Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans and IE issues and Blue Screens


  • This topic is locked This topic is locked
14 replies to this topic

#1 dr_drews

dr_drews

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 22 October 2010 - 12:08 AM

We have had several different Trojans and viruses and we keep cleaning up with SuperAntiSpyWare, AVG, Malwarebytes etc. But the problems keep coming back. I'm not sure if its connected but quite often Internet Explorer crashes and then we have to restart computer to fix it. Also, Sometimes when using Google you click on a link and it goes to a random website not the one you expect! You have to copy paste the actual link and put it in the address bar then it works. And, finally, computer keeps blue screening - says it is doing a memory dump - it always recovers but just about everytime we restart computer (to fix IE problem) it blue screens. We have now installed Norton Security Suite and it seems more stable but we are still getting the above problems. Norton pops up about once every 5 mins saying someone is trying to access our computer. Logs below:


DDS (Ver_10-10-21.02) - NTFSx86
Run by Aimie at 22:18:14.42 on 21/10/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1393 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\MCUI32.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Aimie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BLL1XN9\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.msi.com.tw
mDefault_Page_URL = hxxp://www.msi.com.tw
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Skytel] Skytel.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] "c:\program files\cricket broadband connect\avqautorun.exe" "c:\program files\cricket broadband connect\mphonetools.exe" /OnPlug=%s
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Dsubahi] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\KBDFP4.dll",Startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-10-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-10-20 173104]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-2 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-10-20 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101020.001\IDSvix86.sys [2010-10-19 353840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-10-20 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-10-20 339504]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-1-18 159744]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-10-20 126392]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-7-14 326488]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-18 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-21 102448]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-1-17 45600]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-11-19 31616]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-4 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-1-17 313344]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-10-4 54544]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-10-4 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-10-4 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-10-4 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-10-4 115216]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-10-4 160400]

