Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How to remove Boot.Tidserv for a computer novice [Closed]


  • This topic is locked This topic is locked

#16
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi WhiteHat, thanks for all your help so far...

OTL logfile created on: 17/07/2012 22:23:45 - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Katie Higgins\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 463.91 Mb Available Physical Memory | 45.75% Memory free
2.39 Gb Paging File | 1.94 Gb Available in Paging File | 81.50% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 0.36 Gb Free Space | 0.49% Space Free | Partition Type: NTFS

Computer Name: KATIEHIGGINS | User Name: Katie Higgins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 22:47:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katie Higgins\Desktop\OTL.exe
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
PRC - [2011/09/14 12:54:56 | 000,037,728 | -H-- | M] (Mindjet) -- C:\Program Files\Mindjet\MindManager 10\MmReminderService.exe
PRC - [2010/03/27 12:11:37 | 000,202,256 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/31 18:29:06 | 000,196,608 | RH-- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/25 13:47:12 | 000,356,352 | -H-- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2006/08/02 01:38:30 | 000,802,816 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 01:32:44 | 000,696,320 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 01:27:54 | 000,479,232 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/06/29 08:41:22 | 000,184,320 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2006/05/19 20:13:38 | 000,798,720 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/03/02 23:50:52 | 000,151,552 | -H-- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 12:11:38 | 000,073,728 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/08/03 14:26:02 | 000,040,960 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/05/12 10:31:38 | 000,118,784 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | -H-- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2001/11/12 13:31:48 | 000,020,480 | -H-- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 12:54:12 | 000,150,856 | -H-- | M] () -- C:\Program Files\Mindjet\MindManager 10\zlib.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | -H-- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 19:14:43 | 001,291,776 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2006/08/02 01:26:20 | 000,118,784 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 01:24:54 | 000,348,160 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 14:07:08 | 001,167,360 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/01/04 18:14:36 | 000,049,152 | -H-- | M] () -- C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/23 14:55:38 | 000,118,784 | -H-- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2004/08/10 13:00:00 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 13:00:00 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/07/20 17:04:00 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\QuestScan\questscan183.exe C:\Program Files\QuestScan\questscan.dll ludiyodum lenopabex -- (QuestScan Service)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2010/01/15 13:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/02/07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/18 00:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2001/11/12 13:31:48 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/23 16:44:25 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/06/22 15:43:50 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120713.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/06/22 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120716.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/22 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/22 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/22 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120716.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/06/19 00:03:24 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symtdi.sys -- (SYMTDI)
DRV - [2012/03/29 07:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\SymEFA.sys -- (SymEFA)
DRV - [2012/03/29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\SymDS.sys -- (SymDS)
DRV - [2012/03/29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.sys -- (SymIRON)
DRV - [2012/03/29 07:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 07:03:27 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/29 23:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/05/20 17:38:50 | 000,089,856 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/05/20 17:38:50 | 000,073,344 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/05/20 17:38:50 | 000,064,512 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/05/20 17:38:50 | 000,026,624 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/05/20 17:38:44 | 000,011,136 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/05/20 17:38:36 | 000,102,784 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/05/20 16:27:24 | 000,030,576 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/08/05 22:48:42 | 000,054,752 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/08/02 02:27:48 | 000,012,544 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/05/30 16:42:52 | 000,045,696 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 15:13:52 | 004,271,616 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/02 01:46:28 | 000,471,264 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/22 07:56:24 | 001,522,688 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/13 17:08:44 | 001,124,097 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/30 18:12:00 | 000,162,560 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 10:45:16 | 000,007,040 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/10/20 14:03:42 | 000,006,144 | -H-- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 14:47:10 | 000,009,344 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 22:35:00 | 000,012,032 | -H-- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2000/03/29 17:11:20 | 000,008,096 | -H-- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\windows\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce5cea
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce5cea
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2801948
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...box_im2_test_v2
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = staff.proxy.ul.ie:80


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Katie Higgins\Desktop\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/27 12:12:40 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012/06/23 16:50:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012/07/17 22:14:09 | 000,000,000 | ---D | M]

[2012/06/23 19:23:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/06 10:46:55 | 000,000,000 | -H-D | M] (QuestScan) -- C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}

