Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Backdoor.Tidserf.I!inf


  • This topic is locked This topic is locked
25 replies to this topic

#1 too456

too456

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 10 September 2010 - 11:48 PM

My computer has a problem with Backdoor.Tidserf.I!inf, well that's what the name is according to NIS 2011 anyway. It appears to infect ndis.sys, msahci.sys and discache.sys, although more appear from time to time. First it was msahci.sys, then when I replaced the file, ndis.sys got infected, then when I replaced that file, discache.sys got infected. I used my Windows 7 disk and used the command line to replace the files (I used ren command to rename the file to .old, then copy command to copy from the disk to the computer). Now the ndis.sys file in the winsxs folder (full path is c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys) is apparently infected as well and it's troublesome to replace it as the folder names are long and complex, and replacing the files don't seem to work anyway as more and more files get infected. Now, ndis.sys and discache.sys are infected and I don't bother replacing them because it does not work. Help sad.gif


DDS (Ver_10-03-17.01) - NTFSx86
Run by Fabian at 22:02:42.35 on Sat 11/09/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.65.1033.18.2937.1752 [GMT 8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Fabian\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Fabian\Desktop\bleep\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [<NO NAME>]
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: zipfldra.dll
SSODL: Windows Services - c:\documents and settings\fabian\svchost.exe - No File
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\fabian\appdata\roaming\mozilla\firefox\profiles\3xsozkuc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://smb.chs.edu.sg/smb/hs_student|http://m.sg.yahoo.com|http://www.facebook.com/home.php|http://www.redmondpie.com|http://www.lockerz.com/dailies
FF - prefs.js: keyword.URL - hxxp://sg.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.ftp - proxy.hci.edu.sg
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.hci.edu.sg
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.hci.edu.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.hci.edu.sg
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.hci.edu.sg
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\users\fabian\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-6-11 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-6-11 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-9-6 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-9-6 666672]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-9-6 692272]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2009-7-24 251248]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20100909.001\IDSvix86.sys [2010-9-10 344112]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-6-11 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-9-6 134704]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1201000.025\symnets.sys [2010-9-6 294448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/08 13:31:20];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-9-8 87536]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-8 20968]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-8-18 20328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-8-19 88176]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-9-6 126904]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-7-30 343080]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-6-8 46256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-11 102448]
R3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\drivers\ITEirda.sys [2010-6-5 25088]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-6-15 6766080]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-9-3 16640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-7-12 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-11 29472]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2010-6-7 12800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-5 1343400]

=============== Created Last 30 ================

2010-09-11 13:48:35 0 --sha-w- C:\DkHyperbootSync
2010-09-11 04:17:19 0 d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2010-09-11 03:34:13 691294301 ----a-w- c:\windows\MEMORY.DMP
2010-09-11 03:09:56 93056 ----a-w- C:\kglyipod.sys
2010-09-11 03:02:59 0 ----a-w- c:\users\fabian\defogger_reenable
2010-09-11 02:47:49 472064 ----a-w- c:\windows\autokms.exe
2010-09-07 09:58:42 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-09-07 09:58:41 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2010-09-07 09:58:41 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-09-07 09:58:41 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-09-07 09:58:41 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-09-07 08:00:13 0 d-----w- c:\program files\common files\DivX Shared
2010-09-07 07:59:51 0 d-----w- c:\program files\DivX
2010-09-07 07:58:13 0 d-----w- c:\programdata\DivX
2010-09-06 17:50:16 27712 ----a-w- c:\windows\system32\drivers\msahci.sys
2010-09-06 17:49:53 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-09-06 08:06:29 0 d-----w- c:\windows\RT 7 Lite
2010-09-06 07:28:56 0 d-----w- c:\program files\Creative
2010-09-06 07:28:54 0 d-----w- C:\CCM
2010-09-06 01:13:49 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-06 01:13:49 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-06 01:13:49 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-06 01:13:48 0 d-----w- c:\program files\Symantec
2010-09-06 01:13:48 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-06 01:13:03 0 d-----w- c:\windows\system32\drivers\NIS
2010-09-06 01:13:01 0 d-----w- c:\program files\Norton Internet Security
2010-09-06 01:12:24 0 d-----w- c:\program files\NortonInstaller
2010-09-03 15:05:44 88704 ----a-w- c:\windows\system32\Packet.dll
2010-09-03 15:05:44 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-09-03 15:05:44 34064 ----a-w- c:\windows\system32\drivers\npf.sys
2010-09-03 15:05:44 240248 ----a-w- c:\windows\system32\wpcap.dll
2010-09-03 15:05:44 0 d-----w- c:\windows\SysWOW64
2010-09-03 15:05:22 0 d-----w- c:\program files\Wondershare
2010-09-03 14:37:51 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2010-09-02 07:58:36 0 d-----w- c:\program files\iPod
2010-09-02 07:58:35 0 d-----w- c:\program files\iTunes
2010-08-27 13:08:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-25 09:57:26 0 d-----w- c:\programdata\Ipswitch
2010-08-25 09:46:07 0 d-----w- c:\windows\system32\E177E04D548C4006A465EEB92D3DE021
2010-08-25 09:45:28 606293 ----a-w- c:\windows\system32\wbocx.ocx
2010-08-25 09:45:28 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-08-25 09:45:27 0 d-----w- c:\program files\Ipswitch
2010-08-25 09:34:55 20 --sh--w- c:\users\fabian\check.new
2010-08-25 08:24:50 0 d-----w- c:\programdata\Pamela
2010-08-25 08:06:10 0 d-----w- c:\users\fabian\appdata\roaming\Pamela
2010-08-25 08:06:08 0 d-----w- c:\program files\Pamela
2010-08-25 08:04:58 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 12:38:57 0 d-----w- c:\program files\Julien MANICI
2010-08-20 14:22:16 0 d-----w- c:\programdata\NCH Software
2010-08-20 13:31:49 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-08-18 12:35:01 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-08-17 12:10:11 0 d-----w- c:\program files\iPhoneBrowser
2010-08-15 03:48:01 0 d-----w- c:\users\fabian\appdata\roaming\FLEXnet

==================== Find3M ====================

2010-09-08 05:26:12 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-04 16:53:58 2931712 ----a-w- c:\windows\system32\x264vfw.dll
2010-09-02 08:36:45 354536 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-02 02:13:45 13904 ----a-w- c:\windows\system32\drivers\hwpolicy.sys
2010-08-25 08:24:48 162304 ----a-w- c:\windows\system32\RemoteControl.dll
2010-08-12 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-11 11:07:11 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-08-11 11:07:11 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2010-08-11 11:07:11 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-08-11 11:07:11 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-07-30 08:36:14 343080 ----a-w- c:\windows\system32\drivers\b57nd60x.sys
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 05:54:00 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-22 11:37:29 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-19 09:18:22 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-07-19 09:18:18 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-07-19 09:18:16 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-19 09:18:14 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-07-19 09:18:14 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-19 09:18:12 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-07-19 09:18:10 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-07-19 09:13:16 81920 ----a-w- c:\windows\system32\igfxCoIn_v2182.dll
2010-07-19 09:06:58 9018368 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2010-07-19 09:06:54 4966400 ----a-w- c:\windows\system32\igdumd32.dll
2010-07-19 09:04:38 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-07-19 09:01:16 4410880 ----a-w- c:\windows\system32\igd10umd32.dll
2010-07-19 08:49:14 11041280 ----a-w- c:\windows\system32\ig4icd32.dll
2010-07-19 08:39:50 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-07-19 08:39:48 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2010-07-19 08:39:44 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-07-19 08:39:32 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-07-19 08:39:16 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-07-19 08:39:10 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-07-19 08:39:04 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-07-19 08:39:04 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-07-19 08:39:02 228352 ----a-w- c:\windows\system32\igfxdev.dll
2010-07-19 08:38:48 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-07-05 04:17:32 31548 ----a-w- c:\windows\system32\perfd011.dat
2010-07-05 04:17:32 31548 ----a-w- c:\windows\inf\perflib\0411\perfd.dat
2010-07-05 04:17:32 31548 ----a-w- c:\windows\inf\perflib\0411\perfc.dat
2010-07-05 04:17:32 141988 ----a-w- c:\windows\system32\perfi011.dat
2010-07-05 04:17:32 141988 ----a-w- c:\windows\inf\perflib\0411\perfi.dat
2010-07-05 04:17:32 141988 ----a-w- c:\windows\inf\perflib\0411\perfh.dat
2010-07-03 07:23:01 45182 ----a-w- c:\windows\system32\perfd008.dat
2010-07-03 07:23:01 45182 ----a-w- c:\windows\inf\perflib\0408\perfd.dat
2010-07-03 07:23:01 45182 ----a-w- c:\windows\inf\perflib\0408\perfc.dat
2010-07-03 07:23:01 369984 ----a-w- c:\windows\system32\perfi008.dat
2010-07-03 07:23:01 369984 ----a-w- c:\windows\inf\perflib\0408\perfi.dat
2010-07-03 07:23:01 369984 ----a-w- c:\windows\inf\perflib\0408\perfh.dat
2010-07-03 07:14:47 37160 ----a-w- c:\windows\system32\perfd01F.dat
2010-07-03 07:14:47 37160 ----a-w- c:\windows\inf\perflib\041f\perfd.dat
2010-07-03 07:14:47 37160 ----a-w- c:\windows\inf\perflib\041f\perfc.dat
2010-07-03 07:14:47 285034 ----a-w- c:\windows\system32\perfi01F.dat
2010-07-03 07:14:47 285034 ----a-w- c:\windows\inf\perflib\041f\perfi.dat
2010-07-03 07:14:47 285034 ----a-w- c:\windows\inf\perflib\041f\perfh.dat
2010-07-03 07:08:06 48094 ----a-w- c:\windows\system32\perfd00E.dat
2010-07-03 07:08:06 48094 ----a-w- c:\windows\inf\perflib\040e\perfd.dat
2010-07-03 07:08:06 48094 ----a-w- c:\windows\inf\perflib\040e\perfc.dat
2010-07-03 07:08:06 287518 ----a-w- c:\windows\system32\perfi00E.dat
2010-07-03 07:08:06 287518 ----a-w- c:\windows\inf\perflib\040e\perfi.dat
2010-07-03 07:08:06 287518 ----a-w- c:\windows\inf\perflib\040e\perfh.dat
2010-07-03 07:01:38 40548 ----a-w- c:\windows\system32\prfd0816.dat
2010-07-03 07:01:38 40548 ----a-w- c:\windows\inf\perflib\0816\perfd.dat
2010-07-03 07:01:38 40548 ----a-w- c:\windows\inf\perflib\0816\perfc.dat
2010-07-03 07:01:38 336656 ----a-w- c:\windows\system32\prfi0816.dat
2010-07-03 07:01:38 336656 ----a-w- c:\windows\inf\perflib\0816\perfi.dat
2010-07-03 07:01:38 336656 ----a-w- c:\windows\inf\perflib\0816\perfh.dat
2010-07-02 12:02:07 43068 ----a-w- c:\windows\system32\perfd013.dat
2010-07-02 12:02:07 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2010-07-02 12:02:07 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2010-07-02 12:02:07 341322 ----a-w- c:\windows\system32\perfi013.dat
2010-07-02 12:02:07 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2010-07-02 12:02:07 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2010-07-02 11:52:41 39236 ----a-w- c:\windows\system32\perfd006.dat
2010-07-02 11:52:41 39236 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2010-07-02 11:52:41 39236 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2010-07-02 11:52:41 306636 ----a-w- c:\windows\system32\perfi006.dat
2010-07-02 11:52:41 306636 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2010-07-02 11:52:41 306636 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2010-07-02 11:45:08 37052 ----a-w- c:\windows\system32\perfd01D.dat
2010-07-02 11:45:08 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2010-07-02 11:45:08 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2010-07-02 11:45:08 294764 ----a-w- c:\windows\system32\perfi01D.dat
2010-07-02 11:45:08 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2010-07-02 11:45:08 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2010-07-02 11:31:12 42056 ----a-w- c:\windows\system32\perfd001.dat
2010-07-02 11:31:12 42056 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2010-07-02 11:31:12 42056 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2010-07-02 11:31:12 289060 ----a-w- c:\windows\system32\perfi001.dat
2010-07-02 11:31:12 289060 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2010-07-02 11:31:12 289060 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2010-07-02 11:17:27 38710 ----a-w- c:\windows\system32\perfd015.dat
2010-07-02 11:17:27 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2010-07-02 11:17:27 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2010-07-02 11:17:27 337158 ----a-w- c:\windows\system32\perfi015.dat
2010-07-02 11:17:27 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2010-07-02 11:17:27 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2010-07-02 11:10:25 38536 ----a-w- c:\windows\system32\prfd0416.dat
2010-07-02 11:10:25 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:18:22.58 ===============

Attached Files


Edited by too456, 11 September 2010 - 09:20 AM.