=============== Created Last 30 ================

2010-10-21 02:16:27 -------- d-----w- c:\users\aimie\appdata\local\CrashDumps
2010-10-21 00:11:42 339504 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys
2010-10-21 00:11:41 43696 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\srtspx.sys
2010-10-21 00:11:41 328752 ----a-r- c:\windows\system32\drivers\n360\0402000.00c\symds.sys
2010-10-21 00:11:41 325680 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\srtsp.sys
2010-10-21 00:11:41 173104 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symefa.sys
2010-10-21 00:11:41 116784 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys
2010-10-21 00:11:40 501888 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys
2010-10-21 00:10:54 -------- d-----w- c:\windows\system32\drivers\n360\0402000.00C
2010-10-20 01:55:15 -------- d-----w- c:\program files\iPod
2010-10-20 01:44:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-20 01:44:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-20 01:44:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-20 01:44:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-20 01:44:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-20 01:44:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-20 01:44:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-20 01:36:01 -------- d-----w- c:\program files\Bonjour
2010-10-20 01:26:11 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-20 01:26:11 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-20 01:26:07 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-20 01:26:05 -------- d-----w- c:\program files\Symantec
2010-10-20 01:25:38 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-20 01:25:35 -------- d-----w- c:\program files\Norton Security Suite
2010-10-20 01:23:44 -------- d-----w- c:\program files\NortonInstaller
2010-10-20 01:23:44 -------- d-----w- c:\progra~2\NortonInstaller
2010-10-20 01:07:04 -------- d-----w- c:\progra~2\Norton
2010-10-16 14:36:02 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-10-16 14:36:02 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-10-16 14:36:02 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-10-16 14:36:02 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-10-16 14:36:02 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-10-16 14:35:59 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-10-16 14:35:58 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-10-16 04:21:09 -------- d-----w- c:\users\aimie\appdata\roaming\AVG10
2010-10-16 04:19:35 -------- d--h--w- c:\progra~2\Common Files
2010-10-16 04:18:33 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-16 04:18:33 -------- d-----w- c:\progra~2\AVG10
2010-10-16 02:57:47 -------- d-----w- c:\progra~2\MFAData
2010-10-16 02:28:51 -------- d-----w- c:\program files\Cisco Systems
2010-10-16 02:21:13 -------- d-----w- c:\progra~2\Cisco Systems
2010-10-15 04:00:50 108032 ----a-w- c:\windows\system32\spoolsv4.dll
2010-10-14 14:51:27 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 14:51:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:48:37 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:48:37 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:48:37 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:48:37 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:48:36 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:48:15 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 14:48:13 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 14:48:12 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 14:40:48 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 14:36:57 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 14:36:55 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 16:06:12 -------- d-----w- c:\progra~2\TomTom
2010-10-12 16:04:36 -------- d-----w- c:\users\aimie\appdata\roaming\TomTom
2010-10-12 16:04:36 -------- d-----w- c:\users\aimie\appdata\local\TomTom
2010-10-12 16:04:30 -------- d-----w- c:\program files\TomTom International B.V
2010-10-07 19:47:58 -------- d-----w- c:\users\aimie\appdata\local\Eastman_Kodak_Company
2010-10-07 04:01:18 -------- d-----w- c:\progra~2\Update
2010-10-07 03:39:41 -------- d-----w- c:\progra~2\kds_kodak
2010-10-07 03:39:40 -------- d-----w- c:\progra~2\Eastman Kodak Company
2010-10-07 02:29:06 192512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-10-07 02:26:40 -------- d-----w- c:\users\aimie\appdata\local\KODAK
2010-10-07 02:26:26 -------- d-----w- c:\users\aimie\appdata\local\Eastman Kodak Company
2010-10-07 02:25:17 -------- d-----w- c:\windows\system32\kodak
2010-10-07 02:23:18 -------- d-----w- c:\program files\Kodak
2010-10-07 02:21:23 -------- d-----w- c:\progra~2\Kodak
2010-10-07 02:19:53 -------- d-----w- c:\users\aimie\appdata\roaming\Temp
2010-10-06 02:49:17 784136 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-10-06 01:59:56 -------- d-----w- c:\program files\Avanquest update
2010-10-05 02:11:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-05 01:46:08 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-10-05 01:29:49 -------- d-----w- c:\users\aimie\appdata\local\BVRP Software
2010-10-05 01:26:38 112144 ----a-w- c:\windows\system32\ptumwmcp64.dll
2010-10-05 01:26:38 100880 ----a-w- c:\windows\system32\ptumwmcp.dll
2010-10-05 01:26:37 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-10-05 01:26:37 22032 ----a-w- c:\windows\system32\drivers\PTUMWCDF.sys
2010-10-05 01:26:37 12048 ----a-w- c:\windows\system32\drivers\PTUMWFLT.sys
2010-10-05 01:26:37 115216 ----a-w- c:\windows\system32\drivers\PTUMWNET.sys
2010-10-05 01:26:37 10440 ----a-w- c:\windows\system32\ptumwcit.dll
2010-10-05 01:26:36 54544 ----a-w- c:\windows\system32\drivers\PTUMWBus.sys
2010-10-05 01:26:36 160400 ----a-w- c:\windows\system32\drivers\PTUMWVsp.sys
2010-10-05 01:26:36 160400 ----a-w- c:\windows\system32\drivers\PTUMWMdm.sys
2010-10-05 01:26:36 -------- d-----w- c:\program files\PANTECH
2010-10-05 01:26:24 148736 ----a-w- c:\progra~2\hpe7EEF.dll
2010-10-05 01:25:12 -------- d-----w- c:\program files\common files\Avanquest software Shared
2010-10-05 01:25:09 -------- d-----w- c:\program files\Cricket Broadband Connect

==================== Find3M ====================

2010-09-08 17:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2010-07-28 00:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 00:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 00:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 00:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 22:20:29.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 31 October 2010 - 04:27 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 dr_drews

dr_drews
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 01 November 2010 - 07:57 PM

Hi, and thanks for helping. Below are the results of the scans you requested. Further to my first post, I have moved some data round and run a disk defrag and this seems to have fixed the blue-screening, so think that may have been a bit of a red herring. However, we are still having issues with IE and we keep getting security messages so think we have issues. Let me know if you need any more info.

