Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Tidserv!inf


  • This topic is locked This topic is locked
21 replies to this topic

#1 Just Mercury

Just Mercury

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:25 PM

Posted 17 May 2010 - 05:03 AM

Hi,
Norton 360 has identified this Trojan on my computer.
I've been through the preparation guide with little success.
I have tried to get a dds log and a GMER log for this trojan but failed.
I have however managed to get the RSIT log (see Below)
Please advise on next step to remove the Trojan.
Thanks. crazy.gif

Logfile of random's system information tool 1.07 (written by random/random)
Run by Loz at 2010-05-17 17:48:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (59%) free of 46 GB
Total RAM: 1535 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:49:14 PM, on 17/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Loz\Desktop\RSIT.exe
C:\Program Files\trend micro\Loz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&...on=2.5.7002.477
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1241337541031
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 7282 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ParetoLogic Registration3.job
C:\WINDOWS\tasks\ParetoLogic Update Version3.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\XoftSpySE.job
C:\WINDOWS\tasks\XoftSpySE_sch_895B4DE2-3967-11DF-A89C-001167999F10.job
C:\WINDOWS\tasks\XoftSpySE_sch_C442D510-37A5-11DF-A897-001167999F10.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2010-04-15 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL [2010-04-15 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2010-04-15 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-25 952768]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-22 1871872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2006-10-22 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-05-15 66864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\Old HD Data\OldProgram Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="D:\Old HD Data\OldProgram Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-05-17 17:48:54 ----D---- C:\Program Files\trend micro
2010-05-17 17:48:51 ----D---- C:\rsit
2010-05-15 17:06:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-15 16:28:00 ----SHD---- C:\RECYCLER
2010-05-15 16:01:15 ----D---- C:\WINDOWS\temp
2010-05-15 16:01:13 ----A---- C:\ComboFix.txt
2010-05-15 15:51:13 ----A---- C:\WINDOWS\zip.exe
2010-05-15 15:51:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-15 15:51:13 ----A---- C:\WINDOWS\SWSC.exe
2010-05-15 15:51:13 ----A---- C:\WINDOWS\SWREG.exe
2010-05-15 15:51:13 ----A---- C:\WINDOWS\sed.exe
2010-05-15 15:51:13 ----A---- C:\WINDOWS\PEV.exe
2010-05-15 15:51:13 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-15 15:51:13 ----A---- C:\WINDOWS\MBR.exe
2010-05-15 15:51:13 ----A---- C:\WINDOWS\grep.exe
2010-05-15 15:51:04 ----D---- C:\ComboFix
2010-05-15 14:16:40 ----RD---- C:\Program Files\Norton Support
2010-05-12 17:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-04 08:54:02 ----D---- C:\Documents and Settings\Loz\Application Data\Ahead
2010-05-03 19:20:05 ----D---- C:\Program Files\CCleaner
2010-05-03 18:43:33 ----A---- C:\Boot.bak
2010-05-03 18:43:29 ----RASHD---- C:\cmdcons
2010-05-03 18:32:57 ----D---- C:\WINDOWS\ERDNT
2010-05-03 18:32:39 ----D---- C:\Qoobox
2010-05-01 18:12:51 ----D---- C:\Program Files\Enigma Software Group
2010-05-01 18:12:24 ----D---- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-01 18:12:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-26 21:25:42 ----D---- C:\Documents and Settings\Loz\Application Data\Malwarebytes
2010-04-26 21:25:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-26 21:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-25 19:08:41 ----D---- C:\XPSETUP
2010-04-25 18:06:20 ----D---- C:\Documents and Settings\Loz\Application Data\ImgBurn
2010-04-25 18:03:15 ----D---- C:\Program Files\ImgBurn
2010-04-25 14:48:39 ----A---- C:\XPSP2.exe
2010-04-18 19:24:24 ----D---- C:\Program Files\Windows Live SkyDrive
2010-04-18 13:15:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-18 13:15:54 ----D---- C:\Documents and Settings\Loz\Application Data\Simply Super Software

