Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect malware and svchost problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 pir@ii@40

pir@ii@40

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 27 June 2010 - 09:55 PM

Whenever I google search from Firefox and click any of the results I am randomly redirected to another website (always a different site). I am also getting a svchost error. I can see in task manager that one of the svchost processes starts taking up larger CPU and memory resources. After a short time I get an error pop-up that says: svchost.exe - Application Error The instruction at "0x30107c4d" referenced memory at "0x0000004c". The memory could not be "read". Click on OK to terminate the program. After I click "OK" the PC is unresponsive and I have to power down to get it back. I also tried using Google chrome but that does not work either. The problem started after I became infected with and removed AV Security Suite (at least I thought I removed it). I ran spybot and malwarebytes but the problem persists. I uninstalled spybot and adaware in case these might be interfering with malwarebytes. I tried reinstalling Firefox to no avail. Also ran ccleaner, killed a few BHOs using hijackthis and a tried a few other things suggested via online forums but this is way over my head.

Here is DDS log, I could not get the full gmer log to run...it took hours. abbreviated version attached.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 11:58:29.57 on Sun 06/27/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.61 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit=c:\windows\system32\userinit.exe
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RealPlayer] "c:\program files\real\realplayer\realplay.exe" /RunUPGToolCommandReBoot
uRun: [Aim6]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Dell|Alert] c:\program files\dell\support\alert\bin\DAMon.exe
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [VPN] c:\program files\linksys\linksys vpn client\VPNClient.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\office~1.lnk - f:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - f:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\mn123whj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
f:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
f:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
f:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
f:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2003-3-22 6097]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 SAVRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-10-6 173392]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-10-6 1275216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-14 24652]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-2-14 36224]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100627.003\naveng.sys [2010-6-27 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100627.003\navex15.sys [2010-6-27 1347504]
S3 Amita;Amita Driver (Amita.sys);c:\windows\system32\drivers\amita.sys --> c:\windows\system32\drivers\Amita.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-26 38224]
S3 perm2;perm2;c:\windows\system32\drivers\perm2.sys [2007-3-24 27904]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2003-3-22 299923]
S3 usbser2k;Motorola USB Modem Driver from Win2K SP4;c:\windows\system32\drivers\usbser2k.sys [2006-7-28 22768]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-18 135664]
S4 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2008-1-20 493144]

=============== Created Last 30 ================

2010-06-27 15:49:48 0 ----a-w- c:\documents and settings\dan\defogger_reenable
2010-06-26 16:49:12 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2010-06-26 16:49:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 16:48:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-26 16:48:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-25 00:15:06 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-24 17:06:00 120 ----a-w- c:\windows\Etipokezezoco.dat
2010-06-24 17:06:00 0 ----a-w- c:\windows\Lcogalifipuluke.bin

==================== Find3M ====================

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:09 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-04-16 16:09:08 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-04-16 16:09:07 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-04-16 16:09:07 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-04-16 16:09:05 81920 ------w- c:\windows\system32\ieencode.dll
2010-04-16 16:09:05 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-04-16 16:09:05 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-04-16 16:09:05 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-04-06 08:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2010-03-31 12:26:59 117153 ----a-w- c:\windows\hpoins11.dat
2003-08-27 19:19:18 36963 -c--a-r- c:\program files\common files\SM1updtr.dll
2003-06-18 03:57:50 807 -c--a-w- c:\program files\INSTALL.LOG
2005-08-26 16:22:48 178623 --sh--w- c:\windows\java\packages\siibd.bak1
2005-10-08 02:22:24 338085 --sha-w- c:\windows\repair\dmcc.bak1
2005-10-12 12:18:09 352641 --sha-w- c:\windows\repair\dmcc.bak2
2005-10-12 23:08:19 352644 --sha-w- c:\windows\repair\dmcc.ini2

============= FINISH: 12:00:45.45 ===============

Attached Files


Edited by pir@ii@40, 28 June 2010 - 01:24 AM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:07 AM

Posted 02 July 2010 - 11:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 pir@ii@40

pir@ii@40
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 03 July 2010 - 07:52 PM


Here's the new DDS scan. I could not get GMER to run ...had to do in safe mode....it ran for hours then no resources left to copy. PC locked up and had to shut down.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 9:00:13.84 on Sat 07/03/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.238 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\SYMANT~1\VPTray.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Microsoft Office\Office\OSA.EXE
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RealPlayer] "c:\program files\real\realplayer\realplay.exe" /RunUPGToolCommandReBoot
uRun: [Aim6]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Dell|Alert] c:\program files\dell\support\alert\bin\DAMon.exe
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [VPN] c:\program files\linksys\linksys vpn client\VPNClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\office~1.lnk - f:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - f:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\mn123whj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
f:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
f:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
f:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
f:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2003-3-22 6097]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 SAVRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-10-6 173392]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-10-6 1275216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-14 24652]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-2-14 36224]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100702.003\naveng.sys [2010-7-2 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100702.003\navex15.sys [2010-7-2 1347504]
S3 Amita;Amita Driver (Amita.sys);c:\windows\system32\drivers\amita.sys --> c:\windows\system32\drivers\Amita.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 perm2;perm2;c:\windows\system32\drivers\perm2.sys [2007-3-24 27904]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2003-3-22 299923]
S3 usbser2k;Motorola USB Modem Driver from Win2K SP4;c:\windows\system32\drivers\usbser2k.sys [2006-7-28 22768]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-18 135664]
S4 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2008-1-20 493144]

=============== Created Last 30 ================

2010-06-27 15:49:48 0 ----a-w- c:\documents and settings\dan\defogger_reenable
2010-06-26 16:49:12 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2010-06-26 16:49:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 16:48:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-26 16:48:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-25 00:15:06 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-24 17:06:00 120 ----a-w- c:\windows\Etipokezezoco.dat
2010-06-24 17:06:00 0 ----a-w- c:\windows\Lcogalifipuluke.bin

==================== Find3M ====================

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:09 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-04-16 16:09:08 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-04-16 16:09:07 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-04-16 16:09:07 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-04-16 16:09:05 81920 ------w- c:\windows\system32\ieencode.dll
2010-04-16 16:09:05 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-04-16 16:09:05 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-04-16 16:09:05 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-04-06 08:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2003-08-27 19:19:18 36963 -c--a-r- c:\program files\common files\SM1updtr.dll
2003-06-18 03:57:50 807 -c--a-w- c:\program files\INSTALL.LOG
2005-08-26 16:22:48 178623 --sh--w- c:\windows\java\packages\siibd.bak1
2005-10-08 02:22:24 338085 --sha-w- c:\windows\repair\dmcc.bak1
2005-10-12 12:18:09 352641 --sha-w- c:\windows\repair\dmcc.bak2
2005-10-12 23:08:19 352644 --sha-w- c:\windows\repair\dmcc.ini2

============= FINISH: 9:05:35.09 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:07 AM

Posted 05 July 2010 - 04:43 PM

Hello, pir@ii@40
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.







Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 pir@ii@40

pir@ii@40
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 06 July 2010 - 01:10 AM

Hi Tom, Here's the TDSSKiller log. I then tried running combofix but it ran for 4 hours and seemed froze so I booted the PC. When I restarted I found I was reinfected with AV Security Suite so I followed instructions on this forum to remove that again. Then I re-ran TDSSKiller - the log from the 2nd scan is pasted in as well. After this I was able to run comboofix and that log file is attached.


