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:31:32.0515 3876 WpdUsb - ok
17:31:32.0562 3876 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:31:32.0562 3876 wscsvc - ok
17:31:32.0609 3876 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:31:32.0609 3876 WSTCODEC - ok
17:31:32.0625 3876 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:31:32.0625 3876 wuauserv - ok
17:31:32.0671 3876 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:31:32.0671 3876 WudfPf - ok
17:31:32.0687 3876 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:31:32.0687 3876 WudfRd - ok
17:31:32.0718 3876 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:31:32.0718 3876 WudfSvc - ok
17:31:32.0781 3876 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:31:32.0796 3876 WZCSVC - ok
17:31:32.0828 3876 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:31:32.0843 3876 xmlprov - ok
17:31:32.0859 3876 ================ Scan global ===============================
17:31:32.0921 3876 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:31:32.0968 3876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:31:33.0000 3876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:31:33.0000 3876 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:31:33.0015 3876 [Global] - ok
17:31:33.0015 3876 ================ Scan MBR ==================================
17:31:33.0031 3876 [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0
17:31:33.0250 3876 \Device\Harddisk0\DR0 - ok
17:31:33.0250 3876 ================ Scan VBR ==================================
17:31:33.0250 3876 [ 82C75350CFA9CE83E02A705B0D1BC8CC ] \Device\Harddisk0\DR0\Partition1
17:31:33.0265 3876 \Device\Harddisk0\DR0\Partition1 - ok
17:31:33.0265 3876 ============================================================
17:31:33.0265 3876 Scan finished
17:31:33.0265 3876 ============================================================
17:31:33.0281 2424 Detected object count: 0
17:31:33.0281 2424 Actual detected object count: 0

shelf life

2013-01-07, 01:59

ok. Another download to get. It requires that you read a short guide to explain it. Read through the guide then download combofix to your desktop, run combofix and post its log:

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

jdkuhl

2013-01-07, 03:01

Results from ComboFix:

ComboFix 13-01-05.01 - Justin 01/06/2013 19:30:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.270 [GMT -6:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Justin\Application Data\aceton.dll
c:\documents and settings\Justin\Application Data\vcreac.dll
c:\documents and settings\Justin\My Documents\~WRL0173.tmp
c:\documents and settings\Justin\My Documents\~WRL2969.tmp
c:\documents and settings\Justin\My Documents\~WRL3628.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-06 19:41 . 2013-01-06 19:41 -------- d-----w- c:\documents and settings\Justin\Application Data\Malwarebytes
2013-01-06 19:40 . 2013-01-06 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-06 19:40 . 2013-01-06 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-06 19:40 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 07:51 . 2012-11-19 07:04 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4B7448E3-2B11-49C9-8E99-841D5DBDFE37}\mpengine.dll
2013-01-03 20:39 . 2013-01-03 20:40 -------- d-----w- c:\program files\ERUNT
2013-01-03 16:30 . 2013-01-03 16:55 -------- d-----w- c:\documents and settings\Justin\Local Settings\Application Data\NPE
2013-01-02 23:52 . 2012-11-19 07:04 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-02 23:52 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-02 23:49 . 2013-01-02 23:49 -------- d-----w- c:\program files\Windows Defender
2013-01-02 13:21 . 2013-01-02 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-01-02 13:19 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-02 13:19 . 2013-01-02 13:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-12 22:15 . 2012-12-12 22:15 -------- d-----w- c:\documents and settings\Justin\Local Settings\Application Data\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 22:09 . 2012-10-28 22:09 57344 ----a-r- c:\documents and settings\Justin\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-12-05 04:08 . 2012-12-05 04:08 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2007-02-27 716456]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-03-25 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-08-30 15512424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-08-30 108392]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-10-16 5958256]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 16:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [7/16/2012 2:05 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [7/16/2012 2:05 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [12/3/2012 11:47 AM 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [12/28/2011 9:02 PM 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [7/16/2012 2:05 PM 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [10/16/2012 11:19 AM 61552]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [7/27/2011 12:48 PM 6656]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [7/16/2012 2:05 PM 130008]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [1/2/2013 7:19 AM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1/2/2013 7:20 AM 1369624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [8/25/2005 3:00 PM 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/25/2012 12:45 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130104.001\IDSXpx86.sys [1/4/2013 4:34 PM 373728]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [1/2/2013 7:20 AM 168384]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [12/29/2011 9:48 AM 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/29/2011 4:17 PM 30576]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [6/17/2012 6:03 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [6/17/2012 6:03 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [6/17/2012 6:03 AM 136808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 16:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-01-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-02 20:08]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3692966689-1600950048-196516940-1006Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-29 21:28]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3692966689-1600950048-196516940-1006UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-29 21:28]
.
2011-12-29 c:\windows\Tasks\Microsoft_Hardware_Launch_LcBuddy_exe.job
- c:\program files\Microsoft LifeCam\LcBuddy.exe [2010-12-13 20:37]
.
2013-01-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2013-01-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-02 20:07]
.
2013-01-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-02 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=QNl33R_HMPqnY9HTI0muuoJ_kN0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\g8thnp9n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-01-03 10:42; {f7d2f3a1-6b58-48b6-93ce-e65066211dc1}; c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\g8thnp9n.default\extensions\{f7d2f3a1-6b58-48b6-93ce-e65066211dc1}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-eibpouol - c:\documents and settings\Justin\Local Settings\Application Data\dmldovpe.exe
HKLM-Run-aceton - c:\documents and settings\Justin\Application Data\aceton.dll
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\GIDLogonXP.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5392)
c:\windows\system32\WININET.dll
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Maxtor\Utils\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-01-06 19:58:21 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-07 01:57
.
Pre-Run: 3,073,019,904 bytes free
Post-Run: 3,421,220,864 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BD64CD279E99E70C9CCE58E232DA15A9

