Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Tidserv virus / SVCHOST.exe


  • This topic is locked This topic is locked
11 replies to this topic

#1 DebGibson

DebGibson

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Carolina
  • Local time:01:05 PM

Posted 19 August 2010 - 05:20 PM

Several weeks ago I began to receive numerous messages of Norton blocking an intrusion attempt from 61.61.20132 or 61.61.20.135. I believe this started when my son established an account with Gifts4Points, and so I suspect something was downloaded at that time. My computer will typically function normally, but some days it locks up so it is not responsive and a reboot is required. The "risk name" identified by Norton is HTTPS Tidserv Request 2. Removal assistance would be greatly appreciated. Also having difficulty posting to web-site. When I “post” it gives me an interconnection connection failure – “Internet explorer cannot display the web-page”. Posting this from another computer

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 22:09:39.59 on Wed 08/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2302.1529 [GMT -4:00]

AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://gamebox.bingstart.com/?cfg=2-149-0-1yUBm
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - c:\program files\gamebox\gamebox_toolbar.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - c:\program files\gamebox\gamebox_toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{fa9df1d1-94ff-49c7-8072-df96de1bac05}\setup\hpzstub.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230073179781
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://stumail.guilford.edu/dwa7W.cab
DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} - hxxps://nwd2avpn1.analog.com/postauthACC/SodaAgent.CAB
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - c:\program files\gamebox\gamebox_toolbar.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2010-5-27 18110]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-9 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-20 501888]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2010-5-27 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2010-5-27 423454]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-20 116784]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-20 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100816.001\IDSXpx86.sys [2010-8-17 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100818.033\NAVENG.SYS [2010-8-18 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100818.033\NAVEX15.SYS [2010-8-18 1362608]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [2010-5-27 64964]

=============== Created Last 30 ================

2010-08-19 02:07:14 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-07-26 01:14:39 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-07-26 01:14:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 01:14:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 01:14:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 01:14:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-25 16:43:46 0 d-----w- c:\windows\system32\N360_BACKUP
2010-07-22 09:04:08 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-07-12 20:19:00 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 22:11:17.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 26 August 2010 - 07:11 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 DebGibson

DebGibson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Carolina
  • Local time:01:05 PM

Posted 26 August 2010 - 08:46 AM

Thank you for the response. I am currently at my work office and away from my computer and notes that I made, but I wanted to provide an initial update and see your recommendation for next steps.

I did look for advice in bleepingcomputer forums since the problems with my home computer began to worsen. I downloaded and ran TDSSKiller. I ran it first Sunday night, but I did not rename the program and quarantined the files instead of hitting "cure". On Monday, Norton began to again report intrusion attempts, so it appeared I was unsuccessful in cleaning. I reran the program two more times (first hitting cure and then changing the name of the executable to ensure it did not again detect an infection). Since then I am not seeing intrusion attempts via Norton.

I am at my office and away from my home computer, but would like to rerun the programs I did prior to my original post to see if there is any other evidence of malware and to confirm the TDS virus has been removed. Secondly, can this virus affect other computers on my home network? The one with the primary problem is connected thru roadrunner modem and router. Other computers on my home network are wirelessly connected thru the router. I assume the answer is no, but have had some issues with two other laptops at the house, so I wanted to confirm.




#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 26 August 2010 - 09:57 AM

Hi,

the initial logs are not showing the infection. If you believe you are still infected I would suggest other tools to test. However it is very difficult to prove the absence of something. Much easier to show the presence.

I would like to see the different logs from TDSSKiller if you have them.

Regarding your network. TDSS itself does not spread over networks as far as I am aware, however some of the infections coming with TDSS attack the router. If you are getting redirected on all PCs going through the router, I would suggest resetting it and setting up a strong password to avoid reinfection.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 DebGibson

DebGibson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Carolina
  • Local time:01:05 PM

Posted 26 August 2010 - 05:32 PM

I am including the report from the original run. I inadvertently forgot to save off the subsequent reports. However, here is a summary of messages I received and what transpired when running multiple times:
    8/22/10 - ran TDSSKiller 2.4.1.2 - found virus and quarantined. File in which it was found: C:\WINDOWS\system32\DRVIERS\mouclass.sys (Rootkit.Win32.TDSS.tdl3 (Mou class)
      8/23 - checked in AM and Norton blocked unauthorized access attempt from file - \Norton360\Engine\4.2.0.12\ccsvchst.exe - received message that there was an intrusion attempt from 91.188.60.21 - HTTPS Tidserv Request 2
        Re-ran TDSSKiller.exe - it found virus - Service name - Mouclass; Kernel driver File - same file as listed above. Found and cured instead of quarantined.
          Realized I had not renamed the executable, so changed name to 123.com and re-ran - no virus was detected
            I have reviewed my Norton 360 security history with no evidence of the problem (i.e. no intrusion attempt warnings - previously I was receiving a very large number of these).

