Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected yet with Malware?


  • This topic is locked This topic is locked
26 replies to this topic

#1 nuvi

nuvi

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 09 August 2010 - 12:03 PM

Hello, I am trying to figure it out , If I am infected yet...
Firts of all, I am not so expert in computers, so I don't know if did things right.
Every time I searched in Google or Bing, redirected me to another page...I used Malware bytes (June) then looked like it was fixed. Later on I couldn't update Windows defender automatically or go to Microsoft update webpage...and once in a while the browser redirect me again! I run Malwarebytes again but didn't show anything bad.
I used TDDSKIller from Karpersky and found a rootkit, after that I could access the Microsoft Update webpage...so for me looks that is fix; but How I really know I did right, or if nothing else is hiden in my computer....
Ah! I tranfers my Pictures, videos and documents to a external drive..do I need to scan it too??

I have Norton Internet Security and Malwarebytes installed.....and I run Hijackthis too.
What else do I need to do to be sure everything is clean?

Here are the logs from Malwarebytes (june and the last one), hijackthis and TDDSKiller

Thank you very much!


alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/14/2010 3:36:47 PM
mbam-log-2010-06-14 (15-36-47).txt

Scan type: Quick scan
Objects scanned: 160715
Time elapsed: 37 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cmaidctlapp.maidctrl.1 (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d761d3a-e8bd-434b-b42b-520d8fe1da3a} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\CMAIDCTL.OCX (Adware.ClosetMaid) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4407

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/8/2010 1:39:20 PM
mbam-log-2010-08-08 (13-39-20).txt

Scan type: Quick scan
Objects scanned: 171767
Time elapsed: 33 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:30 AM, on 8/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...mp;N=PL&O=I
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /H
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000096.000001da
O4 - HKUS\S-1-5-21-2497595046-366291718-2525008323-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Robin Babcock')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'Default user')
O4 - S-1-5-21-2497595046-366291718-2525008323-1007 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Robin Babcock')
O4 - S-1-5-21-2497595046-366291718-2525008323-1007 User Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Robin Babcock')
O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/...veX_Control.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