O1 HOSTS File: ([2004/08/10 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [hIxvqiEONcrb.exe] C:\Documents and Settings\All Users\Application Data\hIxvqiEONcrb.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005..\Run: [Picasa Media Detector] C:\Documents and Settings\Katie Higgins\Desktop\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O8 - Extra context menu item: &Search - http://tbedits.telev...EC&n=2011090605 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send Image To MindManager - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFE22642-F1FD-4B1B-BEFE-85F0689BFE5B}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Katie Higgins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 15:00:59 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f6ef2aa-9be6-11de-a2c9-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6ef2aa-9be6-11de-a2c9-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f6ef2aa-9be6-11de-a2c9-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0f6ef2ad-9be6-11de-a2c9-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6ef2ad-9be6-11de-a2c9-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f6ef2ad-9be6-11de-a2c9-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2d3834de-0987-11e1-a686-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3834de-0987-11e1-a686-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d3834de-0987-11e1-a686-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2d3834e0-0987-11e1-a686-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3834e0-0987-11e1-a686-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d3834e0-0987-11e1-a686-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{43b9aa36-fd7f-11df-a536-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{43b9aa36-fd7f-11df-a536-0018de7d0ddd}\Shell\open\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{473424b5-c6c8-11dd-a1b0-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{473424b5-c6c8-11dd-a1b0-0018de7d0ddd}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{504d8cdc-69ae-11df-a412-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{504d8cdc-69ae-11df-a412-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{504d8cdc-69ae-11df-a412-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{504d8cdf-69ae-11df-a412-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{504d8cdf-69ae-11df-a412-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{504d8cdf-69ae-11df-a412-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6f109fe6-5794-11df-a3f0-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{6f109fe6-5794-11df-a3f0-0018de7d0ddd}\Shell\open\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{765bc1e8-400c-11e0-a58c-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{765bc1e8-400c-11e0-a58c-0018de7d0ddd}\Shell\open\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{77391d5e-0a50-11e1-a687-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{77391d5e-0a50-11e1-a687-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77391d5e-0a50-11e1-a687-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{885d5862-de6e-11de-a322-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{885d5862-de6e-11de-a322-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{885d5862-de6e-11de-a322-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9e1106e8-4095-11df-a3bd-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{9e1106e8-4095-11df-a3bd-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e1106e8-4095-11df-a3bd-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9e1106eb-4095-11df-a3bd-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{9e1106eb-4095-11df-a3bd-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e1106eb-4095-11df-a3bd-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e5477f92-c5a8-11df-a4c0-0018de7d0ddd}\Shell\AutoRun\command - "" = F:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{e5477f92-c5a8-11df-a4c0-0018de7d0ddd}\Shell\open\command - "" = F:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{ea1dd378-77ad-11df-a429-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{ea1dd378-77ad-11df-a429-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea1dd378-77ad-11df-a429-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f4bffb8c-de68-11de-a321-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{f4bffb8c-de68-11de-a321-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4bffb8c-de68-11de-a321-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f4bffb8f-de68-11de-a321-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{f4bffb8f-de68-11de-a321-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4bffb8f-de68-11de-a321-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 22:22:44 | 000,688,663 | ---- | C] (Farbar) -- C:\Documents and Settings\Katie Higgins\Desktop\FSS.exe
[2012/07/02 22:16:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.exe
[2012/06/26 19:26:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Katie Higgins\My Documents\Dropbox
[2012/06/26 19:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie Higgins\Application Data\Dropbox
[2012/06/25 22:47:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katie Higgins\Desktop\OTL.exe
[2012/06/23 22:50:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/06/23 22:50:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/06/23 19:24:19 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NBRTWizard
[2012/06/23 19:24:19 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NBRTWizard\0405000.022
[2012/06/23 19:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2012/06/23 19:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/06/23 19:05:19 | 000,829,648 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Katie Higgins\Desktop\NBRT-Retail-Downloader.exe
[2012/06/23 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie Higgins\Local Settings\Application Data\NPE
[2012/06/23 17:38:44 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Katie Higgins\Desktop\NPE.exe
[2012/06/23 17:37:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/23 17:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/06/23 16:44:26 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL
[2012/06/23 16:44:25 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/06/23 16:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/06/23 16:42:22 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\symtdi.sys
[2012/06/23 16:42:22 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\symtdiv.sys
[2012/06/23 16:42:21 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\symnets.sys
[2012/06/23 16:42:20 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\SymEFA.sys
[2012/06/23 16:42:19 | 000,574,072 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\srtsp.sys
[2012/06/23 16:42:19 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\SymDS.sys
[2012/06/23 16:42:19 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\srtspx.sys
[2012/06/23 16:42:18 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\Ironx86.sys
[2012/06/23 16:42:17 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\ccSetx86.sys
[2012/06/23 16:41:17 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2012/06/23 16:41:17 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1307010.005
[2012/06/23 16:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/06/23 16:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/06/23 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/06/23 16:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/06/23 16:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/06/23 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/06/23 16:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie Higgins\Start Menu\Programs\Norton
[2012/06/23 16:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/06/23 16:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/06/23 14:48:44 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/06/23 14:35:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Katie Higgins\Recent
[2012/06/23 14:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie Higgins\My Documents\Symantec
[2012/06/23 12:54:25 | 000,000,000 | -HSD | C] -- C:\windows\CSC
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 22:22:51 | 000,688,663 | ---- | M] (Farbar) -- C:\Documents and Settings\Katie Higgins\Desktop\FSS.exe
[2012/07/17 22:12:44 | 000,000,294 | -H-- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1787001158-1526232164-327768440-1005.job
[2012/07/17 22:12:31 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/16 22:35:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Katie Higgins\Desktop\MBR.dat
[2012/07/16 22:18:12 | 000,001,158 | -H-- | M] () -- C:\windows\System32\wpa.dbl
[2012/07/11 21:23:04 | 000,000,256 | -H-- | M] () -- C:\windows\tasks\Epson Printer Software Downloader.job
[2012/07/02 22:16:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.exe
[2012/06/25 22:47:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katie Higgins\Desktop\OTL.exe
[2012/06/23 19:50:26 | 000,008,942 | ---- | M] () -- C:\windows\System32\drivers\NIS\1307010.005\VT20120410.034
[2012/06/23 19:28:28 | 001,095,523 | ---- | M] () -- C:\windows\System32\drivers\NIS\1307010.005\Cat.DB
[2012/06/23 19:27:10 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/06/23 19:06:01 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Katie Higgins\Desktop\Norton Installation Files.lnk
[2012/06/23 19:05:22 | 000,829,648 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Katie Higgins\Desktop\NBRT-Retail-Downloader.exe
[2012/06/23 18:00:04 | 000,000,302 | -H-- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1787001158-1526232164-327768440-1005.job
[2012/06/23 17:38:45 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Katie Higgins\Desktop\NPE.exe
[2012/06/23 17:15:02 | 000,000,129 | ---- | M] () -- C:\windows\System32\MRT.INI
[2012/06/23 16:44:25 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/06/23 16:44:25 | 000,007,468 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/06/23 16:44:25 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/06/23 16:44:24 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL
[2012/06/23 16:43:43 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/06/18 21:48:21 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\fyUg1n1mhcmKGF
[2012/06/18 21:48:15 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGFr
[2012/06/18 21:48:15 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGF
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/02 22:18:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Katie Higgins\Desktop\MBR.dat
[2012/06/23 19:51:10 | 000,008,942 | ---- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\VT20120410.034
[2012/06/23 19:27:10 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/06/23 19:24:19 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NBRTWizard\0405000.022\isolate.ini
[2012/06/23 17:15:02 | 000,000,129 | ---- | C] () -- C:\windows\System32\MRT.INI
[2012/06/23 16:44:35 | 001,095,523 | ---- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\Cat.DB
[2012/06/23 16:44:26 | 000,007,468 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/06/23 16:44:25 | 000,000,806 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/06/23 16:43:43 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/06/23 16:41:29 | 000,003,434 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymEFA.inf
[2012/06/23 16:41:29 | 000,002,852 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymDS.inf
[2012/06/23 16:41:29 | 000,001,469 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymNetV.inf
[2012/06/23 16:41:29 | 000,001,441 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymNet.inf
[2012/06/23 16:41:29 | 000,001,388 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\srtspx.inf
[2012/06/23 16:41:28 | 000,001,388 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\srtsp.inf
[2012/06/23 16:41:28 | 000,000,827 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\ccSetx86.inf
[2012/06/23 16:41:28 | 000,000,742 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\Iron.inf
[2012/06/23 16:41:24 | 000,004,782 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymVTcer.dat
[2012/06/23 16:41:19 | 000,007,877 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\symnetv.cat
[2012/06/23 16:41:19 | 000,007,458 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymNet.cat
[2012/06/23 16:41:18 | 000,007,492 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymDS.cat
[2012/06/23 16:41:18 | 000,007,456 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymEFA.cat
[2012/06/23 16:41:18 | 000,007,454 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\srtspx.cat
[2012/06/23 16:41:18 | 000,007,450 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\srtsp.cat
[2012/06/23 16:41:18 | 000,007,450 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\iron.cat
[2012/06/23 16:41:17 | 000,007,468 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\ccsetx86.cat
[2012/06/23 16:41:17 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\isolate.ini
[2012/06/23 16:28:13 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Katie Higgins\Desktop\Norton Installation Files.lnk
[2012/06/23 15:06:15 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Katie Higgins\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
[2012/06/18 21:48:15 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGFr
[2012/06/18 21:48:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGF
[2012/06/18 21:48:09 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\fyUg1n1mhcmKGF
[2011/09/06 10:44:31 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\4170748d032383168d51801edfb0776a_c
[2011/09/06 10:35:41 | 000,161,736 | -H-- | C] () -- C:\Program Files\64res.dll
[2011/01/26 02:26:39 | 000,375,104 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/10 20:21:12 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/07/19 22:36:49 | 000,000,000 | -H-- | C] () -- C:\windows\EEventManager.INI
[2008/10/04 19:34:54 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Katie Higgins\Application Data\wklnhst.dat
[2007/04/15 15:57:15 | 000,062,976 | -H-- | C] () -- C:\Documents and Settings\Katie Higgins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/25 16:02:10 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Katie Higgins\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2006/09/22 23:08:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2006/09/22 23:08:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/07/18 21:24:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/09/28 16:55:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FUJIFILM
[2010/01/29 12:34:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/01/29 12:33:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/10/28 14:45:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2011/04/06 09:30:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/06/23 16:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/01/29 12:34:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/04/23 12:59:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2009/10/26 18:12:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/03/22 13:02:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2012/04/05 21:38:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/07/18 21:22:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/11/07 22:28:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011/07/17 16:27:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/09/22 23:08:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2006/09/22 23:08:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2012/07/02 21:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\Dropbox
[2011/01/14 14:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\Epson
[2007/04/15 11:21:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\FUJIFILM
[2006/12/30 19:50:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\InterVideo
[2008/02/11 13:07:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\Lexmark Imaging Studio
[2008/07/03 00:25:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\LimeWire
[2011/06/23 07:45:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\NCH Swift Sound
[2011/04/21 19:13:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\SPSSInc
[2009/07/21 12:55:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\Template
[2006/09/22 23:08:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\toshiba
[2011/04/13 15:31:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\TP
[2011/11/07 22:29:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\Vodafone
[2006/09/22 23:08:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Katie Higgins\Application Data\Windows Desktop Search
[2006/09/22 23:12:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2012/07/11 21:23:04 | 000,000,256 | -H-- | M] () -- C:\windows\Tasks\Epson Printer Software Downloader.job
[2010/12/12 14:59:44 | 000,000,304 | -H-- | M] () -- C:\windows\Tasks\photostageSevenDays.job
[2010/12/15 14:59:02 | 000,000,304 | -H-- | M] () -- C:\windows\Tasks\photostageShakeIcon.job
[2006/12/25 16:01:03 | 000,000,258 | -H-- | M] () -- C:\windows\Tasks\Registration reminder 1.job
[2006/12/25 16:01:04 | 000,000,258 | -H-- | M] () -- C:\windows\Tasks\Registration reminder 3.job

========== Purity Check ==========



< End of report >



Farbar Service Scanner Version: 08-07-2012
Ran by Katie Higgins (administrator) on 17-07-2012 at 22:44:28
Running from "C:\Documents and Settings\Katie Higgins\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll
[2006-09-13 13:41] - [2006-05-19 13:59] - 0111616 ___AH (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\windows\system32\Drivers\afd.sys
[2006-09-13 13:41] - [2008-08-14 10:51] - 0138368 ___AH (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\windows\system32\Drivers\netbt.sys
[2006-09-13 13:42] - [2004-08-10 13:00] - 0162816 ___AH (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\windows\system32\Drivers\tcpip.sys
[2006-09-13 13:42] - [2008-06-20 11:45] - 0360320 ___AH (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\windows\system32\Drivers\ipsec.sys
[2006-09-13 13:42] - [2004-08-10 13:00] - 0074752 ___AH (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\windows\system32\dnsrslvr.dll
[2006-09-13 13:41] - [2008-02-20 06:32] - 0045568 ___AH (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\windows\system32\ipnathlp.dll
[2006-09-13 13:42] - [2004-08-10 13:00] - 0331264 ___AH (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\windows\system32\netman.dll
[2006-09-13 13:42] - [2005-08-22 19:29] - 0197632 ___AH (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\windows\system32\wbem\WMIsvc.dll
[2006-09-13 14:54] - [2004-08-10 13:00] - 0144896 ___AH (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\srsvc.dll
[2006-09-13 14:57] - [2004-08-10 13:00] - 0170496 ___AH (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\windows\system32\Drivers\sr.sys
[2006-09-13 14:57] - [2004-08-10 13:00] - 0073472 __AHC (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\windows\system32\wscsvc.dll
[2006-09-13 13:42] - [2004-08-10 13:00] - 0081408 __AHC (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\windows\system32\wbem\WMIsvc.dll
[2006-09-13 14:54] - [2004-08-10 13:00] - 0144896 ___AH (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\wuauserv.dll
[2006-09-13 14:58] - [2004-08-10 13:00] - 0006656 ___AH (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\windows\system32\qmgr.dll
[2006-09-13 14:58] - [2004-08-10 13:00] - 0382464 ___AH (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\windows\system32\es.dll
[2006-09-13 13:42] - [2008-07-07 21:06] - 0253952 ___AH (Microsoft Corporation) A4AB3DCA4A383F0DF4988ABDEB84F9A4