Cats :D

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 PM

Posted 15 September 2010 - 02:31 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 PM

Posted 17 September 2010 - 11:52 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 too456

too456
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 18 September 2010 - 10:02 PM

Sorry for the long wait. I didn't receive the email notification until today smile.gif
There really isn't much problems or symptoms, unless you count NIS popping up every now and then about this problem.
Here are the logs.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Fabian at 10:21:49.87 on Sun 19/09/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.65.1033.18.2937.1572 [GMT 8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Users\Fabian\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Windows\PLFSetL.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Fabian\Desktop\bleep\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = proxy.hci.edu.sg:8080
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [<NO NAME>]
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: zipfldra.dll
SSODL: Windows Services - c:\documents and settings\fabian\svchost.exe - No File
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\fabian\appdata\roaming\mozilla\firefox\profiles\3xsozkuc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://smb.chs.edu.sg/smb/hs_student|http://m.sg.yahoo.com|http://www.facebook.com/home.php|http://www.redmondpie.com|http://www.lockerz.com/dailies
FF - prefs.js: keyword.URL - hxxp://sg.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.ftp - proxy.hci.edu.sg
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.hci.edu.sg
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.hci.edu.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.hci.edu.sg
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.hci.edu.sg
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\users\fabian\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-6-11 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-6-11 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-9-6 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-9-6 666672]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-9-1 692272]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2009-7-24 251248]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20100917.001\IDSvix86.sys [2010-9-18 344112]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-6-11 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-9-6 134704]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1201000.025\symnets.sys [2010-9-6 294448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/08 13:31:20];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-9-8 87536]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-8 20968]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-8-18 20328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-8-19 88176]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-9-6 126904]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-7-30 343080]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-6-8 46256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-11 102448]
R3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\drivers\ITEirda.sys [2010-6-5 25088]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-6-15 6766080]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-9-3 16640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-7-12 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-11 29472]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2010-6-7 12800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-5 1343400]

=============== Created Last 30 ================

2010-09-19 02:20:33 0 --sha-w- C:\DkHyperbootSync
2010-09-18 03:34:32 11376 ----a-w- c:\windows\system32\drivers\SECDRV.SYS
2010-09-17 13:13:58 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-16 10:05:43 2384 ----a-w- C:\{BB4223EB-70D1-4486-93FB-CCAEC1F52466}
2010-09-16 09:58:20 2352 ----a-w- C:\{352B00C2-6EDB-496E-A381-0BB3C929435B}
2010-09-16 09:49:39 2760 ----a-w- C:\{20D6611C-CF96-449F-B144-173D8B5FF9C3}
2010-09-16 08:58:11 2840 ----a-w- C:\{93D31C41-D778-465E-A5AE-3D1006528533}
2010-09-15 09:53:22 406 ----a-w- c:\windows\system32\MRT.INI
2010-09-15 08:42:23 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 08:35:18 0 d-----w- c:\programdata\eSellerate
2010-09-13 08:08:52 0 dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-09-13 08:08:50 0 d-----w- c:\program files\Stardock
2010-09-13 08:05:07 0 d-----w- c:\program files\Bonjour Print Services
2010-09-13 07:49:12 0 d-----w- c:\program files\common files\snp2uvc
2010-09-13 07:35:35 0 d-----w- c:\users\fabian\appdata\roaming\UpdateStar
2010-09-13 07:00:17 0 d-----w- c:\programdata\BVRP Software
2010-09-12 07:37:08 0 d-----w- c:\program files\Eurekr.com
2010-09-11 04:17:19 0 d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2010-09-11 03:34:13 528731805 ----a-w- c:\windows\MEMORY.DMP
2010-09-11 03:09:56 93056 ----a-w- C:\kglyipod.sys
2010-09-11 03:02:59 0 ----a-w- c:\users\fabian\defogger_reenable
2010-09-11 02:47:49 472064 ----a-w- c:\windows\autokms.exe
2010-09-07 09:58:42 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-09-07 09:58:41 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2010-09-07 09:58:41 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-09-07 09:58:41 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-09-07 09:58:41 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-09-07 08:00:13 0 d-----w- c:\program files\common files\DivX Shared
2010-09-07 07:59:51 0 d-----w- c:\program files\DivX
2010-09-07 07:58:13 0 d-----w- c:\programdata\DivX
2010-09-06 17:50:16 27712 ----a-w- c:\windows\system32\drivers\msahci.sys
2010-09-06 17:49:53 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-09-06 08:06:29 0 d-----w- c:\windows\RT 7 Lite
2010-09-06 07:28:56 0 d-----w- c:\program files\Creative
2010-09-06 07:28:54 0 d-----w- C:\CCM
2010-09-06 01:13:49 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-06 01:13:49 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-06 01:13:49 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-06 01:13:48 0 d-----w- c:\program files\Symantec
2010-09-06 01:13:48 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-06 01:13:03 0 d-----w- c:\windows\system32\drivers\NIS
2010-09-06 01:13:01 0 d-----w- c:\program files\Norton Internet Security
2010-09-06 01:12:24 0 d-----w- c:\program files\NortonInstaller
2010-09-03 15:05:44 88704 ----a-w- c:\windows\system32\Packet.dll
2010-09-03 15:05:44 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-09-03 15:05:44 34064 ----a-w- c:\windows\system32\drivers\npf.sys
2010-09-03 15:05:44 240248 ----a-w- c:\windows\system32\wpcap.dll
2010-09-03 15:05:44 0 d-----w- c:\windows\SysWOW64
2010-09-03 15:05:22 0 d-----w- c:\program files\Wondershare
2010-09-03 14:37:51 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2010-09-02 07:58:36 0 d-----w- c:\program files\iPod
2010-09-02 07:58:35 0 d-----w- c:\program files\iTunes
2010-08-27 13:08:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-25 09:57:26 0 d-----w- c:\programdata\Ipswitch
2010-08-25 09:46:07 0 d-----w- c:\windows\system32\E177E04D548C4006A465EEB92D3DE021
2010-08-25 09:45:28 606293 ----a-w- c:\windows\system32\wbocx.ocx
2010-08-25 09:45:28 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-08-25 09:45:27 0 d-----w- c:\program files\Ipswitch
2010-08-25 09:34:55 20 --sh--w- c:\users\fabian\check.new
2010-08-25 08:24:50 0 d-----w- c:\programdata\Pamela
2010-08-25 08:06:10 0 d-----w- c:\users\fabian\appdata\roaming\Pamela
2010-08-25 08:06:08 0 d-----w- c:\program files\Pamela
2010-08-25 08:04:58 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 12:38:57 0 d-----w- c:\program files\Julien MANICI
2010-08-20 14:22:16 0 d-----w- c:\programdata\NCH Software
2010-08-20 13:31:49 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

==================== Find3M ====================

2010-09-08 05:26:12 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-04 16:53:58 2931712 ----a-w- c:\windows\system32\x264vfw.dll
2010-09-02 08:36:45 354536 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-02 02:13:45 13904 ----a-w- c:\windows\system32\drivers\hwpolicy.sys
2010-08-25 08:24:48 162304 ----a-w- c:\windows\system32\RemoteControl.dll
2010-08-12 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-11 11:07:11 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-08-11 11:07:11 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2010-08-11 11:07:11 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-08-11 11:07:11 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-07-30 08:36:14 343080 ----a-w- c:\windows\system32\drivers\b57nd60x.sys
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 05:54:00 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-22 11:37:29 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-19 09:18:22 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-07-19 09:18:18 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-07-19 09:18:16 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-19 09:18:14 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-07-19 09:18:14 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-19 09:18:12 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-07-19 09:18:10 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-07-19 09:13:16 81920 ----a-w- c:\windows\system32\igfxCoIn_v2182.dll
2010-07-19 09:06:54 4966400 ----a-w- c:\windows\system32\igdumd32.dll
2010-07-19 09:04:38 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-07-19 09:01:16 4410880 ----a-w- c:\windows\system32\igd10umd32.dll
2010-07-19 08:49:14 11041280 ----a-w- c:\windows\system32\ig4icd32.dll
2010-07-19 08:39:50 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-07-19 08:39:48 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2010-07-19 08:39:44 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-07-19 08:39:32 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-07-19 08:39:16 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-07-19 08:39:10 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-07-19 08:39:04 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-07-19 08:39:04 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-07-19 08:39:02 228352 ----a-w- c:\windows\system32\igfxdev.dll
2010-07-19 08:38:48 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-07-05 04:17:32 31548 ----a-w- c:\windows\system32\perfd011.dat
2010-07-05 04:17:32 31548 ----a-w- c:\windows\inf\perflib\0411\perfd.dat
2010-07-05 04:17:32 31548 ----a-w- c:\windows\inf\perflib\0411\perfc.dat
2010-07-05 04:17:32 141988 ----a-w- c:\windows\system32\perfi011.dat
2010-07-05 04:17:32 141988 ----a-w- c:\windows\inf\perflib\0411\perfi.dat
2010-07-05 04:17:32 141988 ----a-w- c:\windows\inf\perflib\0411\perfh.dat
2010-07-03 07:23:01 45182 ----a-w- c:\windows\system32\perfd008.dat
2010-07-03 07:23:01 45182 ----a-w- c:\windows\inf\perflib\0408\perfd.dat
2010-07-03 07:23:01 45182 ----a-w- c:\windows\inf\perflib\0408\perfc.dat
2010-07-03 07:23:01 369984 ----a-w- c:\windows\system32\perfi008.dat
2010-07-03 07:23:01 369984 ----a-w- c:\windows\inf\perflib\0408\perfi.dat
2010-07-03 07:23:01 369984 ----a-w- c:\windows\inf\perflib\0408\perfh.dat
2010-07-03 07:14:47 37160 ----a-w- c:\windows\system32\perfd01F.dat
2010-07-03 07:14:47 37160 ----a-w- c:\windows\inf\perflib\041f\perfd.dat
2010-07-03 07:14:47 37160 ----a-w- c:\windows\inf\perflib\041f\perfc.dat
2010-07-03 07:14:47 285034 ----a-w- c:\windows\system32\perfi01F.dat
2010-07-03 07:14:47 285034 ----a-w- c:\windows\inf\perflib\041f\perfi.dat
2010-07-03 07:14:47 285034 ----a-w- c:\windows\inf\perflib\041f\perfh.dat
2010-07-03 07:08:06 48094 ----a-w- c:\windows\system32\perfd00E.dat
2010-07-03 07:08:06 48094 ----a-w- c:\windows\inf\perflib\040e\perfd.dat
2010-07-03 07:08:06 48094 ----a-w- c:\windows\inf\perflib\040e\perfc.dat
2010-07-03 07:08:06 287518 ----a-w- c:\windows\system32\perfi00E.dat
2010-07-03 07:08:06 287518 ----a-w- c:\windows\inf\perflib\040e\perfi.dat
2010-07-03 07:08:06 287518 ----a-w- c:\windows\inf\perflib\040e\perfh.dat
2010-07-03 07:01:38 40548 ----a-w- c:\windows\system32\prfd0816.dat
2010-07-03 07:01:38 40548 ----a-w- c:\windows\inf\perflib\0816\perfd.dat
2010-07-03 07:01:38 40548 ----a-w- c:\windows\inf\perflib\0816\perfc.dat
2010-07-03 07:01:38 336656 ----a-w- c:\windows\system32\prfi0816.dat
2010-07-03 07:01:38 336656 ----a-w- c:\windows\inf\perflib\0816\perfi.dat
2010-07-03 07:01:38 336656 ----a-w- c:\windows\inf\perflib\0816\perfh.dat
2010-07-02 12:02:07 43068 ----a-w- c:\windows\system32\perfd013.dat
2010-07-02 12:02:07 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2010-07-02 12:02:07 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2010-07-02 12:02:07 341322 ----a-w- c:\windows\system32\perfi013.dat
2010-07-02 12:02:07 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2010-07-02 12:02:07 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2010-07-02 11:52:41 39236 ----a-w- c:\windows\system32\perfd006.dat
2010-07-02 11:52:41 39236 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2010-07-02 11:52:41 39236 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2010-07-02 11:52:41 306636 ----a-w- c:\windows\system32\perfi006.dat
2010-07-02 11:52:41 306636 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2010-07-02 11:52:41 306636 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2010-07-02 11:45:08 37052 ----a-w- c:\windows\system32\perfd01D.dat
2010-07-02 11:45:08 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2010-07-02 11:45:08 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2010-07-02 11:45:08 294764 ----a-w- c:\windows\system32\perfi01D.dat
2010-07-02 11:45:08 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2010-07-02 11:45:08 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2010-07-02 11:31:12 42056 ----a-w- c:\windows\system32\perfd001.dat
2010-07-02 11:31:12 42056 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2010-07-02 11:31:12 42056 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2010-07-02 11:31:12 289060 ----a-w- c:\windows\system32\perfi001.dat
2010-07-02 11:31:12 289060 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2010-07-02 11:31:12 289060 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2010-07-02 11:17:27 38710 ----a-w- c:\windows\system32\perfd015.dat
2010-07-02 11:17:27 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2010-07-02 11:17:27 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2010-07-02 11:17:27 337158 ----a-w- c:\windows\system32\perfi015.dat
2010-07-02 11:17:27 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2010-07-02 11:17:27 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2010-07-02 11:10:25 38536 ----a-w- c:\windows\system32\prfd0416.dat
2010-07-02 11:10:25 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat
2010-07-02 11:10:25 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:30:13.03 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 5/6/2010 7:00:06 PM
System Uptime: 19/9/2010 9:57:44 AM (1 hours ago)