            TDSSKiller output report from 8/22 follows:
            2010/08/22 19:34:35.0734 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
            2010/08/22 19:34:35.0734 ================================================================================
            2010/08/22 19:34:35.0734 SystemInfo:
            2010/08/22 19:34:35.0734
            2010/08/22 19:34:35.0734 OS Version: 5.1.2600 ServicePack: 3.0
            2010/08/22 19:34:35.0734 Product type: Workstation
            2010/08/22 19:34:35.0734 ComputerName: COMPUTERROOM
            2010/08/22 19:34:35.0734 UserName: Owner
            2010/08/22 19:34:35.0734 Windows directory: C:\WINDOWS
            2010/08/22 19:34:35.0734 System windows directory: C:\WINDOWS
            2010/08/22 19:34:35.0734 Processor architecture: Intel x86
            2010/08/22 19:34:35.0734 Number of processors: 1
            2010/08/22 19:34:35.0734 Page size: 0x1000
            2010/08/22 19:34:35.0734 Boot type: Normal boot
            2010/08/22 19:34:35.0734 ================================================================================
            2010/08/22 19:34:36.0343 Initialize success
            2010/08/22 19:34:38.0968 ================================================================================
            2010/08/22 19:34:38.0968 Scan started
            2010/08/22 19:34:38.0968 Mode: Manual;
            2010/08/22 19:34:38.0968 ================================================================================
            2010/08/22 19:34:40.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
            2010/08/22 19:34:40.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
            2010/08/22 19:34:40.0593 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
            2010/08/22 19:34:40.0781 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
            2010/08/22 19:34:40.0921 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
            2010/08/22 19:34:41.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
            2010/08/22 19:34:41.0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
            2010/08/22 19:34:41.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
            2010/08/22 19:34:42.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
            2010/08/22 19:34:42.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
            2010/08/22 19:34:42.0437 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
            2010/08/22 19:34:42.0578 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\WINDOWS\System32\drivers\bvrp_pci.sys
            2010/08/22 19:34:42.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
            2010/08/22 19:34:42.0921 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
            2010/08/22 19:34:43.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
            2010/08/22 19:34:43.0234 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
            2010/08/22 19:34:43.0281 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
            2010/08/22 19:34:43.0687 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
            2010/08/22 19:34:43.0843 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
            2010/08/22 19:34:44.0015 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
            2010/08/22 19:34:44.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
            2010/08/22 19:34:44.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
            2010/08/22 19:34:44.0437 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
            2010/08/22 19:34:44.0562 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
            2010/08/22 19:34:44.0765 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
            2010/08/22 19:34:44.0812 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
            2010/08/22 19:34:44.0953 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
            2010/08/22 19:34:45.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
            2010/08/22 19:34:45.0187 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
            2010/08/22 19:34:45.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
            2010/08/22 19:34:45.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
            2010/08/22 19:34:45.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
            2010/08/22 19:34:45.0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
            2010/08/22 19:34:45.0875 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
            2010/08/22 19:34:46.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
            2010/08/22 19:34:46.0234 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\WINDOWS\system32\drivers\hpfxbulk.sys
            2010/08/22 19:34:46.0375 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
            2010/08/22 19:34:46.0515 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
            2010/08/22 19:34:46.0671 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
            2010/08/22 19:34:46.0843 HSFHWBS2 (5380253d2751f2b5d95941c09e7e42ac) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
            2010/08/22 19:34:46.0953 HSF_DP (e9a4c20ab168be8bd78486afebba5836) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
            2010/08/22 19:34:47.0140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
            2010/08/22 19:34:47.0390 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
            2010/08/22 19:34:47.0531 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
            2010/08/22 19:34:47.0796 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100820.001\IDSxpx86.sys
            2010/08/22 19:34:47.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
            2010/08/22 19:34:48.0203 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
            2010/08/22 19:34:48.0390 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
            2010/08/22 19:34:48.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
            2010/08/22 19:34:48.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
            2010/08/22 19:34:48.0828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
            2010/08/22 19:34:48.0921 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
            2010/08/22 19:34:49.0031 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
            2010/08/22 19:34:49.0234 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
            2010/08/22 19:34:49.0281 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
            2010/08/22 19:34:49.0437 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
            2010/08/22 19:34:49.0578 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
            2010/08/22 19:34:49.0734 L8042pr2 (cbe185162d867d9335629e1e4528258b) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
            2010/08/22 19:34:49.0984 LMouFlt2 (b6291087d44920d87448fbcff77b13e5) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
            2010/08/22 19:34:50.0156 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
            2010/08/22 19:34:50.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
            2010/08/22 19:34:50.0390 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
            2010/08/22 19:34:50.0484 Mouclass (b4d79a711aa82f91ab79fe1c0f4bad66) C:\WINDOWS\system32\DRIVERS\mouclass.sys
            2010/08/22 19:34:50.0484 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: b4d79a711aa82f91ab79fe1c0f4bad66, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
            2010/08/22 19:34:50.0484 Mouclass - detected Rootkit.Win32.TDSS.tdl3 (0)
            2010/08/22 19:34:50.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
            2010/08/22 19:34:50.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
            2010/08/22 19:34:50.0968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
            2010/08/22 19:34:51.0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
            2010/08/22 19:34:51.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
            2010/08/22 19:34:51.0343 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