C:\windows\system32\cryptsvc.dll
[2006-09-13 13:41] - [2004-08-10 13:00] - 0060416 ___AH (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\windows\system32\svchost.exe
[2006-09-13 13:42] - [2004-08-10 13:00] - 0014336 ___AH (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\windows\system32\rpcss.dll
[2006-09-13 13:42] - [2009-02-09 11:01] - 0401408 ___AH (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\windows\system32\services.exe
[2006-09-13 13:42] - [2009-02-06 11:22] - 0110592 ___AH (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD


Extra List:
=======
AegisP(9) fssfltr(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) SYMTDI(12) Tcpip(3)
0x0C000000040000000100000002000000030000000C0000000B00000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****
  • 0

Advertisements


#17
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce5cea
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
    IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
    IE -  HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}:  "URL" = http://www.questscan...s={searchTerms}
    IE -  HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}:  "URL" = http://www.mywebsear...rms}&n=77ce5cea
    IE -  HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}:  "URL" = http://search.mywebs...r={searchTerms}
    IE -  HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}:  "URL" = http://search.condui...&ctid=CT2801948
    IE -  HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}:  "URL" = http://mystart.incre...box_im2_test_v2
    [2011/09/06 10:46:55 | 000,000,000 | -H-D | M] (QuestScan) -- C:\Program  Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
    [2012/06/18 21:48:21 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\fyUg1n1mhcmKGF
    [2012/06/18 21:48:15 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGFr
    [2012/06/18 21:48:15 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGF
    [2011/09/06 10:44:31 | 000,000,000 | -H-- | C] () -- C:\Documents and  Settings\All Users\Application Data\4170748d032383168d51801edfb0776a_c
    
    :Files
    Net start wscsvc /c
    ipconfig /flushdns /c
    
    :REG
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
    "Start"=dword:00000002
    
    :Commands
    [CREATERESTOREPOINT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#18
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Whitehat, apologies for the delay, missed the e-mail notification so hadn't logged on, sorry...


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_USERS\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\ not found.
C:\Documents and Settings\All Users\Application Data\fyUg1n1mhcmKGF moved successfully.
C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGFr moved successfully.
C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGF moved successfully.
File C:\Documents and Settings\All Users\Application Data\4170748d032383168d51801edfb0776a_c not found.
========== FILES ==========
< Net start wscsvc /c >
C:\Documents and Settings\Katie Higgins\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Katie Higgins\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Katie Higgins\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Katie Higgins\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Start"|dword:00000002 /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 07312012_221439
  • 0

#19
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi KHiggins,

Hi Whitehat, apologies for the delay, missed the e-mail notification so hadn't logged on, sorry...

Ok, no problem. :thumbsup:

How is your computer?

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

  • 0

#20
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Whitehat,
Everything seems pretty much the same, Norton is still picking up on the boot.tidsev.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Katie Higgins :: KATIEHIGGINS [administrator]

Protection: Enabled

01/08/2012 23:03:05
mbam-log-2012-08-01 (23-03-05).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288981
Time elapsed: 2 hour(s), 38 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX2-5657QCA554112} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX2-5657QCA554112} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.QuestScan) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 4
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully.

Files Detected: 6
C:\Program Files\64res.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\64res.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.

(end)
  • 0

#21
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Edited by WhiteHat, 02 August 2012 - 02:30 PM.