18:21:47:599 3248 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
18:21:47:599 3248 ================================================================================
18:21:47:599 3248 SystemInfo:

18:21:47:599 3248 OS Version: 5.1.2600 ServicePack: 3.0
18:21:47:599 3248 Product type: Workstation
18:21:47:599 3248 ComputerName: D352YT11
18:21:47:599 3248 UserName: Dan
18:21:47:599 3248 Windows directory: C:\WINDOWS
18:21:47:599 3248 System windows directory: C:\WINDOWS
18:21:47:599 3248 Processor architecture: Intel x86
18:21:47:599 3248 Number of processors: 1
18:21:47:599 3248 Page size: 0x1000
18:21:47:599 3248 Boot type: Normal boot
18:21:47:599 3248 ================================================================================
18:21:48:786 3248 Initialize success
18:21:48:786 3248
18:21:48:786 3248 Scanning Services ...
18:21:49:724 3248 Raw services enum returned 409 services
18:21:49:771 3248
18:21:49:771 3248 Scanning Drivers ...
18:21:51:943 3248 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
18:21:52:114 3248 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
18:21:52:208 3248 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
18:21:52:286 3248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:21:52:474 3248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:21:52:599 3248 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
18:21:52:739 3248 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
18:21:52:786 3248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:21:52:911 3248 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:21:53:083 3248 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:21:53:427 3248 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
18:21:53:739 3248 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
18:21:53:818 3248 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
18:21:53:896 3248 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
18:21:54:036 3248 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
18:21:54:161 3248 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
18:21:54:302 3248 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
18:21:54:489 3248 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
18:21:54:583 3248 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
18:21:54:693 3248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:21:54:786 3248 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
18:21:54:911 3248 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
18:21:54:989 3248 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
18:21:55:083 3248 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
18:21:55:208 3248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:21:55:333 3248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:21:55:505 3248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:21:55:599 3248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:21:55:677 3248 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
18:21:55:755 3248 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
18:21:55:818 3248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:21:55:896 3248 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
18:21:55:943 3248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:21:56:021 3248 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:21:56:114 3248 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
18:21:56:224 3248 CdaC15BA (69419792390122eefd84e598d896715b) C:\WINDOWS\System32\drivers\CdaC15BA.SYS
18:21:56:318 3248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:21:56:443 3248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:21:56:536 3248 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
18:21:56:630 3248 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
18:21:56:739 3248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:21:56:818 3248 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
18:21:56:989 3248 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
18:21:57:083 3248 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
18:21:57:177 3248 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
18:21:57:255 3248 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
18:21:57:349 3248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:21:57:489 3248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:21:57:677 3248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:21:57:802 3248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:21:57:880 3248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:21:58:005 3248 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
18:21:58:130 3248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:21:58:208 3248 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
18:21:58:349 3248 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:21:58:521 3248 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
18:21:58:677 3248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:21:58:802 3248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:21:58:911 3248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:21:59:005 3248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:21:59:114 3248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:21:59:239 3248 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
18:21:59:302 3248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:21:59:411 3248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:21:59:552 3248 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:21:59:614 3248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:21:59:739 3248 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
18:21:59:864 3248 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
18:21:59:943 3248 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:22:00:052 3248 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:22:00:146 3248 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:22:00:239 3248 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:22:00:458 3248 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:22:00:724 3248 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
18:22:00:896 3248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:22:01:005 3248 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:22:01:114 3248 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
18:22:01:239 3248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:22:01:333 3248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
18:22:01:474 3248 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
18:22:01:599 3248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:22:01:693 3248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:22:01:755 3248 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:22:01:880 3248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:22:01:974 3248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:22:02:099 3248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:22:02:161 3248 IPSec (24a7b3db6bd83203bd3d4c8abac37902) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:22:02:161 3248 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 24a7b3db6bd83203bd3d4c8abac37902, Fake md5: 23c74d75e36e7158768dd63d92789a91
18:22:02:161 3248 File "C:\WINDOWS\system32\DRIVERS\ipsec.sys" infected by TDSS rootkit ... 18:22:05:177 3248 Backup copy found, using it..
18:22:05:474 3248 will be cured on next reboot
18:22:05:786 3248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:22:05:896 3248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:22:05:989 3248 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
18:22:06:161 3248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:22:06:239 3248 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
18:22:06:318 3248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:22:06:396 3248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:22:06:521 3248 LNE100 (e7a30b307ac29afbb993049df04bb91b) C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
18:22:06:755 3248 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:22:06:833 3248 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
18:22:06:911 3248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:22:07:005 3248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:22:07:099 3248 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:22:07:208 3248 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
18:22:07:286 3248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:22:07:396 3248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:22:07:458 3248 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
18:22:07:536 3248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:22:07:755 3248 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:22:07:927 3248 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
18:22:08:005 3248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:22:08:114 3248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:22:08:224 3248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:22:08:318 3248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:22:08:458 3248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:22:08:521 3248 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:22:08:599 3248 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:22:08:724 3248 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys
18:22:08:802 3248 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:22:08:974 3248 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100702.003\naveng.sys
18:22:09:239 3248 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100702.003\navex15.sys
18:22:09:505 3248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:22:09:614 3248 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:22:09:771 3248 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:22:09:833 3248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:22:09:958 3248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:22:10:114 3248 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:22:10:208 3248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:22:10:302 3248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:22:10:443 3248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:22:10:677 3248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:22:10:974 3248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:22:11:521 3248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:22:11:630 3248 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:22:11:896 3248 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
18:22:12:052 3248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:22:12:130 3248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:22:12:239 3248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:22:12:396 3248 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
18:22:12:505 3248 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
18:22:12:583 3248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:22:12:708 3248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:22:12:864 3248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:22:12:927 3248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:22:13:099 3248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
18:22:13:193 3248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:22:13:458 3248 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
18:22:13:599 3248 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
18:22:13:693 3248 perm2 (fd79193a9e7352b19db02630e00f7b6a) C:\WINDOWS\system32\DRIVERS\perm2.sys
18:22:13:818 3248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:22:13:927 3248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:22:14:052 3248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:22:14:208 3248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:22:14:271 3248 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
18:22:14:380 3248 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:22:14:505 3248 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
18:22:14:630 3248 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
18:22:14:786 3248 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
18:22:14:864 3248 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
18:22:14:989 3248 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
18:22:15:130 3248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:22:15:193 3248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:22:15:271 3248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:22:15:364 3248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:22:15:458 3248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:22:15:599 3248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:22:15:708 3248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:22:15:864 3248 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:22:15:989 3248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:22:16:114 3248 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
18:22:16:239 3248 rtl8139 (d6066a0596b13e486204dd365fdb2d4f) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:22:16:349 3248 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys
18:22:16:380 3248 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:22:16:521 3248 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
18:22:16:599 3248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:22:16:661 3248 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:22:16:724 3248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:22:16:833 3248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:22:16:943 3248 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
18:22:17:052 3248 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:22:17:177 3248 smwdm (12d9287937366bf1c9ad7007b5407deb) C:\WINDOWS\system32\drivers\smwdm.sys
18:22:17:333 3248 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
18:22:17:443 3248 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
18:22:17:552 3248 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
18:22:17:646 3248 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:22:17:755 3248 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
18:22:17:833 3248 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
18:22:17:896 3248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:22:18:005 3248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:22:18:146 3248 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
18:22:18:302 3248 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:22:18:443 3248 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:22:18:583 3248 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:22:18:708 3248 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
18:22:18:864 3248 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:22:18:989 3248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:22:19:036 3248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:22:19:161 3248 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
18:22:19:224 3248 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
18:22:19:427 3248 SymEvent (42123611a49c33536ab29bdd852a9f5e) C:\Program Files\Symantec\SYMEVENT.SYS
18:22:19:568 3248 SYMREDRV (8ddb430ea48468c156db872a214178fc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:22:19:693 3248 SYMTDI (ec1a39493fb104d317e8271162a74b94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:22:19:818 3248 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
18:22:19:927 3248 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
18:22:20:036 3248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:22:20:161 3248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:22:20:239 3248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:22:20:318 3248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:22:20:396 3248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:22:20:489 3248 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
18:22:20:614 3248 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
18:22:20:708 3248 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
18:22:20:849 3248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:22:21:021 3248 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
18:22:21:146 3248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:22:21:318 3248 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:22:21:443 3248 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:22:21:552 3248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:22:21:614 3248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:22:21:677 3248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:22:21:771 3248 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:22:21:864 3248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:22:21:974 3248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:22:22:083 3248 usbser2k (949263e32a888771e7c3fc240ae3550e) C:\WINDOWS\system32\DRIVERS\usbser2k.sys
18:22:22:224 3248 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
18:22:22:349 3248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:22:22:427 3248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:22:22:614 3248 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
18:22:22:818 3248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:22:22:943 3248 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
18:22:23:036 3248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
18:22:23:146 3248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:22:23:255 3248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:22:23:380 3248 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:22:23:505 3248 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:22:23:693 3248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:22:23:864 3248 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:22:24:083 3248 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:22:24:224 3248 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:22:24:396 3248 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:22:24:521 3248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:22:24:677 3248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:22:24:677 3248 Reboot required for cure complete..
18:22:25:255 3248 Cure on reboot scheduled successfully
18:22:25:255 3248
18:22:25:255 3248 Completed
18:22:25:255 3248
18:22:25:255 3248 Results:
18:22:25:255 3248 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:22:25:255 3248 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:22:25:255 3248
18:22:25:255 3248 KLMD(ARK) unloaded successfully