Motherboard: Acer | | TravelMate 6293
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2534/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 126.316 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: FingerPrinter Reader
Device ID: USB\VID_1C7A&PID_0801\00000000000006
Manufacturer:
Name: FingerPrinter Reader
PNP Device ID: USB\VID_1C7A&PID_0801\00000000000006
Service:

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Acer Crystal Eye Webcam
Device ID: USB\VID_064E&PID_A103&MI_00\6&2C2B19DD&1&0000
Manufacturer: Suyin Optronics CORP.
Name: Acer Crystal Eye Webcam
PNP Device ID: USB\VID_064E&PID_A103&MI_00\6&2C2B19DD&1&0000
Service: SNP2UVC

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acer Crystal Eye Webcam
Acer Crystal Eye Webcam Video Class Camera
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.4 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Web Premium
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Shockwave Player 11.5
AnyDVD
AnyDVD Registration
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier
Audacity 1.3.12 (Unicode)
Bit Che
Bonjour
Bonjour Print Services
Buzan's iMindMap V4.1
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
CCM
CPUID CPU-Z 1.55
CyberLink PowerDirector
CyberLink PowerDVD 10
Debugging Tools for Windows (x86)
Definition update for Microsoft Office 2010 (KB982726)
DirectX 9 Runtime
Diskeeper 2010 Pro Premier
DivX Setup
Fences
FFmpeg for Audacity on Windows
FileZilla Client 3.3.4
Free Download Manager 3.0
GameSpy Arcade
Google Chrome
Halo 2 for Windows Vista
Halo CE Cracked Setup
Harry Potter and the Half-Blood Prince™
Image Resizer Powertoy Clone for Windows
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
iPhoneBrowser
Ipswitch WS_FTP 12
ITEFIR
iTunes
Java Auto Updater
Java™ 6 Update 21
Junk Mail filter update
K-Lite Mega Codec Pack 6.3.8
Knoll Light Factory EZ Studio
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
Magic Bullet Looks Studio
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
mental mill ® Artist Edition
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Hotmail Connector 32-bit
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mikogo
MiPony 1.1.0
Mozilla Firefox (3.6.10)
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Internet Security
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
Opera 10.61
Pamela Pro 4.7
PDF Settings CS5
Pinnacle Studio 14
Pinnacle Studio Ultimate Collection Plugins
Pinnacle Video Driver
PowerDVD
PowerISO
Prism Video Converter
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
PxMergeModule
QuickTime
Realtek High Definition Audio Driver
Red Giant ToonIt Studio
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio PhotoShow
Roxio Video Capture USB
RT 7 Lite (32-Bit)
RT 7 Lite x86
Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)
Skype™ 4.2
Smart Install Maker 5.02
SmartSound Quicktracks Plugin
Switch Sound File Converter
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TeraCopy 2.12
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
Ultimate Reference Suite
Unlocker 1.9.0
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
UpdateStar
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
WIDCOMM Bluetooth Software
WinAce Archiver
Windows 7 Logon Background Changer
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows SDK IntellisenseNFX
Windows Updates Downloader
Windows XP Mode
WinRAR archiver
WinSCP 4.2.8
WinZip 14.5
WinZip Self-Extractor
Wondershare Streaming Audio Recorder(Build 1.0.10.1)
Wondershare Streaming Media Suite(Build 1.0.5.2)
Wondershare Streaming Video Recorder(Build 2.0.1.4)
YouTube Batch Downloader

==== Event Viewer Messages From Past Week ========

19/9/2010 9:59:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vpcvmm
19/9/2010 9:59:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
19/9/2010 9:58:32 AM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
19/9/2010 10:23:51 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
17/9/2010 8:31:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
17/9/2010 8:30:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
17/9/2010 8:29:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
17/9/2010 7:40:43 PM, Error: NetBT [4321] - The name "FABIAN-PC :0" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
17/9/2010 7:40:42 PM, Error: NetBT [4321] - The name "FABIAN-PC :0" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
17/9/2010 6:47:11 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A3E8EDF8-1E58-4B1B-9A05-FA4D962DAC2E} because another computer on the network has the same name. The server could not start.
17/9/2010 6:47:11 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{25266564-1C6A-4C60-9C3B-6F5D5313C7C0} because another computer on the network has the same name. The server could not start.
17/9/2010 6:47:11 PM, Error: NetBT [4321] - The name "FABIAN-PC :20" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
17/9/2010 6:47:11 PM, Error: NetBT [4321] - The name "FABIAN-PC :20" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
16/9/2010 8:18:58 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
15/9/2010 8:52:34 PM, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
15/9/2010 8:31:09 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
15/9/2010 1:39:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
15/9/2010 1:10:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HP-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{25266564-1C6A-4C60-9C3B-6F5D5313C7C0. The master browser is stopping or an election is being forced.