OTL.txt

OTL logfile created on: 01/11/2010 18:36:47 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Aimie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43.95 Gb Total Space | 7.15 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive D: | 181.13 Gb Total Space | 149.34 Gb Free Space | 82.45% Space Free | Partition Type: NTFS
Drive F: | 7.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AIMIES-LAPTOP | User Name: Aimie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 18:33:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Aimie\Desktop\OTL.exe
PRC - [2010/10/28 19:14:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 19:14:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 18:56:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/08/24 03:38:18 | 000,092,008 | ---- | M] (TomTom) -- d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/28 08:14:04 | 000,554,328 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/07/28 07:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/07/14 08:19:28 | 000,326,488 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/02 06:14:16 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2009/10/19 08:51:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe
PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/08/03 09:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/14 10:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/22 15:36:48 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/06/19 03:52:00 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/26 02:49:00 | 000,671,744 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007/09/28 18:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/01 18:33:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Aimie\Desktop\OTL.exe
MOD - [2010/10/04 19:25:52 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/10/04 19:25:51 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/09/20 13:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/24 03:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/28 07:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/07/14 08:19:28 | 000,326,488 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/04/28 00:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/01/14 10:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 18:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/10/19 19:26:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/19 14:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101028.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/19 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101031.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/19 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/19 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/19 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101031.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/02 00:00:02 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 22:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/28 00:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 11:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/10/27 01:28:48 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV - [2009/10/27 01:28:36 | 000,115,216 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV - [2009/10/27 01:28:30 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV - [2009/10/27 01:28:24 | 000,012,048 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV - [2009/10/27 01:28:12 | 000,022,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWCDF.sys -- (PTUMWCDF)
DRV - [2009/10/27 01:28:02 | 000,054,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV - [2009/10/14 21:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/04/24 10:39:20 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/13 02:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/09/10 08:05:00 | 007,587,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/05 11:50:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/08/24 13:22:00 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/18 04:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/07/14 19:15:00 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/20 03:03:00 | 002,147,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/05 21:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/02/15 17:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/01/31 17:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/23 23:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/22 22:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/29 11:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/10/26 02:54:00 | 001,020,800 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/10/18 16:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 13:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/08/23 00:12:08 | 000,313,344 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007/03/19 10:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/10 21:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/01/07 07:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



IE - HKU\S-1-5-21-4254437295-631467816-3205314456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
IE - HKU\S-1-5-21-4254437295-631467816-3205314456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4254437295-631467816-3205314456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4254437295-631467816-3205314456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4254437295-631467816-3205314456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{8E075146-C11B-4296-B4D6-574EC08F1BBF}: C:\Windows\system32\config\systemprofile\AppData\Local\{8E075146-C11B-4296-B4D6-574EC08F1BBF}\ [2010/08/11 15:02:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Cricket Broadband Connect\Bytemobile\addon\ [2010/10/04 19:25:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/25 11:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/10/21 21:22:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/19 19:28:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 19:14:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 19:14:46 | 000,000,000 | ---D | M]