01:02:12:207 3228 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
01:02:12:207 3228 ================================================================================
01:02:12:207 3228 SystemInfo:

01:02:12:207 3228 OS Version: 5.1.2600 ServicePack: 3.0
01:02:12:207 3228 Product type: Workstation
01:02:12:207 3228 ComputerName: D352YT11
01:02:12:222 3228 UserName: Dan
01:02:12:222 3228 Windows directory: C:\WINDOWS
01:02:12:222 3228 System windows directory: C:\WINDOWS
01:02:12:222 3228 Processor architecture: Intel x86
01:02:12:222 3228 Number of processors: 1
01:02:12:222 3228 Page size: 0x1000
01:02:12:238 3228 Boot type: Normal boot
01:02:12:238 3228 ================================================================================
01:02:13:629 3228 Initialize success
01:02:13:629 3228
01:02:13:629 3228 Scanning Services ...
01:02:15:238 3228 Raw services enum returned 411 services
01:02:15:316 3228
01:02:15:316 3228 Scanning Drivers ...
01:02:26:690 3228 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
01:02:27:424 3228 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
01:02:27:815 3228 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
01:02:28:346 3228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:02:28:799 3228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:02:29:205 3228 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
01:02:29:549 3228 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
01:02:30:018 3228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:02:30:471 3228 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
01:02:30:892 3228 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
01:02:31:189 3228 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
01:02:31:502 3228 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
01:02:31:892 3228 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
01:02:32:142 3228 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
01:02:32:299 3228 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
01:02:32:517 3228 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
01:02:32:892 3228 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
01:02:33:205 3228 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
01:02:33:345 3228 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
01:02:33:783 3228 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:02:34:048 3228 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
01:02:34:236 3228 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
01:02:34:330 3228 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
01:02:34:408 3228 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
01:02:34:564 3228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:02:34:673 3228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:02:34:908 3228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:02:35:017 3228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:02:35:095 3228 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
01:02:35:236 3228 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
01:02:35:376 3228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:02:35:673 3228 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
01:02:35:736 3228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:02:35:876 3228 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:02:36:001 3228 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
01:02:36:079 3228 CdaC15BA (69419792390122eefd84e598d896715b) C:\WINDOWS\System32\drivers\CdaC15BA.SYS
01:02:36:236 3228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:02:36:314 3228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:02:36:376 3228 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
01:02:36:486 3228 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
01:02:36:657 3228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:02:36:876 3228 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
01:02:37:079 3228 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
01:02:37:157 3228 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
01:02:37:251 3228 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
01:02:37:423 3228 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
01:02:37:548 3228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:02:37:704 3228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:02:37:892 3228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:02:38:017 3228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:02:38:095 3228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:02:38:220 3228 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
01:02:38:360 3228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:02:38:579 3228 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
01:02:38:892 3228 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
01:02:39:142 3228 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
01:02:39:454 3228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:02:39:735 3228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:02:40:017 3228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:02:40:173 3228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:02:40:470 3228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:02:40:813 3228 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
01:02:41:110 3228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:02:41:376 3228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:02:41:594 3228 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:02:41:798 3228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:02:42:016 3228 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
01:02:42:282 3228 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
01:02:42:594 3228 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:02:43:313 3228 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:02:43:907 3228 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:02:44:547 3228 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
01:02:45:782 3228 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
01:02:47:625 3228 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
01:02:48:797 3228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:02:49:437 3228 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
01:02:49:828 3228 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
01:02:50:312 3228 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:02:50:750 3228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
01:02:51:234 3228 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
01:02:51:640 3228 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:02:52:093 3228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:02:52:625 3228 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:02:53:281 3228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:02:53:796 3228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:02:54:171 3228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:02:54:406 3228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:02:54:687 3228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:02:54:999 3228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:02:55:359 3228 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
01:02:55:640 3228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:02:55:749 3228 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
01:02:55:952 3228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:02:56:140 3228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:02:56:437 3228 LNE100 (e7a30b307ac29afbb993049df04bb91b) C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
01:02:56:780 3228 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:02:57:327 3228 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
01:02:57:796 3228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:02:58:312 3228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:02:58:561 3228 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:02:58:780 3228 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
01:02:59:077 3228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:02:59:202 3228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:02:59:311 3228 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
01:02:59:405 3228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:02:59:718 3228 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:03:00:046 3228 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
01:03:00:358 3228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:03:00:749 3228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:03:01:342 3228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:03:01:483 3228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:03:01:749 3228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:03:01:983 3228 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:03:02:061 3228 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
01:03:02:171 3228 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys
01:03:02:295 3228 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:03:02:467 3228 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100702.003\naveng.sys
01:03:02:952 3228 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100702.003\navex15.sys
01:03:03:186 3228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:03:03:264 3228 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:03:03:342 3228 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:03:03:420 3228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:03:03:561 3228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:03:03:811 3228 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
01:03:03:983 3228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:03:04:186 3228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:03:04:327 3228 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:03:04:420 3228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:03:04:670 3228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:03:05:045 3228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:03:05:217 3228 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:03:05:467 3228 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
01:03:05:780 3228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:03:05:920 3228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:03:06:092 3228 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:03:06:608 3228 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
01:03:07:076 3228 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
01:03:07:186 3228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:03:07:248 3228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:03:07:373 3228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:03:07:482 3228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:03:07:670 3228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
01:03:07:748 3228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:03:08:045 3228 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
01:03:08:123 3228 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
01:03:08:264 3228 perm2 (fd79193a9e7352b19db02630e00f7b6a) C:\WINDOWS\system32\DRIVERS\perm2.sys
01:03:08:373 3228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:03:08:435 3228 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
01:03:08:545 3228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:03:08:623 3228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:03:08:701 3228 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
01:03:08:920 3228 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:03:09:076 3228 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
01:03:09:154 3228 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
01:03:09:295 3228 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
01:03:09:451 3228 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
01:03:09:576 3228 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
01:03:09:701 3228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:03:09:857 3228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:03:09:998 3228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:03:10:076 3228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:03:10:232 3228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:03:10:373 3228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:03:10:467 3228 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:03:10:607 3228 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
01:03:10:779 3228 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:03:11:045 3228 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
01:03:11:170 3228 rtl8139 (d6066a0596b13e486204dd365fdb2d4f) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
01:03:11:263 3228 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys
01:03:11:295 3228 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
01:03:11:466 3228 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
01:03:11:591 3228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:03:11:654 3228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:03:11:810 3228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:03:11:951 3228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:03:12:091 3228 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
01:03:12:216 3228 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:03:12:341 3228 smwdm (12d9287937366bf1c9ad7007b5407deb) C:\WINDOWS\system32\drivers\smwdm.sys
01:03:12:498 3228 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
01:03:12:607 3228 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
01:03:12:857 3228 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
01:03:13:029 3228 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
01:03:13:123 3228 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
01:03:13:201 3228 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
01:03:13:279 3228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:03:13:404 3228 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:03:13:560 3228 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
01:03:13:732 3228 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
01:03:13:888 3228 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
01:03:14:029 3228 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
01:03:14:154 3228 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
01:03:14:310 3228 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:03:14:404 3228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:03:14:466 3228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:03:14:575 3228 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
01:03:14:654 3228 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
01:03:14:763 3228 SymEvent (42123611a49c33536ab29bdd852a9f5e) C:\Program Files\Symantec\SYMEVENT.SYS
01:03:14:966 3228 SYMREDRV (8ddb430ea48468c156db872a214178fc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
01:03:15:075 3228 SYMTDI (ec1a39493fb104d317e8271162a74b94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
01:03:15:232 3228 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
01:03:15:279 3228 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
01:03:15:372 3228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:03:15:560 3228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:03:15:716 3228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:03:15:778 3228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:03:15:950 3228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:03:16:075 3228 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
01:03:16:200 3228 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
01:03:16:294 3228 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
01:03:16:450 3228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:03:16:575 3228 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
01:03:16:716 3228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:03:16:935 3228 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:03:17:060 3228 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
01:03:17:185 3228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:03:17:278 3228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:03:17:403 3228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:03:17:481 3228 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
01:03:17:528 3228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:03:17:653 3228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:03:17:935 3228 usbser2k (949263e32a888771e7c3fc240ae3550e) C:\WINDOWS\system32\DRIVERS\usbser2k.sys
01:03:18:091 3228 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
01:03:18:153 3228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:03:18:247 3228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:03:18:403 3228 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
01:03:18:575 3228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:03:18:700 3228 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
01:03:18:856 3228 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
01:03:18:981 3228 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:03:19:075 3228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:03:19:200 3228 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
01:03:19:325 3228 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:03:19:512 3228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:03:19:684 3228 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
01:03:19:872 3228 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:03:19:997 3228 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:03:20:075 3228 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:03:20:216 3228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:03:20:356 3228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:03:20:356 3228
01:03:20:356 3228 Completed
01:03:20:356 3228
01:03:20:356 3228 Results:
01:03:20:356 3228 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
01:03:20:356 3228 File objects infected / cured / cured on reboot: 0 / 0 / 0
01:03:20:356 3228
01:03:20:356 3228 KLMD(ARK) unloaded successfully