==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x98805000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9551872 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x99639000 C:\Windows\system32\DRIVERS\NETw5s32.sys 6807552 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x8303D000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x8303D000 PnpManager 4259840 bytes
0x8303D000 RAW 4259840 bytes
0x8303D000 WMIxWDM 4259840 bytes
0x9B00D000 C:\Windows\system32\drivers\RTKVHDA.sys 2654208 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9BCE0000 Win32k 2400256 bytes
0x9BCE0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xC8293000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100918.003\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0x8B80F000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x98021000 C:\Windows\system32\DRIVERS\SynTP.sys 1298432 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8B417000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9B2D2000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x99121000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B61B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x9A0FA000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9661B000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x836EB000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x8B2A7000 C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS 692224 bytes (Symantec Corporation, Symantec Extended File Attributes)
0xB966C000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9E924000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBE82A000 C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS 528384 bytes (Symantec Corporation, Symantec AutoProtect)
0x83618000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B037000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x95F74000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x95EED000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8B584000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9262A000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x95E90000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100917.001\IDSvix86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0x8B23F000 C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
0x99CC1000 C:\Windows\system32\DRIVERS\b57nd60x.sys 352256 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.)
0xB97AF000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xB9760000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9272E000 C:\Windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS 323584 bytes (Symantec Corporation, Network Security Driver)
0x9BF90000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x99D43000 C:\Windows\system32\drivers\tifm21.sys 315392 bytes (Texas Instruments, tifm21.sys)
0x96721000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B178000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B0B6000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9E8B2000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9A0A5000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x836A9000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x95E3B000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B992000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B6D2000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9B295000 C:\Windows\system32\DRIVERS\VSTAZL3.SYS 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8B35A000 C:\Windows\system32\DRIVERS\c2scsi.sys 245760 bytes (Sonic Solutions, Roxio virtual SCSI miniport)
0xB9602000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x966E8000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83006000 ACPI_HAL 225280 bytes
0x83006000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9A06F000 C:\Windows\system32\DRIVERS\vpchbus.sys 221184 bytes (Microsoft Corporation, Virtual PC Host Bus Driver)
0x837B9000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x967BA000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B77A000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x92684000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B958000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9E871000 C:\Windows\system32\DRIVERS\RMCAST.sys 200704 bytes (Microsoft Corporation, Reliable Multicast Transport)
0x9678B000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x9A00E000 C:\Windows\system32\DRIVERS\MarvinBus.sys 188416 bytes (Pinnacle Systems GmbH, Pinnacle Marvin Discrete Bus Enumerator)
0x8B1C3000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8B735000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0xB9734000 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl 180224 bytes (CyberLink Corp., -)
0x99D17000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8B546000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9A1CD000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B10F000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B396000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x9277D000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0x8B7BD000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B710000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x83796000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x927A3000 C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS 143360 bytes (Symantec Corporation, Iron Driver)
0x9E9D4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x95E00000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9706000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x966C7000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B3DB000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9E800000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B3BC000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9676C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x926BD000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9BF70000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x9E853000 C:\Windows\system32\DRIVERS\irda.sys 122880 bytes (Microsoft Corporation, IRDA Protocol Driver)
0x95F4B000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x8B600000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xB963D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x99DAD000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x9E839000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9816D000 C:\Windows\System32\Drivers\AnyDVD.sys 102400 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0x9E9A9000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x981D5000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x99D90000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x95FD8000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x99600000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x99DE1000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x98000000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x96600000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9A04A000 C:\Windows\system32\DRIVERS\vpcusb.sys 98304 bytes (Microsoft Corporation, Virtual USB Connector Driver)
0x95E22000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x927E8000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x83600000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9B3E1000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8B000000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0xC83DF000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100918.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x9A1AF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B571000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9E908000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8B9E1000 C:\Windows\System32\drivers\sfdrv01.sys 77824 bytes (Protection Technology (StarForce), FrontLine Environment Driver)
0x9270B000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x981EE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x981A8000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9E9C2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B7AC000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B7E2000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B296000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9A0E9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B144000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83690000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x926DC000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x9E8A2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B762000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9E8F8000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9271E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B168000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x926ED000 C:\Windows\system32\DRIVERS\vpcnfltr.sys 65536 bytes (Microsoft Corporation, Virtual PC Network Filter Driver)
0x991E3000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x95FF0000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x926FD000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B230000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B029000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B5E1000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x927D1000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x9A03C000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B0A8000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x981C3000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x92600000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x99618000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9B3D4000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x98160000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xB9727000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9A062000 C:\Windows\system32\DRIVERS\usbrpm.sys 53248 bytes (Microsoft Corporation, Windows USB Redirection Policy Manager)
0x8B200000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x95F68000 C:\Windows\System32\drivers\discache.sys 49152 bytes
0x9819C000 C:\Windows\system32\drivers\tpm.sys 49152 bytes (Microsoft Corporation, TPM Device Driver)
0x8B407000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B15D000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9260D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x9B000000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x967EE000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x9A1C2000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8B225000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x99625000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x927C6000 C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0x837ED000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x991D8000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B139000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0xC8280000 C:\Windows\system32\DRIVERS\DKRtWrt.sys 40960 bytes (Diskeeper Corporation, Diskeeper IntelliWrite Mini-Filter Driver)
0x92618000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x9A000000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B01F000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x95E86000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x95E7C000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8B350000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x991F2000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x99DC7000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x99CB7000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8B1F1000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xC828A000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B016000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xB965F000 C:\Windows\system32\drivers\cpuz133_x32.sys 36864 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0x8B5EF000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x99DD8000 C:\Windows\system32\drivers\irenum.sys 36864 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xC8200000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8B800000 C:\Windows\System32\Drivers\SahdIa32.sys 36864 bytes (Sonic Solutions, Disk Filter Driver)
0x927DF000 C:\Windows\System32\Drivers\SaibVd32.sys 36864 bytes (Sonic Solutions, FileDisk Virtual Disk Driver)
0x9BF40000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B989000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x9E91B000 C:\Windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x981BA000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8B0FE000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x836A1000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B155000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B772000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA9000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B107000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9818E000 C:\Windows\system32\drivers\NTIDrvr.sys 32768 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8B20D000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B215000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8B21D000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B9F4000 C:\Windows\System32\Drivers\SaibIa32.sys 32768 bytes (Sonic Solutions, Disk Filter Driver)
0x8B9D9000 C:\Windows\System32\drivers\sfhlp02.sys 32768 bytes (Protection Technology (StarForce), FrontLine Helper Driver)
0x8B9D1000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x98186000 C:\Windows\system32\drivers\UBHelper.sys 32768 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)
0x8B400000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x9B3F8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x99DD1000 C:\Windows\system32\DRIVERS\ITEirda.sys 28672 bytes (ITE Tech. Inc., ITE Fast Infrared Driver.)
0x8B5F8000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xB9658000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x926B6000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x98196000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x95EE8000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x981D0000 C:\Windows\system32\drivers\WsAudioDevice_383.sys 20480 bytes (Wondershare, Wondershare Virtual Audio Device)
0x99DA9000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9668000 C:\Windows\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0xB9703000 C:\Windows\system32\drivers\SECDRV.SYS 12288 bytes
0x98018000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9815E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x95F68000 WARNING: Virus alike driver modification [discache.sys], 49152 bytes
0xC8240F2E Unknown thread object [ ETHREAD 0xBFCE4600 ] , 600 bytes


Cats :D

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 PM

Posted 18 September 2010 - 10:10 PM

Hello too456

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 too456

too456
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 20 September 2010 - 06:02 AM

Combofix rebooted my computer twice because it detected rootkit activity, and from what I see in the logs, it cannot replace discache.sys and vpcvmm.sys.


ComboFix 10-09-19.03 - Fabian 20/09/2010 18:14:44.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.65.1033.18.2937.1834 [GMT 8:00]
Running from: c:\users\Fabian\Desktop\bleep\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