            2010/08/22 19:34:51.0453 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
            2010/08/22 19:34:51.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
            2010/08/22 19:34:51.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
            2010/08/22 19:34:51.0906 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100822.007\NAVENG.SYS
            2010/08/22 19:34:52.0171 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100822.007\NAVEX15.SYS
            2010/08/22 19:34:52.0359 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
            2010/08/22 19:34:52.0500 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
            2010/08/22 19:34:52.0578 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
            2010/08/22 19:34:52.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
            2010/08/22 19:34:52.0796 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
            2010/08/22 19:34:52.0921 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
            2010/08/22 19:34:53.0015 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
            2010/08/22 19:34:53.0156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
            2010/08/22 19:34:53.0265 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
            2010/08/22 19:34:53.0437 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
            2010/08/22 19:34:53.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
            2010/08/22 19:34:53.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
            2010/08/22 19:34:53.0781 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
            2010/08/22 19:34:53.0875 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
            2010/08/22 19:34:53.0984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
            2010/08/22 19:34:54.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
            2010/08/22 19:34:54.0187 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
            2010/08/22 19:34:54.0359 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
            2010/08/22 19:34:54.0500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
            2010/08/22 19:34:55.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
            2010/08/22 19:34:55.0203 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
            2010/08/22 19:34:55.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
            2010/08/22 19:34:55.0390 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
            2010/08/22 19:34:55.0515 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
            2010/08/22 19:34:55.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
            2010/08/22 19:34:55.0921 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
            2010/08/22 19:34:56.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
            2010/08/22 19:34:56.0140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
            2010/08/22 19:34:56.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
            2010/08/22 19:34:56.0390 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
            2010/08/22 19:34:56.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
            2010/08/22 19:34:56.0734 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
            2010/08/22 19:34:56.0875 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
            2010/08/22 19:34:57.0015 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
            2010/08/22 19:34:57.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
            2010/08/22 19:34:57.0218 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
            2010/08/22 19:34:57.0406 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
            2010/08/22 19:34:57.0625 sonypvd3 (a35c234751ac5cbda631e68ef8b86aac) C:\WINDOWS\system32\DRIVERS\sonypvd3.sys
            2010/08/22 19:34:57.0734 sonypvf3 (f576ee7cc67a9b1e6a0f6a9ec1b1e6ab) C:\WINDOWS\system32\drivers\sonypvf3.sys
            2010/08/22 19:34:57.0890 sonypvl3 (9b70d51a35fe6230814d031e66f34651) C:\WINDOWS\system32\drivers\sonypvl3.sys
            2010/08/22 19:34:57.0953 sonypvt3 (6db72277b2d0db32d6b4a3882e966a97) C:\WINDOWS\system32\drivers\sonypvt3.sys
            2010/08/22 19:34:58.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
            2010/08/22 19:34:58.0296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
            2010/08/22 19:34:58.0468 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
            2010/08/22 19:34:58.0671 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
            2010/08/22 19:34:58.0843 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
            2010/08/22 19:34:59.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
            2010/08/22 19:34:59.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
            2010/08/22 19:34:59.0421 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
            2010/08/22 19:34:59.0593 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
            2010/08/22 19:34:59.0765 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
            2010/08/22 19:35:00.0093 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
            2010/08/22 19:35:00.0359 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
            2010/08/22 19:35:00.0562 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
            2010/08/22 19:35:00.0718 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
            2010/08/22 19:35:00.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
            2010/08/22 19:35:00.0968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
            2010/08/22 19:35:01.0093 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
            2010/08/22 19:35:01.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
            2010/08/22 19:35:01.0593 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
            2010/08/22 19:35:01.0781 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
            2010/08/22 19:35:01.0921 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
            2010/08/22 19:35:02.0031 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
            2010/08/22 19:35:02.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
            2010/08/22 19:35:02.0328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
            2010/08/22 19:35:02.0421 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
            2010/08/22 19:35:02.0562 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
            2010/08/22 19:35:02.0703 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
            2010/08/22 19:35:02.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
            2010/08/22 19:35:03.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
            2010/08/22 19:35:03.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
            2010/08/22 19:35:03.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
            2010/08/22 19:35:03.0609 winachsf (2e5bc3ddf1c44c84c3093e1148a0354e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
            2010/08/22 19:35:03.0843 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
            2010/08/22 19:35:04.0000 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
            2010/08/22 19:35:04.0187 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
            2010/08/22 19:35:04.0265 ================================================================================
            2010/08/22 19:35:04.0265 Scan finished
            2010/08/22 19:35:04.0281 ================================================================================
            2010/08/22 19:35:04.0296 Detected object count: 1
            2010/08/22 19:37:10.0421 Mouclass (b4d79a711aa82f91ab79fe1c0f4bad66) C:\WINDOWS\system32\DRIVERS\mouclass.sys
            2010/08/22 19:37:10.0421 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: b4d79a711aa82f91ab79fe1c0f4bad66, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
            2010/08/22 19:37:10.0421 C:\WINDOWS\system32\DRIVERS\mouclass.sys - quarantined
            2010/08/22 19:37:11.0281 Rootkit.Win32.TDSS.tdl3(Mouclass) - User select action: Quarantine