--
End of file - 12047 bytes


2010/08/08 11:10:58.0640 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/08 11:10:58.0640 ================================================================================
2010/08/08 11:10:58.0640 SystemInfo:
2010/08/08 11:10:58.0640
2010/08/08 11:10:58.0640 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/08 11:10:58.0640 Product type: Workstation
2010/08/08 11:10:58.0640 ComputerName: SERVER
2010/08/08 11:10:58.0640 UserName: Regina Babcock
2010/08/08 11:10:58.0640 Windows directory: C:\WINDOWS
2010/08/08 11:10:58.0640 System windows directory: C:\WINDOWS
2010/08/08 11:10:58.0640 Processor architecture: Intel x86
2010/08/08 11:10:58.0640 Number of processors: 1
2010/08/08 11:10:58.0640 Page size: 0x1000
2010/08/08 11:10:58.0640 Boot type: Normal boot
2010/08/08 11:10:58.0640 ================================================================================
2010/08/08 11:10:59.0562 Initialize success
2010/08/08 11:11:28.0390 ================================================================================
2010/08/08 11:11:28.0390 Scan started
2010/08/08 11:11:28.0390 Mode: Manual;
2010/08/08 11:11:28.0390 ================================================================================
2010/08/08 11:11:29.0156 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/08/08 11:11:29.0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/08 11:11:29.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/08 11:11:29.0671 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/08/08 11:11:29.0859 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/08 11:11:30.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/08 11:11:30.0234 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2010/08/08 11:11:30.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/08 11:11:30.0609 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/08/08 11:11:30.0781 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/08/08 11:11:30.0953 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/08/08 11:11:31.0156 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/08/08 11:11:31.0343 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/08/08 11:11:31.0531 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/08/08 11:11:31.0703 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/08/08 11:11:31.0875 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/08/08 11:11:32.0062 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/08/08 11:11:32.0281 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/08/08 11:11:32.0453 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/08/08 11:11:32.0640 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/08/08 11:11:32.0843 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/08 11:11:33.0031 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/08 11:11:33.0296 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/08 11:11:33.0531 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/08 11:11:33.0718 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/08 11:11:33.0859 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
2010/08/08 11:11:34.0078 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/08 11:11:34.0328 BHDrvx86 (3da27ed4d83f7b47e057c36f72644b04) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx86.sys
2010/08/08 11:11:34.0593 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/08/08 11:11:34.0765 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/08 11:11:34.0921 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/08 11:11:35.0140 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
2010/08/08 11:11:35.0312 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/08/08 11:11:35.0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/08 11:11:35.0625 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/08 11:11:35.0781 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/08/08 11:11:35.0984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/08 11:11:36.0312 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/08/08 11:11:36.0500 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/08/08 11:11:36.0703 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/08/08 11:11:36.0890 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/08/08 11:11:37.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/08 11:11:37.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/08 11:11:37.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/08 11:11:37.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/08 11:11:37.0890 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/08 11:11:38.0093 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/08/08 11:11:38.0281 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/08 11:11:38.0468 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/08/08 11:11:38.0640 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/08/08 11:11:38.0796 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/08 11:11:39.0046 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/08 11:11:39.0250 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/08/08 11:11:39.0453 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/08 11:11:39.0640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/08 11:11:39.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/08 11:11:40.0125 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/08 11:11:40.0312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/08 11:11:40.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/08 11:11:40.0703 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/08 11:11:40.0875 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/08 11:11:41.0046 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/08 11:11:41.0250 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/08 11:11:41.0437 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/08 11:11:41.0718 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/08/08 11:11:41.0875 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/08/08 11:11:42.0109 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/08 11:11:42.0359 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/08 11:11:42.0515 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/08 11:11:42.0703 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/08/08 11:11:42.0890 i8042prt (770e97dfd357de61579eb756b34d3b5d) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/08 11:11:42.0890 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 770e97dfd357de61579eb756b34d3b5d, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
2010/08/08 11:11:42.0890 i8042prt - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/08 11:11:43.0046 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/08/08 11:11:43.0265 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/08/08 11:11:43.0437 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/08/08 11:11:43.0609 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/08/08 11:11:43.0765 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/08/08 11:11:43.0937 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/08/08 11:11:44.0093 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/08/08 11:11:44.0296 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/08/08 11:11:44.0546 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/08/08 11:11:44.0718 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/08/08 11:11:45.0046 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100805.004\IDSxpx86.sys
2010/08/08 11:11:45.0234 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/08 11:11:45.0421 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/08/08 11:11:45.0593 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/08/08 11:11:45.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/08 11:11:45.0953 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/08 11:11:46.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/08 11:11:46.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/08 11:11:46.0609 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/08 11:11:46.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/08 11:11:46.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/08 11:11:47.0156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/08 11:11:47.0453 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/08 11:11:47.0625 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/08 11:11:47.0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/08 11:11:48.0375 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
2010/08/08 11:11:48.0625 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/08 11:11:48.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/08 11:11:48.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/08 11:11:49.0078 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/08 11:11:49.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/08 11:11:49.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/08 11:11:49.0609 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/08 11:11:49.0796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/08/08 11:11:49.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/08 11:11:50.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/08 11:11:50.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/08 11:11:50.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/08 11:11:50.0953 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/08 11:11:51.0140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/08 11:11:51.0343 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/08 11:11:51.0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/08 11:11:51.0687 MTDVC2 (cd3c06f56104bac9268587bf1c25a84c) C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys
2010/08/08 11:11:51.0843 MTDVC2_ENUM (a25b4cec85388f2e88567b4d629aa6e4) C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys
2010/08/08 11:11:52.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/08 11:11:52.0234 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/08 11:11:52.0484 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100808.003\NAVENG.SYS
2010/08/08 11:11:52.0796 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100808.003\NAVEX15.SYS
2010/08/08 11:11:52.0953 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/08 11:11:53.0140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/08 11:11:53.0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/08 11:11:53.0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/08 11:11:53.0687 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/08 11:11:53.0843 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/08 11:11:54.0031 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/08 11:11:54.0187 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/08 11:11:54.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/08 11:11:54.0671 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/08 11:11:54.0921 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/08 11:11:55.0250 nv (66c90afbf0d10a93789f6544be459e72) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/08 11:11:55.0515 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/08 11:11:55.0640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/08 11:11:55.0828 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/08/08 11:11:56.0031 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/08/08 11:11:56.0218 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/08 11:11:56.0406 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/08 11:11:56.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/08 11:11:56.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/08 11:11:57.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/08 11:11:57.0187 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/08 11:11:57.0640 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/08/08 11:11:57.0812 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/08/08 11:11:58.0031 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/08 11:11:58.0218 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/08 11:11:58.0406 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/08 11:11:58.0593 pssnap (ca0ab394298280adf9f971c0493e0f94) C:\WINDOWS\system32\DRIVERS\pssnap.sys
2010/08/08 11:11:58.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/08 11:11:58.0937 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/08 11:11:59.0109 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/08/08 11:11:59.0203 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/08/08 11:11:59.0406 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/08/08 11:11:59.0578 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/08/08 11:11:59.0750 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/08/08 11:11:59.0921 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/08 11:12:00.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/08 11:12:00.0281 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/08 11:12:00.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/08 11:12:00.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/08 11:12:00.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/08 11:12:00.0953 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/08 11:12:01.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/08 11:12:01.0343 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/08 11:12:01.0562 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/08 11:12:01.0734 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/08 11:12:01.0921 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/08 11:12:02.0125 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/08 11:12:02.0375 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/08/08 11:12:02.0578 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/08 11:12:02.0765 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/08 11:12:02.0968 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/08/08 11:12:03.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/08 11:12:03.0343 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/08 11:12:03.0578 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
2010/08/08 11:12:03.0750 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
2010/08/08 11:12:03.0937 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/08 11:12:04.0140 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/08/08 11:12:04.0328 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/08/08 11:12:04.0500 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/08 11:12:04.0687 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/08 11:12:04.0875 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/08 11:12:05.0031 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/08/08 11:12:05.0203 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/08/08 11:12:05.0406 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
2010/08/08 11:12:05.0687 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
2010/08/08 11:12:05.0859 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/08/08 11:12:06.0031 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
2010/08/08 11:12:06.0203 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys
2010/08/08 11:12:06.0406 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
2010/08/08 11:12:06.0609 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/08/08 11:12:06.0796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/08/08 11:12:06.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/08 11:12:07.0203 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/08 11:12:07.0406 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/08 11:12:07.0578 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/08 11:12:07.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/08 11:12:07.0984 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/08/08 11:12:08.0140 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/08/08 11:12:08.0296 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/08/08 11:12:08.0359 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
2010/08/08 11:12:08.0500 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/08/08 11:12:08.0640 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/08/08 11:12:08.0828 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/08/08 11:12:08.0968 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/08/08 11:12:09.0109 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/08/08 11:12:09.0265 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/08/08 11:12:09.0437 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/08 11:12:09.0625 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/08/08 11:12:09.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/08 11:12:10.0015 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/08 11:12:10.0250 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/08 11:12:10.0453 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/08 11:12:10.0656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/08 11:12:10.0843 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/08 11:12:11.0015 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/08 11:12:11.0203 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/08 11:12:11.0343 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/08 11:12:11.0515 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/08 11:12:11.0687 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/08 11:12:11.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/08 11:12:12.0093 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/08/08 11:12:12.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/08/08 11:12:12.0484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/08 11:12:12.0687 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/08 11:12:13.0000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/08 11:12:13.0218 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/08 11:12:13.0484 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/08 11:12:13.0656 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/08 11:12:13.0812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/08 11:12:14.0015 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/08 11:12:14.0187 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/08 11:12:14.0312 ================================================================================
2010/08/08 11:12:14.0312 Scan finished
2010/08/08 11:12:14.0312 ================================================================================
2010/08/08 11:12:14.0328 Detected object count: 1
2010/08/08 11:13:37.0015 i8042prt (770e97dfd357de61579eb756b34d3b5d) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/08 11:13:37.0015 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 770e97dfd357de61579eb756b34d3b5d, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
2010/08/08 11:13:40.0218 Backup copy found, using it..
2010/08/08 11:13:40.0468 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured after reboot
2010/08/08 11:13:40.0468 Rootkit.Win32.TDSS.tdl3(i8042prt) - User select action: Cure
2010/08/08 11:13:46.0687 Deinitialize success