[2010/10/23 21:42:22 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Mozilla\Extensions
[2010/10/12 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/11/01 11:15:42 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Mozilla\Firefox\Profiles\u1jx1ig9.default\extensions
[2010/10/23 21:49:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aimie\AppData\Roaming\Mozilla\Firefox\Profiles\u1jx1ig9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/23 21:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 14:09:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/12 14:09:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/12 14:09:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/01 17:51:32 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
[2010/10/12 14:09:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/21 21:51:19 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4254437295-631467816-3205314456-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4254437295-631467816-3205314456-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] C:\Program Files\Cricket Broadband Connect\AvqAutoRun.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\.DEFAULT..\Run: [Dsubahi] C:\Windows\System32\config\systemprofile\AppData\Local\KBDFP4.DLL File not found
O4 - HKU\S-1-5-18..\Run: [Dsubahi] C:\Windows\System32\config\systemprofile\AppData\Local\KBDFP4.DLL File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4254437295-631467816-3205314456-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4254437295-631467816-3205314456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aimie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aimie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/08/16 14:01:08 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2005/12/08 16:33:29 | 000,000,000 | R--D | M] - F:\autorun -- [ UDF ]
O32 - AutoRun File - [2005/12/06 16:18:38 | 001,695,744 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005/11/18 15:44:26 | 000,000,049 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6ca8c3e4-d01e-11df-be5d-002421625ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{6ca8c3e4-d01e-11df-be5d-002421625ef2}\Shell\AutoRun\command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{6ca8c3e4-d01e-11df-be5d-002421625ef2}\Shell\menu1\command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{caab28d8-d5e4-11de-9700-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{caab28d8-d5e4-11de-9700-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2005/12/06 16:18:38 | 001,695,744 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 18:35:40 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Aimie\Desktop\OTL.exe
[2010/10/29 16:57:24 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\US stuff
[2010/10/26 17:42:39 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symtdiv.sys
[2010/10/26 17:42:39 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symds.sys
[2010/10/26 17:42:39 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.sys
[2010/10/26 17:42:39 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symefa.sys
[2010/10/26 17:42:39 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\ironx86.sys
[2010/10/26 17:42:39 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.sys
[2010/10/26 17:42:38 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.sys
[2010/10/26 17:42:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0403000.005
[2010/10/23 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Local\Mozilla
[2010/10/20 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Local\CrashDumps
[2010/10/19 19:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/19 19:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/19 19:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/19 19:26:07 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/10/19 19:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/19 19:25:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/10/19 19:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/10/19 19:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/10/19 19:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/10/19 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\Symantec
[2010/10/19 19:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/15 22:21:09 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Roaming\AVG10
[2010/10/15 22:19:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/15 22:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/15 22:18:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/15 20:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/15 20:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/10/15 20:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2010/10/13 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\13-10-2010
[2010/10/12 10:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2010/10/12 10:05:15 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\TomTom
[2010/10/12 10:04:36 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Roaming\TomTom
[2010/10/12 10:04:36 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Local\TomTom
[2010/10/12 10:04:36 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Roaming\Mozilla
[2010/10/12 10:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/10/10 07:48:53 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\fins scrapbook
[2010/10/08 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\picture prints
[2010/10/07 21:17:35 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\Reward charts
[2010/10/07 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\Boys boxes
[2010/10/07 13:47:58 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Local\Eastman_Kodak_Company
[2010/10/07 07:40:23 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\07-10-2010
[2010/10/06 22:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/06 22:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/10/06 21:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\kds_kodak
[2010/10/06 21:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Eastman Kodak Company