jdkuhl

2013-01-07, 03:08

Just a comment to add: I wonder if a similar thing is happening on Google Chrome. I have two tabs open at the current time with 7 chrome.exe processes in the Windows Task Manager - all consuming in total about 350MB of memory.

Thank you again for your help.

shelf life

2013-01-07, 03:34

That dosnt look bad. It is possible to have multiply chrome.exe running in task manager even if only one chrome window is open. Details are here. (http://blog.chromium.org/2008/09/multi-process-architecture.html) We will get one more download to use. its called aswmbr.exe:

Download Aswmbr.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Double click the aswMBR.exe to run it.
For the question: Would you like to download latest Avast! virus definitions?" Click YES to download the additional files..then
Click the "Scan" button to start scan.
Once the scan is done click the"Save log", save it to your desktop and post it in your next reply.
I probably wont be back online for 16 hrs or so.

jdkuhl

2013-01-07, 11:57

Log shown below...

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-06 20:47:56
-----------------------------
20:47:56.093 OS Version: Windows 5.1.2600 Service Pack 3
20:47:56.093 Number of processors: 2 586 0x4B02
20:47:56.093 ComputerName: DGKWZ3C1 UserName: Justin
20:48:02.765 Initialize success
20:52:12.718 AVAST engine defs: 13010601
20:52:32.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:52:32.140 Disk 0 Vendor: Size: 0MB BusType: 0
20:52:32.156 Disk 0 MBR read successfully
20:52:32.156 Disk 0 MBR scan
20:52:32.281 Disk 0 unknown MBR code
20:52:32.281 Disk 0 MBR hidden
20:52:32.281 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:52:32.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147793 MB offset 80325
20:52:32.343 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
20:52:32.375 Disk 0 scanning C:\WINDOWS\system32\drivers
20:53:09.671 Service scanning
20:53:38.000 Modules scanning
20:53:46.343 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
20:53:48.437 Disk 0 trace - called modules:
20:53:48.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:53:48.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f4cab8]
20:53:48.468 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\0000006a[0x85f97f18]
20:53:48.468 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85fd4d98]
20:53:48.953 AVAST engine scan C:\WINDOWS
20:54:23.078 AVAST engine scan C:\WINDOWS\system32
20:58:48.312 AVAST engine scan C:\WINDOWS\system32\drivers
20:59:16.015 AVAST engine scan C:\Documents and Settings\Justin
21:57:15.234 AVAST engine scan C:\Documents and Settings\All Users
21:59:25.953 Scan finished successfully
04:53:53.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Justin\Desktop\MBR.dat"
04:53:53.343 The log file has been saved successfully to "C:\Documents and Settings\Justin\Desktop\aswMBR-1-6-2013.txt"

jdkuhl

2013-01-07, 23:34

Something else I'm noticing: only in firefox, I'm on occasion redirected to ad sites after performing a google search.