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 16 August 2010 - 05:44 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nuvi

nuvi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 17 August 2010 - 04:13 PM

Thank you, I will be following your directions...
Thanks again!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 17 August 2010 - 04:38 PM

thumbup2.gif
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nuvi

nuvi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 17 August 2010 - 09:47 PM

"Disable anti-malware" means do i have to disable Norton internet security and Malwarebytes? Sorry i am not to smart with computer's words.....Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 17 August 2010 - 10:03 PM

Yes you need to turn them off


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nuvi

nuvi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 17 August 2010 - 11:32 PM

Help!!! I am in my husband laptop, because in my computer I cannot download Rootkit and MBrcheck i got the message "internet explorer cannot display the webpage"....what i did wrong ???!!! I don't have access to the internet!!!!
Thank you

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 18 August 2010 - 04:21 AM

Hello

most likely the virus is blocking them

download them from the laptop and pass them to the sick computer with a usb drive

run the programs and pass the reports back to the usb drive and post them here from the good computer


Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nuvi

nuvi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 18 August 2010 - 11:00 AM

Hello, I tried to run RKunhooker but i got the message "RKunhookereLE. exe is not a valid Win32 application" I run the MBR check with no problem.....

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 18 August 2010 - 11:13 AM

Hello

Send me that and the DDS logs then so I can see what is going on


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 nuvi

nuvi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 18 August 2010 - 11:33 AM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Regina Babcock at 21:06:23.48 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1187 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Regina Babcock\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=robbybabcock&key=7b989c356b8a82318635960af281b458&ts=4145ad7e&A=357037000000039&B=1077177600000&C=1073980800000&D=1083999600000&I=7.NH4&N=PL&O=I
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
c:\documents and settings\regina babcock\local settings\temp\57f.tmp\temp00
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\panasonic\videocamsuite\VideoCamSuiteAutoStart.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\regina~1\applic~1\mozilla\firefox\profiles\1z1hxeur.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\regina babcock\application data\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\regina babcock\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-7-29 15328]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-24 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-24 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100719.001\BHDrvx86.sys [2010-7-19 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-24 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-24 116784]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-6-28 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-6-28 3904]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-24 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-8-6 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.4.131\ccSvcHst.exe [2010-8-6 126392]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-7-29 220128]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-10 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100813.004\IDSXpx86.sys [2010-8-14 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100817.008\NAVENG.SYS [2010-8-17 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100817.008\NAVEX15.SYS [2010-8-17 1362608]
S3 idrmkl;idrmkl;\??\c:\docume~1\regina~1\locals~1\temp\idrmkl.sys --> c:\docume~1\regina~1\locals~1\temp\idrmkl.sys [?]