[2010/10/06 21:18:25 | 000,000,000 | ---D | C] -- C:\Users\Aimie\Documents\Expenses
[2010/10/06 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Local\KODAK
[2010/10/06 20:26:26 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Local\Eastman Kodak Company
[2010/10/06 20:25:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2010/10/06 20:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/10/06 20:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2010/10/06 20:19:53 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Roaming\Temp
[2010/10/05 19:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2010/10/04 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Aimie\AppData\Local\BVRP Software
[2010/10/04 19:26:38 | 000,112,144 | ---- | C] (DEVGURU) -- C:\Windows\System32\ptumwmcp64.dll
[2010/10/04 19:26:38 | 000,100,880 | ---- | C] (DEVGURU) -- C:\Windows\System32\ptumwmcp.dll
[2010/10/04 19:26:37 | 000,115,216 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\PTUMWNET.sys
[2010/10/04 19:26:37 | 000,022,032 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\PTUMWCDF.sys
[2010/10/04 19:26:37 | 000,012,048 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\PTUMWFLT.sys
[2010/10/04 19:26:36 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\PTUMWVsp.sys
[2010/10/04 19:26:36 | 000,160,400 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\PTUMWMdm.sys
[2010/10/04 19:26:36 | 000,054,544 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\PTUMWBus.sys
[2010/10/04 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\PANTECH
[2010/10/04 19:26:24 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7EEF.dll
[2010/10/04 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avanquest software Shared
[2010/10/04 19:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Cricket Broadband Connect
[2010/10/04 19:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/01 18:44:58 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6B1AD602-6BDD-497D-881E-B01B2C8A5936}.job
[2010/11/01 18:38:13 | 000,133,632 | ---- | M] () -- C:\Users\Aimie\Desktop\RKUnhookerLE.EXE
[2010/11/01 18:35:10 | 000,056,703 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/01 18:33:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Aimie\Desktop\OTL.exe
[2010/11/01 18:33:10 | 098,169,251 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/01 18:29:48 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/01 18:29:46 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/11/01 18:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/01 11:05:28 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\bjloyv.job
[2010/11/01 10:58:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 10:58:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 10:57:56 | 2951,917,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 10:57:51 | 288,824,669 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/10/31 21:06:38 | 000,056,703 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/31 20:32:17 | 002,065,620 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2010/10/27 13:43:24 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/26 19:22:23 | 001,713,664 | ---- | M] () -- C:\Users\Aimie\Documents\budget.xls
[2010/10/26 18:18:36 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/10/24 18:43:51 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/24 18:43:51 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/23 21:41:51 | 000,001,758 | ---- | M] () -- C:\Users\Aimie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/23 21:41:51 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/21 22:16:42 | 000,000,000 | ---- | M] () -- C:\Users\Aimie\defogger_reenable
[2010/10/19 19:57:23 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/19 19:43:59 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/19 19:30:18 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/10/19 19:30:18 | 000,001,854 | ---- | M] () -- C:\Users\Aimie\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/19 19:26:05 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/10/19 19:26:05 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/10/19 19:26:05 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/10/19 19:07:10 | 000,000,913 | ---- | M] () -- C:\Users\Aimie\Desktop\Norton Installation Files.lnk
[2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Users\Aimie\Desktop\gmer.exe
[2010/10/17 19:33:22 | 000,298,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/16 09:10:27 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer The First Decade.lnk
[2010/10/15 23:12:04 | 000,000,636 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/10/14 22:00:50 | 000,108,032 | ---- | M] () -- C:\Windows\System32\spoolsv4.dll
[2010/10/14 08:32:50 | 000,119,612 | ---- | M] () -- C:\Users\Aimie\Documents\Dryer.pdf
[2010/10/13 12:26:41 | 000,090,072 | ---- | M] () -- C:\Users\Aimie\Documents\hirecar1.pdf
[2010/10/08 13:08:09 | 000,018,432 | ---- | M] () -- C:\Users\Aimie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 13:52:54 | 000,219,732 | ---- | M] () -- C:\Users\Aimie\Documents\insuranceapp.pdf
[2010/10/06 20:26:12 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Centre.lnk
[2010/10/06 20:23:07 | 000,033,991 | ---- | M] () -- C:\Users\Aimie\Documents\LetterEmployment.pdf
[2010/10/06 08:06:27 | 000,000,948 | ---- | M] () -- C:\Users\Aimie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/10/05 19:58:34 | 000,072,704 | ---- | M] () -- C:\Users\Aimie\Documents\Direct Deposit BIF.doc
[2010/10/04 19:47:42 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/04 19:47:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/04 19:29:47 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Cricket Broadband Connect.lnk
[2010/10/04 19:26:24 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpe7EEF.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/01 18:39:15 | 000,133,632 | ---- | C] () -- C:\Users\Aimie\Desktop\RKUnhookerLE.EXE
[2010/11/01 18:33:10 | 098,169,251 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/26 18:17:26 | 002,065,620 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2010/10/26 17:42:39 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.cat