  • 0

#22
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
22:14:20.0390 2720 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:14:22.0406 2720 ============================================================
22:14:22.0406 2720 Current date / time: 2012/08/02 22:14:22.0406
22:14:22.0406 2720 SystemInfo:
22:14:22.0406 2720
22:14:22.0406 2720 OS Version: 5.1.2600 ServicePack: 2.0
22:14:22.0406 2720 Product type: Workstation
22:14:22.0406 2720 ComputerName: KATIEHIGGINS
22:14:22.0406 2720 UserName: Katie Higgins
22:14:22.0406 2720 Windows directory: C:\windows
22:14:22.0406 2720 System windows directory: C:\windows
22:14:22.0406 2720 Processor architecture: Intel x86
22:14:22.0406 2720 Number of processors: 1
22:14:22.0406 2720 Page size: 0x1000
22:14:22.0406 2720 Boot type: Normal boot
22:14:22.0406 2720 ============================================================
22:14:36.0078 2720 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:14:36.0125 2720 ============================================================
22:14:36.0125 2720 \Device\Harddisk0\DR0:
22:14:36.0140 2720 MBR partitions:
22:14:36.0140 2720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
22:14:36.0140 2720 ============================================================
22:14:36.0265 2720 C: <-> \Device\Harddisk0\DR0\Partition0
22:14:36.0890 2720 ============================================================
22:14:36.0890 2720 Initialize success
22:14:36.0890 2720 ============================================================
22:15:38.0750 3140 ============================================================
22:15:38.0750 3140 Scan started
22:15:38.0750 3140 Mode: Manual; SigCheck; TDLFS;
22:15:38.0750 3140 ============================================================
22:15:39.0828 3140 Abiosdsk - ok
22:15:39.0843 3140 abp480n5 - ok
22:15:39.0875 3140 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\windows\system32\DRIVERS\ACPI.sys
22:15:45.0468 3140 ACPI - ok
22:15:45.0515 3140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\DRIVERS\ACPIEC.sys
22:15:45.0703 3140 ACPIEC - ok
22:15:45.0718 3140 adpu160m - ok
22:15:45.0781 3140 aec (1ee7b434ba961ef845de136224c30fec) C:\windows\system32\drivers\aec.sys
22:15:46.0437 3140 aec - ok
22:15:46.0484 3140 AegisP (15e655baa989444f56787ef558823643) C:\windows\system32\DRIVERS\AegisP.sys
22:15:46.0531 3140 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:15:46.0531 3140 AegisP - detected UnsignedFile.Multi.Generic (1)
22:15:46.0593 3140 AFD (55e6e1c51b6d30e54335750955453702) C:\windows\System32\drivers\afd.sys
22:15:46.0640 3140 AFD - ok
22:15:46.0828 3140 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\windows\system32\DRIVERS\AGRSM.sys
22:15:47.0078 3140 AgereSoftModem - ok
22:15:47.0109 3140 Aha154x - ok
22:15:47.0140 3140 aic78u2 - ok
22:15:47.0171 3140 aic78xx - ok
22:15:47.0281 3140 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\windows\system32\alrsvc.dll
22:15:47.0593 3140 Alerter - ok
22:15:47.0640 3140 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\windows\System32\alg.exe
22:15:47.0750 3140 ALG - ok
22:15:47.0781 3140 AliIde - ok
22:15:47.0796 3140 amsint - ok
22:15:47.0984 3140 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:15:48.0000 3140 Apple Mobile Device - ok
22:15:48.0062 3140 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\windows\System32\appmgmts.dll
22:15:48.0171 3140 AppMgmt - ok
22:15:48.0265 3140 AR5211 (65b963f05458a7ee00473eb21ce3789d) C:\windows\system32\DRIVERS\ar5211.sys
22:15:48.0453 3140 AR5211 - ok
22:15:48.0500 3140 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\windows\system32\DRIVERS\arp1394.sys
22:15:48.0750 3140 Arp1394 - ok
22:15:48.0781 3140 asc - ok
22:15:48.0796 3140 asc3350p - ok
22:15:48.0812 3140 asc3550 - ok
22:15:49.0046 3140 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:15:49.0109 3140 aspnet_state - ok
22:15:49.0156 3140 AsyncMac (02000abf34af4c218c35d257024807d6) C:\windows\system32\DRIVERS\asyncmac.sys
22:15:49.0421 3140 AsyncMac - ok
22:15:49.0515 3140 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\windows\system32\DRIVERS\atapi.sys
22:15:49.0828 3140 atapi - ok
22:15:49.0828 3140 Atdisk - ok
22:15:50.0046 3140 Ati HotKey Poller (c4b5144443a368741e6427faa44c5491) C:\windows\system32\Ati2evxx.exe
22:15:50.0171 3140 Ati HotKey Poller - ok
22:15:50.0375 3140 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\windows\system32\DRIVERS\ati2mtag.sys
22:15:50.0468 3140 ati2mtag - ok
22:15:50.0531 3140 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\windows\system32\DRIVERS\atmarpc.sys
22:15:50.0703 3140 Atmarpc - ok
22:15:50.0765 3140 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\windows\System32\audiosrv.dll
22:15:51.0062 3140 AudioSrv - ok
22:15:51.0156 3140 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
22:15:51.0437 3140 audstub - ok
22:15:51.0515 3140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
22:15:51.0765 3140 Beep - ok
22:15:52.0328 3140 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
22:15:52.0656 3140 BHDrvx86 - ok
22:15:52.0812 3140 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
22:15:53.0390 3140 BITS - ok
22:15:53.0437 3140 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\windows\System32\browser.dll
22:15:53.0765 3140 Browser - ok
22:15:53.0859 3140 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\windows\system32\DRIVERS\BrScnUsb.sys
22:15:54.0015 3140 BrScnUsb - ok
22:15:54.0109 3140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
22:15:54.0281 3140 cbidf2k - ok
22:15:54.0312 3140 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\windows\system32\DRIVERS\CCDECODE.sys
22:15:54.0750 3140 CCDECODE - ok
22:15:54.0859 3140 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
22:15:54.0890 3140 ccSet_NIS - ok
22:15:54.0921 3140 cd20xrnt - ok
22:15:54.0984 3140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
22:15:55.0125 3140 Cdaudio - ok
22:15:55.0156 3140 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\windows\system32\drivers\Cdfs.sys
22:15:55.0312 3140 Cdfs - ok
22:15:55.0468 3140 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\windows\system32\DRIVERS\cdrom.sys
22:15:55.0625 3140 Cdrom - ok
22:15:55.0812 3140 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
22:15:55.0843 3140 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
22:15:55.0843 3140 CFSvcs - detected UnsignedFile.Multi.Generic (1)
22:15:55.0859 3140 Changer - ok
22:15:55.0906 3140 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\windows\system32\cisvc.exe
22:15:56.0156 3140 CiSvc - ok
22:15:56.0218 3140 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\windows\system32\clipsrv.exe
22:15:56.0453 3140 ClipSrv - ok
22:15:56.0609 3140 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:15:56.0765 3140 clr_optimization_v2.0.50727_32 - ok
22:15:56.0828 3140 CmBatt (4266be808f85826aedf3c64c1e240203) C:\windows\system32\DRIVERS\CmBatt.sys
22:15:57.0312 3140 CmBatt - ok
22:15:57.0328 3140 CmdIde - ok
22:15:57.0390 3140 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\windows\system32\DRIVERS\compbatt.sys
22:15:57.0562 3140 Compbatt - ok
22:15:57.0578 3140 COMSysApp - ok
22:15:57.0609 3140 Cpqarray - ok
22:15:57.0703 3140 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\windows\System32\cryptsvc.dll
22:15:57.0843 3140 CryptSvc - ok
22:15:57.0859 3140 dac2w2k - ok
22:15:57.0875 3140 dac960nt - ok
22:15:57.0953 3140 DcomLaunch (24b5d53b9accc1e2edcf0a878d6659d4) C:\windows\system32\rpcss.dll
22:15:58.0171 3140 DcomLaunch - ok
22:15:58.0265 3140 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\windows\System32\dhcpcsvc.dll
22:15:58.0812 3140 Dhcp - ok
22:15:58.0921 3140 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\windows\system32\DRIVERS\disk.sys
22:15:59.0078 3140 Disk - ok
22:15:59.0093 3140 dmadmin - ok
22:15:59.0156 3140 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\windows\system32\drivers\dmboot.sys
22:15:59.0406 3140 dmboot - ok
22:15:59.0500 3140 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\windows\system32\drivers\dmio.sys
22:16:00.0328 3140 dmio - ok
22:16:00.0343 3140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
22:16:00.0531 3140 dmload - ok
22:16:00.0609 3140 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\windows\System32\dmserver.dll
22:16:00.0828 3140 dmserver - ok
22:16:00.0890 3140 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\windows\system32\drivers\DMusic.sys
22:16:01.0062 3140 DMusic - ok
22:16:01.0140 3140 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\windows\System32\dnsrslvr.dll
22:16:01.0687 3140 Dnscache - ok
22:16:01.0718 3140 dpti2o - ok
22:16:01.0750 3140 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\windows\system32\drivers\drmkaud.sys
22:16:02.0046 3140 drmkaud - ok
22:16:02.0171 3140 E100B (83403675cab29e7a4b885b11e7c855d8) C:\windows\system32\DRIVERS\e100b325.sys
22:16:02.0421 3140 E100B - ok
22:16:02.0765 3140 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:16:02.0796 3140 eeCtrl - ok
22:16:03.0000 3140 ehRecvr (b03bcd810a2ee089fa08e47b5200be31) C:\WINDOWS\eHome\ehRecvr.exe
22:16:03.0234 3140 ehRecvr - ok
22:16:03.0281 3140 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
22:16:03.0343 3140 ehSched - ok
22:16:03.0390 3140 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:16:03.0421 3140 EraserUtilRebootDrv - ok
22:16:03.0500 3140 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\windows\System32\ersvc.dll
22:16:03.0828 3140 ERSvc - ok
22:16:03.0921 3140 Eventlog (4712531ab7a01b7ee059853ca17d39bd) C:\windows\system32\services.exe
22:16:04.0031 3140 Eventlog - ok
22:16:04.0125 3140 EventSystem (a4ab3dca4a383f0df4988abdeb84f9a4) C:\WINDOWS\system32\es.dll
22:16:04.0187 3140 EventSystem - ok
22:16:04.0296 3140 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:16:04.0359 3140 EvtEng ( UnsignedFile.Multi.Generic ) - warning
22:16:04.0359 3140 EvtEng - detected UnsignedFile.Multi.Generic (1)
22:16:04.0515 3140 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\windows\system32\DRIVERS\ew_hwusbdev.sys
22:16:04.0703 3140 ew_hwusbdev - ok
22:16:04.0750 3140 ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\windows\system32\DRIVERS\ew_usbenumfilter.sys
22:16:05.0046 3140 ew_usbenumfilter - ok
22:16:05.0109 3140 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\windows\system32\drivers\Fastfat.sys
22:16:05.0296 3140 Fastfat - ok
22:16:05.0421 3140 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\windows\System32\shsvcs.dll
22:16:06.0000 3140 FastUserSwitchingCompatibility - ok
22:16:06.0031 3140 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\windows\system32\drivers\Fdc.sys
22:16:06.0187 3140 Fdc - ok
22:16:06.0281 3140 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\windows\system32\drivers\Fips.sys
22:16:06.0437 3140 Fips - ok
22:16:06.0468 3140 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\windows\system32\drivers\Flpydisk.sys