=============== Created Last 30 ================

2010-08-18 02:42:25 0 ----a-w- c:\documents and settings\regina babcock\defogger_reenable
2010-08-08 19:08:37 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-08 19:08:25 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-08 01:29:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Macrium
2010-08-08 01:09:56 0 d-----w- c:\program files\Macrium
2010-08-07 18:45:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 18:45:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 18:45:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 17:34:57 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-07 00:59:36 0 d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-08-07 00:59:35 0 d-----w- c:\program files\Norton PC Checkup
2010-08-06 18:53:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-06 18:53:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-05 05:17:22 0 d-----w- c:\program files\iPod
2010-08-05 05:17:10 0 d-----w- c:\program files\iTunes
2010-08-05 05:17:10 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-05 05:03:54 0 d-----w- c:\program files\Bonjour
2010-07-30 03:28:26 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-07-30 03:28:02 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-07-30 03:27:52 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys

==================== Find3M ====================

2010-08-08 18:14:16 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-25 00:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2007-01-11 18:07:28 559 ----a-w- c:\program files\INSTALL.LOG
2005-09-14 16:24:06 33280 ----a-w- c:\program files\EndProcess.exe
2002-09-11 14:26:52 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2009-09-11 23:01:25 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-07 19:00:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 21:07:13.01 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/2/2004 1:10:18 PM
System Uptime: 8/17/2010 2:35:31 PM (7 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 31.016 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1097: 5/20/2010 12:42:02 PM - Software Distribution Service 3.0
RP1098: 5/21/2010 4:46:04 PM - System Checkpoint
RP1099: 5/22/2010 6:11:39 PM - System Checkpoint
RP1100: 5/23/2010 6:34:44 PM - System Checkpoint
RP1101: 5/24/2010 4:36:38 PM - Software Distribution Service 3.0
RP1102: 5/25/2010 12:46:13 PM - Software Distribution Service 3.0
RP1103: 5/27/2010 8:11:13 AM - Software Distribution Service 3.0
RP1104: 5/28/2010 10:38:06 AM - System Checkpoint
RP1105: 5/29/2010 3:26:29 PM - System Checkpoint
RP1106: 5/30/2010 6:45:00 PM - System Checkpoint
RP1107: 5/31/2010 7:24:18 AM - Software Distribution Service 3.0
RP1108: 6/1/2010 4:08:17 PM - System Checkpoint
RP1109: 6/2/2010 6:58:47 PM - System Checkpoint
RP1110: 6/4/2010 5:42:02 AM - Software Distribution Service 3.0
RP1111: 6/4/2010 5:57:52 AM - Software Distribution Service 3.0
RP1112: 6/5/2010 1:24:52 PM - System Checkpoint
RP1113: 6/6/2010 6:49:02 PM - System Checkpoint
RP1114: 6/7/2010 9:27:57 AM - Software Distribution Service 3.0
RP1115: 6/8/2010 6:55:48 PM - System Checkpoint
RP1116: 6/10/2010 8:07:23 AM - System Checkpoint
RP1117: 6/11/2010 1:08:18 PM - System Checkpoint
RP1118: 6/12/2010 3:09:07 PM - System Checkpoint
RP1119: 6/14/2010 3:26:56 PM - System Checkpoint
RP1120: 6/15/2010 4:47:05 PM - System Checkpoint
RP1121: 6/16/2010 6:16:21 PM - System Checkpoint
RP1122: 6/18/2010 6:21:00 AM - System Checkpoint
RP1123: 6/19/2010 9:49:44 AM - Removed Java™ 6 Update 11
RP1124: 6/20/2010 4:15:39 PM - System Checkpoint
RP1125: 6/21/2010 5:17:50 PM - System Checkpoint
RP1126: 6/22/2010 8:01:02 PM - System Checkpoint
RP1127: 6/23/2010 8:02:15 AM - Cleaned registry with Windows Live OneCare safety scanner
RP1128: 6/24/2010 10:35:16 AM - System Checkpoint
RP1129: 6/25/2010 11:45:29 AM - System Checkpoint
RP1130: 6/26/2010 5:23:45 PM - System Checkpoint
RP1131: 6/28/2010 10:05:01 AM - System Checkpoint
RP1132: 6/29/2010 6:01:01 PM - System Checkpoint
RP1133: 7/1/2010 5:34:27 AM - System Checkpoint
RP1134: 7/2/2010 8:59:23 AM - System Checkpoint
RP1135: 7/3/2010 10:50:46 AM - System Checkpoint
RP1136: 7/4/2010 11:21:51 AM - System Checkpoint
RP1137: 7/5/2010 7:35:17 PM - System Checkpoint
RP1138: 7/7/2010 9:29:22 AM - System Checkpoint
RP1139: 7/8/2010 10:15:50 AM - System Checkpoint
RP1140: 7/9/2010 2:54:29 PM - System Checkpoint
RP1141: 7/10/2010 6:42:45 PM - System Checkpoint
RP1142: 7/12/2010 8:24:18 AM - System Checkpoint
RP1143: 7/13/2010 8:23:22 PM - System Checkpoint
RP1144: 7/14/2010 9:20:59 PM - System Checkpoint
RP1145: 7/16/2010 6:23:42 AM - System Checkpoint
RP1146: 7/17/2010 12:27:02 PM - System Checkpoint
RP1147: 7/18/2010 6:44:19 PM - System Checkpoint
RP1148: 7/20/2010 8:14:13 PM - System Checkpoint
RP1149: 7/22/2010 11:12:05 AM - System Checkpoint
RP1150: 7/23/2010 1:08:38 PM - System Checkpoint
RP1151: 7/24/2010 1:22:46 PM - System Checkpoint
RP1152: 7/24/2010 7:32:11 PM - Installed Windows XP KB954708.
RP1153: 7/24/2010 7:32:31 PM - Installed DirectX
RP1154: 7/24/2010 7:45:59 PM - Removed Google Earth.
RP1155: 7/24/2010 7:57:47 PM - Removed Google Toolbar for Internet Explorer
RP1156: 7/29/2010 8:39:12 AM - System Checkpoint
RP1157: 7/30/2010 9:24:09 AM - System Checkpoint
RP1158: 7/31/2010 12:19:25 PM - System Checkpoint
RP1159: 8/1/2010 12:44:54 PM - System Checkpoint
RP1160: 8/2/2010 6:12:27 PM - System Checkpoint
RP1161: 8/4/2010 11:47:44 AM - System Checkpoint
RP1162: 8/5/2010 2:14:04 PM - System Checkpoint
RP1163: 8/6/2010 2:42:11 PM - System Checkpoint
RP1164: 8/7/2010 10:34:53 AM - Installed DirectX
RP1165: 8/7/2010 6:09:54 PM - Installed Macrium Reflect - Free Edition
RP1166: 8/8/2010 11:20:02 AM - Software Distribution Service 3.0
RP1167: 8/8/2010 12:17:57 PM - Software Distribution Service 3.0
RP1168: 8/9/2010 1:29:22 PM - Software Distribution Service 3.0
RP1169: 8/10/2010 8:47:49 PM - System Checkpoint
RP1170: 8/12/2010 6:11:35 AM - System Checkpoint
RP1171: 8/12/2010 6:22:34 AM - Software Distribution Service 3.0
RP1172: 8/12/2010 10:32:35 AM - Software Distribution Service 3.0
RP1173: 8/13/2010 7:50:05 AM - Software Distribution Service 3.0
RP1174: 8/14/2010 2:22:24 PM - System Checkpoint
RP1175: 8/16/2010 6:33:02 AM - System Checkpoint
RP1176: 8/16/2010 11:25:52 AM - Software Distribution Service 3.0
RP1177: 8/17/2010 12:14:16 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.3
Adobe® Photoshop® Album Starter Edition 3.2
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft Software Suite
Banctec Service Agreement
Bonjour
Business Contact Manager for Outlook 2007 SP2
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CheckIt Diagnostics
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Content Transfer
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Diagnostic for Windows
Dell Digital Jukebox Driver
Dell Networking Guide
Digital Line Detect
DV Studio3
EZface ActiveX 203
Garmin Communicator Plugin
Garmin USB Drivers
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
ITM 99
iTunes
Learn2 Player (Uninstall Only)
Lexmark X1100 Series
Macrium Reflect - Free Edition
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 97, Professional Edition
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Express 7.0
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Helper
Move Media Player
Mozilla Firefox (3.0.5)
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NetWaiting
Norton Internet Security
Norton PC Checkup
Norton Utilities
NVIDIA Windows 2000/XP Display Drivers
PerSonoCall Consumer Edition
Picasa 3
PowerDVD 5.1
QuickTime
RealPlayer
RealUpgrade 1.0
Redline
Safari
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shockwave
Skype™ 4.2
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
Star Wars®: Knights of the Old Republic ™
Symantec Technical Support Web Controls
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Driver for Panasonic DVC
VideoCam Suite
VideoCam Suite 1.0
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCam Driver for Panasonic DVC
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
Windows XP Service Pack 3
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