c:\windows\system32\drivers\discache.sys . . . is infected!! . . . Failed to find a valid replacement.
c:\windows\system32\drivers\vpcvmm.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-20 10:32 . 2010-09-20 10:37 -------- d-----w- c:\users\Fabian\AppData\Local\temp
2010-09-20 10:32 . 2010-09-20 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 03:34 . 2003-09-08 20:30 11376 ----a-w- c:\windows\system32\drivers\SECDRV.SYS
2010-09-17 13:13 . 2010-09-17 13:13 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-15 08:42 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 09:18 . 2010-09-13 09:18 -------- d-----w- c:\users\Fabian\AppData\Local\Cranium
2010-09-13 08:35 . 2010-09-13 08:35 -------- d-----w- c:\programdata\eSellerate
2010-09-13 08:11 . 2010-09-13 08:11 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-13 08:08 . 2010-09-13 08:08 -------- dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-09-13 08:08 . 2010-09-13 08:08 -------- d-----w- c:\program files\Stardock
2010-09-13 08:05 . 2010-09-13 08:05 -------- d-----w- c:\program files\Bonjour Print Services
2010-09-13 07:49 . 2010-09-13 07:49 -------- d-----w- c:\windows\system32\drivers\x64
2010-09-13 07:49 . 2010-09-13 07:49 -------- d-----w- c:\windows\Acer Crystal Eye Webcam
2010-09-13 07:49 . 2007-10-01 06:59 1769984 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2010-09-13 07:49 . 2007-05-09 07:16 28160 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2010-09-13 07:49 . 2010-09-13 07:49 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-09-13 07:49 . 2007-10-01 06:59 1769984 ----a-w- c:\windows\system32\snp2uvc.sys
2010-09-13 07:49 . 2007-07-05 04:35 94208 ----a-w- c:\windows\system32\PLFSetL.exe
2010-09-13 07:49 . 2007-07-05 04:35 94208 ----a-w- c:\windows\PLFSetL.exe
2010-09-13 07:49 . 2007-05-09 07:16 28160 ----a-w- c:\windows\system32\sncduvc.sys
2010-09-13 07:49 . 2007-04-02 04:40 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll
2010-09-13 07:49 . 2006-11-07 01:17 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll
2010-09-13 07:49 . 2005-11-22 23:55 53248 ----a-w- c:\windows\system32\csnp2uvc.dll
2010-09-13 07:35 . 2010-09-13 07:35 -------- d-----w- c:\users\Fabian\AppData\Roaming\UpdateStar
2010-09-13 07:00 . 2010-09-13 07:00 -------- d-----w- c:\programdata\BVRP Software
2010-09-13 06:42 . 2010-09-13 06:42 -------- d-----w- c:\users\Fabian\AppData\Local\Cranium_Consulting_and_Cu
2010-09-12 07:37 . 2010-09-12 07:37 -------- d-----w- c:\users\Fabian\AppData\Local\utd
2010-09-12 07:37 . 2010-09-12 07:37 -------- d-----w- c:\users\Fabian\AppData\Local\YouTubeBatchDownloader
2010-09-12 07:37 . 2010-09-12 07:37 -------- d-----w- c:\program files\Eurekr.com
2010-09-11 04:17 . 2010-09-11 04:17 -------- d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2010-09-11 03:09 . 2010-09-11 03:09 93056 ----a-w- C:\kglyipod.sys
2010-09-07 09:58 . 2010-06-03 17:18 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-09-07 09:58 . 2010-06-03 17:17 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-09-07 09:58 . 2010-06-03 17:17 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-09-07 09:58 . 2010-06-03 17:17 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2010-09-07 09:58 . 2010-06-03 17:17 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-09-07 08:10 . 2010-09-07 08:10 -------- d-----w- c:\users\Fabian\AppData\Local\Diagnostics
2010-09-07 08:01 . 2010-09-07 08:01 -------- d-----w- c:\users\Fabian\AppData\Roaming\DivX
2010-09-07 08:00 . 2010-09-07 08:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-07 07:59 . 2010-09-07 08:19 -------- d-----w- c:\program files\DivX
2010-09-07 07:58 . 2010-09-07 08:19 -------- d-----w- c:\programdata\DivX
2010-09-06 17:50 . 2009-07-14 02:38 27712 ----a-w- c:\windows\system32\drivers\msahci.sys
2010-09-06 17:49 . 2009-07-14 01:20 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-09-06 08:06 . 2010-09-06 08:06 -------- d-----w- c:\windows\RT 7 Lite
2010-09-06 07:55 . 2010-09-06 07:55 -------- d-----w- c:\users\Fabian\AppData\Roaming\Creative
2010-09-06 07:28 . 2010-09-06 07:28 -------- d-----w- c:\program files\Creative
2010-09-06 07:28 . 2010-09-06 07:28 -------- d-----w- C:\CCM
2010-09-06 01:13 . 2010-09-06 01:13 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-06 01:13 . 2010-09-06 01:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-06 01:13 . 2010-09-06 01:13 -------- d-----w- c:\program files\Symantec
2010-09-06 01:13 . 2010-07-29 03:33 666672 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-09-06 01:13 . 2010-07-29 02:54 50096 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-09-06 01:13 . 2010-07-13 01:20 294448 ----a-r- c:\windows\system32\drivers\symnets.sys
2010-09-06 01:13 . 2010-06-27 04:05 134704 ----a-r- c:\windows\system32\drivers\Ironx86.sys
2010-09-06 01:13 . 2010-06-13 10:50 339504 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-09-06 01:13 . 2010-09-06 01:13 -------- d-----w- c:\windows\system32\drivers\NIS
2010-09-06 01:13 . 2010-09-06 01:13 -------- d-----w- c:\program files\Norton Internet Security
2010-09-06 01:12 . 2010-09-06 01:12 -------- d-----w- c:\program files\NortonInstaller
2010-09-03 15:05 . 2010-09-03 15:05 -------- d-----w- c:\windows\SysWOW64
2010-09-03 15:05 . 2010-09-03 15:05 -------- d-----w- c:\program files\Wondershare
2010-09-03 14:37 . 2008-11-19 01:41 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2010-09-02 07:58 . 2010-09-02 07:58 -------- d-----w- c:\program files\iPod
2010-09-02 07:58 . 2010-09-02 07:59 -------- d-----w- c:\program files\iTunes
2010-08-25 09:57 . 2010-08-25 09:57 -------- d-----w- c:\users\Fabian\AppData\Roaming\Ipswitch
2010-08-25 09:57 . 2010-08-25 09:57 -------- d-----w- c:\programdata\Ipswitch
2010-08-25 09:46 . 2010-08-25 09:46 -------- d-----w- c:\windows\system32\E177E04D548C4006A465EEB92D3DE021
2010-08-25 09:45 . 2006-07-24 23:42 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-08-25 09:45 . 2010-08-25 09:57 -------- d-----w- c:\program files\Ipswitch
2010-08-25 08:24 . 2010-08-25 08:24 -------- d-----w- c:\programdata\Pamela
2010-08-25 08:06 . 2010-08-25 08:07 -------- d-----w- c:\users\Fabian\AppData\Roaming\Pamela
2010-08-25 08:06 . 2010-08-25 08:25 -------- d-----w- c:\program files\Pamela
2010-08-25 08:04 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 12:40 . 2010-08-24 12:40 -------- d-----w- c:\users\Fabian\AppData\Local\http___www.julien-manici
2010-08-24 12:38 . 2010-08-24 12:38 -------- d-----w- c:\program files\Julien MANICI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 10:01 . 2010-06-05 11:31 -------- d-----w- c:\users\Fabian\AppData\Roaming\Free Download Manager
2010-09-20 09:57 . 2010-06-05 12:02 -------- d-----w- c:\users\Fabian\AppData\Roaming\TeraCopy
2010-09-20 09:15 . 2010-06-08 12:58 -------- d-----w- c:\programdata\Sonic
2010-09-18 04:14 . 2010-06-05 11:35 -------- d-----w- c:\users\Fabian\AppData\Roaming\uTorrent
2010-09-17 13:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-09-15 14:37 . 2010-06-05 12:00 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-15 14:37 . 2010-06-05 12:00 -------- d-----w- c:\users\Fabian\AppData\Roaming\SystemRequirementsLab
2010-09-15 09:54 . 2010-06-07 07:47 -------- d-----w- c:\programdata\Microsoft Help
2010-09-13 08:24 . 2010-06-08 08:00 -------- d-----w- c:\users\Fabian\AppData\Roaming\Skype
2010-09-13 08:21 . 2010-06-08 08:00 -------- d-----r- c:\program files\Skype
2010-09-13 08:19 . 2010-06-05 11:31 -------- d-----w- c:\program files\Opera
2010-09-13 08:06 . 2010-06-07 08:04 -------- d-----w- c:\program files\Canon
2010-09-13 07:49 . 2010-06-05 11:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-11 08:24 . 2010-06-05 11:13 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-11 08:24 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-09-11 08:23 . 2010-06-13 02:35 -------- d-----w- c:\programdata\FLEXnet
2010-09-11 03:02 . 2010-06-05 11:31 -------- d-----w- c:\program files\Free Download Manager
2010-09-09 01:26 . 2010-08-01 03:43 -------- d-----w- c:\program files\WinAce
2010-09-08 06:17 . 2010-08-12 12:04 -------- d-----w- c:\program files\Autodesk
2010-09-08 05:34 . 2010-06-07 05:47 -------- d-----w- c:\programdata\CyberLink
2010-09-08 05:28 . 2010-08-12 11:53 -------- d-----w- c:\programdata\Autodesk
2010-09-08 05:28 . 2010-08-12 12:05 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-09-08 05:26 . 2010-06-05 11:51 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-08 05:25 . 2010-06-05 11:52 -------- d-----w- c:\program files\CyberLink
2010-09-08 05:10 . 2010-06-08 08:26 -------- d-----w- c:\users\Fabian\AppData\Roaming\Mipony
2010-09-08 02:43 . 2010-06-05 11:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 08:00 . 2010-06-11 14:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-06 08:39 . 2010-08-04 10:35 -------- d-----w- c:\program files\RT 7 Lite
2010-09-06 01:13 . 2010-09-06 01:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-06 01:13 . 2010-09-06 01:13 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-06 01:13 . 2010-06-07 05:17 -------- d-----w- c:\programdata\Norton
2010-09-06 01:12 . 2010-06-07 05:19 -------- d-----w- c:\programdata\NortonInstaller
2010-09-04 16:53 . 2010-07-28 06:07 2931712 ----a-w- c:\windows\system32\x264vfw.dll
2010-09-02 08:36 . 2010-08-09 05:06 354536 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-02 07:58 . 2010-06-05 11:45 -------- d-----w- c:\program files\Common Files\Apple
2010-09-02 02:13 . 2009-07-13 23:11 13904 ----a-w- c:\windows\system32\drivers\hwpolicy.sys
2010-08-31 06:21 . 2010-06-05 12:13 211328 ----a-w- c:\users\Fabian\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 22:52 . 2010-06-05 11:35 -------- d-----w- c:\program files\uTorrent
2010-08-27 13:08 . 2010-08-27 13:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-25 08:24 . 2010-03-19 08:40 162304 ----a-w- c:\windows\system32\RemoteControl.dll
2010-08-20 14:22 . 2010-08-20 14:22 -------- d-----w- c:\programdata\NCH Software
2010-08-20 14:20 . 2010-07-17 11:36 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-20 14:08 . 2010-07-17 11:36 -------- d-----w- c:\program files\NCH Software
2010-08-20 12:34 . 2010-06-05 12:36 -------- d-----w- c:\program files\McAfee
2010-08-17 12:10 . 2010-08-17 12:10 -------- d-----w- c:\program files\iPhoneBrowser
2010-08-17 09:34 . 2010-08-17 09:34 -------- d-----w- c:\program files\QuickTime
2010-08-17 09:19 . 2010-06-13 23:23 -------- d-----w- c:\program files\WinSCP
2010-08-15 04:01 . 2010-06-08 08:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-15 03:48 . 2010-08-15 03:48 -------- d-----w- c:\users\Fabian\AppData\Roaming\FLEXnet
2010-08-15 02:31 . 2010-08-15 02:31 -------- d-----w- c:\users\Fabian\AppData\Roaming\U3
2010-08-12 12:40 . 2010-08-12 12:40 -------- d-----w- c:\program files\mental images
2010-08-12 12:26 . 2010-08-12 11:53 -------- d-----w- c:\users\Fabian\AppData\Roaming\Autodesk
2010-08-12 08:00 . 2010-07-28 06:07 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-11 11:07 . 2010-08-11 11:11 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2010-08-11 11:07 . 2010-08-11 11:11 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-08-11 11:07 . 2010-08-11 11:11 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-08-11 11:07 . 2010-08-11 11:11 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-08-10 08:15 . 2010-06-08 12:54 -------- d-----w- c:\programdata\Roxio
2010-08-10 07:59 . 2010-08-10 07:59 -------- d-----w- c:\program files\PowerISO
2010-08-09 09:52 . 2010-06-07 08:23 -------- d-----w- c:\program files\MSECache
2010-08-09 09:28 . 2010-08-09 09:28 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-08-09 09:28 . 2010-08-09 09:28 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-09 09:28 . 2010-08-09 09:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-09 09:26 . 2010-08-09 09:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-09 09:25 . 2010-08-09 09:25 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-08-09 04:08 . 2010-06-05 11:13 -------- d--h--w- c:\program files\Temp
2010-08-04 12:21 . 2010-08-04 12:19 -------- d-----w- c:\program files\Unlocker
2010-08-02 11:40 . 2010-08-02 11:29 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-08-02 11:31 . 2010-08-02 11:31 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-08-02 11:31 . 2010-08-02 11:31 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-08-02 11:28 . 2010-08-02 11:28 -------- d-----w- c:\program files\Application Verifier
2010-08-02 11:27 . 2010-08-02 11:27 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-08-01 04:09 . 2010-08-01 03:46 -------- d-----w- c:\program files\PopCap Games
2010-08-01 03:50 . 2010-08-01 03:20 -------- d-----w- c:\programdata\PopCap Games
2010-07-30 09:25 . 2010-07-22 12:13 -------- d-----w- c:\users\Fabian\AppData\Roaming\Canon
2010-07-30 08:36 . 2010-07-30 08:36 343080 ----a-w- c:\windows\system32\drivers\b57nd60x.sys
2010-07-29 06:30 . 2010-08-11 09:48 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 09:48 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 06:00 . 2010-06-12 08:37 -------- d-----w- c:\program files\izySoft
2010-07-28 05:59 . 2010-07-22 11:02 -------- d-----w- c:\users\Fabian\AppData\Roaming\Audacity
2010-07-27 08:34 . 2010-06-08 07:45 -------- d-----w- c:\users\Fabian\AppData\Roaming\CyberLink
2010-07-27 05:54 . 2010-06-05 11:13 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-27 04:41 . 2010-07-27 04:41 -------- d-----w- c:\program files\Adobe Media Player
2010-07-26 08:13 . 2010-07-26 08:13 -------- d-----w- c:\programdata\BOL
2010-07-25 06:57 . 2010-07-25 06:57 -------- d-----w- c:\program files\Windows Updates Downloader
2010-07-25 05:28 . 2010-07-25 05:28 -------- d-----w- c:\program files\Common Files\Java
2010-07-25 05:28 . 2010-06-05 11:34 -------- d-----w- c:\program files\Java
2010-07-24 08:53 . 2010-06-05 11:22 -------- d-----w- c:\program files\Intel
2010-07-22 12:13 . 2010-07-22 12:13 -------- d--h--w- c:\programdata\CanonIJScan
2010-07-22 11:37 . 2010-07-22 11:37 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-22 11:02 . 2010-07-22 11:01 -------- d-----w- c:\program files\FFmpeg for Audacity
2010-07-22 11:01 . 2010-07-22 11:01 -------- d-----w- c:\program files\Lame for Audacity
2010-07-22 11:00 . 2010-07-22 11:00 -------- d-----w- c:\program files\Audacity
2010-07-22 10:59 . 2010-07-22 10:59 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-07-19 09:18 . 2010-07-19 09:18 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-07-19 09:18 . 2010-07-19 09:18 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-07-19 09:18 . 2010-07-19 09:18 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-19 09:18 . 2010-07-19 09:18 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-07-19 09:18 . 2010-07-19 09:18 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-19 09:18 . 2010-07-19 09:18 171032 ----a-w- c:\windows\system32\hkcmd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-07-27 4455360]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-15 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-23 7600672]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-19 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-19 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-19 170520]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-06-28 75048]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-15 800032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-19 04:36 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-06-19 11:04 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-08 17:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 19:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-22 17:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-09 09:08 136176 ----a-w- c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-23 01:11 206240 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 00:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 07:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-09 21:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 03:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 05:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-07-12 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-11 29472]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-17 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1343400]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-01 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-01 15856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SYMDS.SYS [2010-06-13 339504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS [2010-07-29 666672]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [2010-08-31 692272]
S1 c2scsi;c2scsi;c:\windows\system32\DRIVERS\c2scsi.sys [2009-07-24 251248]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100917.001\IDSvix86.sys [2010-06-27 344112]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-01 25584]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS [2010-06-27 134704]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS [2010-07-13 294448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/08 13:31];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-28 14:50 87536]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-17 144640]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2010-03-10 46256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-06 102448]
S3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\DRIVERS\ITEirda.sys [2008-08-22 25088]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]