            #6 myrti

            myrti

              Sillyberry


            • Malware Study Hall Admin
            • 33,766 posts
            • OFFLINE
            •  
            • Gender:Female
            • Location:At home
            • Local time:07:05 PM

            Posted 27 August 2010 - 02:48 AM

            Hi,

            yes that looks as if TDSSKiller came to ends with the infection. I would think that if you no longer have any detections you are clean.

            Let me know if you still want the PC checked out. If you do please post the OTL logs.

            regards myrti

            is that a bird?  a plane? nooo it's the flying blueberry!

            If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

             

            Follow BleepingComputer on: Facebook | Twitter | Google+


            #7 DebGibson

            DebGibson
            • Topic Starter

            • Members
            • 6 posts
            • OFFLINE
            •  
            • Gender:Female
            • Location:North Carolina
            • Local time:01:05 PM

            Posted 30 August 2010 - 10:27 PM

            I would like to have the results reviewed of the OTL scan. I believe the TDL3(+) virus was successfully removed. However, when reviewing security history on Norton I noticed an anomaly listed on Sunday, 8/29. I had not received any further Norton error messages after running TDSSKiller on 8/23 until Sunday when Norton gave me the following warnings:
            - 35aeed7d-6f078230 (Bloodhound.Java.3) detected by Virus scanner (quarantined)
            - Trojan Horse detected by Virus scanner (quarantined) - sexxxy.class contained threat
            - Trojan Horse detected by Virus scanner (quarantined) - crime4u.class contained threat
            - As above but nod32.class contained threat

            No problems were detected today in today's scan. In light of this, can you please review the OTL scan. It seems particularly coincidental to have another issue arise so quickly.

            OTL.text:
            OTL logfile created on: 8/30/2010 8:51:44 PM - Run 1
            OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\Desktop
            Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
            Internet Explorer (Version = 8.0.6001.18702)
            Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

            2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
            4.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
            Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

            %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
            Drive C: | 37.21 Gb Total Space | 20.05 Gb Free Space | 53.89% Space Free | Partition Type: NTFS
            D: Drive not present or media not loaded
            E: Drive not present or media not loaded
            F: Drive not present or media not loaded
            G: Drive not present or media not loaded
            H: Drive not present or media not loaded
            I: Drive not present or media not loaded

            Computer Name: COMPUTERROOM
            Current User Name: Owner
            Logged in as Administrator.

            Current Boot Mode: Normal
            Scan Mode: All users
            Company Name Whitelist: Off
            Skip Microsoft Files: Off
            File Age = 30 Days
            Output = Standard

            ========== Processes (SafeList) ==========

            PRC - [2010/08/30 20:50:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
            PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
            PRC - [2009/03/09 20:04:42 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
            PRC - [2003/11/26 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
            PRC - [2003/11/21 21:02:42 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe


            ========== Modules (SafeList) ==========

            MOD - [2010/08/30 20:50:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
            MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
            MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
            MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
            MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
            MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
            MOD - [2003/11/26 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
            MOD - [2003/11/26 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


            ========== Win32 Services (SafeList) ==========

            SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
            SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
            SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)


            ========== Driver Services (SafeList) ==========

            DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
            DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
            DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
            DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom)
            DRV - [2010/08/09 21:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
            DRV - [2010/07/13 21:20:47 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100830.023\NAVEX15.SYS -- (NAVEX15)
            DRV - [2010/07/13 21:20:47 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100830.023\NAVENG.SYS -- (NAVENG)
            DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100827.001\IDSXpx86.sys -- (IDSxpx86)
            DRV - [2010/05/27 00:14:53 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
            DRV - [2010/05/27 00:14:52 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
            DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
            DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
            DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
            DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
            DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
            DRV - [2010/04/11 13:51:33 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
            DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
            DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
            DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
            DRV - [2004/12/07 15:00:48 | 000,064,964 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd3.sys -- (sonypvd3)
            DRV - [2004/12/06 14:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvt3.sys -- (sonypvt3)
            DRV - [2004/11/15 13:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvf3.sys -- (sonypvf3)
            DRV - [2004/09/22 11:55:38 | 000,018,110 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sonypvl3.sys -- (sonypvl3)
            DRV - [2003/11/26 10:50:00 | 000,072,893 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
            DRV - [2003/11/26 10:50:00 | 000,053,869 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
            DRV - [2003/08/28 19:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
            DRV - [2003/07/02 11:26:20 | 000,202,368 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
            DRV - [2003/07/02 11:25:24 | 000,631,680 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
            DRV - [2003/07/02 11:24:16 | 001,063,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
            DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


            ========== Standard Registry (SafeList) ==========


            ========== Internet Explorer ==========



            IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

            IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

            IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

            IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

            IE - HKU\S-1-5-21-725345543-764733703-2147112213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
            IE - HKU\S-1-5-21-725345543-764733703-2147112213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gamebox.bingstart.com/?cfg=2-149-0-1yUBm
            IE - HKU\S-1-5-21-725345543-764733703-2147112213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.rr.com/
            IE - HKU\S-1-5-21-725345543-764733703-2147112213-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
            IE - HKU\S-1-5-21-725345543-764733703-2147112213-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

            FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/27 20:13:26 | 000,000,000 | ---D | M]
            FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/11 22:17:48 | 000,000,000 | ---D | M]

            [2010/07/12 16:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
            [2010/07/12 16:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