Attached Files



#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:07 AM

Posted 09 July 2010 - 01:04 PM

Hi,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5577


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.






Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.






I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:07 AM

Posted 12 July 2010 - 02:07 PM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 pir@ii@40

pir@ii@40
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 12 July 2010 - 02:54 PM

Hi tom, yes still with you. Have not had a chance to run last instructions yet. Will tonite. Pc running great after combofix...no sign of infection.

#9 pir@ii@40

pir@ii@40
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 13 July 2010 - 01:19 AM


combofix log attached.


here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4307

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/12/2010 10:10:17 PM
mbam-log-2010-07-12 (22-10-17).txt

Scan type: Quick scan
Objects scanned: 201746
Time elapsed: 11 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



here is the eset scan results:

C:\k.html Win32/Adware.MediaTickets application cleaned by deleting - quarantined
C:\staff.html Win32/Adware.MediaTickets.downloader application cleaned by deleting - quarantined
C:\Documents and Settings\Dan\.jpi_cache\jar\1.0\javainstaller.jar-2f2e21ea-6e3c5883.zip Java/TrojanDownloader.OpenStream.W trojan deleted - quarantined
C:\Documents and Settings\Dan\Desktop\a.exe a variant of Win32/Kryptik.FHW trojan cleaned by deleting - quarantined
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050817.024\0668NAV~.TMP Win32/TrojanDownloader.Agent.AE trojan cleaned by deleting - quarantined
C:\Program Files\hijackthis\backups\backup-20041212-225601-530.dll Win32/Adware.MidADdle application cleaned by deleting - quarantined
C:\Program Files\PlayFirst\Diner Dash\game\diner dash.exe probably a variant of Win32/Hupigon trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\$NtServicePackUninstall$\siibd.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\$NtServicePackUninstall$\siibd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\JAVA\Packages\siibd.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\JAVA\Packages\siibd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.tmp2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3104\A0567290.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3112\A0570600.exe a variant of Win32/Kryptik.FHW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3112\A0570601.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3112\A0570602.dll Win32/Adware.MidADdle application cleaned by deleting - quarantined
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3112\A0570603.exe probably a variant of Win32/Hupigon trojan cleaned by deleting - quarantined
C:\WINDOWS\$NtServicePackUninstall$\nur.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\AppPatch\nur.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Program Files\ProfJ1G.exe Win32/TrojanDownloader.Small.gen trojan cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\biU.exe multiple threats deleted - quarantined
F:\My Music\Misc\Morph20.exe multiple threats deleted - quarantined
F:\Program Files\Microsoft AntiSpyware\Quarantine\C23BF770-678D-4122-9B89-62FA78\C3E55831-8741-4B4A-A39D-42D591 a variant of Win32/Adware.NdotNet.A application cleaned by deleting - quarantined
F:\Program Files\Microsoft AntiSpyware\Quarantine\C23BF770-678D-4122-9B89-62FA78\DC5CDE5C-D0BE-4152-B8E6-83B886 a variant of Win32/Adware.OneStep application cleaned by deleting - quarantined



here are contents of C:\Program Files\ESET\ESET Online Scanner\log.txt


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4fadfcd88b73a04880aa4a9f1233d364
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-13 05:20:08
# local_time=2010-07-13 01:20:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 35492119 35492119 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=190588
# found=30
# cleaned=30
# scan_time=10742
C:\k.html Win32/Adware.MediaTickets application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\staff.html Win32/Adware.MediaTickets.downloader application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dan\.jpi_cache\jar\1.0\javainstaller.jar-2f2e21ea-6e3c5883.zip Java/TrojanDownloader.OpenStream.W trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Dan\Desktop\a.exe a variant of Win32/Kryptik.FHW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050817.024\0668NAV~.TMP Win32/TrojanDownloader.Agent.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\hijackthis\backups\backup-20041212-225601-530.dll Win32/Adware.MidADdle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\PlayFirst\Diner Dash\game\diner dash.exe probably a variant of Win32/Hupigon trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\$NtServicePackUninstall$\siibd.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\$NtServicePackUninstall$\siibd.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\JAVA\Packages\siibd.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\JAVA\Packages\siibd.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.tmp.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\REPAIR\dmcc.tmp2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3104\A0567290.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3112\A0570600.exe a variant of Win32/Kryptik.FHW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3112\A0570601.EXE Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3112\A0570602.dll Win32/Adware.MidADdle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3112\A0570603.exe probably a variant of Win32/Hupigon trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtServicePackUninstall$\nur.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\AppPatch\nur.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Downloaded Program Files\ProfJ1G.exe Win32/TrojanDownloader.Small.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\biU.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\My Music\Misc\Morph20.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\Program Files\Microsoft AntiSpyware\Quarantine\C23BF770-678D-4122-9B89-62FA78\C3E55831-8741-4B4A-A39D-42D591 a variant of Win32/Adware.NdotNet.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Program Files\Microsoft AntiSpyware\Quarantine\C23BF770-678D-4122-9B89-62FA78\DC5CDE5C-D0BE-4152-B8E6-83B886 a variant of Win32/Adware.OneStep application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