Thank you again.

shelf life

2013-01-07, 23:55

Rescan and post a new DDS log please.

jdkuhl

2013-01-08, 00:08

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by Justin at 17:04:25 on 2013-01-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.229 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\SFT\GuardedID\gidd.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=QNl33R_HMPqnY9HTI0muuoJ_kN0
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\5.2.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\documents and settings\all users\application data\white sky, inc\id vault\iebho1.12.1012.1\NativeBHO.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [D-Link RangeBooster G WDA-2320] c:\program files\d-link\rangebooster g wda-2320\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\managerapp\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EBDFBDCF-B4DC-4B6C-A580-AEB49F271D13} : DHCPNameServer = 192.168.1.1
Notify: GIDLogonXP - GIDLogonXP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\justin\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - ExtSQL: 2013-01-03 10:42; {f7d2f3a1-6b58-48b6-93ce-e65066211dc1}; c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\extensions\{f7d2f3a1-6b58-48b6-93ce-e65066211dc1}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-12-28 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-10-16 61552]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-2 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-2 1369624]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-25 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20130104.001\IDSXpx86.sys [2013-1-4 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20130106.009\NAVENG.SYS [2013-1-6 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20130106.009\NAVEX15.SYS [2013-1-6 1601184]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-2 168384]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2011-12-29 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-12-29 30576]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-6-17 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-6-17 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-6-17 136808]
.
=============== Created Last 30 ================
.
2013-01-07 08:26:34 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4b7448e3-2b11-49c9-8e99-841d5dbdfe37}\offreg.dll
2013-01-07 05:20:07 -------- d-----w- c:\windows\system32\NtmsData
2013-01-07 01:23:54 -------- d-sha-r- C:\cmdcons
2013-01-07 01:21:43 98816 ----a-w- c:\windows\sed.exe
2013-01-07 01:21:43 256000 ----a-w- c:\windows\PEV.exe
2013-01-07 01:21:43 208896 ----a-w- c:\windows\MBR.exe
2013-01-06 19:41:47 -------- d-----w- c:\documents and settings\justin\application data\Malwarebytes
2013-01-06 19:40:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-01-06 19:40:01 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 19:40:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-04 07:51:57 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4b7448e3-2b11-49c9-8e99-841d5dbdfe37}\mpengine.dll
2013-01-03 16:30:20 -------- d-----w- c:\documents and settings\justin\local settings\application data\NPE
2013-01-02 23:52:30 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-01-02 23:52:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-02 13:21:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-01-02 13:19:59 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-02 13:19:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-12 22:15:33 -------- d-----w- c:\documents and settings\justin\local settings\application data\HP
.
==================== Find3M ====================
.
2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x85F4CAB8]
3 CLASSPNP[0xF74A7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000006a[0x85F97F18]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP0T0L0-3[0x85FD4D98]
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
user != kernel MBR !!!
.
============= FINISH: 17:05:31.81 ===============

shelf life

2013-01-08, 00:48

Check your settings in Firefox and IE to make sure your not using a proxy server.

In FF;
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

In IE:
In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server."

jdkuhl

2013-01-08, 01:15

OK - I made the change to FireFox - it was set to Use system proxy settings. Would this imply that my system network settings may be compromised?

IE was set properly, but I never use IE.

jdkuhl

2013-01-08, 02:29

While browsing the web earlier, Norton popped up telling me that it had blocked an attack of Exploit Toolkit Website 4. I was browsing a fairly well read website for runners - nothing I would consider shady.

Norton has more information if you need it - thank you.

shelf life

2013-01-08, 04:03

Hi,
Follow this link (http://kb.iu.edu/data/ahic.html) to clear all your browsers cache. Then check again to make sure the proxy settings in FF is gone and hasn't been reset.
Something changed FF to use a proxy. you know the website you where on when you got the warning, just out of curiosity? Wont be back on line for 16 hrs or so.

jdkuhl

2013-01-08, 04:24

Here's the link to the thread where Norton gave me the error... after doing some research, it appears that I'm not the only one receiving this notice from Norton - but I'm feeling a little extra cautious nowadays...

http://www.letsrun.com/forum/flat_read.php?thread=4882212

I cleared the cache in Firefox, and the proxy settings appear to have stuck there. IE might be corrupt - it consistently gives me the "Internet Explorer has encountered a problem and needs to close" window - and recovers after clicking it several times.

shelf life

2013-01-09, 00:06

That Norton web protection that threw up the window may not be totally accurate. Not sure how it determines a exploit kit but theres probably is a lot of room for false positives.
For IE you can try resetting it back to its defaults;
Tools>Internet Options> Advanced tab> Near the bottom click on the Reset button. See how that goes.

jdkuhl

2013-01-09, 00:43

OK - made the reset in IE and things are working better.