[2010/10/26 17:42:39 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.cat
[2010/10/26 17:42:39 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.cat
[2010/10/26 17:42:39 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.cat
[2010/10/26 17:42:39 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.cat
[2010/10/26 17:42:39 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.cat
[2010/10/26 17:42:39 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.cat
[2010/10/26 17:42:39 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.inf
[2010/10/26 17:42:39 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.inf
[2010/10/26 17:42:39 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.inf
[2010/10/26 17:42:39 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.inf
[2010/10/26 17:42:39 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.inf
[2010/10/26 17:42:39 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.inf
[2010/10/26 17:42:39 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.inf
[2010/10/26 17:42:38 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.cat
[2010/10/26 17:42:38 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.inf
[2010/10/26 17:42:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\isolate.ini
[2010/10/23 21:41:51 | 000,001,758 | ---- | C] () -- C:\Users\Aimie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/23 21:41:51 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/21 22:23:00 | 000,294,912 | ---- | C] () -- C:\Users\Aimie\Desktop\gmer.exe
[2010/10/21 22:16:42 | 000,000,000 | ---- | C] () -- C:\Users\Aimie\defogger_reenable
[2010/10/19 19:57:23 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/19 19:43:59 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/19 19:26:07 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/10/19 19:26:07 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/10/19 19:26:00 | 000,002,260 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/10/19 19:07:10 | 000,000,913 | ---- | C] () -- C:\Users\Aimie\Desktop\Norton Installation Files.lnk
[2010/10/16 09:10:27 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer The First Decade.lnk
[2010/10/15 22:19:23 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/14 22:01:06 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/14 22:00:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\spoolsv4.dll
[2010/10/14 22:00:50 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\bjloyv.job
[2010/10/14 08:32:50 | 000,119,612 | ---- | C] () -- C:\Users\Aimie\Documents\Dryer.pdf
[2010/10/13 12:26:41 | 000,090,072 | ---- | C] () -- C:\Users\Aimie\Documents\hirecar1.pdf
[2010/10/13 11:59:10 | 000,125,330 | ---- | C] () -- C:\Users\Aimie\AppData\Local\c4u.log
[2010/10/07 13:52:54 | 000,219,732 | ---- | C] () -- C:\Users\Aimie\Documents\insuranceapp.pdf
[2010/10/06 20:26:12 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Centre.lnk
[2010/10/06 20:22:44 | 000,033,991 | ---- | C] () -- C:\Users\Aimie\Documents\LetterEmployment.pdf
[2010/10/06 20:19:46 | 000,167,028 | ---- | C] () -- C:\Users\Aimie\AppData\Local\installer.log
[2010/10/06 08:06:27 | 000,000,948 | ---- | C] () -- C:\Users\Aimie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/10/05 19:58:33 | 000,072,704 | ---- | C] () -- C:\Users\Aimie\Documents\Direct Deposit BIF.doc
[2010/10/05 19:47:02 | 001,713,664 | ---- | C] () -- C:\Users\Aimie\Documents\budget.xls
[2010/10/04 19:47:42 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/04 19:47:42 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/04 19:29:47 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Cricket Broadband Connect.lnk
[2010/10/04 19:26:37 | 000,010,440 | ---- | C] () -- C:\Windows\System32\ptumwcit.dll
[2010/09/02 05:41:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/14 09:03:40 | 000,001,356 | ---- | C] () -- C:\Users\Aimie\AppData\Local\d3d9caps.dat
[2009/12/18 08:51:00 | 000,018,432 | ---- | C] () -- C:\Users\Aimie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 13:50:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/19 17:08:30 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/01/18 00:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/01/17 23:44:23 | 000,056,703 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/01/17 23:42:28 | 000,056,703 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/10/15 22:21:09 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\AVG10
[2010/08/20 03:27:35 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\AVG9
[2010/09/04 04:12:51 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/10/19 18:06:53 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\BitTorrent
[2010/02/09 07:45:59 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\FileZilla
[2010/10/09 10:22:01 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\FUJIFILM
[2010/08/18 12:39:33 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Iqoto
[2010/08/11 15:16:38 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Iswue
[2010/10/21 14:51:50 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Spotify
[2010/10/30 17:31:44 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Temp
[2010/10/12 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\TomTom
[2010/08/09 14:25:38 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Ulead Systems
[2010/08/12 12:55:13 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Wiykuk
[2010/08/11 15:02:45 | 000,000,000 | ---D | M] -- C:\Users\Aimie\AppData\Roaming\Wuusze
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/11/01 08:13:54 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/11/01 11:05:28 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\bjloyv.job
[2010/10/27 20:52:40 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/01 18:44:58 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6B1AD602-6BDD-497D-881E-B01B2C8A5936}.job
[2010/11/01 18:29:48 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/01 18:29:46 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