22:16:06.0640 3140 Flpydisk - ok
22:16:06.0703 3140 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\windows\system32\DRIVERS\fltMgr.sys
22:16:07.0296 3140 FltMgr - ok
22:16:07.0500 3140 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:16:07.0562 3140 FontCache3.0.0.0 - ok
22:16:07.0625 3140 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\windows\system32\DRIVERS\fssfltr_tdi.sys
22:16:07.0640 3140 fssfltr - ok
22:16:07.0906 3140 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:16:07.0968 3140 fsssvc - ok
22:16:08.0031 3140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
22:16:08.0406 3140 Fs_Rec - ok
22:16:08.0453 3140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
22:16:08.0609 3140 Ftdisk - ok
22:16:08.0656 3140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\Drivers\GEARAspiWDM.sys
22:16:08.0671 3140 GEARAspiWDM - ok
22:16:08.0734 3140 Gpc (c0f1d4a21de5a415df8170616703debf) C:\windows\system32\DRIVERS\msgpc.sys
22:16:08.0890 3140 Gpc - ok
22:16:09.0125 3140 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:16:09.0140 3140 gusvc - ok
22:16:09.0203 3140 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\windows\system32\DRIVERS\HDAudBus.sys
22:16:09.0296 3140 HDAudBus - ok
22:16:09.0375 3140 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:16:09.0687 3140 helpsvc - ok
22:16:09.0750 3140 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\windows\System32\hidserv.dll
22:16:10.0234 3140 HidServ - ok
22:16:10.0296 3140 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\windows\system32\DRIVERS\hidusb.sys
22:16:10.0500 3140 HidUsb - ok
22:16:10.0500 3140 hpn - ok
22:16:10.0578 3140 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\windows\system32\Drivers\HTTP.sys
22:16:10.0687 3140 HTTP - ok
22:16:10.0765 3140 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\windows\System32\w3ssl.dll
22:16:11.0078 3140 HTTPFilter - ok
22:16:11.0171 3140 huawei_cdcacm (2eb6c536e63c1047577da6bf6c154e54) C:\windows\system32\DRIVERS\ew_jucdcacm.sys
22:16:11.0562 3140 huawei_cdcacm - ok
22:16:11.0609 3140 huawei_cdcecm (9144bb55dd9b647456155138d5510152) C:\windows\system32\DRIVERS\ew_jucdcecm.sys
22:16:11.0703 3140 huawei_cdcecm - ok
22:16:11.0750 3140 huawei_enumerator (033cf42b457366cfa1f8c669c5e30233) C:\windows\system32\DRIVERS\ew_jubusenum.sys
22:16:11.0828 3140 huawei_enumerator - ok
22:16:11.0875 3140 huawei_ext_ctrl (37cd1813d0a20b3199e9e904935b725d) C:\windows\system32\DRIVERS\ew_juextctrl.sys
22:16:11.0921 3140 huawei_ext_ctrl - ok
22:16:11.0937 3140 hwdatacard - ok
22:16:11.0953 3140 hwusbdev - ok
22:16:11.0968 3140 i2omgmt - ok
22:16:11.0984 3140 i2omp - ok
22:16:12.0203 3140 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\windows\system32\DRIVERS\i8042prt.sys
22:16:12.0640 3140 i8042prt - ok
22:16:12.0796 3140 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\windows\system32\DRIVERS\ialmnt5.sys
22:16:12.0984 3140 ialm - ok
22:16:13.0265 3140 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:16:13.0375 3140 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:16:13.0375 3140 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:16:13.0812 3140 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:16:13.0953 3140 idsvc - ok
22:16:14.0625 3140 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120801.001\IDSxpx86.sys
22:16:14.0656 3140 IDSxpx86 - ok
22:16:15.0312 3140 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\windows\system32\DRIVERS\imapi.sys
22:16:15.0468 3140 Imapi - ok
22:16:15.0515 3140 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
22:16:15.0671 3140 ImapiService - ok
22:16:15.0687 3140 ini910u - ok
22:16:16.0187 3140 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\windows\system32\drivers\RtkHDAud.sys
22:16:17.0687 3140 IntcAzAudAddService - ok
22:16:17.0906 3140 IntelIde - ok
22:16:17.0968 3140 intelppm (279fb78702454dff2bb445f238c048d2) C:\windows\system32\DRIVERS\intelppm.sys
22:16:18.0125 3140 intelppm - ok
22:16:18.0156 3140 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\windows\system32\DRIVERS\Ip6Fw.sys
22:16:18.0390 3140 Ip6Fw - ok
22:16:18.0406 3140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:16:18.0656 3140 IpFilterDriver - ok
22:16:18.0703 3140 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\windows\system32\DRIVERS\ipinip.sys
22:16:18.0968 3140 IpInIp - ok
22:16:19.0015 3140 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\windows\system32\DRIVERS\ipnat.sys
22:16:20.0171 3140 IpNat - ok
22:16:20.0328 3140 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
22:16:20.0375 3140 iPod Service - ok
22:16:20.0437 3140 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\windows\system32\DRIVERS\ipsec.sys
22:16:20.0609 3140 IPSec - ok
22:16:20.0640 3140 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\windows\system32\DRIVERS\irenum.sys
22:16:20.0796 3140 IRENUM - ok
22:16:20.0843 3140 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\windows\system32\DRIVERS\isapnp.sys
22:16:21.0093 3140 isapnp - ok
22:16:21.0125 3140 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\windows\system32\DRIVERS\kbdclass.sys
22:16:21.0359 3140 Kbdclass - ok
22:16:21.0375 3140 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\windows\system32\DRIVERS\kbdhid.sys
22:16:21.0531 3140 kbdhid - ok
22:16:21.0593 3140 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\windows\system32\drivers\kmixer.sys
22:16:22.0281 3140 kmixer - ok
22:16:22.0390 3140 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\windows\system32\drivers\KSecDD.sys
22:16:22.0750 3140 KSecDD - ok
22:16:22.0796 3140 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\windows\System32\srvsvc.dll
22:16:23.0312 3140 lanmanserver - ok
22:16:23.0359 3140 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\windows\System32\wkssvc.dll
22:16:23.0421 3140 lanmanworkstation - ok
22:16:23.0421 3140 lbrtfdc - ok
22:16:23.0484 3140 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\windows\System32\lmhsvc.dll
22:16:23.0640 3140 LmHosts - ok
22:16:23.0687 3140 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\windows\system32\drivers\MASPINT.sys
22:16:23.0765 3140 MASPINT ( UnsignedFile.Multi.Generic ) - warning
22:16:23.0765 3140 MASPINT - detected UnsignedFile.Multi.Generic (1)
22:16:23.0812 3140 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\windows\system32\drivers\mbam.sys
22:16:23.0859 3140 MBAMProtector - ok
22:16:24.0437 3140 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:16:24.0484 3140 MBAMService - ok
22:16:24.0687 3140 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
22:16:24.0953 3140 McComponentHostService - ok
22:16:25.0109 3140 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
22:16:25.0171 3140 McrdSvc - ok
22:16:25.0250 3140 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\windows\System32\msgsvc.dll
22:16:25.0390 3140 Messenger - ok
22:16:25.0437 3140 MHN (b7521f69c0a9b29d356157229376fb21) C:\windows\System32\mhn.dll
22:16:25.0515 3140 MHN - ok
22:16:25.0562 3140 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\windows\system32\DRIVERS\mhndrv.sys
22:16:25.0593 3140 MHNDRV - ok
22:16:25.0640 3140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
22:16:25.0875 3140 mnmdd - ok
22:16:25.0921 3140 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
22:16:26.0156 3140 mnmsrvc - ok
22:16:26.0218 3140 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\windows\system32\drivers\Modem.sys
22:16:26.0359 3140 Modem - ok
22:16:26.0406 3140 Mouclass (34e1f0031153e491910e12551400192c) C:\windows\system32\DRIVERS\mouclass.sys
22:16:26.0531 3140 Mouclass - ok
22:16:26.0625 3140 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\windows\system32\drivers\MountMgr.sys
22:16:26.0750 3140 MountMgr - ok
22:16:26.0765 3140 mraid35x - ok
22:16:26.0812 3140 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\windows\system32\DRIVERS\mrxdav.sys
22:16:27.0359 3140 MRxDAV - ok
22:16:27.0578 3140 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\windows\system32\DRIVERS\mrxsmb.sys
22:16:27.0750 3140 MRxSmb - ok
22:16:27.0843 3140 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
22:16:28.0000 3140 MSDTC - ok
22:16:28.0109 3140 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\windows\system32\drivers\Msfs.sys
22:16:28.0343 3140 Msfs - ok
22:16:28.0453 3140 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\windows\system32\Drivers\nx6000.sys
22:16:28.0468 3140 MSHUSBVideo - ok
22:16:28.0484 3140 MSIServer - ok
22:16:28.0531 3140 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\windows\system32\drivers\MSKSSRV.sys
22:16:28.0750 3140 MSKSSRV - ok
22:16:28.0796 3140 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\windows\system32\drivers\MSPCLOCK.sys
22:16:29.0062 3140 MSPCLOCK - ok
22:16:29.0109 3140 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\windows\system32\drivers\MSPQM.sys
22:16:29.0343 3140 MSPQM - ok
22:16:29.0453 3140 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\windows\system32\DRIVERS\mssmbios.sys
22:16:29.0734 3140 mssmbios - ok
22:16:30.0250 3140 MSTEE (bf13612142995096ab084f2db7f40f77) C:\windows\system32\drivers\MSTEE.sys
22:16:30.0406 3140 MSTEE - ok
22:16:30.0531 3140 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\windows\system32\drivers\Mup.sys
22:16:30.0750 3140 Mup - ok
22:16:30.0781 3140 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\windows\system32\DRIVERS\NABTSFEC.sys
22:16:30.0921 3140 NABTSFEC - ok
22:16:31.0359 3140 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120801.037\NAVENG.SYS
22:16:31.0375 3140 NAVENG - ok
22:16:31.0890 3140 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120801.037\NAVEX15.SYS
22:16:32.0656 3140 NAVEX15 - ok
22:16:33.0187 3140 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\windows\system32\drivers\NDIS.sys
22:16:33.0375 3140 NDIS - ok
22:16:33.0421 3140 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\windows\system32\DRIVERS\NdisIP.sys
22:16:33.0562 3140 NdisIP - ok
22:16:33.0593 3140 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\windows\system32\DRIVERS\ndistapi.sys
22:16:33.0765 3140 NdisTapi - ok
22:16:33.0828 3140 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\windows\system32\DRIVERS\ndisuio.sys
22:16:34.0359 3140 Ndisuio - ok
22:16:34.0406 3140 NdisWan (0b90e255a9490166ab368cd55a529893) C:\windows\system32\DRIVERS\ndiswan.sys
22:16:34.0562 3140 NdisWan - ok
22:16:34.0609 3140 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\windows\system32\drivers\NDProxy.sys
22:16:34.0750 3140 NDProxy - ok
22:16:34.0781 3140 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\windows\system32\DRIVERS\netbios.sys
22:16:34.0937 3140 NetBIOS - ok
22:16:35.0015 3140 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\windows\system32\DRIVERS\netbt.sys
22:16:35.0187 3140 NetBT - ok