.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2151145231-2729394252-2048357256-1001Core.job
- c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 09:08]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2151145231-2729394252-2048357256-1001UA.job
- c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 09:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = proxy.hci.edu.sg:8080
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\3xsozkuc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://smb.chs.edu.sg/smb/hs_student|http://m.sg.yahoo.com|http://www.facebook.com/home.php|http://www.redmondpie.com|http://www.lockerz.com/dailies
FF - prefs.js: keyword.URL - hxxp://sg.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.ftp - proxy.hci.edu.sg
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.hci.edu.sg
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.hci.edu.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.hci.edu.sg
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.hci.edu.sg
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\Fabian\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
SSODL-Windows Services-c:\documents and settings\Fabian\svchost.exe - (no file)
MSConfigStartUp-Adobe_ID0ENQBO - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSConfigStartUp-Windows Services - c:\documents and settings\Fabian\svchost.exe
AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE
AddRemove-{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83004000]<< >>UNKNOWN [0x8B7C2000]<< >>UNKNOWN [0x8B7B1000]<< >>UNKNOWN [0x8B9F2000]<< >>UNKNOWN [0x9776B000]<< >>UNKNOWN [0x8B182000]<< >>UNKNOWN [0x83414000]<< >>UNKNOWN [0x8B1AF000]<< >>UNKNOWN [0x8B1A5000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x85924dc0
QueryNameProcedure -> 0x85924f50
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\btvuppawehvfqyi]
"imagepath"="\??\c:\windows\TEMP\4B52.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mnbrxpmfybojgrb]
"imagepath"="\??\c:\windows\TEMP\2C31.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\phkpoesqvqbjwmb]
"imagepath"="\??\c:\windows\TEMP\F068.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vrkqichbiffvnxo]
"imagepath"="\??\c:\windows\TEMP\4C3E.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2151145231-2729394252-2048357256-1001\Software\UpdateStar\1.0\History\H*a*r*r*y* *P*o*t*t*e*r* *a*n*d* *t*h*e* *H*a*l*f*-*B*l*o*o*d* *P*r*i*n*c*e*"!\1.0.0.0]
"ProductID"=dword:000dbd8d
"InstallDate"="20100626"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4728)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll
c:\program files\CyberLink\PowerDVD10\NavFilter\CLFLVSplitter.ax
c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax
c:\program files\Common Files\Pegasus Imaging\pvmjpg30.dll
c:\program files\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax
c:\program files\DivX\DivX Codec\DivXDec.ax
c:\program files\Roxio 2010\VideoCore 12\RoxFLVDecoder.ax
c:\program files\Roxio 2010\VideoCore 12\avcodec-52.dll
c:\program files\Common Files\Sonic Shared\SonicMC02\sonic765avcvd.ax
c:\program files\Common Files\Sonic Shared\SonicMC02\sonic765h264dec.dll
c:\program files\Common Files\Roxio Shared\12.0\MPEG\RoxioSmartAVCdec.ax
c:\program files\Common Files\Roxio Shared\12.0\MPEG\h264dec.dll
c:\program files\Norton Internet Security\Engine\18.1.0.37\ccL100U.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\users\Fabian\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
.
**************************************************************************
.
Completion time: 2010-09-20 18:53:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 10:53

Pre-Run: 140,096,331,776 bytes free
Post-Run: 144,722,354,176 bytes free

- - End Of File - - BA334C6062075EB421F8621BCDB97428

Cats :D

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 PM

Posted 20 September 2010 - 08:56 AM

Hello

Lets try this first


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 too456

too456
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 21 September 2010 - 03:54 AM

I think TDSSkiller resolved everything thumbup.gif Norton is not complaining anymore. I am attaching 2 TDSSkiller logs: the first is the first scan I did which wiped out the virus, and the second is a confirmatory scan I did to make sure everything is gone.

2010/09/21 16:21:35.0604 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/21 16:21:35.0604 ================================================================================
2010/09/21 16:21:35.0604 SystemInfo:
2010/09/21 16:21:35.0604
2010/09/21 16:21:35.0604 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/21 16:21:35.0604 Product type: Workstation
2010/09/21 16:21:35.0604 ComputerName: FABIAN-PC
2010/09/21 16:21:35.0604 UserName: Fabian
2010/09/21 16:21:35.0604 Windows directory: C:\Windows
2010/09/21 16:21:35.0604 System windows directory: C:\Windows
2010/09/21 16:21:35.0604 Processor architecture: Intel x86
2010/09/21 16:21:35.0604 Number of processors: 2
2010/09/21 16:21:35.0604 Page size: 0x1000
2010/09/21 16:21:35.0604 Boot type: Normal boot
2010/09/21 16:21:35.0604 ================================================================================
2010/09/21 16:21:36.0805 Initialize success
2010/09/21 16:21:44.0184 ================================================================================
2010/09/21 16:21:44.0184 Scan started
2010/09/21 16:21:44.0184 Mode: Manual;
2010/09/21 16:21:44.0184 ================================================================================
2010/09/21 16:21:46.0118 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/21 16:21:46.0274 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/21 16:21:46.0337 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/21 16:21:46.0446 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/21 16:21:46.0493 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/21 16:21:46.0539 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/21 16:21:46.0633 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/09/21 16:21:46.0695 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/21 16:21:46.0742 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/09/21 16:21:46.0805 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/21 16:21:46.0820 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/09/21 16:21:46.0851 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/21 16:21:46.0883 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/21 16:21:46.0914 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/21 16:21:46.0961 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/21 16:21:47.0007 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/21 16:21:47.0070 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/21 16:21:47.0163 AnyDVD (c6a45fee274fb31daf3de1e12d53a191) C:\Windows\system32\Drivers\AnyDVD.sys
2010/09/21 16:21:47.0210 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/09/21 16:21:47.0288 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/09/21 16:21:47.0304 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/21 16:21:47.0366 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/21 16:21:47.0429 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/21 16:21:47.0585 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/09/21 16:21:47.0694 b57nd60x (0f9b43a8be450f2e90c1fb3a2dfd00aa) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/21 16:21:47.0756 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/09/21 16:21:48.0583 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys
2010/09/21 16:21:48.0801 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/21 16:21:48.0942 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/21 16:21:48.0989 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/21 16:21:49.0004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/21 16:21:49.0051 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/09/21 16:21:49.0067 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/21 16:21:49.0082 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/21 16:21:49.0113 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/21 16:21:49.0160 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/21 16:21:49.0191 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/21 16:21:49.0238 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/21 16:21:49.0316 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/09/21 16:21:49.0394 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/21 16:21:49.0441 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2010/09/21 16:21:49.0550 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
2010/09/21 16:21:49.0691 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
2010/09/21 16:21:49.0753 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2010/09/21 16:21:49.0800 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/09/21 16:21:49.0862 c2scsi (0b1689474415c400c75a7046e88ca68e) C:\Windows\system32\DRIVERS\c2scsi.sys
2010/09/21 16:21:50.0689 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/21 16:21:50.0798 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/21 16:21:50.0876 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/21 16:21:51.0079 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/09/21 16:21:51.0157 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/21 16:21:51.0188 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/21 16:21:51.0235 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/09/21 16:21:51.0313 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/21 16:21:51.0391 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/21 16:21:51.0500 cpuz133 (13a0d3f9d5f39adaca0a8d3bb327eb31) C:\Windows\system32\drivers\cpuz133_x32.sys
2010/09/21 16:21:51.0609 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2010/09/21 16:21:51.0703 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/21 16:21:51.0859 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/09/21 16:21:51.0921 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/09/21 16:21:51.0953 discache (70a7bf008995002c7cba53441914c353) C:\Windows\system32\drivers\discache.sys
2010/09/21 16:21:51.0968 discache - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/21 16:21:52.0046 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/09/21 16:21:52.0140 DKRtWrt (8e6c1d4d00e81b0199f41fa6dccee79b) C:\Windows\system32\DRIVERS\DKRtWrt.sys
2010/09/21 16:21:52.0218 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/09/21 16:21:52.0311 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/21 16:21:52.0499 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/09/21 16:21:52.0842 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/21 16:21:53.0466 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/09/21 16:21:53.0637 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/21 16:21:53.0903 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/21 16:21:54.0449 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/21 16:21:54.0667 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/09/21 16:21:54.0745 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/09/21 16:21:54.0776 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/21 16:21:54.0854 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/09/21 16:21:54.0901 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/09/21 16:21:54.0979 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/21 16:21:55.0041 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/09/21 16:21:55.0119 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/09/21 16:21:55.0151 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/21 16:21:55.0307 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/21 16:21:55.0400 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/21 16:21:55.0556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/21 16:21:55.0681 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/21 16:21:55.0868 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/09/21 16:21:55.0962 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/21 16:21:56.0009 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/21 16:21:56.0087 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/21 16:21:56.0352 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/21 16:21:56.0679 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/21 16:21:56.0789 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/21 16:21:56.0882 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/09/21 16:21:57.0054 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/21 16:21:57.0179 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/21 16:21:57.0319 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/21 16:21:57.0787 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100917.001\IDSvix86.sys
2010/09/21 16:21:58.0271 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/21 16:21:58.0817 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/21 16:21:59.0222 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
2010/09/21 16:21:59.0331 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/21 16:21:59.0394 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/21 16:21:59.0456 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/21 16:21:59.0503 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/21 16:21:59.0519 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/09/21 16:21:59.0597 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
2010/09/21 16:21:59.0675 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/09/21 16:21:59.0721 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/21 16:21:59.0753 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/21 16:21:59.0846 ITEIRDA (2f467f26e843ef5e14757d4efd1e3204) C:\Windows\system32\DRIVERS\ITEirda.sys
2010/09/21 16:21:59.0909 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/21 16:21:59.0971 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/21 16:22:00.0033 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/21 16:22:00.0065 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/21 16:22:00.0143 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/21 16:22:00.0221 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/21 16:22:00.0236 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/21 16:22:00.0267 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/21 16:22:00.0283 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/21 16:22:00.0314 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/09/21 16:22:00.0361 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2010/09/21 16:22:00.0392 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/21 16:22:00.0439 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/21 16:22:00.0533 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/09/21 16:22:00.0595 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/21 16:22:00.0642 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/21 16:22:00.0704 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/21 16:22:00.0767 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/09/21 16:22:00.0813 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/21 16:22:00.0860 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/21 16:22:00.0907 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/21 16:22:00.0969 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/21 16:22:01.0016 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/21 16:22:01.0079 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/21 16:22:01.0141 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/21 16:22:01.0188 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/21 16:22:01.0219 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/09/21 16:22:01.0250 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/21 16:22:01.0297 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/21 16:22:01.0391 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/21 16:22:01.0422 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/21 16:22:01.0437 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/09/21 16:22:01.0484 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/09/21 16:22:01.0531 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/21 16:22:01.0547 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/09/21 16:22:01.0562 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/21 16:22:01.0796 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/09/21 16:22:01.0905 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/21 16:22:02.0358 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100919.003\NAVENG.SYS
2010/09/21 16:22:02.0810 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100919.003\NAVEX15.SYS
2010/09/21 16:22:03.0029 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/09/21 16:22:03.0169 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/21 16:22:03.0341 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/21 16:22:03.0465 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/21 16:22:03.0543 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/21 16:22:03.0606 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/09/21 16:22:03.0793 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/21 16:22:03.0996 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/21 16:22:04.0448 NETw5s32 (a520aed8926ad6185031b9b18f55397e) C:\Windows\system32\DRIVERS\NETw5s32.sys
2010/09/21 16:22:05.0540 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/09/21 16:22:06.0133 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/21 16:22:06.0617 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/09/21 16:22:07.0459 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/21 16:22:07.0958 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/09/21 16:22:08.0457 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
2010/09/21 16:22:08.0535 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/09/21 16:22:08.0582 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/21 16:22:08.0660 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/21 16:22:08.0707 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/21 16:22:08.0723 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/21 16:22:08.0785 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/09/21 16:22:08.0832 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/09/21 16:22:08.0941 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/21 16:22:09.0019 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/09/21 16:22:09.0066 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/21 16:22:09.0113 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/21 16:22:09.0144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/09/21 16:22:09.0300 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/09/21 16:22:09.0705 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/21 16:22:09.0783 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/09/21 16:22:09.0924 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/21 16:22:09.0986 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/21 16:22:10.0189 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/21 16:22:10.0376 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/21 16:22:10.0439 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/21 16:22:10.0454 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/21 16:22:10.0517 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/21 16:22:10.0563 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/21 16:22:10.0595 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/21 16:22:10.0626 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/21 16:22:10.0673 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/21 16:22:10.0719 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/21 16:22:10.0766 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/21 16:22:10.0938 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/09/21 16:22:11.0406 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/21 16:22:11.0671 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/21 16:22:12.0030 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/09/21 16:22:12.0701 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/09/21 16:22:13.0481 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/21 16:22:13.0683 RMCAST (b4090006a82eeb608c358ab5d37de85a) C:\Windows\system32\DRIVERS\RMCAST.sys
2010/09/21 16:22:13.0855 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/21 16:22:13.0902 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/09/21 16:22:13.0995 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\Windows\system32\Drivers\SahdIa32.sys
2010/09/21 16:22:14.0058 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\Windows\system32\Drivers\SaibIa32.sys
2010/09/21 16:22:14.0136 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\Windows\system32\Drivers\SaibVd32.sys
2010/09/21 16:22:14.0229 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/21 16:22:14.0354 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2010/09/21 16:22:14.0385 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/21 16:22:14.0557 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/21 16:22:14.0635 SecDrv (c71394d99a04ca76484492f590c9cba5) C:\Windows\system32\drivers\SECDRV.SYS
2010/09/21 16:22:14.0713 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/21 16:22:14.0744 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/09/21 16:22:14.0775 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/21 16:22:14.0885 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
2010/09/21 16:22:14.0963 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/21 16:22:14.0978 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/21 16:22:14.0994 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/21 16:22:15.0041 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2010/09/21 16:22:15.0087 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/21 16:22:15.0134 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/09/21 16:22:15.0181 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/21 16:22:15.0212 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/21 16:22:15.0259 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/09/21 16:22:15.0384 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/09/21 16:22:15.0540 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/09/21 16:22:16.0117 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS
2010/09/21 16:22:16.0491 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS
2010/09/21 16:22:16.0585 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/09/21 16:22:16.0772 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/21 16:22:16.0897 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/09/21 16:22:16.0959 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/09/21 16:22:17.0053 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/09/21 16:22:17.0115 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/21 16:22:17.0178 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/21 16:22:17.0256 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/09/21 16:22:17.0334 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/09/21 16:22:17.0864 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/21 16:22:18.0207 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS
2010/09/21 16:22:18.0301 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS
2010/09/21 16:22:18.0395 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/09/21 16:22:18.0504 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS
2010/09/21 16:22:18.0613 SymNetS (9531b03525eb2a3eacb75caa5e9a18d9) C:\Windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS
2010/09/21 16:22:18.0816 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/21 16:22:19.0190 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/09/21 16:22:19.0409 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/21 16:22:19.0596 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/21 16:22:19.0923 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/09/21 16:22:20.0157 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/21 16:22:20.0220 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/21 16:22:20.0251 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/21 16:22:20.0360 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\Windows\system32\drivers\tifm21.sys
2010/09/21 16:22:20.0454 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2010/09/21 16:22:20.0516 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/21 16:22:20.0563 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/21 16:22:20.0610 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/21 16:22:20.0719 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
2010/09/21 16:22:20.0797 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/21 16:22:20.0859 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/21 16:22:20.0906 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/21 16:22:20.0953 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/21 16:22:21.0000 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/21 16:22:21.0047 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/21 16:22:21.0078 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/21 16:22:21.0125 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/21 16:22:21.0187 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/21 16:22:21.0203 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/21 16:22:21.0234 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/21 16:22:21.0249 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/21 16:22:21.0281 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/21 16:22:21.0593 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/21 16:22:21.0764 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/21 16:22:21.0811 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/21 16:22:21.0858 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/09/21 16:22:21.0889 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/21 16:22:21.0951 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/09/21 16:22:22.0014 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/09/21 16:22:22.0092 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/21 16:22:22.0154 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/09/21 16:22:22.0217 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/09/21 16:22:22.0279 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/21 16:22:22.0747 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/09/21 16:22:23.0324 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/21 16:22:23.0964 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2010/09/21 16:22:24.0307 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2010/09/21 16:22:24.0354 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2010/09/21 16:22:24.0463 vpcuxd (f49c0d1f8dae860ee47e5f34ac0f6008) C:\Windows\system32\DRIVERS\vpcuxd.sys
2010/09/21 16:22:24.0541 vpcvmm (8a89b73835ef2c6444cc1c51eed25785) C:\Windows\system32\drivers\vpcvmm.sys
2010/09/21 16:22:24.0541 vpcvmm - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/21 16:22:24.0666 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/21 16:22:24.0759 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/09/21 16:22:24.0837 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/09/21 16:22:24.0947 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/09/21 16:22:25.0025 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/21 16:22:25.0056 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/21 16:22:25.0071 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/21 16:22:25.0134 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/09/21 16:22:25.0181 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/21 16:22:25.0259 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/21 16:22:25.0290 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/09/21 16:22:25.0415 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/09/21 16:22:25.0430 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/21 16:22:25.0524 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/21 16:22:25.0555 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\WsAudioDevice_383.sys
2010/09/21 16:22:25.0617 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/21 16:22:25.0711 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/21 16:22:26.0741 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2010/09/21 16:22:26.0897 ================================================================================
2010/09/21 16:22:26.0897 Scan finished
2010/09/21 16:22:26.0897 ================================================================================
2010/09/21 16:22:26.0897 Detected object count: 2
2010/09/21 16:22:43.0713 discache (70a7bf008995002c7cba53441914c353) C:\Windows\system32\drivers\discache.sys
2010/09/21 16:23:15.0413 Backup copy not found, trying to cure infected file..
2010/09/21 16:23:15.0413 Cure success, using it..
2010/09/21 16:23:15.0709 C:\Windows\system32\drivers\discache.sys - will be cured after reboot
2010/09/21 16:23:15.0709 Rootkit.Win32.TDSS.tdl3(discache) - User select action: Cure
2010/09/21 16:23:17.0378 vpcvmm (8a89b73835ef2c6444cc1c51eed25785) C:\Windows\system32\drivers\vpcvmm.sys
2010/09/21 16:23:18.0049 Backup copy not found, trying to cure infected file..
2010/09/21 16:23:18.0049 Cure success, using it..
2010/09/21 16:23:18.0205 C:\Windows\system32\drivers\vpcvmm.sys - will be cured after reboot
2010/09/21 16:23:18.0205 Rootkit.Win32.TDSS.tdl3(vpcvmm) - User select action: Cure
2010/09/21 16:33:28.0307 Deinitialize success