What else should I do? It appears that the original problem is gone - iexplore.exe applications aren't popping up like before.

I have tons of questions like:
- why does Norton and other spyware programs not find this type of stuff?
- how do you stay protected from things like this (in this case, my wife clicked on a phishing type email)?
- is Norton my best option for antivirus and anti spyware?
- I could only tell that the iexplore.exe applications were being spawned by looking into the Windows Task Manager - how else can I know that things are compromised?
- What was this spyware/virus doing? Why would someone try to use my computer to browse the web?

OK - and thank you for your help.

shelf life

2013-01-09, 03:16

Ok, good. I like questions. Which i will attempt to answer.

A proxy change in a browser can be something a user could do, so its not necessarily a bad thing, except in your case.

Only receive E-mail in plain text, no html or live links.

I cant say what the best AV is, they all claim that title. I like free myself so I use free AV on my Windows machines.

Task manager is good if you become familiar with what runs normally. Then you might recognize a process that could be malware. Always keep your AV and anti-malware up to date. Keep Windows/Browsers and web applications like Java, and Adobe products up to date also.

Nobody else was browsing on your machine, the proxy was redirecting your own browsing to other sites.

I will be offline for 16 or so hours.

jdkuhl

2013-01-09, 03:27

All good tips - thank you.

Any other suggestions for my machine that will give me the 'all clear?"

shelf life

2013-01-10, 02:27

Your welcome.
You can delete the tdsskiller and aswmbr.exe icons from your desktop as well as the log. You can remove combofix like this:
Start>run and type in combofix /uninstall and click enter.
Note the space after the x and before the /

Last you can make a new restore point. The how and the why;

One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

If all is good on your end, some tips to help you remain malware free;

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how for securing (http://www.cert.org/tech_tips/securing_browser/) your browser for safer surfing.

10) Warez, cracks, keygens and p2p are very popular for carrying malware payloads. A file can be named anything, be nothing but malware or have malware bundled in it. Do you really trust the source of the file?

More info/tips with pictures, link below

Happy Safe Surfing.

jdkuhl

2013-01-11, 02:53

Hi -

I think I've made a mistake and want to get your take before proceeding with the System Restore.

I proceeded to uninstall combofix, and typed what you had listed, but as the uninstall proceeded, it began what seemed to be an installation and scan. I felt that I had entered in a typo, and cancelled the process - and then it said that the combofix was uninstalled. After this occurred, I feel like combofix was going to run a final scan prior to uninstalling, but I'm not sure.

Sorry about this. Thanks for the advice.

shelf life

2013-01-11, 03:17

hi,

You did it right. It does look like a install. As long as you got the "combofix is uninstalled" type message it should be ok, and the combofix icon should now be gone from the desktop also. Happy safe surfing out there.

jdkuhl

2013-01-11, 04:09

You have helped immensely. I do have a couple questions...

1. You asked me to download very specialized tools to capture and get rid of this malware problem. Should I check the computer with any of these tools regularly?
2. I think it was ComboFix that solved this issue - what did ComboFix actually find?

Thank you for your help.

shelf life

2013-01-11, 22:03

Glad to help. In answer to your questions: TDSSkiller is for specific malware but its also pretty automated so anybody should be able to use it. ASWmbr is also for specific malware and semi automated so most people could probably use it without problems. Both these tools are updated frequently so always get the latest version before using.
Combofix can remove alot of malware but it sometimes requires use of scripts that one has to know how to use. Its not recommended to use it yourself. Its also updated frequently.
If I remember I think combofix removed some malicious .dll files.
Malwarebytes is a good antimalware tool. Remember the free version must be updated manually and a scan started manually. Always check for updates before using.

jdkuhl

2013-01-12, 03:38

Very good - thank you again so much for your help.