22:16:35.0281 3140 NetDDE (05afb5ad06462257bea7495283c86d50) C:\windows\system32\netdde.exe
22:16:35.0515 3140 NetDDE - ok
22:16:35.0546 3140 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\windows\system32\netdde.exe
22:16:35.0671 3140 NetDDEdsdm - ok
22:16:35.0718 3140 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\windows\system32\DRIVERS\netdevio.sys
22:16:35.0734 3140 Netdevio ( UnsignedFile.Multi.Generic ) - warning
22:16:35.0734 3140 Netdevio - detected UnsignedFile.Multi.Generic (1)
22:16:35.0781 3140 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\windows\system32\lsass.exe
22:16:35.0953 3140 Netlogon - ok
22:16:36.0000 3140 Netman (36739b39267914ba69ad0610a0299732) C:\windows\System32\netman.dll
22:16:36.0593 3140 Netman - ok
22:16:36.0796 3140 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:16:36.0828 3140 NetTcpPortSharing - ok
22:16:37.0015 3140 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\windows\system32\DRIVERS\NETw3x32.sys
22:16:37.0312 3140 NETw3x32 - ok
22:16:37.0781 3140 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\windows\system32\DRIVERS\nic1394.sys
22:16:38.0203 3140 NIC1394 - ok
22:16:38.0359 3140 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
22:16:38.0375 3140 NIS - ok
22:16:38.0437 3140 Nla (097722f235a1fb698bf9234e01b52637) C:\windows\System32\mswsock.dll
22:16:38.0531 3140 Nla - ok
22:16:38.0562 3140 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\windows\system32\drivers\Npfs.sys
22:16:38.0703 3140 Npfs - ok
22:16:38.0796 3140 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\windows\system32\drivers\Ntfs.sys
22:16:39.0484 3140 Ntfs - ok
22:16:39.0546 3140 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\windows\system32\lsass.exe
22:16:39.0703 3140 NtLmSsp - ok
22:16:39.0812 3140 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\windows\system32\ntmssvc.dll
22:16:39.0953 3140 NtmsSvc - ok
22:16:40.0421 3140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
22:16:40.0593 3140 Null - ok
22:16:40.0968 3140 nv (ac5267c71f72fb42511ed5790ba0e9f5) C:\windows\system32\DRIVERS\nv4_mini.sys
22:16:41.0625 3140 nv - ok
22:16:41.0984 3140 NVSvc (3ab553f922fc8501bf2ee5407fc28c0f) C:\windows\system32\nvsvc32.exe
22:16:42.0046 3140 NVSvc - ok
22:16:42.0375 3140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
22:16:42.0703 3140 NwlnkFlt - ok
22:16:42.0765 3140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
22:16:43.0015 3140 NwlnkFwd - ok
22:16:43.0078 3140 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\windows\system32\DRIVERS\ohci1394.sys
22:16:43.0343 3140 ohci1394 - ok
22:16:43.0484 3140 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:16:43.0531 3140 ose - ok
22:16:43.0578 3140 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\windows\system32\drivers\Parport.sys
22:16:43.0718 3140 Parport - ok
22:16:43.0750 3140 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\windows\system32\drivers\PartMgr.sys
22:16:43.0890 3140 PartMgr - ok
22:16:43.0937 3140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
22:16:44.0125 3140 ParVdm - ok
22:16:44.0187 3140 PCI (8086d9979234b603ad5bc2f5d890b234) C:\windows\system32\DRIVERS\pci.sys
22:16:44.0406 3140 PCI - ok
22:16:44.0421 3140 PCIDump - ok
22:16:44.0484 3140 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
22:16:44.0671 3140 PCIIde - ok
22:16:44.0703 3140 Pcmcia (82a087207decec8456fbe8537947d579) C:\windows\system32\DRIVERS\pcmcia.sys
22:16:44.0953 3140 Pcmcia - ok
22:16:44.0968 3140 PDCOMP - ok
22:16:45.0000 3140 PDFRAME - ok
22:16:45.0031 3140 PDRELI - ok
22:16:45.0046 3140 PDRFRAME - ok
22:16:45.0062 3140 perc2 - ok
22:16:45.0078 3140 perc2hib - ok
22:16:45.0250 3140 PlugPlay (4712531ab7a01b7ee059853ca17d39bd) C:\windows\system32\services.exe
22:16:45.0359 3140 PlugPlay - ok
22:16:45.0406 3140 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\windows\system32\lsass.exe
22:16:45.0937 3140 PolicyAgent - ok
22:16:45.0984 3140 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\windows\system32\DRIVERS\raspptp.sys
22:16:46.0109 3140 PptpMiniport - ok
22:16:46.0125 3140 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\windows\system32\lsass.exe
22:16:46.0265 3140 ProtectedStorage - ok
22:16:46.0296 3140 PSched (48671f327553dcf1d27f6197f622a668) C:\windows\system32\DRIVERS\psched.sys
22:16:46.0468 3140 PSched - ok
22:16:46.0515 3140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
22:16:46.0656 3140 Ptilink - ok
22:16:46.0734 3140 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\windows\system32\Drivers\PxHelp20.sys
22:16:46.0750 3140 PxHelp20 - ok
22:16:46.0765 3140 ql1080 - ok
22:16:46.0781 3140 Ql10wnt - ok
22:16:46.0796 3140 ql12160 - ok
22:16:46.0796 3140 ql1240 - ok
22:16:46.0812 3140 ql1280 - ok
22:16:46.0843 3140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
22:16:46.0968 3140 RasAcd - ok
22:16:47.0046 3140 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\windows\System32\rasauto.dll
22:16:47.0187 3140 RasAuto - ok
22:16:47.0296 3140 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\windows\system32\DRIVERS\rasl2tp.sys
22:16:47.0437 3140 Rasl2tp - ok
22:16:47.0484 3140 RasMan (d4bd2eeab07fef323f0a0ceecc954f51) C:\windows\System32\rasmans.dll
22:16:47.0515 3140 RasMan ( UnsignedFile.Multi.Generic ) - warning
22:16:47.0515 3140 RasMan - detected UnsignedFile.Multi.Generic (1)
22:16:47.0546 3140 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\windows\system32\DRIVERS\raspppoe.sys
22:16:47.0703 3140 RasPppoe - ok
22:16:47.0734 3140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
22:16:47.0890 3140 Raspti - ok
22:16:48.0062 3140 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\windows\system32\DRIVERS\rdbss.sys
22:16:48.0656 3140 Rdbss - ok
22:16:48.0703 3140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
22:16:48.0828 3140 RDPCDD - ok
22:16:48.0875 3140 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\windows\system32\DRIVERS\rdpdr.sys
22:16:49.0015 3140 rdpdr - ok
22:16:49.0093 3140 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\windows\system32\drivers\RDPWD.sys
22:16:49.0687 3140 RDPWD - ok
22:16:49.0718 3140 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
22:16:49.0890 3140 RDSessMgr - ok
22:16:49.0984 3140 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\windows\system32\DRIVERS\redbook.sys
22:16:50.0109 3140 redbook - ok
22:16:50.0312 3140 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:16:50.0359 3140 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
22:16:50.0359 3140 RegSrvc - detected UnsignedFile.Multi.Generic (1)
22:16:50.0406 3140 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\windows\System32\mprdim.dll
22:16:50.0546 3140 RemoteAccess - ok
22:16:50.0640 3140 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\windows\system32\regsvc.dll
22:16:50.0781 3140 RemoteRegistry - ok
22:16:50.0890 3140 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\windows\system32\locator.exe
22:16:51.0046 3140 RpcLocator - ok
22:16:51.0140 3140 RpcSs (24b5d53b9accc1e2edcf0a878d6659d4) C:\windows\system32\rpcss.dll
22:16:51.0312 3140 RpcSs - ok
22:16:51.0406 3140 RSVP (471b3f9741d762abe75e9deea4787e47) C:\windows\system32\rsvp.exe
22:16:51.0562 3140 RSVP - ok
22:16:51.0703 3140 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
22:16:51.0796 3140 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
22:16:51.0796 3140 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
22:16:51.0953 3140 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\windows\system32\DRIVERS\s24trans.sys
22:16:52.0000 3140 s24trans ( UnsignedFile.Multi.Generic ) - warning
22:16:52.0000 3140 s24trans - detected UnsignedFile.Multi.Generic (1)
22:16:52.0078 3140 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\windows\system32\lsass.exe
22:16:52.0250 3140 SamSs - ok
22:16:52.0328 3140 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\windows\System32\SCardSvr.exe
22:16:52.0812 3140 SCardSvr - ok
22:16:52.0859 3140 Schedule (92360854316611f6cc471612213c3d92) C:\windows\system32\schedsvc.dll
22:16:52.0984 3140 Schedule - ok
22:16:53.0125 3140 sdbus (a1ab8355ecf5ace3f2d5a47fc8a231e9) C:\windows\system32\DRIVERS\sdbus.sys
22:16:53.0671 3140 sdbus - ok
22:16:53.0828 3140 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:16:53.0859 3140 SeaPort - ok
22:16:53.0921 3140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
22:16:54.0531 3140 Secdrv - ok
22:16:54.0578 3140 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\windows\System32\seclogon.dll
22:16:54.0750 3140 seclogon - ok
22:16:54.0796 3140 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\windows\system32\sens.dll
22:16:54.0953 3140 SENS - ok
22:16:55.0000 3140 Serial (cd9404d115a00d249f70a371b46d5a26) C:\windows\system32\drivers\Serial.sys
22:16:55.0328 3140 Serial - ok
22:16:55.0390 3140 sffdisk (6d669b3532b54c5ffafca6d80aea260a) C:\windows\system32\DRIVERS\sffdisk.sys
22:16:55.0937 3140 sffdisk - ok
22:16:55.0984 3140 sffp_sd (9a1cb664621383746c9e2ae350cb02db) C:\windows\system32\DRIVERS\sffp_sd.sys
22:16:56.0546 3140 sffp_sd - ok
22:16:56.0578 3140 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\windows\system32\drivers\Sfloppy.sys
22:16:56.0703 3140 Sfloppy - ok
22:16:56.0796 3140 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\windows\System32\ipnathlp.dll
22:16:56.0937 3140 SharedAccess - ok
22:16:57.0093 3140 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\windows\System32\shsvcs.dll
22:16:57.0593 3140 ShellHWDetection - ok
22:16:57.0609 3140 Simbad - ok
22:16:57.0703 3140 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\windows\system32\DRIVERS\SLIP.sys
22:16:57.0937 3140 SLIP - ok
22:16:57.0968 3140 Sparrow - ok
22:16:58.0015 3140 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\windows\system32\drivers\splitter.sys
22:16:58.0578 3140 splitter - ok
22:16:58.0640 3140 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\windows\system32\spoolsv.exe
22:16:59.0187 3140 Spooler - ok
22:16:59.0296 3140 sr (e41b6d037d6cd08461470af04500dc24) C:\windows\system32\DRIVERS\sr.sys
22:16:59.0406 3140 sr - ok
22:16:59.0453 3140 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
22:16:59.0546 3140 srservice - ok
22:16:59.0890 3140 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\windows\system32\drivers\NIS\1307010.005\SRTSP.SYS
22:17:00.0093 3140 SRTSP - ok
22:17:00.0171 3140 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS
22:17:00.0203 3140 SRTSPX - ok
22:17:00.0296 3140 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\windows\system32\DRIVERS\srv.sys
22:17:00.0421 3140 Srv - ok
22:17:00.0484 3140 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\windows\System32\ssdpsrv.dll
22:17:00.0609 3140 SSDPSRV - ok
22:17:00.0734 3140 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\windows\system32\wiaservc.dll
22:17:01.0468 3140 stisvc - ok