2010/09/21 16:45:39.0377 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/21 16:45:39.0377 ================================================================================
2010/09/21 16:45:39.0377 SystemInfo:
2010/09/21 16:45:39.0377
2010/09/21 16:45:39.0377 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/21 16:45:39.0377 Product type: Workstation
2010/09/21 16:45:39.0377 ComputerName: FABIAN-PC
2010/09/21 16:45:39.0377 UserName: Fabian
2010/09/21 16:45:39.0377 Windows directory: C:\Windows
2010/09/21 16:45:39.0377 System windows directory: C:\Windows
2010/09/21 16:45:39.0377 Processor architecture: Intel x86
2010/09/21 16:45:39.0377 Number of processors: 2
2010/09/21 16:45:39.0377 Page size: 0x1000
2010/09/21 16:45:39.0377 Boot type: Normal boot
2010/09/21 16:45:39.0377 ================================================================================
2010/09/21 16:45:40.0469 Initialize success
2010/09/21 16:45:44.0072 ================================================================================
2010/09/21 16:45:44.0072 Scan started
2010/09/21 16:45:44.0072 Mode: Manual;
2010/09/21 16:45:44.0072 ================================================================================
2010/09/21 16:45:45.0710 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/21 16:45:46.0943 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/21 16:45:47.0208 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/21 16:45:47.0364 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/21 16:45:47.0426 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/21 16:45:47.0457 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/21 16:45:47.0582 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/09/21 16:45:47.0629 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/21 16:45:47.0660 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/09/21 16:45:47.0723 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/21 16:45:47.0754 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/09/21 16:45:47.0785 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/21 16:45:47.0832 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/21 16:45:47.0910 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/21 16:45:48.0003 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/21 16:45:48.0066 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/21 16:45:48.0128 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/21 16:45:48.0237 AnyDVD (c6a45fee274fb31daf3de1e12d53a191) C:\Windows\system32\Drivers\AnyDVD.sys
2010/09/21 16:45:48.0315 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/09/21 16:45:48.0425 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/09/21 16:45:48.0440 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/21 16:45:48.0503 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/21 16:45:48.0549 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/21 16:45:48.0659 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/09/21 16:45:48.0752 b57nd60x (0f9b43a8be450f2e90c1fb3a2dfd00aa) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/21 16:45:48.0893 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/09/21 16:45:49.0688 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys
2010/09/21 16:45:49.0969 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/21 16:45:50.0499 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/21 16:45:50.0718 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/21 16:45:50.0765 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/21 16:45:50.0827 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/09/21 16:45:50.0889 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/21 16:45:50.0936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/21 16:45:50.0952 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/21 16:45:50.0999 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/21 16:45:51.0030 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/21 16:45:51.0092 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/21 16:45:51.0186 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/09/21 16:45:51.0279 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/21 16:45:51.0357 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2010/09/21 16:45:51.0529 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
2010/09/21 16:45:51.0654 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
2010/09/21 16:45:51.0763 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2010/09/21 16:45:51.0794 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/09/21 16:45:51.0903 c2scsi (0b1689474415c400c75a7046e88ca68e) C:\Windows\system32\DRIVERS\c2scsi.sys
2010/09/21 16:45:53.0120 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/21 16:45:54.0228 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/21 16:45:54.0836 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/21 16:45:55.0304 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/09/21 16:45:55.0881 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/21 16:45:56.0412 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/21 16:45:56.0817 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/09/21 16:45:56.0989 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/21 16:45:57.0098 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/21 16:45:57.0223 cpuz133 (13a0d3f9d5f39adaca0a8d3bb327eb31) C:\Windows\system32\drivers\cpuz133_x32.sys
2010/09/21 16:45:57.0348 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2010/09/21 16:45:57.0395 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/21 16:45:57.0488 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/09/21 16:45:57.0566 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/09/21 16:45:57.0644 discache (c169ad467302e6285708284adb4d4daa) C:\Windows\system32\drivers\discache.sys
2010/09/21 16:45:57.0738 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/09/21 16:45:57.0831 DKRtWrt (8e6c1d4d00e81b0199f41fa6dccee79b) C:\Windows\system32\DRIVERS\DKRtWrt.sys
2010/09/21 16:45:57.0909 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/09/21 16:45:58.0003 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/21 16:45:58.0237 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/09/21 16:45:58.0799 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/21 16:45:59.0485 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/09/21 16:45:59.0922 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/21 16:46:00.0327 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/21 16:46:00.0967 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/21 16:46:01.0170 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/09/21 16:46:01.0232 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/09/21 16:46:01.0295 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/21 16:46:01.0357 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/09/21 16:46:01.0404 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/09/21 16:46:01.0451 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/21 16:46:01.0513 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/09/21 16:46:01.0591 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/09/21 16:46:01.0638 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/21 16:46:01.0700 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/21 16:46:01.0778 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/21 16:46:01.0856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/21 16:46:02.0075 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/21 16:46:02.0371 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/09/21 16:46:02.0777 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/21 16:46:02.0823 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/21 16:46:02.0870 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/21 16:46:02.0917 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/21 16:46:03.0182 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/21 16:46:03.0245 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/21 16:46:03.0323 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/09/21 16:46:03.0401 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/21 16:46:03.0463 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/21 16:46:03.0557 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/21 16:46:04.0134 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100920.001\IDSvix86.sys
2010/09/21 16:46:04.0695 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/21 16:46:05.0148 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/21 16:46:05.0319 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
2010/09/21 16:46:05.0444 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/21 16:46:05.0522 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/21 16:46:05.0585 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/21 16:46:05.0631 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/21 16:46:05.0663 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/09/21 16:46:05.0741 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
2010/09/21 16:46:05.0787 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/09/21 16:46:05.0865 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/21 16:46:06.0006 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/21 16:46:06.0099 ITEIRDA (2f467f26e843ef5e14757d4efd1e3204) C:\Windows\system32\DRIVERS\ITEirda.sys
2010/09/21 16:46:06.0177 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/21 16:46:06.0224 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/21 16:46:06.0287 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/21 16:46:06.0318 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/21 16:46:06.0411 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/21 16:46:06.0474 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/21 16:46:06.0489 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/21 16:46:06.0521 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/21 16:46:06.0536 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/21 16:46:06.0583 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/09/21 16:46:06.0630 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2010/09/21 16:46:06.0661 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/21 16:46:06.0692 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/21 16:46:06.0801 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/09/21 16:46:06.0864 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/21 16:46:06.0957 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/21 16:46:07.0020 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/21 16:46:07.0082 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/09/21 16:46:07.0129 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/21 16:46:07.0160 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/21 16:46:07.0191 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/21 16:46:07.0238 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/21 16:46:07.0285 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/21 16:46:07.0332 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/21 16:46:07.0379 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/21 16:46:07.0441 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/21 16:46:07.0535 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/09/21 16:46:07.0722 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/21 16:46:07.0971 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/21 16:46:08.0221 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/21 16:46:08.0283 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/21 16:46:08.0299 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/09/21 16:46:08.0346 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/09/21 16:46:08.0377 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/21 16:46:08.0393 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/09/21 16:46:08.0424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/21 16:46:08.0455 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/09/21 16:46:08.0533 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/21 16:46:09.0422 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100920.050\NAVENG.SYS
2010/09/21 16:46:10.0311 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100920.050\NAVEX15.SYS
2010/09/21 16:46:10.0811 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/09/21 16:46:11.0076 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/21 16:46:11.0247 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/21 16:46:11.0310 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/21 16:46:11.0341 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/21 16:46:11.0388 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/09/21 16:46:11.0450 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/21 16:46:11.0513 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/21 16:46:11.0825 NETw5s32 (a520aed8926ad6185031b9b18f55397e) C:\Windows\system32\DRIVERS\NETw5s32.sys
2010/09/21 16:46:12.0464 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/09/21 16:46:12.0761 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/21 16:46:12.0932 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/09/21 16:46:13.0026 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/21 16:46:13.0135 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/09/21 16:46:13.0260 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
2010/09/21 16:46:13.0478 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/09/21 16:46:13.0915 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/21 16:46:14.0024 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/21 16:46:14.0071 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/21 16:46:14.0087 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/21 16:46:14.0149 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/09/21 16:46:14.0196 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/09/21 16:46:14.0258 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/21 16:46:14.0305 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/09/21 16:46:14.0367 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/21 16:46:14.0430 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/21 16:46:14.0461 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/09/21 16:46:14.0523 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/09/21 16:46:14.0711 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/21 16:46:14.0742 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/09/21 16:46:15.0475 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/21 16:46:16.0239 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/21 16:46:16.0645 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/21 16:46:16.0723 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/21 16:46:16.0754 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/21 16:46:16.0801 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/21 16:46:16.0879 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/21 16:46:16.0926 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/21 16:46:16.0957 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/21 16:46:16.0988 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/21 16:46:17.0035 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/21 16:46:17.0082 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/21 16:46:17.0113 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/21 16:46:17.0253 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/09/21 16:46:17.0971 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/21 16:46:19.0344 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/21 16:46:19.0749 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/09/21 16:46:20.0670 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/09/21 16:46:20.0982 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/21 16:46:21.0091 RMCAST (b4090006a82eeb608c358ab5d37de85a) C:\Windows\system32\DRIVERS\RMCAST.sys
2010/09/21 16:46:21.0543 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/21 16:46:21.0715 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/09/21 16:46:21.0887 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\Windows\system32\Drivers\SahdIa32.sys
2010/09/21 16:46:22.0121 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\Windows\system32\Drivers\SaibIa32.sys
2010/09/21 16:46:23.0072 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\Windows\system32\Drivers\SaibVd32.sys
2010/09/21 16:46:23.0353 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/21 16:46:23.0525 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2010/09/21 16:46:23.0852 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/21 16:46:24.0273 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/21 16:46:24.0523 SecDrv (c71394d99a04ca76484492f590c9cba5) C:\Windows\system32\drivers\SECDRV.SYS
2010/09/21 16:46:24.0632 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/21 16:46:24.0726 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/09/21 16:46:24.0773 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/21 16:46:24.0866 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
2010/09/21 16:46:24.0929 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/21 16:46:24.0944 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/21 16:46:24.0975 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/21 16:46:25.0038 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2010/09/21 16:46:25.0085 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/21 16:46:25.0163 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/09/21 16:46:25.0241 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/21 16:46:25.0287 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/21 16:46:25.0334 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/09/21 16:46:25.0459 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/09/21 16:46:25.0553 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/09/21 16:46:25.0724 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS
2010/09/21 16:46:25.0787 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS
2010/09/21 16:46:25.0880 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/09/21 16:46:25.0943 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/21 16:46:26.0052 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/09/21 16:46:26.0130 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/09/21 16:46:26.0208 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/09/21 16:46:26.0270 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/21 16:46:26.0317 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/21 16:46:26.0395 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/09/21 16:46:26.0832 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/09/21 16:46:27.0393 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/21 16:46:28.0080 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS
2010/09/21 16:46:28.0345 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS
2010/09/21 16:46:29.0156 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/09/21 16:46:29.0655 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS
2010/09/21 16:46:29.0905 SymNetS (9531b03525eb2a3eacb75caa5e9a18d9) C:\Windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS
2010/09/21 16:46:31.0278 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/21 16:46:31.0855 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/09/21 16:46:32.0385 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/21 16:46:33.0243 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/21 16:46:33.0602 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/09/21 16:46:33.0836 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/21 16:46:33.0930 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/21 16:46:33.0977 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/21 16:46:34.0070 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\Windows\system32\drivers\tifm21.sys
2010/09/21 16:46:34.0164 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2010/09/21 16:46:34.0257 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/21 16:46:34.0320 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/21 16:46:34.0351 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/21 16:46:34.0413 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
2010/09/21 16:46:34.0476 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/21 16:46:34.0538 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/21 16:46:34.0585 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/21 16:46:34.0632 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/21 16:46:34.0679 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/21 16:46:34.0710 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/21 16:46:34.0741 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/21 16:46:34.0835 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/21 16:46:34.0881 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/21 16:46:34.0913 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/21 16:46:34.0944 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/21 16:46:34.0959 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/21 16:46:34.0991 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/21 16:46:35.0037 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/21 16:46:35.0131 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/21 16:46:35.0178 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/21 16:46:35.0225 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/09/21 16:46:35.0271 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/21 16:46:35.0334 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/09/21 16:46:35.0365 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/09/21 16:46:35.0396 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/21 16:46:35.0443 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/09/21 16:46:35.0490 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/09/21 16:46:35.0537 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/21 16:46:35.0615 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/09/21 16:46:35.0708 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/21 16:46:35.0802 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2010/09/21 16:46:35.0880 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2010/09/21 16:46:35.0927 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2010/09/21 16:46:36.0051 vpcuxd (f49c0d1f8dae860ee47e5f34ac0f6008) C:\Windows\system32\DRIVERS\vpcuxd.sys
2010/09/21 16:46:36.0207 vpcvmm (927ad973f29762ff9cc2ccf0c081c3eb) C:\Windows\system32\drivers\vpcvmm.sys
2010/09/21 16:46:36.0488 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/21 16:46:36.0566 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/09/21 16:46:36.0675 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/09/21 16:46:36.0753 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/09/21 16:46:36.0831 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/21 16:46:36.0863 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/21 16:46:36.0878 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/21 16:46:36.0941 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/09/21 16:46:37.0019 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/21 16:46:37.0128 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/21 16:46:37.0175 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/09/21 16:46:37.0268 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/09/21 16:46:37.0315 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/21 16:46:37.0409 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/21 16:46:37.0440 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\WsAudioDevice_383.sys
2010/09/21 16:46:37.0502 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/21 16:46:37.0565 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/21 16:46:37.0939 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2010/09/21 16:46:38.0064 ================================================================================
2010/09/21 16:46:38.0064 Scan finished
2010/09/21 16:46:38.0064 ================================================================================
2010/09/21 16:46:49.0889 Deinitialize success