8/12/2010 9:36:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
8/10/2010 8:48:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 154):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltmgr.sys
0xF744A000 SYMDS.SYS
0xF7438000 sr.sys
0xF740B000 SYMEFA.SYS
0xF7882000 drvmcdb.sys
0xF7647000 PxHelp20.sys
0xF786B000 KSecDD.sys
0xF7858000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF782B000 NDIS.sys
0xF7717000 pssnap.sys
0xF796D000 Mup.sys
0xF7657000 agp440.sys
0xBA738000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB8CE5000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB8CD1000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF77B7000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB8CAD000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77BF000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB8C79000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
0xB8C56000 \SystemRoot\System32\DRIVERS\ks.sys
0xB8B57000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xB8AB0000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF77D7000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8A8C000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF77E7000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7677000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77F7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF77FF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7687000 \SystemRoot\System32\DRIVERS\serial.sys
0xF794B000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8A78000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7697000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xF780F000 \SystemRoot\system32\drivers\Afc.sys
0xF79B3000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF772F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB89EA000 \SystemRoot\system32\drivers\smwdm.sys
0xB89C6000 \SystemRoot\system32\drivers\portcls.sys
0xF76D7000 \SystemRoot\system32\drivers\drmk.sys
0xF79B9000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7A5F000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA7E8000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB89AF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7587000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF775F000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB899E000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7577000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF776F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF777F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7567000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79BF000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB88F0000 \SystemRoot\System32\DRIVERS\update.sys
0xF7797000 \SystemRoot\System32\DRIVERS\omci.sys
0xBA723000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7547000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7537000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79CF000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7917000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF793F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A53000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77CF000 \SystemRoot\system32\drivers\ssrtln.sys
0xF77DF000 \SystemRoot\System32\drivers\vga.sys
0xF79DB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79DF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7807000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF781F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7947000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xAF75D000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xAF704000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xAF6AD000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
0xAF687000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB8E9A000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAF662000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xAF5E5000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAF5C3000 \SystemRoot\System32\drivers\afd.sys
0xB8E8A000 \SystemRoot\System32\DRIVERS\netbios.sys
0xAF504000 \SystemRoot\system32\drivers\NIS\1107000.00C\Ironx86.SYS
0xF7777000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xAF4E6000 \SystemRoot\System32\Drivers\usbvideo.sys
0xB8E5A000 \SystemRoot\system32\drivers\usbaudio.sys
0xB8E4A000 \SystemRoot\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
0xAF4BB000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAF44B000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB8E3A000 \SystemRoot\System32\Drivers\Fips.SYS
0xAF3ED000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xAF3D0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xAF351000 \SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx86.sys
0xAF2A5000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx86.sys
0xBA70F000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xB8966000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF7517000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAF265000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79F3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAF790000 \SystemRoot\System32\drivers\Dxapi.sys
0xF778F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A77000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8E6A000 \SystemRoot\system32\drivers\drvnddm.sys
0xB9C31000 \SystemRoot\system32\dla\tfsndres.sys
0xAED19000 \SystemRoot\system32\dla\tfsnifs.sys
0xAF285000 \SystemRoot\system32\dla\tfsnopio.sys
0xF799D000 \SystemRoot\system32\dla\tfsnpool.sys
0xF774F000 \SystemRoot\system32\dla\tfsnboio.sys
0xB8E2A000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7A72000 \SystemRoot\system32\dla\tfsndrct.sys
0xAED00000 \SystemRoot\system32\dla\tfsnudf.sys
0xAECE7000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAE99A000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79CD000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7AB9000 \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
0xAE841000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7A67000 \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
0xAE992000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xAE7C2000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE8DA000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xF7787000 \??\C:\WINDOWS\System32\drivers\symlcbrd.sys
0xAE153000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
0xADF8E000 \SystemRoot\system32\drivers\wdmaud.sys
0xAE1FA000 \SystemRoot\system32\drivers\sysaudio.sys
0xAC97E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAF79C000 \SystemRoot\System32\DRIVERS\asyncmac.sys
0xAA634000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100816.001\IDSxpx86.sys
0xA9326000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100817.035\NAVEX15.SYS
0xA9312000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100817.035\NAVENG.SYS
0xA9301000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA92D6000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
576 C:\WINDOWS\SYSTEM32\smss.exe
624 csrss.exe
648 C:\WINDOWS\SYSTEM32\winlogon.exe
692 C:\WINDOWS\SYSTEM32\services.exe
704 C:\WINDOWS\SYSTEM32\lsass.exe
892 C:\WINDOWS\SYSTEM32\svchost.exe
960 svchost.exe
1076 C:\Program Files\Windows Defender\MsMpEng.exe
1136 C:\WINDOWS\SYSTEM32\svchost.exe
1172 C:\WINDOWS\SYSTEM32\svchost.exe
1264 svchost.exe
1388 svchost.exe
1468 C:\WINDOWS\SYSTEM32\LEXBCES.EXE
1504 C:\WINDOWS\SYSTEM32\LEXPPS.EXE
1508 C:\WINDOWS\SYSTEM32\spoolsv.exe
2044 svchost.exe
160 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
184 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
188 C:\WINDOWS\SYSTEM32\bgsvcgen.exe
196 C:\Program Files\Bonjour\mDNSResponder.exe
332 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
500 C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
1020 C:\WINDOWS\SYSTEM32\nvsvc32.exe
1044 C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
832 C:\Program Files\Macrium\Reflect\ReflectService.exe
1384 sqlbrowser.exe
1540 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1904 C:\WINDOWS\SYSTEM32\svchost.exe
1900 C:\Program Files\Canon\CAL\CALMAIN.exe
2264 sqlservr.exe
2684 C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
2692 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2868 C:\WINDOWS\explorer.exe
3440 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
3448 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
3460 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
3480 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
3556 C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
3720 C:\Program Files\Windows Defender\MSASCui.exe
3944 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4008 C:\Program Files\QuickTime\QTTask.exe
4056 C:\Program Files\iTunes\iTunesHelper.exe
4072 C:\WINDOWS\SYSTEM32\ctfmon.exe
4084 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
748 C:\Program Files\Skype\Phone\Skype.exe
2244 C:\Program Files\Norton Utilities 14\nu.exe
1700 C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
3844 alg.exe
3124 C:\Program Files\iPod\bin\iPodService.exe
3628 C:\WINDOWS\SYSTEM32\svchost.exe
988 C:\Program Files\Internet Explorer\iexplore.exe
1324 C:\Program Files\Internet Explorer\iexplore.exe
3324 C:\WINDOWS\SYSTEM32\notepad.exe
736 D:\MBRCHECK.EXE