here is otl.txt

OTL logfile created on: 7/13/2010 1:27:17 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 72.00 Mb Available Physical Memory | 14.00% Memory free
893.00 Mb Paging File | 424.00 Mb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 3.82 Gb Free Space | 10.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 93.36 Gb Total Space | 47.72 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D352YT11
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/13 01:25:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2010/06/27 22:45:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/10/06 17:56:52 | 000,161,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/10/06 17:56:48 | 000,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2004/10/06 17:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/10/06 17:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/08/27 11:16:32 | 000,229,376 | ---- | M] () -- C:\Program Files\Linksys\Linksys VPN Client\VPNClient.exe
PRC - [2004/06/09 20:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/06/09 20:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/06/09 20:31:06 | 000,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/11/01 21:20:17 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [1996/11/21 00:00:00 | 000,051,984 | ---- | M] () -- F:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/13 01:25:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/03/09 05:36:10 | 002,213,416 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/01/05 17:22:18 | 000,689,752 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\MSC\mcupdmgr.exe -- (mcmispupdmgr)
SRV - [2007/01/05 17:22:12 | 000,361,560 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/01/05 17:21:40 | 000,493,144 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MSC\mcpromgr.exe -- (mcpromgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/06 17:56:48 | 000,173,392 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SAVRoam)
SRV - [2004/10/06 17:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/10/06 17:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/06/11 18:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/06/09 20:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/06/09 20:31:12 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/06/09 20:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/09/16 17:55:36 | 001,388,648 | ---- | M] (America Online, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/04/05 13:39:37 | 000,052,736 | ---- | M] (Macrovision) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE -- (C-DillaCdaC11BA)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Dan\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Amita.sys -- (Amita) Amita Driver (Amita.sys)
DRV - [2010/07/02 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100702.003\navex15.sys -- (NAVEX15)
DRV - [2010/07/02 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100702.003\naveng.sys -- (NAVENG)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:44:29 | 000,027,904 | ---- | M] (Microsoft Corp., 3Dlabs Inc. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\perm2.sys -- (perm2)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/07/03 19:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 19:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 19:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 19:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2006/08/24 22:53:59 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys -- (usbsermpt)
DRV - [2006/07/28 08:18:40 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser2k.sys -- (usbser2k)
DRV - [2005/08/19 04:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/08/19 04:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/04 02:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2004/06/11 18:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/11 18:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/07/28 16:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/06/25 21:04:28 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/04/05 13:39:35 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2002/07/16 15:07:34 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/06/30 20:50:12 | 000,167,155 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/06/30 20:49:46 | 001,172,416 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/30 20:45:12 | 000,594,832 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/11/05 10:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 10:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sonyhcb.sys -- (sonyhcb)
DRV - [2001/10/24 20:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)
DRV - [2001/09/03 18:14:38 | 000,025,454 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys -- (V124)
DRV - [2001/08/17 14:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 14:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 14:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 14:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 14:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 14:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 14:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 14:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1997/12/22 22:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.BAK -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "verizon.com,localhost,127.0.0.1"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..browser.startup.homepage: "http://aimzones.aol.com/homepage"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010/07/01 20:46:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010/07/01 22:12:16 | 000,000,000 | ---D | M]