Thanks so much gringo thumbup2.gif
Cats :D

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 PM

Posted 21 September 2010 - 04:27 AM

Hello

Adobe Acrobat

I see that you are using Adobe Acrobat which if fine, but to view PDF files I would use the free reader or Foxit reader
    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    uncheck security scan plus from Mcafee
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      If you don't like Adobe Reader (53.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.



Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis
  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 too456

too456
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 23 September 2010 - 05:34 AM

Happy to say that there are no infections... logs below smile.gif

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4675

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/9/2010 6:29:06 PM
mbam-log-2010-09-23 (18-29-06).txt

Scan type: Quick scan
Objects scanned: 147690
Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:31:27 PM, on 23/9/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Users\Fabian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Windows\PLFSetL.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hci.edu.sg:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 12015 bytes

Cats :D

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 PM

Posted 23 September 2010 - 06:20 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
      O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
      O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
      O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
      O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
      O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
      O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
      O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
      O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
      O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

      NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brakets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 too456

too456
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 24 September 2010 - 09:19 AM

The Eset scan is still running (after 4 hours) but NIS just notified me of two more files infected from Backdoor.Tidserf.I!inf. They are located in the winsxs folder with filenames discache.sys and vpcvmm.sys. The log from NIS is below.

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Backdoor.Tidserv.I!inf
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Review
-----------
2 Files
c:\windows\winsxs\x86_microsoft-windows-virtualpc-vmm_31bf3856ad364e35_7.1.7600.16495_none_3975ce344530abe9\vpcvmm.sys - Failed
c:\windows\winsxs\x86_microsoft-windows-systemindexer_31bf3856ad364e35_6.1.7600.16385_none_d5726d6f847c1ef3\discache.sys - No action taken
1 Browser Cache

Backdoor.Tidserv.I!inf
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Review
-----------
1 File
c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys - Failed
1 Browser Cache

So apparently not everything has been solved sad.gif
Cats :D

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 PM

Posted 24 September 2010 - 04:15 PM

Hello

c:\windows\winsxs In simple terms this is like a backup file for windows - these files are not active but when you give me the report I will remove them

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 too456

too456
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 24 September 2010 - 07:13 PM

The ESET logs are below. Yet another trojan sad.gif

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a6a86c03de84ba40bfef788701589fef
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-24 08:09:18
# local_time=2010-09-25 04:09:18 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 83817 83817 0 0
# compatibility_mode=3588 16777214 85 83 749426 8897575 0 0
# compatibility_mode=5893 16776574 100 94 6179824 36951471 0 0
# compatibility_mode=8192 67108863 100 0 346 346 0 0
# scanned=729536
# found=1
# cleaned=0
# scan_time=38679
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFVXUWOO\tbksche[1].exe a variant of Win32/Kryptik.GJY trojan 00000000000000000000000000000000 I

Cats :D

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 PM

Posted 24 September 2010 - 11:00 PM

Greetings

There are somethings in the online scan I want to remove so run this scrript for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFVXUWOO\tbksche[1].exe


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users