======List of files/folders modified in the last 1 months======

2010-05-17 17:48:54 ----RD---- C:\Program Files
2010-05-17 17:48:40 ----D---- C:\WINDOWS\Prefetch
2010-05-16 17:40:39 ----D---- C:\WINDOWS\Minidump
2010-05-16 17:40:39 ----D---- C:\WINDOWS
2010-05-16 17:01:11 ----D---- C:\WINDOWS\system32\drivers
2010-05-16 12:04:46 ----D---- C:\WINDOWS\system32
2010-05-15 23:40:13 ----D---- C:\Documents and Settings\Loz\Application Data\Skype
2010-05-15 21:13:52 ----D---- C:\Documents and Settings\Loz\Application Data\skypePM
2010-05-15 15:59:10 ----A---- C:\WINDOWS\system.ini
2010-05-15 15:56:58 ----D---- C:\WINDOWS\AppPatch
2010-05-15 15:56:55 ----D---- C:\Program Files\Common Files
2010-05-15 15:52:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-15 14:19:54 ----SHD---- C:\System Volume Information
2010-05-15 14:19:54 ----D---- C:\WINDOWS\system32\Restore
2010-05-15 14:01:37 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-15 13:09:07 ----D---- C:\WINDOWS\Debug
2010-05-15 10:26:41 ----SHD---- C:\WINDOWS\Installer
2010-05-15 10:26:41 ----D---- C:\Config.Msi
2010-05-15 10:26:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-15 10:26:36 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-05-14 17:26:35 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-05-14 17:26:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-05-14 17:00:28 ----RD---- C:\Program Files\Skype
2010-05-12 18:22:02 ----D---- C:\Program Files\Outlook Express
2010-05-12 17:24:29 ----HD---- C:\WINDOWS\inf
2010-05-12 17:21:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-12 10:59:49 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-09 19:36:08 ----SD---- C:\WINDOWS\Tasks
2010-05-08 09:54:47 ----D---- C:\Program Files\RegCure
2010-05-05 20:59:43 ----D---- C:\Program Files\Alibre Design
2010-05-05 20:48:59 ----D---- C:\Documents and Settings\Loz\Application Data\Alibre Design
2010-05-04 21:09:53 ----D---- C:\temp
2010-05-04 08:39:18 ----D---- C:\Program Files\Internet Explorer
2010-05-03 19:55:54 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-03 19:32:08 ----D---- C:\WINDOWS\system32\config
2010-05-03 19:31:49 ----D---- C:\WINDOWS\Registration
2010-05-03 19:31:05 ----D---- C:\WINDOWS\system32\DirectX
2010-05-03 19:16:09 ----D---- C:\Documents and Settings\Loz\Application Data\AVGTOOLBAR
2010-05-03 19:16:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-05-03 18:43:33 ----RASH---- C:\boot.ini
2010-05-03 13:58:58 ----SD---- C:\Documents and Settings\Loz\Application Data\Microsoft
2010-05-02 18:28:58 ----D---- C:\WINDOWS\network diagnostic
2010-05-01 16:19:00 ----D---- C:\Program Files\Common Files\InstallShield
2010-05-01 16:18:52 ----D---- C:\Program Files\Logitech
2010-05-01 10:23:28 ----D---- C:\WINDOWS\WinSxS
2010-05-01 10:22:38 ----RSD---- C:\WINDOWS\assembly
2010-05-01 02:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-27 22:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-04-27 13:44:49 ----D---- C:\WINDOWS\system
2010-04-25 14:16:24 ----D---- C:\WINDOWS\Help
2010-04-18 19:24:38 ----D---- C:\Program Files\Windows Live
2010-04-18 19:24:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-18 19:24:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-18 14:38:50 ----A---- C:\WINDOWS\win.ini
2010-04-18 12:15:34 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-04-15 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-04-15 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100505.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-04-15 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-04-15 217136]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2009-05-03 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2009-05-23 18816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-04-15 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-11-27 50960]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-11-27 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-11-27 22384]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-02-05 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-02-06 628760]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-02-06 41752]
R3 LVUVC;Logitech QuickCam S7500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-02-06 4658456]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100516.025\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100516.025\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-04-15 308272]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-04-15 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-04-15 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-04-15 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-04-15 36400]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 BTNetFilter;Bluetooth Network Filter; \??\D:\Old HD Data\OldProgram Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Loz\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-02-06 23832]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2008-02-05 689176]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-04-15 36400]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-02-05 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-02-05 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-04-15 117640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-10-22 159810]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-02-05 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-11-27 65536]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 XoftSpyService;XoftSpyService; C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe [2009-08-29 582424]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

when i grow up i want to be..................all growed up!

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 19 May 2010 - 02:47 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Just Mercury

Just Mercury
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:25 PM

Posted 20 May 2010 - 07:16 AM

I appreciate any assistance you can give me in ridding the computer of this trojan.

The OTL.txt Log is :-

OTL logfile created on: 20/05/2010 7:58:44 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loz\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.92 Gb Total Space | 25.73 Gb Free Space | 57.28% Space Free | Partition Type: NTFS
Drive D: | 31.77 Gb Total Space | 8.47 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDY
Current User Name: Loz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/20 19:57:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loz\Desktop\OTL.exe
PRC - [2010/04/30 02:43:44 | 012,776,728 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2010/04/15 21:53:23 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 05:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2003/11/18 14:11:04 | 000,565,248 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2003/05/05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/12/02 20:56:10 | 000,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/05/20 19:57:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loz\Desktop\OTL.exe
MOD - [2010/04/15 21:53:12 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/02/05 18:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/15 21:53:23 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/08/29 05:15:30 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2002/11/27 19:30:30 | 000,065,536 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 16:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100519.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 16:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100519.039\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/15 21:53:34 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/15 21:53:26 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/15 21:53:26 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/15 21:53:26 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/15 21:53:26 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/04/15 21:53:26 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/15 21:53:26 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/04/15 21:53:26 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/15 21:53:26 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/04/15 21:53:26 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/04/15 21:53:25 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/04/15 21:53:25 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/04/14 19:52:46 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/14 19:52:46 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/29 06:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/05/23 18:08:06 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/06 10:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/06 10:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S7500(UVC)
DRV - [2008/02/06 10:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 10:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/05/11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/05/09 01:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/03/05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 05:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006/11/21 22:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\Old HD Data\OldProgram Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/10/08 09:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/10/31 11:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2002/12/27 04:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com.au