22:17:01.0515 3140 streamip (284c57df5dc7abca656bc2b96a667afb) C:\windows\system32\DRIVERS\StreamIP.sys
22:17:01.0640 3140 streamip - ok
22:17:01.0718 3140 swenum (03c1bae4766e2450219d20b993d6e046) C:\windows\system32\DRIVERS\swenum.sys
22:17:01.0859 3140 swenum - ok
22:17:01.0968 3140 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\windows\system32\drivers\swmidi.sys
22:17:02.0109 3140 swmidi - ok
22:17:02.0140 3140 SwPrv - ok
22:17:02.0156 3140 symc810 - ok
22:17:02.0171 3140 symc8xx - ok
22:17:02.0437 3140 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\windows\system32\drivers\NIS\1307010.005\SYMDS.SYS
22:17:02.0484 3140 SymDS - ok
22:17:02.0968 3140 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS
22:17:03.0187 3140 SymEFA - ok
22:17:03.0296 3140 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:17:03.0312 3140 SymEvent - ok
22:17:03.0468 3140 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\windows\system32\drivers\NIS\1307010.005\Ironx86.SYS
22:17:03.0515 3140 SymIRON - ok
22:17:03.0625 3140 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\windows\system32\drivers\NIS\1307010.005\SYMTDI.SYS
22:17:03.0687 3140 SYMTDI - ok
22:17:03.0734 3140 sym_hi - ok
22:17:03.0765 3140 sym_u3 - ok
22:17:03.0843 3140 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\windows\system32\DRIVERS\SynTP.sys
22:17:03.0921 3140 SynTP - ok
22:17:03.0968 3140 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\windows\system32\drivers\sysaudio.sys
22:17:04.0265 3140 sysaudio - ok
22:17:04.0328 3140 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\windows\system32\smlogsvc.exe
22:17:04.0484 3140 SysmonLog - ok
22:17:05.0140 3140 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\windows\System32\tapisrv.dll
22:17:05.0718 3140 TapiSrv - ok
22:17:05.0859 3140 TAPPSRV (36772b5eaaaf42db5c5ee6eeb0ec0af7) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
22:17:05.0890 3140 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
22:17:05.0890 3140 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
22:17:05.0968 3140 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\windows\system32\DRIVERS\tcpip.sys
22:17:06.0046 3140 Tcpip - ok
22:17:06.0140 3140 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\windows\system32\drivers\TDPIPE.sys
22:17:06.0265 3140 TDPIPE - ok
22:17:06.0359 3140 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\windows\system32\drivers\TDTCP.sys
22:17:06.0546 3140 TDTCP - ok
22:17:06.0578 3140 TermDD (a540a99c281d933f3d69d55e48727f47) C:\windows\system32\DRIVERS\termdd.sys
22:17:06.0796 3140 TermDD - ok
22:17:06.0875 3140 TermService (c29a5286e64d97385178452d5f307b98) C:\windows\System32\termsrv.dll
22:17:07.0546 3140 TermService - ok
22:17:07.0609 3140 Themes (6815def9b810aefac107eeaf72da6f82) C:\windows\System32\shsvcs.dll
22:17:08.0187 3140 Themes - ok
22:17:08.0343 3140 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\windows\system32\drivers\tifm21.sys
22:17:08.0437 3140 tifm21 - ok
22:17:08.0484 3140 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
22:17:08.0578 3140 TlntSvr - ok
22:17:08.0593 3140 TosIde - ok
22:17:08.0640 3140 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\windows\system32\DRIVERS\tosrfec.sys
22:17:08.0687 3140 tosrfec ( UnsignedFile.Multi.Generic ) - warning
22:17:08.0687 3140 tosrfec - detected UnsignedFile.Multi.Generic (1)
22:17:08.0734 3140 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\windows\system32\trkwks.dll
22:17:08.0890 3140 TrkWks - ok
22:17:08.0937 3140 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\windows\system32\DRIVERS\NBSMI.sys
22:17:08.0937 3140 TVALD ( UnsignedFile.Multi.Generic ) - warning
22:17:08.0937 3140 TVALD - detected UnsignedFile.Multi.Generic (1)
22:17:08.0968 3140 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\windows\system32\DRIVERS\Tvs.sys
22:17:09.0015 3140 Tvs ( UnsignedFile.Multi.Generic ) - warning
22:17:09.0015 3140 Tvs - detected UnsignedFile.Multi.Generic (1)
22:17:09.0078 3140 Udfs (7cef3e36843bf5dd55120fcce88800ce) C:\windows\system32\drivers\Udfs.sys
22:17:09.0718 3140 Udfs - ok
22:17:09.0750 3140 ultra - ok
22:17:09.0828 3140 Update (ced744117e91bdc0beb810f7d8608183) C:\windows\system32\DRIVERS\update.sys
22:17:10.0390 3140 Update - ok
22:17:10.0468 3140 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\windows\System32\upnphost.dll
22:17:11.0078 3140 upnphost - ok
22:17:11.0140 3140 UPS (3f5df65b0758675f95a2d43918a740a3) C:\windows\System32\ups.exe
22:17:11.0437 3140 UPS - ok
22:17:11.0500 3140 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
22:17:11.0593 3140 USBAAPL - ok
22:17:11.0656 3140 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\windows\system32\drivers\usbaudio.sys
22:17:11.0828 3140 usbaudio - ok
22:17:11.0906 3140 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\windows\system32\DRIVERS\usbccgp.sys
22:17:12.0062 3140 usbccgp - ok
22:17:12.0109 3140 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\windows\system32\DRIVERS\usbehci.sys
22:17:12.0281 3140 usbehci - ok
22:17:12.0343 3140 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\windows\system32\DRIVERS\usbhub.sys
22:17:12.0546 3140 usbhub - ok
22:17:12.0640 3140 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\windows\system32\DRIVERS\usbprint.sys
22:17:12.0843 3140 usbprint - ok
22:17:12.0968 3140 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\windows\system32\DRIVERS\usbscan.sys
22:17:13.0156 3140 usbscan - ok
22:17:13.0281 3140 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:17:13.0546 3140 USBSTOR - ok
22:17:13.0640 3140 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\windows\system32\DRIVERS\usbuhci.sys
22:17:14.0015 3140 usbuhci - ok
22:17:14.0093 3140 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\windows\system32\Drivers\usbvideo.sys
22:17:14.0234 3140 usbvideo - ok
22:17:14.0265 3140 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\windows\System32\drivers\vga.sys
22:17:14.0390 3140 VgaSave - ok
22:17:14.0406 3140 ViaIde - ok
22:17:14.0468 3140 VolSnap (ee4660083deba849ff6c485d944b379b) C:\windows\system32\drivers\VolSnap.sys
22:17:14.0656 3140 VolSnap - ok
22:17:14.0796 3140 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\windows\System32\vssvc.exe
22:17:14.0890 3140 VSS - ok
22:17:14.0937 3140 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
22:17:15.0093 3140 W32Time - ok
22:17:15.0140 3140 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\windows\system32\DRIVERS\wanarp.sys
22:17:15.0312 3140 Wanarp - ok
22:17:15.0406 3140 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\windows\system32\Drivers\wdf01000.sys
22:17:15.0453 3140 Wdf01000 - ok
22:17:15.0484 3140 WDICA - ok
22:17:15.0531 3140 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\windows\system32\drivers\wdmaud.sys
22:17:16.0234 3140 wdmaud - ok
22:17:16.0296 3140 WebClient (265f534ef76832435afbf771ec97176d) C:\windows\System32\webclnt.dll
22:17:16.0906 3140 WebClient - ok
22:17:17.0062 3140 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\windows\system32\wbem\WMIsvc.dll
22:17:17.0250 3140 winmgmt - ok
22:17:17.0343 3140 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
22:17:17.0453 3140 WmdmPmSN - ok
22:17:17.0578 3140 Wmi (e8e57b0f9eb03d1aabec28d550c75116) C:\windows\System32\advapi32.dll
22:17:17.0703 3140 Wmi - ok
22:17:17.0765 3140 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:17:17.0906 3140 WmiApSrv - ok
22:17:17.0953 3140 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\windows\system32\wscsvc.dll
22:17:18.0156 3140 wscsvc - ok
22:17:18.0265 3140 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\windows\system32\DRIVERS\WSTCODEC.SYS
22:17:18.0453 3140 WSTCODEC - ok
22:17:18.0562 3140 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
22:17:18.0750 3140 wuauserv - ok
22:17:18.0812 3140 WZCSVC (247520eded53a08ae89ea4fae04f54d8) C:\windows\System32\wzcsvc.dll
22:17:19.0515 3140 WZCSVC - ok
22:17:19.0578 3140 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\windows\system32\Drivers\x10hid.sys
22:17:19.0640 3140 X10Hid - ok
22:17:20.0265 3140 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
22:17:20.0281 3140 x10nets ( UnsignedFile.Multi.Generic ) - warning
22:17:20.0281 3140 x10nets - detected UnsignedFile.Multi.Generic (1)
22:17:20.0328 3140 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\windows\System32\xmlprov.dll
22:17:20.0468 3140 xmlprov - ok
22:17:20.0546 3140 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:17:21.0093 3140 \Device\Harddisk0\DR0 - ok
22:17:21.0109 3140 Boot (0x1200) (ea427b4bf92d6137bddd541a6269548c) \Device\Harddisk0\DR0\Partition0
22:17:21.0109 3140 \Device\Harddisk0\DR0\Partition0 - ok
22:17:21.0125 3140 ============================================================
22:17:21.0125 3140 Scan finished
22:17:21.0125 3140 ============================================================
22:17:21.0265 2008 Detected object count: 15
22:17:21.0265 2008 Actual detected object count: 15
22:19:59.0687 2008 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0687 2008 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0687 2008 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0687 2008 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0687 2008 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0687 2008 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0687 2008 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0687 2008 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0687 2008 MASPINT ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0687 2008 MASPINT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0703 2008 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0703 2008 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0703 2008 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0703 2008 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0703 2008 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0703 2008 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0703 2008 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0703 2008 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0703 2008 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0703 2008 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0718 2008 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0718 2008 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0718 2008 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0718 2008 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0734 2008 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0734 2008 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0734 2008 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0734 2008 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:19:59.0734 2008 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:59.0734 2008 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:31.0038 2120 Deinitialize success
  • 0