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41BW0

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Done!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 18 August 2010 - 11:42 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 nuvi

nuvi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 18 August 2010 - 12:24 PM

I have acces to internet now in my computer, I disable my antivirus and malware ; but sorry, i am really confused, I have to install first the Recovery Console? I was checking the link
http://support.microsoft.com/kb/310994
and got really confuse about what I have to do to run the Recovery Console.....Sorry I don't understad looks a little hard to do...
I am not so smart..
Thanks

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 18 August 2010 - 12:26 PM

Hello


Don't worry, Let combofix install the recovery console it will do that automaticly, You don't need to use it but If I need it we will be glad to have it.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 nuvi

nuvi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 18 August 2010 - 01:03 PM

ComboFix 10-08-17.04 - Regina Babcock 08/18/2010 10:41:40.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1399 [GMT -7:00]
Running from: c:\documents and settings\Regina Babcock\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Math Advantage
c:\documents and settings\Robin Babcock\Application Data\shb.dat
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-08 19:08 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-08 19:08 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-08 01:29 . 2010-08-08 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2010-08-08 01:09 . 2010-08-08 01:09 -------- d-----w- c:\program files\Macrium
2010-08-07 18:45 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 18:45 . 2010-08-07 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 18:45 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 17:34 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-07 01:00 . 2010-08-07 01:00 -------- d-----w- c:\documents and settings\Regina Babcock\Local Settings\Application Data\Tific
2010-08-07 00:59 . 2010-08-07 00:59 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-08-07 00:59 . 2010-08-07 00:59 -------- d-----w- c:\program files\Norton PC Checkup
2010-08-06 18:53 . 2010-08-07 00:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-06 18:53 . 2010-08-07 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-05 05:17 . 2010-08-05 05:17 -------- d-----w- c:\program files\iPod
2010-08-05 05:17 . 2010-08-05 05:19 -------- d-----w- c:\program files\iTunes
2010-08-05 05:17 . 2010-08-05 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-05 05:03 . 2010-08-05 05:03 -------- d-----w- c:\program files\Bonjour
2010-08-05 04:57 . 2010-08-05 04:57 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-05 04:37 . 2010-08-05 04:37 -------- d-----w- c:\program files\Safari
2010-08-05 04:32 . 2010-08-05 04:32 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-30 03:28 . 2010-07-30 03:28 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-07-30 03:28 . 2010-07-30 03:28 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-07-30 03:27 . 2010-07-30 03:27 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-07-26 14:15 . 2010-07-26 14:15 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-26 14:15 . 2010-07-26 14:15 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-26 14:15 . 2010-07-26 14:15 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-26 14:14 . 2010-07-26 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-26 01:24 . 2010-07-26 01:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-26 01:24 . 2010-07-26 01:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-26 01:22 . 2004-08-20 06:58 38176 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 16:02 . 2010-02-27 02:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 16:16 . 2006-07-24 20:03 -------- d-----w- c:\documents and settings\Regina Babcock\Application Data\Skype
2010-08-15 02:12 . 2008-04-10 01:46 -------- d-----w- c:\documents and settings\Regina Babcock\Application Data\skypePM
2010-08-12 16:54 . 2010-02-27 02:54 -------- d-----w- c:\program files\Norton Utilities 14
2010-08-12 13:48 . 2008-10-29 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-08 18:14 . 2002-08-29 10:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-08-08 17:55 . 2010-07-03 16:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-07 17:17 . 2010-06-14 20:55 -------- d-----w- c:\documents and settings\Regina Babcock\Application Data\Norton Utilities 14
2010-08-07 01:00 . 2010-03-29 12:05 -------- d-----w- c:\documents and settings\Regina Babcock\Application Data\Tific
2010-08-07 00:59 . 2008-10-21 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-07 00:58 . 2010-02-17 02:26 -------- d-----w- c:\program files\NortonInstaller
2010-08-07 00:29 . 2010-06-19 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-06 18:46 . 2006-06-11 00:17 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-06 18:20 . 2009-08-31 18:15 -------- d-----w- c:\documents and settings\Regina Babcock\Application Data\Apple Computer
2010-08-05 05:17 . 2009-08-31 18:10 -------- d-----w- c:\program files\Common Files\Apple
2010-08-05 05:11 . 2005-03-23 22:35 -------- d-----w- c:\program files\QuickTime
2010-08-04 20:53 . 2007-06-08 02:54 -------- d-----w- c:\program files\Google
2010-08-01 14:53 . 2010-06-26 05:13 63488 ----a-w- c:\documents and settings\Regina Babcock\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-01 14:52 . 2010-06-26 05:13 117760 ----a-w- c:\documents and settings\Regina Babcock\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-29 20:30 . 2005-03-09 22:28 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-07-25 02:33 . 2008-07-01 22:38 -------- d-----w- c:\program files\Windows Live
2010-07-13 14:34 . 2010-07-14 14:17 170084 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2010-07-10 04:55 . 2010-07-08 21:25 -------- d-----w- c:\program files\Spyware Doctor
2010-06-30 12:31 . 2004-03-30 01:48 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 16:29 . 2010-06-26 16:29 -------- d-----w- c:\program files\Trend Micro
2010-06-26 05:13 . 2010-06-26 05:13 52224 ----a-w- c:\documents and settings\Regina Babcock\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-26 05:12 . 2010-06-26 05:12 -------- d-----w- c:\documents and settings\Regina Babcock\Application Data\SUPERAntiSpyware.com
2010-06-24 12:22 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 15:07 . 2007-02-27 08:39 -------- d-----w- c:\program files\viewsonic
2010-06-23 13:44 . 2003-07-15 21:01 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 04:00 . 2010-06-19 04:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-17 14:03 . 2002-08-29 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2002-08-29 10:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-08-29 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 01:49 . 2010-06-09 01:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-25 03:51 . 2010-05-25 03:51 503808 ----a-w- c:\documents and settings\Regina Babcock\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-19849685-n\msvcp71.dll
2010-05-25 03:51 . 2010-05-25 03:51 499712 ----a-w- c:\documents and settings\Regina Babcock\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-19849685-n\jmc.dll
2010-05-25 03:51 . 2010-05-25 03:51 348160 ----a-w- c:\documents and settings\Regina Babcock\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-19849685-n\msvcr71.dll
2010-05-21 21:14 . 2009-10-03 17:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2005-09-14 16:24 . 2007-01-11 18:05 33280 ----a-w- c:\program files\EndProcess.exe
2002-09-11 14:26 . 2007-02-27 08:39 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2009-09-11 23:01 . 2005-09-18 01:08 848 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-12 4093288]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-08 638816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-12 423200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-05 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-08-07 53248]