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 16 47 05 09 E8 CA 01 [binary data]
IE - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/27 13:45:48 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/03 19:02:40 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-854245398-1957994488-1801674531-1005..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1957994488-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1241337541031 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Loz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/03 12:39:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.dvacm - C:\WINDOWS\System32\DVACM.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/05/03 20:13:25 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 19:57:08 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loz\Desktop\OTL.exe
[2010/05/19 16:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\My Documents\Diagnostic Software
[2010/05/17 17:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/05/17 17:48:51 | 000,000,000 | ---D | C] -- C:\rsit
[2010/05/15 16:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\My Documents\New Folder
[2010/05/15 16:28:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Loz\Recent
[2010/05/15 16:28:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/15 16:01:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/15 15:51:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/15 15:51:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/15 15:51:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/15 15:51:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/15 15:51:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/15 14:16:40 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/05/04 23:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\My Documents\Guvera
[2010/05/04 21:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\My Documents\NeroVision
[2010/05/04 20:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\My Documents\IMAGES
[2010/05/04 17:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\My Documents\Funeral
[2010/05/04 08:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\Application Data\Ahead
[2010/05/03 19:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/03 18:43:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/03 18:32:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/03 18:32:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/03 13:59:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Loz\My Documents\My Webs
[2010/05/01 18:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/01 18:12:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/05/01 18:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/26 21:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\Application Data\Malwarebytes
[2010/04/26 21:25:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/26 21:25:31 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 21:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 21:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/25 19:08:41 | 000,000,000 | ---D | C] -- C:\XPSETUP
[2010/04/25 18:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loz\Application Data\ImgBurn
[2010/04/25 18:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/04/25 14:48:39 | 278,927,592 | ---- | C] (Microsoft Corporation) -- C:\XPSP2.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 19:57:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loz\Desktop\OTL.exe
[2010/05/20 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/05/20 17:00:01 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/05/20 15:29:01 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/20 15:28:50 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/05/20 15:28:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 15:28:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/20 15:28:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/20 15:27:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/05/19 23:28:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Loz\ntuser.ini
[2010/05/19 23:28:17 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Loz\ntuser.dat
[2010/05/19 17:03:05 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/05/19 16:47:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/17 22:22:55 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/05/17 22:22:53 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE_sch_C442D510-37A5-11DF-A897-001167999F10.job
[2010/05/17 22:22:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE_sch_895B4DE2-3967-11DF-A89C-001167999F10.job
[2010/05/17 08:39:43 | 004,839,958 | -H-- | M] () -- C:\Documents and Settings\Loz\Local Settings\Application Data\IconCache.db
[2010/05/16 22:25:01 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/05/16 17:24:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Loz\defogger_reenable
[2010/05/15 15:59:10 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/15 14:01:37 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/05 00:57:45 | 030,355,968 | ---- | M] () -- C:\Documents and Settings\Loz\My Documents\Mum.ppt
[2010/05/04 21:37:56 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Loz\Application Data\setup_ldm.iss
[2010/05/04 17:40:34 | 000,126,286 | -H-- | M] () -- C:\Documents and Settings\Loz\My Documents\hpothb07.tif
[2010/05/04 17:40:34 | 000,009,510 | -H-- | M] () -- C:\Documents and Settings\Loz\My Documents\hpothb07.dat
[2010/05/04 00:10:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/05/03 19:23:09 | 000,123,260 | ---- | M] () -- C:\Documents and Settings\Loz\My Documents\cc_20100503_192305.reg
[2010/05/03 18:43:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/03 14:21:54 | 000,001,276 | -HS- | M] () -- C:\Documents and Settings\Loz\Local Settings\Application Data\8Cq4r
[2010/05/03 14:21:54 | 000,001,276 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2010/05/03 13:38:48 | 000,212,480 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/04/30 08:59:38 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Loz\My Documents\adp1.adp
[2010/04/26 21:39:07 | 000,000,337 | ---- | M] () -- C:\Documents and Settings\Loz\Desktop\My Documents.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 18:55:56 | 000,004,314 | ---- | M] () -- C:\X1AHOEM_EN.MDS
[2010/04/25 18:55:55 | 536,510,464 | ---- | M] () -- C:\X1AHOEM_EN.ISO
[2010/04/25 18:03:15 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/04/25 14:00:42 | 278,927,592 | ---- | M] (Microsoft Corporation) -- C:\XPSP2.exe
[2010/04/23 21:49:11 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/22 19:43:21 | 004,075,318 | ---- | M] () -- C:\Documents and Settings\Loz\My Documents\Windows Boot Disc.nrb
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/16 17:24:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Loz\defogger_reenable
[2010/05/15 17:13:58 | 001,392,406 | ---- | C] () -- C:\Documents and Settings\Loz\My Documents\B+L Pump scan.jpg
[2010/05/15 15:51:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/15 15:51:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/15 15:51:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/15 15:51:13 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/15 15:51:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/05 00:37:49 | 030,355,968 | ---- | C] () -- C:\Documents and Settings\Loz\My Documents\Mum.ppt
[2010/05/04 21:37:56 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Loz\Application Data\setup_ldm.iss
[2010/05/03 19:23:07 | 000,123,260 | ---- | C] () -- C:\Documents and Settings\Loz\My Documents\cc_20100503_192305.reg
[2010/05/03 18:43:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/03 18:43:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/03 15:03:05 | 001,024,318 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.2
[2010/05/03 15:03:05 | 001,024,298 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.4
[2010/05/03 15:03:05 | 001,024,282 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.6
[2010/05/03 15:03:05 | 001,024,280 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.1
[2010/05/03 15:03:05 | 001,024,246 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.3
[2010/05/03 15:03:05 | 001,024,234 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.9
[2010/05/03 15:03:05 | 001,024,210 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.10
[2010/05/03 15:03:05 | 001,024,202 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.5
[2010/05/03 15:03:05 | 001,024,156 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.8
[2010/05/03 15:03:05 | 001,024,006 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.7
[2010/05/03 15:03:05 | 000,016,636 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log
[2010/05/03 15:03:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Loz\commonpriv.log.lock
[2010/05/03 13:38:48 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/05/03 13:36:47 | 000,001,276 | -HS- | C] () -- C:\Documents and Settings\Loz\Local Settings\Application Data\8Cq4r
[2010/05/03 13:36:47 | 000,001,276 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2010/05/01 16:18:49 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Loz\Application Data\setup.log
[2010/05/01 08:56:07 | 005,505,024 | ---- | C] () -- C:\Documents and Settings\Loz\ntuser.dat
[2010/04/30 08:59:18 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Loz\My Documents\adp1.adp
[2010/04/26 21:39:07 | 000,000,337 | ---- | C] () -- C:\Documents and Settings\Loz\Desktop\My Documents.lnk
[2010/04/25 18:55:56 | 000,004,314 | ---- | C] () -- C:\X1AHOEM_EN.MDS
[2010/04/25 18:54:35 | 536,510,464 | ---- | C] () -- C:\X1AHOEM_EN.ISO
[2010/04/25 18:03:15 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/04/25 17:34:09 | 000,002,048 | ---- | C] () -- C:\w2ksect.bin
[2010/04/22 19:43:20 | 004,075,318 | ---- | C] () -- C:\Documents and Settings\Loz\My Documents\Windows Boot Disc.nrb
[2010/04/15 16:30:23 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/16 14:09:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/10/07 22:06:52 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini
[2009/09/30 20:16:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2009/05/24 20:19:30 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/16 12:23:14 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/14 21:34:34 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/12 22:11:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vstudio.INI
[2009/05/12 22:11:17 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2009/05/04 10:05:53 | 000,001,177 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2009/05/04 10:05:53 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2009/05/03 15:32:55 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2009/05/03 15:32:55 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2009/05/03 14:36:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/04/30 15:44:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/30 15:44:07 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/30 15:44:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/30 15:44:06 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/04/30 15:44:05 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/30 15:44:05 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/04/30 15:44:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/02/27 16:40:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps(2).dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 20:00:00 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll
[2002/11/27 19:30:32 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1995/10/21 10:37:52 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[1995/10/21 10:37:52 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/04/25 14:00:42 | 278,927,592 | ---- | M] (Microsoft Corporation) -- C:\XPSP2.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XPSETUP\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\XPSETUP\i386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 20:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 20:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\XPSETUP\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XPSETUP\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\XPSETUP\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\XPSETUP\i386\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\XPSETUP\i386\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\XPSETUP\i386\scecli.dll