[2009/04/13 00:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2009/04/13 00:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/29 00:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\mn123whj.default\extensions
[2010/04/29 00:30:54 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\mn123whj.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2005/02/11 21:52:37 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\mn123whj.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/14 10:24:28 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\mn123whj.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/07/14 10:23:46 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\mn123whj.default\searchplugins\AIM Search.xml
[2010/06/26 12:31:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/09 13:03:02 | 000,658,056 | ---- | M] (Move Networks) -- C:\Program Files\Mozilla Firefox\plugins\npmnqmp07010901.dll
[2006/08/25 09:43:16 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/07/06 01:38:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VPN] C:\Program Files\Linksys\Linksys VPN Client\VPNClient.exe ()
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - HKCU..\Run: [RealPlayer] C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Dan\Start Menu\Programs\Startup\Office Startup.lnk = F:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/15 08:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/13 01:25:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2010/07/12 22:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/06 12:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Cache
[2010/07/05 18:44:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/05 18:34:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/05 18:34:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/05 18:34:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/05 18:34:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/05 18:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/05 18:31:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/05 18:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\tdsskiller
[2010/07/03 21:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\mjdgecatg
[2010/07/03 21:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/02 01:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/02 01:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/02 01:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/30 17:25:08 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Dan\Desktop\TDSSKiller.exe
[2010/06/27 23:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/27 23:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/27 12:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\gmer
[2010/06/27 11:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\New Folder (3)
[2010/06/26 12:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2010/06/26 12:49:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/26 12:48:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/26 12:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/24 20:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\{8D2BD60F-539C-4403-8D7C-DF3BCA9555AB}
[2010/06/24 17:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/24 15:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\{9D07750F-2EA5-465A-8368-47F3340FE6D1}
[2010/06/24 13:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\{61D5EEFC-8F48-4D63-8FA7-3FD5777AAC25}
[2010/06/24 05:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/29 00:31:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/04/29 00:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar
[2010/04/20 15:32:04 | 000,000,000 | R--D | C] -- C:\assembly
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\Documents and Settings\Dan\My Documents\*.tmp files -> C:\Documents and Settings\Dan\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/13 01:34:10 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1282138258-357967339-2079644369-1006UA.job
[2010/07/13 01:33:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\places.sqlite-journal
[2010/07/13 01:33:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/07/13 01:26:02 | 020,996,096 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\places.sqlite
[2010/07/13 01:25:42 | 000,036,724 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\localstore.rdf
[2010/07/13 01:25:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2010/07/13 01:25:32 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\downloads.sqlite
[2010/07/13 01:25:27 | 000,012,336 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\pluginreg.dat
[2010/07/13 01:25:07 | 000,007,736 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\cookies.sqlite-journal
[2010/07/13 01:25:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/13 01:23:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\parent.lock
[2010/07/13 01:20:41 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Dan\Desktop\~$Hi.doc
[2010/07/12 23:34:12 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1282138258-357967339-2079644369-1006Core.job
[2010/07/12 22:25:44 | 000,608,256 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\cookies.sqlite
[2010/07/12 22:25:43 | 025,341,952 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\urlclassifier3.sqlite
[2010/07/12 22:25:43 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\cert8.db
[2010/07/12 22:25:43 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\key3.db
[2010/07/12 22:25:29 | 000,008,693 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\prefs.js
[2010/07/12 22:17:14 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\esetsmartinstaller_enu.exe
[2010/07/12 22:01:08 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Hi.doc
[2010/07/12 21:55:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 21:43:25 | 000,000,296 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 21:22:37 | 003,737,917 | R--- | M] () -- C:\Documents and Settings\Dan\Desktop\schrauber.exe
[2010/07/12 21:19:30 | 000,025,789 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\extensions.rdf
[2010/07/12 21:19:30 | 000,003,595 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\blocklist.xml
[2010/07/12 21:15:24 | 001,171,833 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\XUL.mfl
[2010/07/12 20:35:34 | 000,281,600 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\formhistory.sqlite
[2010/07/12 07:48:16 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/12 03:31:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cad0a372d9858b.job
[2010/07/11 22:33:16 | 000,034,412 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\nick's fathead.jpg
[2010/07/08 23:49:02 | 002,785,280 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\permissions.sqlite
[2010/07/08 15:31:12 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\iTunes.lnk
[2010/07/08 07:30:33 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\webappsstore.sqlite
[2010/07/07 18:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 12:48:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/06 12:48:07 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/06 03:22:18 | 012,034,048 | ---- | M] () -- C:\Documents and Settings\Dan\ntuser.dat
[2010/07/06 03:22:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dan\NTUSER.INI
[2010/07/06 03:04:59 | 000,543,382 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/06 03:04:59 | 000,470,760 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/07/06 03:04:59 | 000,082,928 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/07/06 01:38:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/07/05 18:44:32 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/07/05 18:20:11 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Dan\Desktop\TDSSKiller.exe
[2010/07/05 18:16:43 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\tdsskiller.zip
[2010/07/04 02:38:18 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/04 02:38:17 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Google Chrome.lnk
[2010/07/01 22:12:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 21:02:14 | 000,018,230 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\mimeTypes.rdf
[2010/06/27 22:46:13 | 000,027,006 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\search.json
[2010/06/27 22:46:10 | 000,147,476 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\compreg.dat
[2010/06/27 22:46:10 | 000,101,848 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\xpti.dat
[2010/06/27 22:46:08 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\extensions.cache
[2010/06/27 22:46:08 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\extensions.ini
[2010/06/27 22:46:03 | 004,798,664 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\XPC.mfl
[2010/06/27 22:45:39 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\compatibility.ini
[2010/06/27 12:04:36 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\gmer.zip
[2010/06/27 11:56:47 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2010/06/27 11:49:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\defogger_reenable
[2010/06/27 11:48:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Defogger.exe
[2010/06/27 11:02:53 | 000,812,442 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\cc_20100627_110227.reg
[2010/06/27 10:56:58 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\CCleaner.lnk
[2010/06/26 16:12:25 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\signons.sqlite
[2010/06/26 16:10:55 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/26 15:45:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/26 15:45:52 | 000,000,945 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/26 12:49:03 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/24 13:06:00 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Etipokezezoco.dat
[2010/06/24 13:06:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lcogalifipuluke.bin
[2010/06/17 14:48:00 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\ashlyn birthday card p2.doc
[2010/06/16 07:57:47 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/06/16 07:56:01 | 000,111,360 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\2010jun17_second_pair.pdf
[2010/06/16 07:55:24 | 000,111,389 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\2010jun17_first_pair.pdf
[2010/06/15 17:55:53 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\ashlyn birthday card p1.doc
[2010/06/15 01:00:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/06/14 08:40:52 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\content-prefs.sqlite
[2010/06/12 09:42:36 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 15:35:30 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\yearbook quotes.doc
[2010/06/06 23:54:45 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\UHS final essay #3.doc
[2010/06/06 22:50:46 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\yearbook.doc
[2010/06/06 21:21:42 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\uhs final websites.doc
[2010/06/06 20:48:26 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\UHS final essay #2.doc
[2010/06/06 11:23:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Dan\My Documents\~$S final essay #2.doc
[2010/06/06 10:46:09 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Dan\My Documents\~$s final websites.doc
[2010/06/05 11:44:05 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\ush final websites.doc
[2010/06/05 11:43:54 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\uhs wwii.doc
[2010/06/03 18:26:01 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\UHS final essay #1.doc
[2010/06/01 01:00:28 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/05/30 15:08:43 | 006,938,624 | ---- | M] () -- C:\WINDOWS\MEDB.mdb
[2010/05/25 15:46:53 | 005,172,080 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Lyle Lovett & Jimmy Buffett - If I Had A Boat (Live @ Jazzfest 2000).mp3
[2010/05/16 15:10:22 | 000,008,192 | ---- | M] () -- C:\WINDOWS\Dan.pcb
[2010/05/16 04:45:23 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/14 00:56:24 | 000,001,120 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\sampleCSV2.csv
[2010/05/13 23:28:19 | 000,001,349 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\sampleCSV.csv
[2010/05/13 18:08:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\uhs containment essay.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 12:15:17 | 000,020,291 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Poli Theory Essay 2.docx
[2010/04/29 00:39:06 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\search.sqlite
[2010/04/29 00:30:54 | 000,000,063 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\user.js
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 20:41:37 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\titanic research paper.doc
[2010/04/25 20:40:34 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\titanic cover page.doc
[2010/04/15 18:23:51 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\the great depression.ppt
[2010/04/14 21:59:53 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\Documents and Settings\Dan\My Documents\*.tmp files -> C:\Documents and Settings\Dan\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/13 01:25:42 | 000,036,724 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\localstore.rdf
[2010/07/13 01:23:26 | 000,007,736 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\cookies.sqlite-journal
[2010/07/13 01:23:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\parent.lock
[2010/07/13 01:20:41 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Dan\Desktop\~$Hi.doc
[2010/07/12 22:25:29 | 000,008,693 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\prefs.js
[2010/07/12 22:17:05 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\esetsmartinstaller_enu.exe
[2010/07/12 22:01:01 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Hi.doc
[2010/07/12 21:19:30 | 000,025,789 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\extensions.rdf
[2010/07/11 22:33:11 | 000,034,412 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\nick's fathead.jpg
[2010/07/06 00:54:04 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/05 18:44:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/05 18:44:27 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/05 18:34:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/05 18:34:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/05 18:34:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/05 18:34:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/05 18:34:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/05 18:28:28 | 003,737,917 | R--- | C] () -- C:\Documents and Settings\Dan\Desktop\schrauber.exe
[2010/07/05 18:16:40 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\tdsskiller.zip
[2010/07/01 22:12:16 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 21:02:14 | 000,018,230 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\mimeTypes.rdf
[2010/06/27 22:46:08 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\extensions.cache
[2010/06/27 22:46:08 | 000,000,360 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\extensions.ini
[2010/06/27 12:04:35 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\gmer.zip
[2010/06/27 11:56:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2010/06/27 11:49:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\defogger_reenable
[2010/06/27 11:48:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Defogger.exe
[2010/06/27 11:02:31 | 000,812,442 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\cc_20100627_110227.reg
[2010/06/27 10:56:58 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\CCleaner.lnk
[2010/06/26 16:12:24 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\signons.sqlite
[2010/06/26 16:12:22 | 000,027,006 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\search.json
[2010/06/26 16:11:43 | 001,171,833 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\XUL.mfl
[2010/06/26 16:11:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\places.sqlite-journal
[2010/06/26 16:10:55 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/26 12:49:03 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/24 13:06:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Etipokezezoco.dat
[2010/06/24 13:06:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lcogalifipuluke.bin
[2010/06/16 08:18:20 | 012,034,048 | ---- | C] () -- C:\Documents and Settings\Dan\ntuser.dat
[2010/06/16 07:55:57 | 000,111,360 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\2010jun17_second_pair.pdf
[2010/06/16 07:55:03 | 000,111,389 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\2010jun17_first_pair.pdf
[2010/06/15 17:56:08 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\ashlyn birthday card p2.doc
[2010/06/15 17:55:53 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\ashlyn birthday card p1.doc
[2010/06/11 15:35:29 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\yearbook quotes.doc
[2010/06/06 21:56:55 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\yearbook.doc
[2010/06/06 20:50:11 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\UHS final essay #3.doc
[2010/06/06 17:44:13 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\Office Startup.lnk
[2010/06/06 11:23:30 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Dan\My Documents\~$S final essay #2.doc
[2010/06/06 10:46:09 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Dan\My Documents\~$s final websites.doc
[2010/06/05 18:19:12 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\uhs final websites.doc
[2010/06/05 15:22:27 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\UHS final essay #2.doc
[2010/06/05 11:44:03 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\ush final websites.doc
[2010/06/05 11:43:52 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\uhs wwii.doc
[2010/06/02 18:59:07 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\UHS final essay #1.doc
[2010/05/16 04:45:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/14 00:34:26 | 000,001,120 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\sampleCSV2.csv
[2010/05/13 23:08:43 | 000,001,349 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\sampleCSV.csv
[2010/05/13 17:43:30 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\uhs containment essay.doc
[2010/04/29 12:15:03 | 000,020,291 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Poli Theory Essay 2.docx
[2010/04/29 00:30:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\user_org.js
[2010/04/15 17:31:40 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\the great depression.ppt
[2009/06/20 15:13:18 | 004,477,539 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/06/20 15:13:18 | 000,832,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/06/20 15:13:18 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/20 15:13:18 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/06/20 15:13:18 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/06/20 15:13:18 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/06/20 15:13:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/06/20 15:13:18 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/06/20 15:13:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/06/20 15:13:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/06/20 15:13:16 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/06/20 15:13:16 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/06/20 15:13:16 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/06/20 14:28:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/14 11:21:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/06/14 11:21:32 | 000,237,056 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/06/14 11:21:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/24 20:58:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/05/18 11:26:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/11/28 22:37:25 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/06/12 07:45:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/13 01:11:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/12/26 08:53:26 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\LDecAACKrn.dll
[2006/12/26 08:53:26 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LEncAACKrn.dll
[2006/12/26 08:53:25 | 001,224,704 | ---- | C] () -- C:\WINDOWS\System32\LEncH2643.dll
[2006/12/26 08:53:25 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\LDECAAC.dll
[2006/12/26 08:53:25 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\LEncAAC.dll
[2006/12/26 08:53:24 | 001,728,512 | ---- | C] () -- C:\WINDOWS\System32\LDecH2643.dll
[2006/12/26 08:53:24 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\LENCMPG4.dll
[2006/12/26 08:53:24 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\LEncMPG4Krn.dll
[2006/12/26 08:53:24 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG4.dll
[2006/12/26 08:53:24 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\LDecMPG4Krn.dll
[2006/12/26 08:53:23 | 001,921,024 | ---- | C] () -- C:\WINDOWS\System32\ltmm15_n.dll
[2006/12/26 08:53:23 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/12/26 08:53:23 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/12/26 08:53:22 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LCodcCMP2.dll
[2006/12/26 08:53:16 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\LtAct14n.dll
[2006/12/26 08:53:15 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ltact.dll
[2006/12/26 08:53:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ltserial.dll
[2006/07/15 21:51:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2006/04/30 19:31:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2006/04/17 17:02:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RAWImage.INI
[2006/02/28 14:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/04 07:33:39 | 000,000,433 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/08/26 23:12:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/05/12 03:01:23 | 000,001,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2004/12/05 21:34:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/05 19:28:01 | 000,000,045 | ---- | C] () -- C:\WINDOWS\JIKIFHNH.ini
[2004/07/06 22:29:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2004/04/14 18:40:54 | 000,000,373 | ---- | C] () -- C:\WINDOWS\KA.INI
[2004/04/11 10:23:21 | 000,000,400 | ---- | C] () -- C:\WINDOWS\Belt.ini
[2004/02/13 08:09:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\WInterface.dll
[2004/01/26 21:36:30 | 000,023,694 | ---- | C] () -- C:\WINDOWS\System32\win32k2.sys
[2004/01/24 10:15:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/19 19:22:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/06 15:48:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EAREMOVE.INI
[2003/07/17 17:29:17 | 000,172,128 | ---- | C] () -- C:\WINDOWS\msview.ini
[2003/06/24 17:54:29 | 000,000,979 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/06/17 23:14:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/06/17 23:13:58 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/05/27 15:49:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\AQalphaGL.dll
[2003/04/05 14:00:11 | 000,001,341 | ---- | C] () -- C:\WINDOWS\Mpcwty02.ini
[2003/04/05 13:39:37 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2003/04/05 13:39:36 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2003/03/22 15:59:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2003/03/02 11:38:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\zip_var.ini
[2003/03/02 11:38:51 | 000,000,034 | ---- | C] () -- C:\WINDOWS\phone_var.ini
[2003/03/02 11:38:50 | 000,051,942 | ---- | C] () -- C:\WINDOWS\name_gender.ini
[2003/03/02 11:38:50 | 000,000,212 | ---- | C] () -- C:\WINDOWS\states.ini
[2003/03/02 11:38:50 | 000,000,058 | ---- | C] () -- C:\WINDOWS\birth_var.ini
[2003/03/02 11:38:50 | 000,000,037 | ---- | C] () -- C:\WINDOWS\name_var.ini
[2003/03/02 11:38:50 | 000,000,011 | ---- | C] () -- C:\WINDOWS\city_var.ini
[2003/03/02 11:38:49 | 000,000,016 | ---- | C] () -- C:\WINDOWS\addr_var.ini
[2003/02/20 14:26:42 | 000,000,801 | ---- | C] () -- C:\WINDOWS\wavemix.ini
[2003/02/12 17:33:04 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2002/12/30 21:22:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\iPodSrv_es.dll
[2002/11/09 00:08:17 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\MusicCitydll2.dll
[2002/11/09 00:06:54 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll
[2002/11/09 00:06:54 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[2002/11/09 00:06:50 | 000,005,834 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2002/10/08 20:27:34 | 000,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2002/09/20 19:57:17 | 000,000,060 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/09/17 20:34:28 | 000,000,112 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2002/09/15 15:28:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2002/09/15 15:26:59 | 000,001,005 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/09/15 15:26:59 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2002/09/13 20:04:04 | 000,001,024 | ---- | C] () -- C:\WINDOWS\disney.ini
[2002/09/13 20:03:55 | 000,000,189 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2002/09/12 21:31:26 | 000,029,013 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/09/10 20:23:53 | 000,000,663 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2002/09/10 20:23:01 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2002/09/05 20:27:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/05 20:17:56 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/05 18:57:46 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/05/04 14:11:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2001/11/15 09:19:38 | 000,000,768 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/01/02 12:38:12 | 001,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/01/02 12:38:12 | 001,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/01/02 12:38:12 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/01/02 12:38:08 | 001,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2000/12/22 23:27:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\mplaw7.dll
[2000/12/22 23:19:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2000/12/22 23:19:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplam6.dll
[2000/12/22 23:19:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\mplaa6.dll
[2000/07/22 16:49:46 | 000,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[1998/03/10 11:10:54 | 000,009,317 | ---- | C] () -- C:\WINDOWS\Froggersetup.ini
[1997/11/10 16:18:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1995/03/22 00:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL

========== LOP Check ==========

[2009/07/14 10:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/07/15 21:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/07/03 23:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2005/12/26 10:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2007/03/11 09:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2002/09/05 20:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2008/09/28 16:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/01/04 17:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/05/17 23:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 10:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/26 16:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/07/14 10:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\acccore
[2004/12/05 18:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Aim
[2009/09/28 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2008/07/03 23:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\HotSync
[2007/12/26 08:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IBMERS
[2002/11/05 17:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\InterTrust
[2007/05/22 17:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2007/01/20 12:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\leftydarat
[2004/06/17 15:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Lycos
[2008/09/28 16:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\NCH Swift Sound
[2005/08/25 19:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\OLYMPUS
[2008/01/04 17:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\PlayFirst
[2009/09/26 23:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Viewpoint
[2005/03/29 18:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\{12EE7A5E-0674-42f9-A76B-000000004D00}
[2010/06/15 01:00:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/06/01 01:00:28 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/07 21:50:43 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2004/01/22 22:53:02 | 003,130,328 | ---- | M] () -- C:\Install_AIM.exe
[2003/12/29 23:54:45 | 019,979,192 | ---- | M] (Apple Computer, Inc. ) -- C:\iTunesSetup.exe
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2004/09/17 19:49:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/24 00:26:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/09/17 19:49:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/24 00:26:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Qoobox\32788R22FWJFW\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\AGP440.SYS
[2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/09/17 19:49:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/24 00:26:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/09/17 19:49:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/24 00:26:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/01/30 15:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\I386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Qoobox\32788R22FWJFW\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2001/08/18 07:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2001/08/18 07:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2001/08/18 07:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\I386\SCECLI.DLL
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/11/15 08:22:22 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2001/11/15 08:22:22 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2001/11/15 08:22:22 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/07/06 12:48:07 | 535,904,256 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/07/08 15:51:02 | 435,159,040 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >




here is extra.txt

OTL Extras logfile created on: 7/13/2010 1:27:17 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 72.00 Mb Available Physical Memory | 14.00% Memory free
893.00 Mb Paging File | 424.00 Mb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 3.82 Gb Free Space | 10.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 93.36 Gb Total Space | 47.72 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D352YT11
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\acsd.exe" = C:\Program Files\Common Files\AOL\ACS\acsd.exe:*:Disabled:AOL Connectivity Service -- (America Online, Inc.)
"F:\Program Files\CarbonPoker\client.exe" = F:\Program Files\CarbonPoker\client.exe:*:Enabled:Carbon Poker Client -- ()
"F:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = F:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"F:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = F:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1188008684\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1188008684\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{12DCDE3D-5C8E-4C5E-A7E4-CEF30F578179}" = Catz 5
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}" = MGI VideoWave 4
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{267C2169-055B-46DF-AE28-2DF2840A9097}" = Ultimate Sudoku - The Emperor's Challenge
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{307F566E-3DCF-4A6C-A149-FE47F39A1BA4}_is1" = Power CD+G Player Pro
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5264E937-B015-11D2-8C0E-00C04FBBCFF9}" = Microsoft Greetings 2000
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5C8AE145-C9F7-4883-9750-7ECD2B41CCCA}" = Linksys VPN Client
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7FC2AF73-10ED-404E-84A8-636B452404FD}" = Realtek RTL8139 Diagnostics Program
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E8A85F-2960-40ED-BA84-7F4567BB00C0}" = Dell | Support
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{95C42225-F0E2-4480-AD65-560D854F252E}" = Palm Desktop by ACCESS
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = The Sims Makin' Magic
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B02B8E30-EB28-49B0-A60F-696268BAE033}" = iPod System Software Updater 2.1
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D91FCB1C-9DE6-4680-9BCF-439F0AAA80BD}" = Symantec Client Security Posture Plug-in
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E229BC3D-60CC-4994-A8AE-D36E2F7EE503}" = M²Convert for iPod
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E5232150-5F44-4B21-9281-3869C7791B1E}" = SampleTestInstall
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ArcSoft Software Suite" = ArcSoft Software Suite
"CCleaner" = CCleaner
"CdaC13Ba" = SafeCast Shared Components
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"DC++" = DC++ 0.707
"Diner Dash" = Diner Dash
"Diner Dash - Flo on the Go" = Diner Dash - Flo on the Go
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"EasyGPS_is1" = EasyGPS
"Encarta97" = Microsoft Encarta 97 Encyclopedia
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 5" = FL Studio 5
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.3
"Frogger" = Frogger v3.0e
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"Hijackthis_is1" = Hijackthis 1.99.1
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B02B8E30-EB28-49B0-A60F-696268BAE033}" = iPod System Software Updater 2.1
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InterActual Player" = InterActual Player
"Java Web Start" = Java Web Start
"LEGO Digital Designer" = LEGO Digital Designer
"limeshop.xml" = LimeShop
"LimeWire" = LimeWire 5.1.2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MEDA MP3 Splitter_is1" = MEDA MP3 Splitter 1.0.8
"Media Player - Codec Pack" = Media Player Codec Pack 3.6.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Move Player_is1" = Move Networks Player for Firefox
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MS Flight Simulator" = Microsoft Flight Simulator for Windows 95
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Office8.0" = Microsoft Office 97, Standard Edition
"OnlyPoker" = OnlyPoker
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"RealPlayer 6.0" = RealOne Player
"Scrabble" = Scrabble (remove only)
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = RotoWire Football Draft Software
"Starcraft" = Starcraft
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Basic 2005" = TurboTax Basic 2005
"TurboTax Deluxe 2003" = TurboTax Deluxe 2003
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VCast Music Essentials Manager" = V CAST Music Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Page Maker V2_is1" = Web Page Maker V2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX" = WinMX
"WMFDist11" = Windows Media Format 11 runtime
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2010 5:57:37 PM | Computer Name = D352YT11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/5/2010 5:57:38 PM | Computer Name = D352YT11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/6/2010 3:04:54 AM | Computer Name = D352YT11 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7818, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 7/6/2010 3:04:54 AM | Computer Name = D352YT11 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 7/6/2010 3:04:57 AM | Computer Name = D352YT11 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7818, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 7/6/2010 3:04:57 AM | Computer Name = D352YT11 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 7/6/2010 3:04:58 AM | Computer Name = D352YT11 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7818, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 7/11/2010 11:31:46 AM | Computer Name = D352YT11 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.2.0.124, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2010 10:18:12 PM | Computer Name = D352YT11 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/12/2010 10:18:12 PM | Computer Name = D352YT11 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 7/13/2010 1:46:38 AM | Computer Name = D352YT11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
to connect.

Error - 7/13/2010 1:46:38 AM | Computer Name = D352YT11 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1053


< End of report >

Attached Files



#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:07 AM

Posted 14 July 2010 - 11:06 PM

Hi smile.gif


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.





Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")



How is it running now? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 pir@ii@40

pir@ii@40
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 15 July 2010 - 08:07 PM

Hi Tom - I uninstalled viewpoint and updated java - update 21 was avlbl so I did that rather than 20 (I assumed that was OK?). things are running great. Is it ok to run defogger again to re-enable the cd stuff? also, should I be running any anti spyware? I used to run ad-aware and spybot but they are real resource hogs. will malwarebytes be enough (free version)?

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:07 AM

Posted 17 July 2010 - 07:30 AM

Yes you can run defogger again smile.gif


Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.




Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools.





Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean smile.gif

Hiding Hidden Files
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Purging System Restore Points
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Make Internet Explorer 7 more secure
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:07 AM

Posted 19 July 2010 - 11:02 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users