c:\documents and settings\Robin Babcock\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-16 51984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2009-6-14 161160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-16 21:21 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-05 15:21 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Schedule"=2 (0x2)
"NProtectService"=2 (0x2)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"ccPwdSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\SYSTEM32\DRIVERS\pssnap.sys [7/29/2010 8:28 PM 15328]
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\NIS\1107000.00C\symds.sys [5/24/2010 4:08 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1107000.00C\symefa.sys [5/24/2010 4:08 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx86.sys [7/19/2010 4:28 PM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1107000.00C\cchpx86.sys [5/24/2010 4:08 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1107000.00C\ironx86.sys [5/24/2010 4:08 PM 116784]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/28/2006 4:57 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/28/2006 4:57 AM 3904]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [5/24/2010 4:08 PM 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [8/6/2010 5:59 PM 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [8/6/2010 5:59 PM 126392]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/29/2010 8:27 PM 220128]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2010 6:52 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100816.001\IDSXpx86.sys [8/17/2010 9:34 PM 331640]
S3 idrmkl;idrmkl;\??\c:\docume~1\REGINA~1\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\REGINA~1\LOCALS~1\Temp\idrmkl.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-08-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2010-08-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Regina Babcock.job
- c:\program files\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-05-24 05:34]

2010-08-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2497595046-366291718-2525008323-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2497595046-366291718-2525008323-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=robbybabcock&key=7b989c356b8a82318635960af281b458&ts=4145ad7e&A=357037000000039&B=1077177600000&C=1073980800000&D=1083999600000&I=7.NH4&N=PL&O=I
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Regina Babcock\Application Data\Mozilla\Firefox\Profiles\1z1hxeur.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Regina Babcock\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\Regina Babcock\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-Redline - c:\redline\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 10:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
Completion time: 2010-08-18 10:59:12
ComboFix-quarantined-files.txt 2010-08-18 17:58

Pre-Run: 33,441,681,408 bytes free
Post-Run: 34,033,623,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - AD8B3B8C847E5B25031C8D2C6FE7CC84





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users