            O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
            O1 - Hosts: 127.0.0.1 localhost
            O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
            O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
            O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
            O2 - BHO: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
            O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
            O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
            O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
            O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
            O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
            O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
            O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
            O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
            O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
            O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
            O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
            O3 - HKU\S-1-5-21-725345543-764733703-2147112213-1003\..\Toolbar\WebBrowser: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
            O3 - HKU\S-1-5-21-725345543-764733703-2147112213-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
            O3 - HKU\S-1-5-21-725345543-764733703-2147112213-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
            O3 - HKU\S-1-5-21-725345543-764733703-2147112213-1003\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
            O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
            O4 - HKLM..\Run: [KernelFaultCheck] File not found
            O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
            O4 - HKU\S-1-5-21-725345543-764733703-2147112213-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
            O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpzrcv01.LNK = C:\Program Files\HP\Temp\{FA9DF1D1-94FF-49c7-8072-DF96DE1BAC05}\setup\hpzstub.exe File not found
            O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
            O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
            O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
            O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
            O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
            O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
            O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
            O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
            O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
            O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
            O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
            O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
            O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
            O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
            O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
            O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
            O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
            O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
            O7 - HKU\S-1-5-21-725345543-764733703-2147112213-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
            O7 - HKU\S-1-5-21-725345543-764733703-2147112213-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
            O7 - HKU\S-1-5-21-725345543-764733703-2147112213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
            O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
            O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
            O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
            O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
            O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
            O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
            O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1230073179781 (WUWebControl Class)
            O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
            O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
            O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
            O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
            O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://stumail.guilford.edu/dwa7W.cab (Domino Web Access 7 Control)
            O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://nwd2avpn1.analog.com/postauthACC/SodaAgent.CAB (SodaAgt Class)
            O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
            O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
            O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
            O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
            O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
            O32 - HKLM CDRom: AutoRun - 1
            O32 - AutoRun File - [2010/05/27 17:44:41 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
            O33 - MountPoints2\{84a4c700-d780-11dd-b26b-000cf1e5b2aa}\Shell - "" = AutoRun
            O33 - MountPoints2\{84a4c700-d780-11dd-b26b-000cf1e5b2aa}\Shell\AutoRun - "" = Auto&Play
            O33 - MountPoints2\{84a4c700-d780-11dd-b26b-000cf1e5b2aa}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
            O34 - HKLM BootExecute: (autocheck autochk *) - File not found
            O35 - HKLM\..comfile [open] -- "%1" %*
            O35 - HKLM\..exefile [open] -- "%1" %*
            O37 - HKLM\...com [@ = comfile] -- "%1" %*
            O37 - HKLM\...exe [@ = exefile] -- "%1" %*

            MsConfig - State: "system.ini" - 0
            MsConfig - State: "win.ini" - 0
            MsConfig - State: "bootini" - 0
            MsConfig - State: "services" - 0
            MsConfig - State: "startup" - 0

            SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
            SafeBootMin: Base - Driver Group
            SafeBootMin: Boot Bus Extender - Driver Group
            SafeBootMin: Boot file system - Driver Group
            SafeBootMin: File system - Driver Group
            SafeBootMin: Filter - Driver Group
            SafeBootMin: klmdb.sys - Driver
            SafeBootMin: PCI Configuration - Driver Group
            SafeBootMin: PNP Filter - Driver Group
            SafeBootMin: Primary disk - Driver Group
            SafeBootMin: SCSI Class - Driver Group
            SafeBootMin: sermouse.sys - Driver
            SafeBootMin: System Bus Extender - Driver Group
            SafeBootMin: vds - Service
            SafeBootMin: vga.sys - Driver
            SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
            SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
            SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
            SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
            SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
            SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
            SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
            SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
            SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
            SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
            SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
            SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
            SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
            SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

            ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
            ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
            ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
            ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
            ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
            ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
            ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
            ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
            ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
            ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
            ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
            ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
            ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
            ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
            ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
            ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
            ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
            ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
            ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
            ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
            ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
            ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
            ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
            ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
            ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
            ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
            ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
            ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
            ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
            ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
            ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
            ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
            ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
            ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
            ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
            ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
            ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
            ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
            ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
            ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
            ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
            ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
            ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
            ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
            ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
            ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
            ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

            Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
            Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
            Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
            Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
            Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
            Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
            Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
            Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
            Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
            Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
            Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

            NetSvcs: 6to4 - File not found
            NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
            NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
            NetSvcs: Ias - File not found
            NetSvcs: Iprip - File not found
            NetSvcs: Irmon - File not found
            NetSvcs: NWCWorkstation - File not found
            NetSvcs: Nwsapagent - File not found
            NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
            NetSvcs: WmdmPmSp - File not found

            ========== Files/Folders - Created Within 30 Days ==========

            [2010/08/30 20:50:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
            [2010/08/23 01:50:10 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
            [2010/08/23 01:50:10 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
            [2010/08/23 01:50:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
            [2010/08/23 01:50:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
            [2010/08/23 01:50:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
            [2010/08/23 01:50:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
            [2010/08/23 01:50:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
            [2010/08/23 01:50:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
            [2010/08/23 01:50:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
            [2010/08/23 01:50:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
            [2010/08/23 01:50:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
            [2010/08/23 01:50:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
            [2010/08/22 19:37:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
            [2010/08/22 19:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
            [2010/08/18 22:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
            [2010/08/08 00:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
            [2010/08/07 18:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
            [2010/08/07 18:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
            [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
            [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

            ========== Files - Modified Within 30 Days ==========

            [2010/08/30 20:50:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
            [2010/08/30 20:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
            [2010/08/30 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
            [2010/08/26 21:23:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
            [2010/08/26 21:23:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
            [2010/08/24 03:21:39 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
            [2010/08/24 03:20:37 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
            [2010/08/24 03:20:36 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
            [2010/08/24 03:05:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
            [2010/08/23 19:21:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
            [2010/08/22 19:33:38 | 001,133,429 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
            [2010/08/22 13:34:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
            [2010/08/19 17:48:26 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\data.doc
            [2010/08/18 22:13:52 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
            [2010/08/18 22:09:01 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
            [2010/08/18 22:07:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
            [2010/08/18 22:06:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
            [2010/08/06 21:50:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
            [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
            [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

            ========== Files Created - No Company Name ==========

            [2010/08/22 19:33:36 | 001,133,429 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
            [2010/08/19 07:31:15 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\data.doc
            [2010/08/18 22:13:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
            [2010/08/18 22:09:00 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
            [2010/08/18 22:07:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
            [2010/08/18 22:06:25 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
            [2009/04/22 20:33:49 | 000,000,442 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
            [2009/01/01 14:42:39 | 000,001,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
            [2008/12/31 17:18:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
            [2008/12/23 18:29:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
            [2008/12/23 01:50:57 | 000,000,638 | ---- | C] () -- C:\WINDOWS\VTruck3.ini
            [2008/12/23 01:10:07 | 000,000,559 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
            [2008/12/23 01:02:43 | 000,000,526 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
            [2008/12/23 00:45:02 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
            [2008/12/23 00:34:52 | 000,000,524 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
            [2008/12/23 00:20:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

            ========== Custom Scans ==========


            < %SYSTEMDRIVE%\*.exe >


            < MD5 for: AGP440.SYS >
            [2009/01/05 23:59:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
            [2009/01/15 19:58:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
            [2009/01/05 23:59:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
            [2009/01/15 19:58:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
            [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
            [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
            [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

            < MD5 for: ATAPI.SYS >
            [2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
            [2009/01/05 23:59:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
            [2009/01/15 19:58:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
            [2009/01/05 23:59:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
            [2009/01/15 19:58:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
            [2003/07/16 16:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
            [2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
            [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
            [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
            [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

            < MD5 for: EVENTLOG.DLL >
            [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
            [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
            [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

            < MD5 for: NETLOGON.DLL >
            [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
            [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
            [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

            < MD5 for: SCECLI.DLL >
            [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
            [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
            [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

            < %systemroot%\*. /mp /s >

            < %systemroot%\system32\*.dll /lockedfiles >
            [2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
            [2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
            [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

            < %systemroot%\Tasks\*.job /lockedfiles >

            < %systemroot%\system32\drivers\*.sys /lockedfiles >

            < %systemroot%\System32\config\*.sav >
            [2004/02/24 23:03:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
            [2004/02/24 23:03:45 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
            [2004/02/24 23:03:45 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

            < %systemroot%\system32\drivers\*.sys /90 >
            [2010/08/23 20:57:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
            [2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
            < End of report >

            Extras.txt:
            OTL Extras logfile created on: 8/30/2010 8:51:44 PM - Run 1
            OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\Desktop
            Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
            Internet Explorer (Version = 8.0.6001.18702)
            Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

            2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
            4.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
            Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

            %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
            Drive C: | 37.21 Gb Total Space | 20.05 Gb Free Space | 53.89% Space Free | Partition Type: NTFS
            D: Drive not present or media not loaded
            E: Drive not present or media not loaded
            F: Drive not present or media not loaded
            G: Drive not present or media not loaded
            H: Drive not present or media not loaded
            I: Drive not present or media not loaded

            Computer Name: COMPUTERROOM
            Current User Name: Owner
            Logged in as Administrator.

            Current Boot Mode: Normal
            Scan Mode: All users
            Company Name Whitelist: Off
            Skip Microsoft Files: Off
            File Age = 30 Days
            Output = Standard

            ========== Extra Registry (SafeList) ==========


            ========== File Associations ==========

            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

            ========== Shell Spawning ==========

            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
            batfile [open] -- "%1" %*
            cmdfile [open] -- "%1" %*
            comfile [open] -- "%1" %*
            exefile [open] -- "%1" %*
            htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
            htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
            piffile [open] -- "%1" %*
            regfile [merge] -- Reg Error: Key error.
            scrfile [config] -- "%1"
            scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
            scrfile [open] -- "%1" /S
            txtfile [edit] -- Reg Error: Key error.
            Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
            Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
            Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
            Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
            Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

            ========== Security Center Settings ==========

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
            "AntiVirusDisableNotify" = 0
            "FirewallDisableNotify" = 0
            "UpdatesDisableNotify" = 0
            "AntiVirusOverride" = 0
            "FirewallOverride" = 0

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
            "DisableMonitoring" = 1

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
            "DisableMonitoring" = 1

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
            "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
            "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
            "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
            "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
            "EnableFirewall" = 0
            "DoNotAllowExceptions" = 0
            "DisableNotifications" = 0

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
            "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
            "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
            "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
            "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
            "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
            "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

            ========== Authorized Applications List ==========

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
            "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
            "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


            ========== HKEY_LOCAL_MACHINE Uninstall List ==========

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
            "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
            "{034F8C89-C4F4-4731-A32B-F4294C04729F}" = HP Photosmart All-In-One Software 9.0
            "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
            "{0C07BD19-3C06-47F7-BC28-990862AA09B3}" = hppscanCM1017
            "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
            "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
            "{12872B4E-90F7-44E5-B1AA-D13AFEC8618B}" = First Step Guide
            "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
            "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
            "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
            "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
            "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
            "{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
            "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
            "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
            "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
            "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
            "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
            "{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
            "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
            "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
            "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
            "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
            "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
            "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
            "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
            "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
            "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.77
            "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
            "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
            "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
            "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
            "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
            "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
            "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
            "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
            "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
            "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
            "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
            "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
            "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
            "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
            "{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
            "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
            "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
            "{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2
            "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
            "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
            "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
            "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
            "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
            "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
            "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
            "{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
            "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
            "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
            "{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
            "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
            "{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
            "{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
            "{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
            "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
            "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
            "{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
            "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
            "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
            "{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
            "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
            "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
            "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
            "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
            "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
            "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
            "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
            "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
            "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
            "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
            "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
            "Adobe Shockwave Player" = Adobe Shockwave Player
            "CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
            "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
            "GameBox" = GameBox Toolbar
            "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
            "HP Photosmart Essential" = HP Photosmart Essential 2.01
            "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
            "HPExtendedCapabilities" = HP Customer Participation Program 9.0
            "HPOCR" = HP OCR Software 9.0
            "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
            "ie7" = Windows Internet Explorer 7
            "ie8" = Windows Internet Explorer 8
            "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
            "LimeWire" = LimeWire 5.5.10
            "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
            "N360" = Norton 360 Premier Edition
            "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
            "PROSet" = Intel® PRO Network Connections Drivers
            "Windows XP Service Pack" = Windows XP Service Pack 3

            ========== HKEY_USERS Uninstall List ==========

            [HKEY_USERS\S-1-5-21-725345543-764733703-2147112213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
            "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
            "Facebook Plug-In" = Facebook Plug-In
            "Move Media Player" = Move Media Player

            ========== Last 10 Event Log Errors ==========

            [ Application Events ]
            Error - 2/20/2004 1:07:11 AM | Computer Name = DGIBHOME | Source = crypt32 | ID = 131083
            Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
            with error: A required certificate is not within its validity period when verifying
            against the current system clock or the timestamp in the signed file.

            Error - 2/20/2004 1:07:11 AM | Computer Name = DGIBHOME | Source = crypt32 | ID = 131083
            Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
            with error: A required certificate is not within its validity period when verifying
            against the current system clock or the timestamp in the signed file.

            Error - 2/20/2004 1:07:11 AM | Computer Name = DGIBHOME | Source = crypt32 | ID = 131083
            Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
            with error: A required certificate is not within its validity period when verifying
            against the current system clock or the timestamp in the signed file.

            Error - 2/20/2004 1:07:11 AM | Computer Name = DGIBHOME | Source = crypt32 | ID = 131083
            Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
            with error: A required certificate is not within its validity period when verifying
            against the current system clock or the timestamp in the signed file.

            Error - 2/20/2004 1:07:11 AM | Computer Name = DGIBHOME | Source = crypt32 | ID = 131083
            Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
            with error: A required certificate is not within its validity period when verifying
            against the current system clock or the timestamp in the signed file.

            Error - 2/21/2004 3:53:10 AM | Computer Name = DGIBHOME | Source = crypt32 | ID = 131083
            Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
            with error: A required certificate is not within its validity period when verifying
            against the current system clock or the timestamp in the signed file.

            Error - 2/21/2004 3:53:10 AM | Computer Name = DGIBHOME | Source = crypt32 | ID = 131083
            Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
            with error: A required certificate is not within its validity period when verifying
            against the current system clock or the timestamp in the signed file.

            Error - 2/21/2004 3:53:10 AM | Computer Name = DGIBHOME | Source = crypt32 | ID = 131083
            Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
            with error: A required certificate is not within its validity period when verifying
            against the current system clock or the timestamp in the signed file.

            Error - 7/31/2009 2:08:55 PM | Computer Name = DGIBHOME | Source = Google_Toolbar | ID = 1
            Description =

            Error - 8/19/2009 6:55:50 PM | Computer Name = DGIBHOME | Source = Application Error | ID = 1000
            Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
            module mshtml.dll, version 8.0.6001.18812, fault address 0x0024d2d3.

            [ System Events ]
            Error - 8/26/2010 5:47:47 PM | Computer Name = COMPUTERROOM | Source = sr | ID = 1
            Description = The System Restore filter encountered the unexpected error '0xC0000243'
            while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
            monitoring the volume.

            Error - 8/26/2010 8:19:21 PM | Computer Name = COMPUTERROOM | Source = Server | ID = 2505
            Description = The server could not bind to the transport \Device\NetBT_Tcpip_{576FDD48-4DB3-423F-AEB9-EDB2FFA82E84}
            because another computer on the network has the same name. The server could not
            start.

            Error - 8/26/2010 8:35:27 PM | Computer Name = COMPUTERROOM | Source = Server | ID = 2505
            Description = The server could not bind to the transport \Device\NetBT_Tcpip_{576FDD48-4DB3-423F-AEB9-EDB2FFA82E84}
            because another computer on the network has the same name. The server could not
            start.

            Error - 8/26/2010 8:45:33 PM | Computer Name = COMPUTERROOM | Source = ipnathlp | ID = 32003
            Description = The Network Address Translator (NAT) was unable to request an operation
            of
            the kernel-mode translation module. This may indicate misconfiguration, insufficient
            resources, or an internal error. The data is the error code.

            Error - 8/26/2010 8:54:52 PM | Computer Name = COMPUTERROOM | Source = Server | ID = 2505
            Description = The server could not bind to the transport \Device\NetBT_Tcpip_{576FDD48-4DB3-423F-AEB9-EDB2FFA82E84}
            because another computer on the network has the same name. The server could not
            start.

            Error - 8/26/2010 9:55:57 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7034
            Description = The QoS RSVP service terminated unexpectedly. It has done this 1
            time(s).

            Error - 8/26/2010 9:57:04 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7034
            Description = The QoS RSVP service terminated unexpectedly. It has done this 2
            time(s).

            Error - 8/26/2010 9:59:00 PM | Computer Name = COMPUTERROOM | Source = Service Control Manager | ID = 7034
            Description = The QoS RSVP service terminated unexpectedly. It has done this 3
            time(s).

            Error - 8/29/2010 2:20:13 PM | Computer Name = COMPUTERROOM | Source = Server | ID = 2505
            Description = The server could not bind to the transport \Device\NetBT_Tcpip_{576FDD48-4DB3-423F-AEB9-EDB2FFA82E84}
            because another computer on the network has the same name. The server could not
            start.

            Error - 8/30/2010 8:24:41 PM | Computer Name = COMPUTERROOM | Source = Server | ID = 2505
            Description = The server could not bind to the transport \Device\NetBT_Tcpip_{576FDD48-4DB3-423F-AEB9-EDB2FFA82E84}
            because another computer on the network has the same name. The server could not
            start.


            < End of report >


            #8 myrti

            myrti

              Sillyberry


            • Malware Study Hall Admin
            • 33,766 posts
            • OFFLINE
            •  
            • Gender:Female
            • Location:At home
            • Local time:07:05 PM

            Posted 31 August 2010 - 02:46 AM

            Hi,

            the log looks clean and this is not suprising: The infections norton contained are so called exploits, they are what is used to infect your PC without you noticing it. But since Norton blocked them, they never got to the point of infecting you.

            Basically, for now, this means that you have visited an infected website, but not that your PC has been infected.

            regards myrti

            is that a bird?  a plane? nooo it's the flying blueberry!

            If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

             

            Follow BleepingComputer on: Facebook | Twitter | Google+


            #9 DebGibson

            DebGibson
            • Topic Starter

            • Members
            • 6 posts
            • OFFLINE
            •  
            • Gender:Female
            • Location:North Carolina
            • Local time:01:05 PM

            Posted 31 August 2010 - 05:39 AM

            Great - thanks so much! You can close this topic then.

            #10 myrti

            myrti

              Sillyberry


            • Malware Study Hall Admin
            • 33,766 posts
            • OFFLINE
            •  
            • Gender:Female
            • Location:At home
            • Local time:07:05 PM

            Posted 31 August 2010 - 07:21 AM

            Hi,

            before we do that please remove the programs we used:
            Read those last few lines, in order to keep your pc safe and clean:
            Please do the following to clean up your PC:
            1. Delete the tools used during the disinfection:
              • Download OTC from the following mirrors and save it to your desktop:
              • Double click on
              • Push the large "Cleanup" button.
              • Allow your system to reboot.
            2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
            3. Disable and Enable System Restore.
              You can find instructions on how to disable and reenable system restore here:
              Windows ME System Restore Guide
              Windows XP System Restore Guide
              Windows Vista System Restore Guide

              Note: You should only do this once, not on a regular basis!
              You will not be able to restore computer to any earlier than today!

            Please read these advices, in order to prevent reinfecting your PC:
            1. Install and update the following programs regularly:
              • an outbound firewall
                A comprehensive tutorial and a list of possible firewalls can be found here.
              • an AntiVirus Software
                It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
              • an Anti-Spyware program
                Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
                SUPERAntiSpyware is another good scanner with high detection and removal rates.
                Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
              • Spyware Blaster
                A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
              • MVPs hosts file
                A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
            2. Keep Windows (and your other Microsoft software) up to date!
              I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
              Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
            3. Keep your other software up to date as well
              Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
            4. Stay up to date!
              The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
            Some more links you might find of interest:Have a nice day
            myrti

            is that a bird?  a plane? nooo it's the flying blueberry!

            If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

             

            Follow BleepingComputer on: Facebook | Twitter | Google+


            #11 DebGibson

            DebGibson
            • Topic Starter

            • Members
            • 6 posts
            • OFFLINE
            •  
            • Gender:Female
            • Location:North Carolina
            • Local time:01:05 PM

            Posted 03 September 2010 - 09:59 PM

            I have deleted programs and downloaded some of the freeware protection software suggested. Thanks again for your help!

            #12 myrti

            myrti

              Sillyberry


            • Malware Study Hall Admin
            • 33,766 posts
            • OFFLINE
            •  
            • Gender:Female
            • Location:At home
            • Local time:07:05 PM

            Posted 05 September 2010 - 07:52 AM

            Heya,

            glad we could help! thumbup.gif

            Since this topic appears to be resolved, I will now close it.

            If you need this topic re-opened please send me a PM.

            Everyone else, please start a new topic.

            With Regards,
            myrti

            is that a bird?  a plane? nooo it's the flying blueberry!

            If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

             

            Follow BleepingComputer on: Facebook | Twitter | Google+





            0 user(s) are reading this topic

            0 members, 0 guests, 0 anonymous users