#23
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #
Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

# Step 2 #
Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
  • 0

#24
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey, all my documents are now working on my desktop and the icons have reappeared in my start tab, thanks! Norton is still showing up the virus, and any photos that I had saved have disappeared...Here are the logs


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-03 23:19:27
-----------------------------
23:19:27.461 OS Version: Windows 5.1.2600 Service Pack 2
23:19:27.461 Number of processors: 1 586 0xE08
23:19:27.461 ComputerName: KATIEHIGGINS UserName:
23:19:28.742 Initialize success
23:20:09.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:20:09.130 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
23:20:09.161 Disk 0 MBR read successfully
23:20:09.176 Disk 0 MBR scan
23:20:09.176 Disk 0 Windows XP default MBR code
23:20:09.176 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
23:20:09.192 Disk 0 scanning sectors +156296385
23:20:09.255 Disk 0 scanning C:\windows\system32\drivers
23:20:18.988 Service scanning
23:20:47.971 Modules scanning
23:21:04.485 Disk 0 trace - called modules:
23:21:04.501 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:21:04.516 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8724bab8]
23:21:04.516 3 CLASSPNP.SYS[f771f05b] -> nt!IofCallDriver -> \Device\0000008b[0x872b3f18]
23:21:04.516 5 ACPI.sys[f7675620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87320030]
23:21:04.532 Scan finished successfully
23:21:28.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\MBR.dat"
23:21:28.983 The log file has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.txt03.08.txt"


ComboFix 12-07-31.06 - Katie Higgins 03/08/2012 23:36:41.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.343 [GMT 1:00]
Running from: c:\documents and settings\Katie Higgins\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\4170748d032383168d51801edfb0776a_c
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Katie Higgins\WINDOWS
c:\program files\TelevisionFanaticEI
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\FF05DA0D.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-01 21:58 . 2012-08-01 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-01 21:58 . 2012-08-01 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-01 21:58 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 21:14 . 2012-07-31 21:14 -------- dc----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:44 . 2012-06-23 15:44 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-23 15:44 . 2012-06-23 15:44 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"TFncKy"="TFncKy.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"MMReminderService"="c:\program files\Mindjet\MindManager 10\MMReminderService.exe" [2011-09-14 37728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Katie Higgins\\Desktop\\eMule0.48a\\eMule0.48a\\emule.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\SymDS.sys [23/06/2012 16:42 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\SymEFA.sys [23/06/2012 16:42 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [16/07/2012 22:41 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccSetx86.sys [23/06/2012 16:42 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\Ironx86.sys [23/06/2012 16:42 149624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [01/08/2012 22:58 655944]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [23/06/2012 16:41 138232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/06/2012 16:48 106656]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [07/11/2011 22:29 73344]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120801.001\IDSXpx86.sys [02/08/2012 01:53 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/08/2012 22:58 22344]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [14/09/2006 12:10 7040]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [07/11/2011 23:05 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [07/11/2011 22:30 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [07/11/2011 22:30 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [07/11/2011 22:31 64512]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [07/11/2011 22:31 26624]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [26/01/2011 01:03 30576]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2011-09-14 11:52 1409 -c-ha-r- c:\program files\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-07-11 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2010-12-12 c:\windows\Tasks\photostageSevenDays.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-12-12 13:59]
.
2010-12-15 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-12-12 13:59]
.
2012-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1787001158-1526232164-327768440-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2012-06-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1787001158-1526232164-327768440-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2006-12-25 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-09-13 12:00]
.
2006-12-25 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-09-13 12:00]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ie/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = staff.proxy.ul.ie:80
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE:
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send Image To MindManager - c:\program files\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - c:\program files\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - c:\program files\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - c:\program files\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Picasa Media Detector - c:\documents and settings\Katie Higgins\Desktop\Picasa2\PicasaMediaDetector.exe
HKLM-Run-hIxvqiEONcrb.exe - c:\documents and settings\All Users\Application Data\hIxvqiEONcrb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-03 23:57
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-08-04 00:28:38
ComboFix-quarantined-files.txt 2012-08-03 23:28
.
Pre-Run: 213,770,240 bytes free
Post-Run: 304,627,712 bytes free
.
- - End Of File - - 14FD7870A195E420ED97E2ACB0F354EF
  • 0

#25
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay. You still need help?
  • 0

Advertisements


#26
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Whitehat, no bother, Norton is still detecting the virus, but my computer is definately working better.
  • 0

#27
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Hi Whitehat, no bother,

Are you sure? Are you sure? I suggest you to continue the topic.

I'm really sorry. I completely forgot your topic.
  • 0

#28
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Whitehat,

If you can think of anything else that might remove the virus that would be great, need to back up files but am worried that if I do it before the virus is gone it wil spread to my external hard-drive aswell.

Thanks
  • 0

#29
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Can you tell me the file that norton is detecting? You can find this information on the own quarantine of the antivirus.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    drives
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#30
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Whitehat, the virus hadn't been put into quarantine. I've put it in there now and my computer seems to be running well. Thank you for all of your help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP