Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Tidserv!inf and Backdoor.Tidserv.I!inf


  • This topic is locked This topic is locked
15 replies to this topic

#1 Mike1911

Mike1911

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 07 September 2010 - 04:48 PM

Hi, I was sent here by boopme, here are his/her notes and instructions to me followed by the logs I have.

"Hi, looks like a newer variant. There are several files that need to be replaced. It seems that usining an AV could be disasterous.
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Also post those 2 logs above.

Let me know if that went well."

-boopme

My norton 360 has been turning up these 2 infections but we have not been able to fix them.

Thanks







Here is the log for TDSSKiller:

2010/09/06 17:43:18.0528 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/06 17:43:18.0528 ================================================================================
2010/09/06 17:43:18.0528 SystemInfo:
2010/09/06 17:43:18.0528
2010/09/06 17:43:18.0528 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/06 17:43:18.0528 Product type: Workstation
2010/09/06 17:43:18.0528 ComputerName: SCHENA-PC
2010/09/06 17:43:18.0528 UserName: Schena
2010/09/06 17:43:18.0528 Windows directory: C:\Windows
2010/09/06 17:43:18.0528 System windows directory: C:\Windows
2010/09/06 17:43:18.0528 Processor architecture: Intel x86
2010/09/06 17:43:18.0528 Number of processors: 2
2010/09/06 17:43:18.0528 Page size: 0x1000
2010/09/06 17:43:18.0528 Boot type: Normal boot
2010/09/06 17:43:18.0528 ================================================================================
2010/09/06 17:43:19.0651 Initialize success
2010/09/06 17:44:20.0413 ================================================================================
2010/09/06 17:44:20.0413 Scan started
2010/09/06 17:44:20.0413 Mode: Manual;
2010/09/06 17:44:20.0413 ================================================================================
2010/09/06 17:44:21.0957 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/06 17:44:22.0020 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/06 17:44:22.0098 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/06 17:44:22.0145 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/06 17:44:22.0191 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/06 17:44:22.0238 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/06 17:44:22.0332 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/09/06 17:44:22.0394 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/06 17:44:22.0503 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/09/06 17:44:22.0550 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/06 17:44:22.0613 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/09/06 17:44:22.0659 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/06 17:44:22.0706 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/06 17:44:22.0722 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/06 17:44:22.0753 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/06 17:44:22.0815 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/06 17:44:22.0847 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/06 17:44:22.0893 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/09/06 17:44:22.0940 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/09/06 17:44:22.0971 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/06 17:44:23.0003 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/06 17:44:23.0049 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/06 17:44:23.0143 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/09/06 17:44:23.0237 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/06 17:44:23.0330 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/09/06 17:44:23.0377 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/09/06 17:44:23.0611 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
2010/09/06 17:44:23.0767 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/06 17:44:23.0798 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/06 17:44:23.0829 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/06 17:44:23.0876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/06 17:44:23.0923 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/09/06 17:44:23.0970 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/06 17:44:24.0001 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/06 17:44:24.0032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/06 17:44:24.0079 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/06 17:44:24.0188 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys
2010/09/06 17:44:24.0297 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/06 17:44:24.0360 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/06 17:44:24.0407 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/06 17:44:24.0485 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/09/06 17:44:24.0531 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/06 17:44:24.0609 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/06 17:44:24.0656 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/09/06 17:44:24.0719 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/06 17:44:24.0781 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/06 17:44:24.0828 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/06 17:44:24.0921 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/09/06 17:44:24.0968 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/09/06 17:44:24.0999 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/09/06 17:44:25.0077 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/09/06 17:44:25.0140 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/06 17:44:25.0280 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/09/06 17:44:25.0467 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/06 17:44:25.0779 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/06 17:44:25.0889 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/06 17:44:25.0935 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/06 17:44:26.0013 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/09/06 17:44:26.0107 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/09/06 17:44:26.0169 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/06 17:44:26.0201 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/09/06 17:44:26.0232 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/09/06 17:44:26.0279 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/06 17:44:26.0341 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/09/06 17:44:26.0403 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/09/06 17:44:26.0466 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/06 17:44:26.0544 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/06 17:44:26.0591 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/06 17:44:26.0653 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/06 17:44:26.0715 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/06 17:44:26.0809 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/09/06 17:44:26.0856 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/06 17:44:26.0887 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/06 17:44:26.0918 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/06 17:44:26.0965 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/06 17:44:26.0996 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/06 17:44:27.0059 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/06 17:44:27.0105 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/09/06 17:44:27.0168 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/06 17:44:27.0199 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/06 17:44:27.0261 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/06 17:44:27.0511 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100903.003\IDSvix86.sys
2010/09/06 17:44:27.0729 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/06 17:44:27.0776 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/06 17:44:27.0854 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/06 17:44:27.0901 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/06 17:44:27.0948 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/06 17:44:27.0979 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/09/06 17:44:28.0026 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/09/06 17:44:28.0057 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/06 17:44:28.0088 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/06 17:44:28.0135 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/06 17:44:28.0166 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/06 17:44:28.0244 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/06 17:44:28.0291 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/06 17:44:28.0353 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/06 17:44:28.0431 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/06 17:44:28.0463 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/06 17:44:28.0494 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/06 17:44:28.0525 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/06 17:44:28.0572 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/09/06 17:44:28.0603 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/06 17:44:28.0634 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/06 17:44:28.0681 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/09/06 17:44:28.0712 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/06 17:44:28.0743 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/06 17:44:28.0790 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/06 17:44:28.0821 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/09/06 17:44:28.0837 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/06 17:44:28.0899 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/06 17:44:28.0946 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/06 17:44:28.0977 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/06 17:44:29.0024 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/06 17:44:29.0071 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/06 17:44:29.0087 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/06 17:44:29.0118 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/06 17:44:29.0165 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/09/06 17:44:29.0196 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/06 17:44:29.0227 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/06 17:44:29.0274 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/06 17:44:29.0321 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/06 17:44:29.0352 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/09/06 17:44:29.0399 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/09/06 17:44:29.0461 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/06 17:44:29.0492 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/09/06 17:44:29.0523 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/06 17:44:29.0555 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/09/06 17:44:29.0601 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/06 17:44:29.0789 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100906.003\NAVENG.SYS
2010/09/06 17:44:29.0882 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100906.003\NAVEX15.SYS
2010/09/06 17:44:30.0085 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/09/06 17:44:30.0163 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/06 17:44:30.0210 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/06 17:44:30.0241 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/06 17:44:30.0272 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/06 17:44:30.0303 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/09/06 17:44:30.0335 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/06 17:44:30.0366 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/06 17:44:30.0428 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/06 17:44:30.0475 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/09/06 17:44:30.0506 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/06 17:44:30.0569 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/09/06 17:44:30.0631 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/09/06 17:44:30.0896 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/06 17:44:31.0130 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/06 17:44:31.0146 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/06 17:44:31.0208 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/06 17:44:31.0239 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/06 17:44:31.0286 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/09/06 17:44:31.0333 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/09/06 17:44:31.0364 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/06 17:44:31.0395 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/09/06 17:44:31.0427 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/06 17:44:31.0473 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/06 17:44:31.0505 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/09/06 17:44:31.0536 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/09/06 17:44:31.0676 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/06 17:44:31.0707 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/09/06 17:44:31.0770 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/06 17:44:31.0817 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/06 17:44:31.0895 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/06 17:44:31.0941 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/06 17:44:31.0988 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/06 17:44:32.0066 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/06 17:44:32.0097 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/06 17:44:32.0129 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/06 17:44:32.0175 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/06 17:44:32.0253 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/06 17:44:32.0347 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/06 17:44:32.0394 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/06 17:44:32.0441 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/06 17:44:32.0487 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/06 17:44:32.0581 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/09/06 17:44:32.0753 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/09/06 17:44:32.0877 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/06 17:44:32.0940 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/06 17:44:32.0987 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/06 17:44:33.0049 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/06 17:44:33.0111 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/06 17:44:33.0158 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/09/06 17:44:33.0205 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/06 17:44:33.0299 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/06 17:44:33.0330 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/06 17:44:33.0392 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/06 17:44:33.0423 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/06 17:44:33.0486 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/09/06 17:44:33.0517 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/06 17:44:33.0548 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/06 17:44:33.0579 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/09/06 17:44:33.0642 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/09/06 17:44:33.0735 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0402000.00C\SRTSP.SYS
2010/09/06 17:44:33.0782 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS
2010/09/06 17:44:33.0845 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/09/06 17:44:33.0907 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/06 17:44:33.0938 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/06 17:44:34.0001 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/06 17:44:34.0047 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/06 17:44:34.0125 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0402000.00C\SYMDS.SYS
2010/09/06 17:44:34.0188 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS
2010/09/06 17:44:34.0266 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/09/06 17:44:34.0328 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS
2010/09/06 17:44:34.0391 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
2010/09/06 17:44:34.0547 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/09/06 17:44:34.0640 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/06 17:44:34.0703 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/06 17:44:34.0749 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/09/06 17:44:34.0796 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/06 17:44:34.0812 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/06 17:44:34.0843 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/06 17:44:34.0921 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/06 17:44:34.0968 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/06 17:44:34.0999 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/06 17:44:35.0030 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/06 17:44:35.0093 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/06 17:44:35.0139 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/06 17:44:35.0202 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/06 17:44:35.0264 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/06 17:44:35.0295 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/06 17:44:35.0327 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/06 17:44:35.0373 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/06 17:44:35.0436 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/06 17:44:35.0514 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/06 17:44:35.0561 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/09/06 17:44:35.0592 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/06 17:44:35.0639 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/06 17:44:35.0685 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/06 17:44:35.0732 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/06 17:44:35.0763 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/09/06 17:44:35.0795 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/06 17:44:35.0826 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/09/06 17:44:35.0857 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/09/06 17:44:35.0888 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/06 17:44:35.0919 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/06 17:44:35.0966 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/09/06 17:44:36.0013 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/06 17:44:36.0075 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/06 17:44:36.0153 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2010/09/06 17:44:36.0247 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/09/06 17:44:36.0294 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/09/06 17:44:36.0356 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/06 17:44:36.0403 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/06 17:44:36.0419 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/06 17:44:36.0497 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/09/06 17:44:36.0528 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/06 17:44:36.0637 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/06 17:44:36.0668 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/09/06 17:44:36.0746 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/09/06 17:44:36.0840 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/06 17:44:36.0918 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/06 17:44:36.0996 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/06 17:44:37.0058 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/06 17:44:37.0136 ================================================================================
2010/09/06 17:44:37.0136 Scan finished
2010/09/06 17:44:37.0136 ================================================================================

And the Malwarebytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4557

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/6/2010 7:20:55 PM
mbam-log-2010-09-06 (19-20-55).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 284789
Time elapsed: 1 hour(s), 24 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DSS Log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Schena at 17:13:02.18 on Tue 09/07/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1304 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Schena\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-8-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-8-23 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-10 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-8-23 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100906.001\IDSvix86.sys [2010-9-6 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-8-23 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-8-23 339504]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-8-23 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-25 102448]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-24 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-23 1343400]

=============== Created Last 30 ================

2010-09-07 21:10:12 0 ----a-w- c:\users\schena\defogger_reenable
2010-09-06 21:55:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 21:55:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-04 23:56:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-03 17:13:57 7380 ----a-w- c:\windows\system32\winspy.tlb
2010-09-03 17:13:57 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-09-03 17:13:57 0 d-----w- c:\program files\Winspy
2010-09-01 22:06:54 0 d---a-w- c:\programdata\TEMP
2010-09-01 00:45:41 0 d-----w- c:\users\schena\appdata\roaming\Malwarebytes
2010-09-01 00:45:33 0 d-----w- c:\programdata\Malwarebytes
2010-09-01 00:45:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 23:55:27 0 d-----w- c:\users\schena\appdata\roaming\Tific
2010-08-25 20:14:34 0 d-----w- c:\programdata\Adobe
2010-08-24 20:46:20 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 20:44:43 0 d-----w- c:\programdata\Google
2010-08-24 01:08:45 0 d-----w- c:\windows\Panther
2010-08-24 01:08:34 8192 --sha-r- C:\BOOTSECT.BAK
2010-08-24 01:08:32 383562 --sha-r- C:\bootmgr
2010-08-24 01:08:32 0 d-sh--w- C:\Boot
2010-08-24 01:02:02 0 d-----w- C:\Windows.old
2010-08-24 00:38:39 0 d-----w- c:\programdata\Hewlett-Packard
2010-08-23 22:30:45 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-23 22:30:45 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-23 22:30:44 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-23 22:30:44 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-23 22:30:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-23 22:30:44 0 d-----w- c:\program files\Symantec
2010-08-23 22:30:44 0 d-----w- c:\program files\common files\Symantec Shared
2010-08-23 22:30:04 0 d-----w- c:\windows\system32\drivers\N360
2010-08-23 22:30:01 0 d-----w- c:\program files\Norton 360
2010-08-23 22:26:33 0 d-----w- c:\programdata\Norton
2010-08-23 22:18:41 0 d-----w- c:\programdata\NortonInstaller
2010-08-23 22:18:41 0 d-----w- c:\program files\NortonInstaller
2010-08-23 22:12:58 0 d-----w- c:\windows\system32\Wat
2010-08-23 22:00:57 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-23 22:00:14 0 d-----w- c:\programdata\NVIDIA
2010-08-23 21:59:56 0 d-sh--w- c:\windows\Installer
2010-08-23 21:59:52 490088 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-23 21:58:59 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-23 21:58:59 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-23 21:58:59 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-23 21:58:59 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-23 21:58:59 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-23 21:54:13 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-23 21:52:12 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-23 21:43:30 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-23 21:42:52 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-23 21:41:02 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-08-23 21:41:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-23 21:41:02 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-08-23 21:27:42 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-08-23 21:27:03 0 d-----w- c:\windows\system32\wbem\Performance
2010-08-23 21:26:54 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-23 21:26:53 132608 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:13:23.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:24 AM

Posted 13 September 2010 - 12:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Mike1911

Mike1911
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 13 September 2010 - 04:34 PM

Hi, Here is the latest log. If you need any history other than what I posted above please let me know. Since the original logs I downloaded Microsoft Word Viewer. Unfortuneately I did it right before I got a reply to my other post telling me not to change anything. The below log is since I downloaded that program.



OTL logfile created on: 9/13/2010 5:11:40 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Schena\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293.39 Gb Total Space | 242.84 Gb Free Space | 82.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCHENA-PC
Current User Name: Schena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 17:10:36 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Schena\Desktop\OTL.exe
PRC - [2010/08/24 16:45:12 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2005/08/18 07:44:26 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 17:10:36 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Schena\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/23 17:54:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/08/23 18:40:24 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100913.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/23 18:40:24 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/23 18:40:24 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100913.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/23 18:40:23 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/23 18:30:44 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/10 01:16:24 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 21:54:13 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100909.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-47187258-3538986547-3937355250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-47187258-3538986547-3937355250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-47187258-3538986547-3937355250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 B4 EE 83 D9 4E CB 01 [binary data]
IE - HKU\S-1-5-21-47187258-3538986547-3937355250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/25 15:43:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/23 18:30:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-47187258-3538986547-3937355250-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-47187258-3538986547-3937355250-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/13 17:10:28 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Schena\Desktop\OTL.exe
[2010/09/12 16:03:13 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Local\ElevatedDiagnostics
[2010/09/11 03:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/09 16:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/09/09 16:34:22 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Roaming\Template
[2010/09/09 16:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/09/09 16:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/09/07 17:21:15 | 000,000,000 | ---D | C] -- C:\Users\Schena\Desktop\gmer
[2010/09/06 17:55:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/06 17:55:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/06 17:42:17 | 001,286,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schena\Desktop\tdsskiller.exe
[2010/09/03 13:16:17 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Local\Diagnostics
[2010/09/03 13:13:57 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2010/09/03 13:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Winspy
[2010/09/01 18:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/31 20:45:41 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Roaming\Malwarebytes
[2010/08/31 20:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/31 20:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/31 20:39:53 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Local\NPE
[2010/08/31 19:55:27 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Roaming\Tific
[2010/08/25 16:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/25 16:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/08/25 16:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/25 16:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/25 16:09:59 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Local\Adobe
[2010/08/24 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Roaming\Google
[2010/08/24 16:45:58 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Roaming\Macromedia
[2010/08/24 16:45:24 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Roaming\Adobe
[2010/08/24 16:45:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/08/24 16:45:02 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Local\Google
[2010/08/24 16:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/08/24 16:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/08/23 21:41:24 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/08/23 21:41:24 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/08/23 21:41:24 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symds.sys
[2010/08/23 21:41:24 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/08/23 21:41:24 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.sys
[2010/08/23 21:41:24 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/08/23 21:41:24 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/08/23 21:41:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0402000.00C
[2010/08/23 21:08:45 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/08/23 21:08:32 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/08/23 21:02:02 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010/08/23 20:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/08/23 20:12:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/08/23 20:10:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/08/23 18:30:45 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/08/23 18:30:44 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/08/23 18:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/23 18:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/23 18:30:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/23 18:30:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/08/23 18:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/08/23 18:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/08/23 18:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/08/23 18:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/23 18:12:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/08/23 18:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/08/23 17:59:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/08/23 17:59:52 | 000,490,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2010/08/23 17:58:59 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/08/23 17:58:59 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/08/23 17:58:59 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/08/23 17:52:12 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/08/23 17:44:51 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/08/23 17:44:50 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/08/23 17:44:50 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/08/23 17:44:50 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/08/23 17:44:35 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/08/23 17:44:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/08/23 17:44:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/08/23 17:44:35 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/08/23 17:44:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/08/23 17:44:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/23 17:44:15 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/23 17:44:15 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/23 17:44:15 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/23 17:44:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/23 17:44:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/23 17:44:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/23 17:44:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/23 17:44:13 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/08/23 17:44:13 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/08/23 17:43:29 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/08/23 17:43:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/08/23 17:43:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/08/23 17:43:24 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/23 17:43:24 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/23 17:43:23 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/08/23 17:43:23 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/08/23 17:43:23 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/08/23 17:43:23 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/08/23 17:43:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/08/23 17:43:22 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/08/23 17:43:22 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/08/23 17:43:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/08/23 17:43:20 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/08/23 17:43:20 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/08/23 17:43:20 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/08/23 17:43:17 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/08/23 17:43:14 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/08/23 17:43:14 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/23 17:43:13 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/08/23 17:43:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/08/23 17:43:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/23 17:42:52 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/23 17:41:02 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/08/23 17:41:02 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/08/23 17:41:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/08/23 17:25:58 | 000,000,000 | R--D | C] -- C:\Users\Schena\Searches
[2010/08/23 17:25:57 | 000,000,000 | -H-D | C] -- C:\Users\Schena\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/23 17:25:47 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Roaming\Identities
[2010/08/23 17:25:45 | 000,000,000 | R--D | C] -- C:\Users\Schena\Contacts
[2010/08/23 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Local\VirtualStore
[2010/08/23 17:25:37 | 000,000,000 | --SD | C] -- C:\Users\Schena\AppData\Roaming\Microsoft
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\Videos
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\Saved Games
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\Pictures
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\Music
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\Links
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\Favorites
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\Downloads
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\My Documents
[2010/08/23 17:25:37 | 000,000,000 | R--D | C] -- C:\Users\Schena\Desktop
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\AppData\Local\Temporary Internet Files
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Templates
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Start Menu
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\SendTo
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Recent
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\PrintHood
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\NetHood
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Documents\My Videos
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Documents\My Pictures
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Documents\My Music
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\My Documents
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Local Settings
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\AppData\Local\History
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Cookies
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\Application Data
[2010/08/23 17:25:37 | 000,000,000 | -HSD | C] -- C:\Users\Schena\AppData\Local\Application Data
[2010/08/23 17:25:37 | 000,000,000 | -H-D | C] -- C:\Users\Schena\AppData
[2010/08/23 17:25:37 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Local\Temp
[2010/08/23 17:25:37 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Local\Microsoft
[2010/08/23 17:25:37 | 000,000,000 | ---D | C] -- C:\Users\Schena\AppData\Roaming\Media Center Programs
[2010/08/23 17:25:23 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2010/09/13 17:14:16 | 001,048,576 | -HS- | M] () -- C:\Users\Schena\NTUSER.DAT
[2010/09/13 17:10:36 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Schena\Desktop\OTL.exe
[2010/09/13 16:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/13 16:50:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 16:21:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 12:45:30 | 000,945,998 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\Cat.DB
[2010/09/09 20:47:06 | 000,074,760 | ---- | M] () -- C:\Users\Schena\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/09 20:42:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/09 16:40:41 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 16:40:41 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 16:37:49 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/09 16:37:49 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/09 16:37:49 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/09 16:34:24 | 000,000,000 | ---- | M] () -- C:\Users\Schena\AppData\Roaming\wklnhst.dat
[2010/09/09 16:33:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/09 16:33:23 | 000,317,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/09 16:33:10 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 16:31:42 | 001,026,895 | -H-- | M] () -- C:\Users\Schena\AppData\Local\IconCache.db
[2010/09/07 17:33:13 | 000,002,044 | ---- | M] () -- C:\Users\Schena\Desktop\Attach.zip
[2010/09/07 17:20:20 | 000,284,915 | ---- | M] () -- C:\Users\Schena\Desktop\gmer.zip
[2010/09/07 17:11:51 | 000,525,824 | ---- | M] () -- C:\Users\Schena\Desktop\dds.scr
[2010/09/07 17:10:12 | 000,000,000 | ---- | M] () -- C:\Users\Schena\defogger_reenable
[2010/09/07 17:09:16 | 000,050,477 | ---- | M] () -- C:\Users\Schena\Desktop\Defogger.exe
[2010/09/06 17:55:04 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/06 17:42:30 | 001,286,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schena\Desktop\tdsskiller.exe
[2010/09/04 19:56:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/03 13:13:57 | 000,000,937 | ---- | M] () -- C:\Users\Schena\Desktop\Super Winspy.lnk
[2010/08/25 16:21:42 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/25 03:17:48 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/08/23 21:08:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/23 21:08:32 | 000,000,423 | RHS- | M] () -- C:\Boot.ini.saved
[2010/08/23 20:37:59 | 000,001,407 | ---- | M] () -- C:\Users\Schena\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/23 20:13:09 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/08/23 20:13:09 | 000,000,295 | RHS- | M] () -- C:\boot.ini
[2010/08/23 18:30:44 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/08/23 18:30:44 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/08/23 18:30:44 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/08/23 17:32:57 | 000,524,288 | -HS- | M] () -- C:\Users\Schena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/23 17:32:57 | 000,524,288 | -HS- | M] () -- C:\Users\Schena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 17:32:57 | 000,065,536 | -HS- | M] () -- C:\Users\Schena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/23 17:25:37 | 000,000,020 | -HS- | M] () -- C:\Users\Schena\ntuser.ini

========== Files Created - No Company Name ==========

[2010/09/09 20:42:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/09 16:34:24 | 000,000,000 | ---- | C] () -- C:\Users\Schena\AppData\Roaming\wklnhst.dat
[2010/09/07 17:33:13 | 000,002,044 | ---- | C] () -- C:\Users\Schena\Desktop\Attach.zip
[2010/09/07 17:20:18 | 000,284,915 | ---- | C] () -- C:\Users\Schena\Desktop\gmer.zip
[2010/09/07 17:11:46 | 000,525,824 | ---- | C] () -- C:\Users\Schena\Desktop\dds.scr
[2010/09/07 17:10:12 | 000,000,000 | ---- | C] () -- C:\Users\Schena\defogger_reenable
[2010/09/07 17:09:16 | 000,050,477 | ---- | C] () -- C:\Users\Schena\Desktop\Defogger.exe
[2010/09/06 17:55:04 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 19:56:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/03 13:13:57 | 000,007,380 | ---- | C] () -- C:\Windows\System32\winspy.tlb
[2010/09/03 13:13:57 | 000,000,937 | ---- | C] () -- C:\Users\Schena\Desktop\Super Winspy.lnk
[2010/08/25 16:21:42 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/25 03:17:10 | 000,945,998 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/24 16:45:07 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 16:45:05 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/23 21:41:24 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.cat
[2010/08/23 21:41:24 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/08/23 21:41:24 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/08/23 21:41:24 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/08/23 21:41:24 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\iron.cat
[2010/08/23 21:41:24 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symds.cat
[2010/08/23 21:41:24 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/08/23 21:41:24 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnet.cat
[2010/08/23 21:41:24 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.inf
[2010/08/23 21:41:24 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symds.inf
[2010/08/23 21:41:24 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/08/23 21:41:24 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/08/23 21:41:24 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnet.inf
[2010/08/23 21:41:24 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/08/23 21:41:24 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/08/23 21:41:24 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\iron.inf
[2010/08/23 21:41:09 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\isolate.ini
[2010/08/23 21:08:34 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/08/23 21:08:32 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/08/23 20:37:59 | 000,001,407 | ---- | C] () -- C:\Users\Schena\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/23 18:30:44 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/08/23 18:30:44 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/08/23 18:30:41 | 000,002,322 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/08/23 17:25:37 | 001,048,576 | -HS- | C] () -- C:\Users\Schena\NTUSER.DAT
[2010/08/23 17:25:37 | 000,524,288 | -HS- | C] () -- C:\Users\Schena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/23 17:25:37 | 000,524,288 | -HS- | C] () -- C:\Users\Schena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 17:25:37 | 000,262,144 | -HS- | C] () -- C:\Users\Schena\ntuser.dat.LOG1
[2010/08/23 17:25:37 | 000,065,536 | -HS- | C] () -- C:\Users\Schena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/23 17:25:37 | 000,000,290 | ---- | C] () -- C:\Users\Schena\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/23 17:25:37 | 000,000,272 | ---- | C] () -- C:\Users\Schena\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/23 17:25:37 | 000,000,020 | -HS- | C] () -- C:\Users\Schena\ntuser.ini
[2010/08/23 17:25:37 | 000,000,000 | -HS- | C] () -- C:\Users\Schena\ntuser.dat.LOG2
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/07/24 15:58:34 | 000,095,616 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe


< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/04 19:31:51 | 023,852,652 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/04 19:31:51 | 023,852,652 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Windows.old\Windows\$NtServicePackUninstall$\agp440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 19:31:51 | 023,852,652 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/04 19:31:51 | 023,852,652 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\Windows.old\Windows\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\Windows.old\Windows\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\Windows.old\Windows\system32\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Windows.old\Windows\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: LOGEVENT.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\Windows.old\Windows\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\Windows.old\Windows\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\Windows.old\Windows\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\Windows.old\Windows\system32\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Windows.old\Windows\$NtServicePackUninstall$\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/08/14 13:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\Win2K\sata_ide\nvata.sys
[2006/08/14 13:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\WinXP\sata_ide\nvata.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\Win2K\sata_ide\nvata.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\WinXP\sata_ide\nvata.sys
[2010/02/16 15:20:29 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Windows.old\Windows\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/08/05 09:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\drivers\storage\r133282\nvatabus.sys
[2006/08/05 09:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\i386\nvatabus.sys
[2006/08/05 09:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\Windows.old\Windows\system32\drivers\nvatabus.sys
[2006/08/14 13:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\Win2K\sataraid\nvatabus.sys
[2006/08/14 13:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\WinXP\sataraid\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\Win2K\sataraid\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: NVRAID.SYS >
[2006/08/05 09:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=1D4781A5957300DC81B91161B45704BB -- C:\drivers\storage\r133282\nvraid.sys
[2006/08/05 09:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=1D4781A5957300DC81B91161B45704BB -- C:\i386\nvraid.sys
[2006/08/05 09:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=1D4781A5957300DC81B91161B45704BB -- C:\Windows.old\Windows\system32\drivers\nvraid.sys
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2006/08/14 13:51:36 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=78A7BAF00D238B442A056F951A2AB434 -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\Win2K\sataraid\nvraid.sys
[2006/08/14 13:51:36 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=78A7BAF00D238B442A056F951A2AB434 -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\WinXP\sataraid\nvraid.sys
[2006/04/24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\Win2K\sataraid\nvraid.sys
[2006/04/24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\WinXP\sataraid\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\Windows.old\Windows\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\Windows.old\Windows\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\Windows.old\Windows\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/21 22:47:35 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/21 22:47:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/06/21 22:47:13 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/08/23 18:30:44 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >




OTL Extras logfile created on: 9/13/2010 5:11:40 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Schena\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293.39 Gb Total Space | 242.84 Gb Free Space | 82.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCHENA-PC
Current User Name: Schena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"Super Winspy_is1" = Super Winspy v3.6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2010 6:32:15 PM | Computer Name = Schena-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f28 Start
Time: 01cb4ed9801078c0 Termination Time: 31 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: b8b2ea71-bacf-11df-b8d5-00188b7a51ba

Error - 9/7/2010 8:56:19 PM | Computer Name = Schena-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: dbc Start
Time: 01cb4eeaddd60e50 Termination Time: 47 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: d94eaa31-bae3-11df-b8d5-00188b7a51ba

Error - 9/7/2010 10:00:33 PM | Computer Name = Schena-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: eac Start
Time: 01cb4ef5aa152690 Termination Time: 47 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: d3113a31-baec-11df-b8d5-00188b7a51ba

Error - 9/8/2010 9:13:56 PM | Computer Name = Schena-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5d8 Start
Time: 01cb4fbb5736ffe0 Termination Time: 47 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 7c1df061-bbaf-11df-b8d5-00188b7a51ba

Error - 9/9/2010 8:59:10 AM | Computer Name = Schena-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/9/2010 4:31:49 PM | Computer Name = Schena-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ccSvcHst.exe, version: 109.0.3.4, time
stamp: 0x4b86e0bf Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000420 Fault offset: 0x000c2913 Faulting process
id: 0xd08 Faulting application start time: 0x01cb4ed99a342ee0 Faulting application
path: C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 4505c0b0-bc51-11df-b8d5-00188b7a51ba

Error - 9/11/2010 12:22:23 AM | Computer Name = Schena-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/11/2010 5:54:59 PM | Computer Name = Schena-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/12/2010 1:03:49 PM | Computer Name = Schena-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/13/2010 7:24:47 AM | Computer Name = Schena-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 9/7/2010 6:09:21 PM | Computer Name = Schena-PC | Source = Service Control Manager | ID = 7031
Description = The Norton 360 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 9/9/2010 4:31:51 PM | Computer Name = Schena-PC | Source = Service Control Manager | ID = 7031
Description = The Norton 360 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 9/9/2010 4:32:01 PM | Computer Name = Schena-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 9/9/2010 4:33:10 PM | Computer Name = Schena-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 9/9/2010 6:08:52 PM | Computer Name = Schena-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 9/9/2010 8:44:30 PM | Computer Name = Schena-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/11/2010 3:00:12 AM | Computer Name = Schena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/11/2010 3:09:34 PM | Computer Name = Schena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/12/2010 10:00:41 AM | Computer Name = Schena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.

Error - 9/13/2010 4:21:27 PM | Computer Name = Schena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:24 AM

Posted 13 September 2010 - 05:01 PM

Hi,

please run BRCheck next:

Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Mike1911

Mike1911
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 13 September 2010 - 07:43 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x0000000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
Press ENTER to exit...


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:24 AM

Posted 14 September 2010 - 04:26 AM

Hi,

your logs are looking clean so far. Where is Norotn finding these infections?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Mike1911

Mike1911
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 14 September 2010 - 08:18 PM

Hmm,

I'm not sure how to find out where Norton is finding them. I'm running another scan overnight now to see if norton tells me where they are and I will post the results tomorrow afternoon.

#8 Mike1911

Mike1911
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 17 September 2010 - 03:31 PM

I'm not sure what is going on, boopme seemed to imply that he/she could detect something from the logs I posted here http://www.bleepingcomputer.com/forums/topic344558.html (they are the same logs as in this thread). I can't figure out how to get a log from Norton. Boopme said it appears using an AV could be disasterous, but I don't know what AV means. Sorry I am not of more help. Was kinda hopeing norton would prevent all this.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:24 AM

Posted 20 September 2010 - 07:47 AM

Hi,

I'm sorry I'm not using Norton and I can't find instructions on how to extract a log on their site either. An AV stands for Anti virus program, in this case norton.

The reason it is so dangerous, is because some anti virus programs, namely Norton, will delete what they identified as malicious. Without contemplating the fact that the file they are deleting is a crucial Windows file that has been infected. I have seen a number of PCs that were left unbootable after an Anti virus program deleted the identified malicious files.

Do you still get these warnings? Can you type down the exact warning word for word they are giving you? Or maybe posst a screenshot?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Mike1911

Mike1911
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 20 September 2010 - 07:42 PM

Hi Myrti,

Still haven't been able to figure out how to do a log but I did get some stuff I hope can help. I hope this shows where the virus is. I had to hand type this, so typos are possible, although I was pretty careful.

Infected file: c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\dmio.sys.vir below this it says Manual removal required.

the other one is

Infected file: c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\nvata.sys.vir below this it says Manual removal required on this one too.

Here also is symantics info on these viruses. There is a tab with removal instructions, but the instructions do not make sense to me.
http://securityresponse.symantec.com/secur...-120316-3836-99
http://securityresponse.symantec.com/secur...-111113-1112-99

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:24 AM

Posted 23 September 2010 - 12:52 PM

Hi,

this looks actually good. The files it found are actually in the quarantine of ComboFix, the files have been contained.

Please run a scan with Eset to check for other leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Mike1911

Mike1911
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 28 September 2010 - 04:19 PM

Myrti, here are the results.

C:\Qoobox\Quarantine\C\WINDOWS\uhixutuxu.dll.vir a variant of Win32/Cimag.AV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\warnings.html.vir Win32/TrojanDownloader.FakeAlert.AUD trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudXPInternetSecurity.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinZBot.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AUD trojan cleaned by deleting - quarantined
C:\Windows.old\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus deleted - quarantined
C:\Windows.old\Windows\system32\drivers\etc\hosts.20090916-200049.backup Win32/Qhost trojan cleaned by deleting - quarantined

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:24 AM

Posted 29 September 2010 - 04:38 AM

Hi,

what is Windows.Old? A previous Windows installation?

If so the current installation does look clean. smile.gif

How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Mike1911

Mike1911
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 29 September 2010 - 06:47 PM

Yes, I'm guessing that is what it is. I recently took my computer to staples to have the hard drive formatted and have windows 7 installed. I guess that means that they didn't format it since that old stuff is showing up? Everything seems to be running well. When I first went down the list of things to prepare my computer for fixes before posting my log on this forum, I was getting some internet explorer errors, but aside from that everything seems well.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:24 AM

Posted 30 September 2010 - 04:43 AM

Hi,

when you upgrade your old data gets backed up into a folder, it is possible that this is what happened here.

Please update your Adobe Reader, it is out of date.

Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
  2. Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  3. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users