< MD5 for: VIASRAID.SYS >
[2003/10/31 11:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/05/03 20:15:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/05/03 20:15:47 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/05/03 20:15:47 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/15 21:53:25 | 000,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 21:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/15 21:53:34 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/04/15 21:53:26 | 000,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Loz\My Documents\Audio1.nra:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >


The Extras.Txt is:-

OTL Extras logfile created on: 20/05/2010 7:58:44 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Loz\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.92 Gb Total Space | 25.73 Gb Free Space | 57.28% Space Free | Partition Type: NTFS
Drive D: | 31.77 Gb Total Space | 8.47 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDY
Current User Name: Loz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"D:\Old HD Data\OldProgram Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = D:\Old HD Data\OldProgram Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{27113CA3-36B8-48AB-A419-79CF1FC0ECED}" = Ulead VideoStudio 5.0 DV
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{669595F6-17BE-482D-8143-8C01C2ECA2CF}" = Alibre Design
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.26
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3B81DF9-0C6F-4809-8580-E39393B8FB3D}" = RIP Vinyl
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"DVD43_is1" = DVD43 v4.4.0
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = CD Stomper 32 bit
"N360" = Norton 360
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RegCure" = RegCure
"SystemRequirementsLab" = System Requirements Lab
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/04/2010 6:36:36 AM | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18904, fault address 0x000da1af.

Error - 17/04/2010 7:48:14 AM | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application ccsvchst.exe, version 108.1.1.10, faulting module
unknown, version 0.0.0.0, fault address 0xca670188.

Error - 14/05/2010 5:46:40 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 5:46:43 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/05/2010 5:53:49 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 5:53:50 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/05/2010 5:54:29 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 5:54:58 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 6:57:48 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 6:58:00 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ Application Events ]
Error - 17/04/2010 6:36:36 AM | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18904, fault address 0x000da1af.

Error - 17/04/2010 7:48:14 AM | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application ccsvchst.exe, version 108.1.1.10, faulting module
unknown, version 0.0.0.0, fault address 0xca670188.

Error - 14/05/2010 5:46:40 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 5:46:43 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/05/2010 5:53:49 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 5:53:50 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/05/2010 5:54:29 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 5:54:58 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 6:57:48 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/05/2010 6:58:00 AM | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 16/05/2010 9:47:33 AM | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 16/05/2010 8:02:16 PM | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 17/05/2010 5:20:25 AM | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 17/05/2010 9:15:10 PM | Computer Name = STUDY | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer hp psc 1200 series share name
hppsc120.

Error - 17/05/2010 9:15:13 PM | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 17/05/2010 11:11:08 PM | Computer Name = STUDY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 18/05/2010 4:56:40 AM | Computer Name = STUDY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 18/05/2010 5:53:50 AM | Computer Name = STUDY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 19/05/2010 4:48:19 AM | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 20/05/2010 3:28:36 AM | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >
when i grow up i want to be..................all growed up!

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 20 May 2010 - 07:36 AM

Hi,

please try to uncheck everything except sections as shown in this picture and run a new scan with gmer:


Let me know if the scan does now complete.

Please also run a scan with rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Just Mercury

Just Mercury
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:25 PM

Posted 24 May 2010 - 07:03 AM

Hi Myrti,
I still can't get GMER to run properly (It just locks up) but i've run Root Repeal and attached the log that it generated.
Hopefully this will give you some clues as to what to do next as it's all above my level of understanding now.
Loz.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/05/24 19:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB75F5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79AB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x8C2BD000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7414000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\loz\local settings\temp\~df717.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\loz\local settings\temp\~df93ec.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\loz\local settings\temp\~dfa348.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\loz\local settings\temp\~dfd50d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\loz\local settings\temporary internet files\content.ie5\otbp7dtg\videobytag[1].aspx
Status: Size mismatch (API: 53248, Raw: 23552)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89d116d0

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x89a83438

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x89c4d360

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x89e85e68

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89c630d8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb7ec9130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x89ea2bb8

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x89dbcdf0

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89c765b0

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x89e85f48

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb7ec93b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb7ec9910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x89c52ae8

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x89cb2c98

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x89ea5d08

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x89ea5dc8

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x89d950a8

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x89cb2bb8

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x89ea2ad8

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x89cdf388

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x89c6a218

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x89d91e48

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x89c52bb8

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x89e85d78

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x89cf2528

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x89c57dc8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x89c5e4d8

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x89d91d00

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb7ec9b60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x89d91f28

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x89a243f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89ca5258

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89c57ce8

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x89d48d40

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x89d178e8

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8a0611b8

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x89d0f050

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x89a72538

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x89a1f050

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x88fc68b0

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x89a4e200

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x89c5ea90

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x89c4dbb8

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x899e6920

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x899e4140

==EOF==
when i grow up i want to be..................all growed up!

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 26 May 2010 - 05:36 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Just Mercury

Just Mercury
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:25 PM

Posted 30 May 2010 - 12:50 AM

Hi Myrti,
I'm attaching the combofix log to this post. The computer seemed to be having trouble after using Combofix and had to go through several restarts before i could get this log, is this normally the case?
Just Mercury. crazy.gif

ComboFix 10-05-29.03 - Loz 30/05/2010 12:48:07.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1535.1031 [GMT 8:00]
Running from: c:\documents and settings\Loz\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
The following files were disabled during the run:
c:\windows\TEMP\logishrd\LVPrcInj01.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . failed to delete
.
---- Previous Run -------
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.

2010-05-29 09:00 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-29 09:00 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-29 09:00 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-29 09:00 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-29 09:00 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-29 09:00 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-29 09:00 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-29 09:00 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-29 09:00 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-29 09:00 . 2010-05-29 09:00 -------- d-----w- c:\program files\Alwil Software
2010-05-29 09:00 . 2010-05-29 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-17 09:48 . 2010-05-17 09:49 -------- d-----w- c:\program files\trend micro
2010-05-17 09:48 . 2010-05-17 09:50 -------- d-----w- C:\rsit
2010-05-15 10:37 . 2004-08-03 23:14 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-15 06:16 . 2010-05-15 06:16 -------- d-----r- c:\program files\Norton Support
2010-05-09 19:14 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-04 00:54 . 2010-05-04 13:39 -------- d-----w- c:\documents and settings\Loz\Application Data\Ahead
2010-05-03 11:31 . 2010-05-03 11:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-03 11:20 . 2010-05-03 11:21 -------- d-----w- c:\program files\CCleaner
2010-05-01 10:12 . 2010-05-01 10:12 -------- d-----w- c:\program files\Enigma Software Group
2010-05-01 10:12 . 2010-05-03 11:08 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-01 10:12 . 2010-05-01 10:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 04:56 . 2009-05-08 04:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-30 04:56 . 2009-05-08 04:00 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-30 04:27 . 2009-11-11 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-30 04:27 . 2009-12-06 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-25 14:20 . 2009-05-23 10:06 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-05-25 14:20 . 2009-05-23 10:06 -------- d-----w- c:\program files\dvd43
2010-05-20 12:25 . 2010-02-07 06:48 -------- d-----w- c:\program files\Alibre Design
2010-05-20 12:04 . 2010-03-16 06:13 -------- d-----w- c:\documents and settings\Loz\Application Data\Alibre Design
2010-05-15 15:40 . 2009-06-21 14:35 -------- d-----w- c:\documents and settings\Loz\Application Data\Skype
2010-05-15 13:13 . 2009-06-21 14:38 -------- d-----w- c:\documents and settings\Loz\Application Data\skypePM
2010-05-15 02:26 . 2010-04-15 09:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-15 02:26 . 2009-05-05 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-14 09:00 . 2009-06-21 14:34 -------- d-----r- c:\program files\Skype
2010-05-09 11:02 . 2010-05-16 13:44 162464 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2010-05-08 01:54 . 2009-05-12 14:04 -------- d-----w- c:\program files\RegCure
2010-05-03 11:16 . 2009-12-06 04:48 -------- d-----w- c:\documents and settings\Loz\Application Data\AVGTOOLBAR
2010-05-03 11:16 . 2009-06-12 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-05-01 08:19 . 2009-05-03 06:36 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-01 08:18 . 2009-05-08 03:54 -------- d-----w- c:\program files\Logitech
2010-04-26 13:25 . 2010-04-26 13:25 -------- d-----w- c:\documents and settings\Loz\Application Data\Malwarebytes
2010-04-26 13:25 . 2010-04-26 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 13:25 . 2010-04-26 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-25 10:17 . 2010-04-25 10:06 -------- d-----w- c:\documents and settings\Loz\Application Data\ImgBurn
2010-04-25 10:03 . 2010-04-25 10:03 -------- d-----w- c:\program files\ImgBurn
2010-04-25 06:00 . 2010-04-25 06:48 278927592 ----a-w- C:\XPSP2.exe
2010-04-20 10:54 . 2010-04-18 05:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-18 11:24 . 2009-05-09 02:14 -------- d-----w- c:\program files\Windows Live
2010-04-18 11:24 . 2010-04-18 11:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-18 05:15 . 2010-04-18 05:15 -------- d-----w- c:\documents and settings\Loz\Application Data\Simply Super Software
2010-04-18 02:42 . 2010-04-18 02:42 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-15 13:53 . 2010-04-15 13:53 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-15 13:53 . 2010-04-15 13:53 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-15 13:53 . 2010-04-15 13:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-15 13:53 . 2010-04-15 13:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-15 13:53 . 2010-04-15 13:53 -------- d-----w- c:\program files\Symantec
2010-04-15 13:53 . 2010-04-15 13:53 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-04-15 13:53 . 2010-04-15 13:53 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-15 13:53 . 2010-04-15 13:53 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-04-15 13:53 . 2010-04-15 13:52 -------- d-----w- c:\program files\Norton 360
2010-04-15 13:52 . 2010-04-15 13:52 -------- d-----w- c:\program files\Windows Sidebar
2010-04-15 13:52 . 2010-04-15 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-15 13:50 . 2010-04-15 09:05 -------- d-----w- c:\program files\NortonInstaller
2010-04-15 09:14 . 2010-04-15 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-29 16:46 . 2010-04-26 13:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 16:45 . 2010-04-26 13:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 06:04 . 2009-05-24 13:28 936 ---ha-w- C:\hpothb07.dat
2010-03-28 06:04 . 2009-05-15 10:41 494 ---ha-w- c:\documents and settings\Loz\hpothb07.dat
2010-03-16 23:34 . 2009-05-03 10:24 68352 ----a-w- c:\documents and settings\Loz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2003-03-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-06 14:59 . 2010-01-21 06:26 6467360 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-06 14:59 . 2010-01-21 06:26 124704 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2009-12-5 40960]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2009-5-3 565248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 04:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 03:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Old HD Data\\OldProgram Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [16/04/2010 11:37 AM 310320]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/05/2009 2:43 PM 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/05/2010 5:00 PM 164048]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [16/04/2010 11:37 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [16/04/2010 11:37 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSXpx86.sys [29/10/2009 6:37 AM 329592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/05/2010 5:00 PM 19024]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [16/04/2010 11:37 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 4:45 PM 102448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [29/08/2009 5:15 AM 582424]
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]

2010-05-03 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]

2010-05-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-30 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-16 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-17 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]

2010-05-17 c:\windows\Tasks\XoftSpySE_sch_895B4DE2-3967-11DF-A89C-001167999F10.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]

2010-05-17 c:\windows\Tasks\XoftSpySE_sch_C442D510-37A5-11DF-A897-001167999F10.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com.au
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=7A5E5EA001CA900D0016B962&src_id=11170&camp_id=427&tb_version=2.5.7002.477
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
------- File Associations -------
.
.scr=AutoCADScript
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2010-05-30 13:38:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-30 05:38
ComboFix2.txt 2010-05-15 08:01
ComboFix3.txt 2010-05-09 11:37

Pre-Run: 20,462,829,568 bytes free
Post-Run: 20,432,351,232 bytes free

- - End Of File - - 161E7F65637782AFA7ED2345F65A022F

when i grow up i want to be..................all growed up!

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 30 May 2010 - 11:36 AM

Hi,

several reboots may be necessary depending on what ComboFix does, however this is before it creates a log and finishes it scans.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
TDL::
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\atapi.sys


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Just Mercury

Just Mercury
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:25 PM

Posted 02 June 2010 - 06:24 AM

Hi Myrti.
I have added the ComboFix log at the end of this message,
Whilst running ComboFix it said that AVG was running but i have unininstalled this program some time ago and have even gone as far as locating an AVG uninstaller program and running that. This program replies that it cannot uninstall AVG as it is not installed. So I'm at a loss as to why ComboFix finds it.

See ComboFix log below:

ComboFix 10-06-01.03 - Loz 02/06/2010 18:43:36.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1535.882 [GMT 8:00]
Running from: c:\documents and settings\Loz\My Documents\Diagnostic Software\ComboFix.exe
Command switches used :: c:\documents and settings\Loz\My Documents\Diagnostic Software\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

2010-05-29 09:00 . 2010-05-29 09:00 -------- d-----w- c:\program files\Alwil Software
2010-05-29 09:00 . 2010-05-29 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-17 09:48 . 2010-05-17 09:49 -------- d-----w- c:\program files\trend micro
2010-05-17 09:48 . 2010-05-17 09:50 -------- d-----w- C:\rsit
2010-05-15 10:37 . 2004-08-03 23:14 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-15 06:16 . 2010-05-15 06:16 -------- d-----r- c:\program files\Norton Support
2010-05-09 19:14 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-04 00:54 . 2010-05-04 13:39 -------- d-----w- c:\documents and settings\Loz\Application Data\Ahead
2010-05-03 11:31 . 2010-05-03 11:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-03 11:20 . 2010-05-03 11:21 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 10:50 . 2009-05-08 04:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-02 10:50 . 2009-05-08 04:00 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-30 06:42 . 2009-11-11 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-30 06:42 . 2009-12-06 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-25 14:20 . 2009-05-23 10:06 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-05-25 14:20 . 2009-05-23 10:06 -------- d-----w- c:\program files\dvd43
2010-05-20 12:25 . 2010-02-07 06:48 -------- d-----w- c:\program files\Alibre Design
2010-05-20 12:04 . 2010-03-16 06:13 -------- d-----w- c:\documents and settings\Loz\Application Data\Alibre Design
2010-05-15 15:40 . 2009-06-21 14:35 -------- d-----w- c:\documents and settings\Loz\Application Data\Skype
2010-05-15 13:13 . 2009-06-21 14:38 -------- d-----w- c:\documents and settings\Loz\Application Data\skypePM
2010-05-15 02:26 . 2010-04-15 09:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-15 02:26 . 2009-05-05 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-14 09:00 . 2009-06-21 14:34 -------- d-----r- c:\program files\Skype
2010-05-09 11:02 . 2010-05-16 13:44 162464 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2010-05-08 01:54 . 2009-05-12 14:04 -------- d-----w- c:\program files\RegCure
2010-05-03 11:16 . 2009-12-06 04:48 -------- d-----w- c:\documents and settings\Loz\Application Data\AVGTOOLBAR
2010-05-03 11:16 . 2009-06-12 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-05-01 10:12 . 2010-05-01 10:12 -------- d-----w- c:\program files\Enigma Software Group
2010-05-01 10:12 . 2010-05-01 10:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-01 08:19 . 2009-05-03 06:36 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-01 08:18 . 2009-05-08 03:54 -------- d-----w- c:\program files\Logitech
2010-04-26 13:25 . 2010-04-26 13:25 -------- d-----w- c:\documents and settings\Loz\Application Data\Malwarebytes
2010-04-26 13:25 . 2010-04-26 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 13:25 . 2010-04-26 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-25 10:17 . 2010-04-25 10:06 -------- d-----w- c:\documents and settings\Loz\Application Data\ImgBurn
2010-04-25 10:03 . 2010-04-25 10:03 -------- d-----w- c:\program files\ImgBurn
2010-04-25 06:00 . 2010-04-25 06:48 278927592 ----a-w- C:\XPSP2.exe
2010-04-20 10:54 . 2010-04-18 05:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-18 11:24 . 2009-05-09 02:14 -------- d-----w- c:\program files\Windows Live
2010-04-18 11:24 . 2010-04-18 11:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-18 05:15 . 2010-04-18 05:15 -------- d-----w- c:\documents and settings\Loz\Application Data\Simply Super Software
2010-04-18 02:42 . 2010-04-18 02:42 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-15 13:53 . 2010-04-15 13:53 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-15 13:53 . 2010-04-15 13:53 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-15 13:53 . 2010-04-15 13:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-15 13:53 . 2010-04-15 13:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-15 13:53 . 2010-04-15 13:53 -------- d-----w- c:\program files\Symantec
2010-04-15 13:53 . 2010-04-15 13:53 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-04-15 13:53 . 2010-04-15 13:53 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-15 13:53 . 2010-04-15 13:53 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-04-15 13:53 . 2010-04-15 13:52 -------- d-----w- c:\program files\Norton 360
2010-04-15 13:52 . 2010-04-15 13:52 -------- d-----w- c:\program files\Windows Sidebar
2010-04-15 13:52 . 2010-04-15 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-15 13:50 . 2010-04-15 09:05 -------- d-----w- c:\program files\NortonInstaller
2010-04-15 09:14 . 2010-04-15 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-29 16:46 . 2010-04-26 13:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 16:45 . 2010-04-26 13:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 06:04 . 2009-05-24 13:28 936 ---ha-w- C:\hpothb07.dat
2010-03-28 06:04 . 2009-05-15 10:41 494 ---ha-w- c:\documents and settings\Loz\hpothb07.dat
2010-03-16 23:34 . 2009-05-03 10:24 68352 ----a-w- c:\documents and settings\Loz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2003-03-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-06 14:59 . 2010-01-21 06:26 6467360 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-06 14:59 . 2010-01-21 06:26 124704 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2009-12-5 40960]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2009-5-3 565248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 04:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 03:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Old HD Data\\OldProgram Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [16/04/2010 11:37 AM 310320]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/05/2009 2:43 PM 77312]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [16/04/2010 11:37 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [16/04/2010 11:37 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSXpx86.sys [29/10/2009 6:37 AM 329592]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [16/04/2010 11:37 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 4:45 PM 102448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [29/08/2009 5:15 AM 582424]
.
Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]

2010-05-03 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]

2010-05-31 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-06-02 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-30 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-17 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]

2010-05-17 c:\windows\Tasks\XoftSpySE_sch_895B4DE2-3967-11DF-A89C-001167999F10.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]

2010-05-17 c:\windows\Tasks\XoftSpySE_sch_C442D510-37A5-11DF-A897-001167999F10.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.msn.com.au
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=7A5E5EA001CA900D0016B962&src_id=11170&camp_id=427&tb_version=2.5.7002.477
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 19:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7876)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Completion time: 2010-06-02 19:15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-02 11:15
ComboFix2.txt 2010-05-30 05:38
ComboFix3.txt 2010-05-15 08:01
ComboFix4.txt 2010-05-09 11:37

Pre-Run: 20,326,928,384 bytes free
Post-Run: 20,398,141,440 bytes free

- - End Of File - - D35796D5B0923FAD560A0D6633BEF370

when i grow up i want to be..................all growed up!

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 05 June 2010 - 04:17 PM

Hi,

In reference to the "AVG" warning you probably have remnants that CF has detected. Lets fix that.

Please do this.....

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply



If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

Please run TDSSKiller next:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Just Mercury

Just Mercury
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:25 PM

Posted 06 June 2010 - 11:14 PM

Hi Myrti,
Here's the TDSSKiller.txt log as requested.
Just before I did this I had ran Norton 360 and it didn't detect anything, does this mean that my system is clear?
Just Mercury. w00t.gif

12:06:10:456 2828 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
12:06:10:456 2828 ================================================================================
12:06:10:456 2828 SystemInfo:

12:06:10:456 2828 OS Version: 5.1.2600 ServicePack: 3.0
12:06:10:456 2828 Product type: Workstation
12:06:10:456 2828 ComputerName: STUDY
12:06:10:456 2828 UserName: Loz
12:06:10:456 2828 Windows directory: C:\WINDOWS
12:06:10:456 2828 Processor architecture: Intel x86
12:06:10:456 2828 Number of processors: 2
12:06:10:456 2828 Page size: 0x1000
12:06:10:471 2828 Boot type: Normal boot
12:06:10:471 2828 ================================================================================
12:06:11:971 2828 Initialize success
12:06:11:971 2828
12:06:11:971 2828 Scanning Services ...
12:06:12:456 2828 Raw services enum returned 374 services
12:06:12:471 2828
12:06:12:471 2828 Scanning Drivers ...
12:06:13:424 2828 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
12:06:13:549 2828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:06:13:643 2828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:06:13:721 2828 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
12:06:13:784 2828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:06:13:878 2828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
12:06:13:971 2828 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
12:06:14:112 2828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:06:14:221 2828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:06:14:299 2828 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:06:14:378 2828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:06:14:456 2828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:06:14:549 2828 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
12:06:14:674 2828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:06:14:768 2828 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
12:06:14:831 2828 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
12:06:14:846 2828 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
12:06:14:878 2828 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
12:06:14:956 2828 Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys
12:06:14:987 2828 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
12:06:15:034 2828 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
12:06:15:112 2828 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) D:\Old HD Data\OldProgram Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
12:06:15:393 2828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:06:15:503 2828 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:06:15:706 2828 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
12:06:15:799 2828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:06:15:862 2828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:06:15:940 2828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:06:16:049 2828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:06:16:143 2828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:06:16:268 2828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:06:16:362 2828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:06:16:424 2828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:06:16:518 2828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:06:16:581 2828 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
12:06:16:706 2828 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:06:16:862 2828 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:06:17:237 2828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:06:17:456 2828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:06:17:534 2828 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
12:06:17:628 2828 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
12:06:17:706 2828 FilterService (f83c0fd028dd37be4a337b138eba6b7b) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
12:06:17:753 2828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:06:17:831 2828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:06:17:878 2828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:06:17:956 2828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:06:18:190 2828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:06:18:393 2828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:06:18:456 2828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:06:18:534 2828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:06:18:628 2828 HPZid412 (2a8a2aa68185b47632188f1a8be44170) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:06:18:706 2828 HPZipr12 (0a520679b0ad3f438e88b746d0c5ba6c) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:06:18:784 2828 HPZius12 (1d53f2b2051a3fce2c8ef0e01b042e25) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:06:18:878 2828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:06:19:003 2828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:06:19:112 2828 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100528.003\IDSxpx86.sys
12:06:19:174 2828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:06:19:253 2828 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:06:19:315 2828 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:06:19:346 2828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:06:19:409 2828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:06:19:487 2828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:06:19:565 2828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:06:19:674 2828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:06:19:784 2828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:06:19:831 2828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:06:19:909 2828 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
12:06:19:940 2828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:06:20:018 2828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:06:20:143 2828 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
12:06:20:237 2828 LVcKap (9ce361764c5dd5fa5506510fe5d2297b) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
12:06:20:362 2828 LVPr2Mon (94d03b31f36bb362fa5713470fcf1c79) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
12:06:20:424 2828 LVRS (a198cd8a1c813d9ceba29a29d45fc94c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
12:06:20:487 2828 LVUSBSta (8b79a50360fc31df6b7b979b686b4aa2) C:\WINDOWS\system32\drivers\LVUSBSta.sys
12:06:20:721 2828 LVUVC (5c20c4be679842cbee729b0cff5928bd) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
12:06:20:909 2828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:06:20:987 2828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:06:21:018 2828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:06:21:096 2828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:06:21:143 2828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:06:21:221 2828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:06:21:299 2828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:06:21:378 2828 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
12:06:21:456 2828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:06:21:471 2828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:06:21:549 2828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:06:21:565 2828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:06:21:768 2828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:06:21:831 2828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:06:21:956 2828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
12:06:22:034 2828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:06:22:159 2828 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100606.003\NAVENG.SYS
12:06:22:393 2828 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100606.003\NAVEX15.SYS
12:06:22:471 2828 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:06:22:518 2828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:06:22:612 2828 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:06:22:643 2828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:06:22:784 2828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:06:22:846 2828 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
12:06:22:862 2828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:06:22:940 2828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:06:22:956 2828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:06:23:034 2828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:06:23:065 2828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:06:23:143 2828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:06:23:299 2828 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:06:23:456 2828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:06:23:534 2828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:06:23:596 2828 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:06:23:737 2828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:06:23:815 2828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:06:23:846 2828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:06:23:940 2828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:06:24:049 2828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:06:24:221 2828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:06:24:284 2828 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:06:24:299 2828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:06:24:393 2828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:06:24:456 2828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:06:24:534 2828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:06:24:612 2828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:06:24:690 2828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:06:24:768 2828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:06:24:846 2828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:06:24:893 2828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:06:25:003 2828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:06:25:034 2828 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:06:25:096 2828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:06:25:206 2828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:06:25:206 2828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:06:25:221 2828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:06:25:315 2828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:06:25:424 2828 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
12:06:25:503 2828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:06:25:596 2828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:06:25:737 2828 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
12:06:25:846 2828 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
12:06:25:940 2828 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
12:06:26:034 2828 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:06:26:221 2828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:06:26:409 2828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:06:27:143 2828 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
12:06:27:456 2828 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:06:27:831 2828 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
12:06:28:159 2828 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
12:06:28:362 2828 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:06:28:393 2828 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:06:28:737 2828 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
12:06:28:878 2828 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
12:06:28:971 2828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:06:29:065 2828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:06:29:128 2828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:06:29:237 2828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:06:29:268 2828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:06:29:299 2828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:06:29:409 2828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:06:29:487 2828 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:06:29:518 2828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:06:29:596 2828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:06:29:753 2828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:06:29:799 2828 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:06:29:846 2828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:06:29:909 2828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:06:29:940 2828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:06:30:034 2828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:06:30:065 2828 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:06:30:143 2828 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
12:06:30:174 2828 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
12:06:30:237 2828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:06:30:268 2828 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
12:06:30:346 2828 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:06:30:378 2828 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\viasraid.sys
12:06:30:440 2828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:06:30:471 2828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:06:30:503 2828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:06:30:565 2828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:06:30:815 2828 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:06:30:909 2828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:06:30:909 2828
12:06:30:909 2828 Completed
12:06:30:909 2828
12:06:30:909 2828 Results:
12:06:30:909 2828 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:06:30:909 2828 File objects infected / cured / cured on reboot: 0 / 0 / 0
12:06:30:909 2828
12:06:30:924 2828 KLMD(ARK) unloaded successfully

when i grow up i want to be..................all growed up!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 11 June 2010 - 02:48 PM

Hi,

the log is looking good. smile.gif How is the PC doing? Any problems remainig?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Just Mercury

Just Mercury
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:25 PM

Posted 13 June 2010 - 12:03 AM

Hi Myrti,
Yes the computer is running quite well now, though I'm unsure as to how this has come about. Was it combofix or TDSSKiller ?
Norton 360 is not reporting any problems.
Will keeping the programs on my machine cause any problems ?

Thanks for your help.
Just Mercury
thumbup.gif thumbup.gif clapping.gif
when i grow up i want to be..................all growed up!

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 13 June 2010 - 04:33 PM

Hi,

it was ComboFix. Just to make sure that there are no leftovers please run Eset:

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

We will remove all the programs once we've made sure that your PC is secure.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Just Mercury

Just Mercury
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:25 PM

Posted 27 June 2010 - 03:06 AM

Hi Myrti,
Eset completed and reported that there were no threats found, so i don't have a log to enclose this time.
I have been keeping all the other programs that i have downloaded under your guidance in a single folder, should i now delete that folder?
Thanks
Just Mercury. thumbup.gif
when i grow up i want to be..................all growed up!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users