< End of report >


Extras.txt

OTL Extras logfile created on: 01/11/2010 18:36:47 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Aimie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43.95 Gb Total Space | 7.15 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive D: | 181.13 Gb Total Space | 149.34 Gb Free Space | 82.45% Space Free | Partition Type: NTFS
Drive F: | 7.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AIMIES-LAPTOP | User Name: Aimie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4254437295-631467816-3205314456-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E66864-80DA-4028-8083-3B0074733805}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F4FA646-C13C-41C2-8E32-93628E5397CE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{36481D46-CBCC-4AD9-A54E-95E5CE73F83D}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{4D36CB89-519F-44D6-BF41-C73CE12B88D3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5A7CEEAA-81C6-40AF-9A8F-430BF22BCD1E}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{60D1DEB0-1A8E-4799-B987-5C295787166E}" = lport=2869 | protocol=6 | dir=in | name=upnp framework |
"{6B8DF509-168C-4117-BFE5-27D0BD5BD22C}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{7B56B965-55E4-4B08-95C8-5CA4E6520ABE}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{E1B7D612-D7AE-4242-AE48-8020DAF3C76D}" = lport=1900 | protocol=17 | dir=in | name=upnp framework |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E69B06D-0619-41A3-9CBB-0F2A3AC0EAD1}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"{26151CF2-03E0-4605-B748-A2D939A44BD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A4FA3D9-3AFC-47AA-825D-D87044D23369}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4C141E82-A60A-431C-840D-179A6C7D4D8B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6DDE2173-DD5B-4BD9-8984-244A1B788ADA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8B679771-64ED-40EF-B9EB-2BF5E5DC3CDA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8F8F9AFF-5826-4E38-BCBB-A3D8D7B94A11}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{939A4EA5-416F-4846-A3C2-44CD721E1BC7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A4BAFFC-9B6B-462E-8642-7B2F3932A3D2}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{9C276936-28D8-4758-B625-A456C2CDFCD3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4B7A95A-D06E-43C2-B355-B2D19AAE0AD4}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{A853C80C-4BB4-421E-9AB6-635B9963A37F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9CBC86F-E857-4D5B-B3A5-46A85B180281}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C3B41484-F930-4FB0-AC20-741598A6AEBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4E735D2-12B5-48CC-AC9B-AB83F07DA995}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{CD320F8C-9045-4BC1-AA4A-18648A22CEF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D5BE03DB-8250-44E3-9CA6-7E07293B044C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DFBE907F-A4CC-492D-96F7-888117A3DF6B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EF2969E6-6B4F-473C-9769-1F07FF1E910A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F7318182-2797-4A19-AED7-676F150A2A8B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"TCP Query User{8C5133E3-5304-43A3-97A1-F669E99C7260}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B0BF833F-40F3-44C4-B7F0-BCBE40B4EFDD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B681F583-07EE-4E33-970B-D3AFB70DFE68}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{CC4C2D72-4C0B-45F1-8D64-0C742C44C03B}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{93D5F9B7-EECB-416F-A486-56F32854D7AE}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BE2A83F8-AA52-4AFC-850D-56655B541CE0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{EDBED483-75D6-4C74-BE8E-285B78C8C84F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{F0CEBD62-626D-4CDA-B3EC-C7E41DD76326}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2017CE7C-CB9D-4FF7-967D-5A6B67FC7EF2}" = LeapFrog Leapster2 Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3273F0D8-3204-4DE5-BE34-AA6613B0E844}" = Mobile PhoneTools
"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = Cricket Broadband Connect
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E4CF694-BD0C-45EB-9602-9D6D46941250}" = LeapFrog Connect
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95431C66-CF9A-4913-BFFF-6050785AFB65}" = SpyHunter
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF6B515D-D99A-4B02-8C92-9EA255035A3D}" = Mobile PhoneTools
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Centre
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG" = AVG 2011
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Cisco Connect" = Cisco Connect
"FileZilla Client" = FileZilla Client 3.2.6.1
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Spotify" = Spotify
"STANDARDR" = Microsoft Office Standard 2007
"TomTom HOME" = TomTom HOME 2.7.6.2056
"UPCShell" = LeapFrog Connect
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4254437295-631467816-3205314456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/10/2010 21:09:22 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5030596

Error - 25/10/2010 21:09:22 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5030596

Error - 25/10/2010 21:09:23 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/10/2010 21:09:23 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5031625

Error - 25/10/2010 21:09:23 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5031625

Error - 25/10/2010 21:09:24 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/10/2010 21:09:24 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5032624

Error - 25/10/2010 21:09:24 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5032624

Error - 25/10/2010 21:09:25 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/10/2010 21:09:25 | Computer Name = Aimies-laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5033778

[ System Events ]
Error - 12/05/2010 22:18:07 | Computer Name = Aimies-laptop | Source = HTTP | ID = 15016
Description =

Error - 22/07/2010 07:02:11 | Computer Name = Aimies-laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:46:51 on 13/05/2010 was unexpected.

Error - 22/07/2010 07:02:20 | Computer Name = Aimies-laptop | Source = HTTP | ID = 15016
Description =

Error - 22/07/2010 07:34:11 | Computer Name = Aimies-laptop | Source = HTTP | ID = 15016
Description =

Error - 22/07/2010 08:20:35 | Computer Name = Aimies-laptop | Source = HTTP | ID = 15016
Description =

Error - 22/07/2010 11:20:59 | Computer Name = Aimies-laptop | Source = DCOM | ID = 10005
Description =

Error - 22/07/2010 11:20:59 | Computer Name = Aimies-laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 22/07/2010 11:20:59 | Computer Name = Aimies-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 22/07/2010 11:23:09 | Computer Name = Aimies-laptop | Source = HTTP | ID = 15016
Description =

Error - 22/07/2010 11:25:24 | Computer Name = Aimies-laptop | Source = DCOM | ID = 10010
Description =


< End of report >


Rootkit Unhooker

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F00F000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7589888 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 176.48 )
0x82612000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82612000 PnpManager 3903488 bytes
0x82612000 RAW 3903488 bytes
0x82612000 WMIxWDM 3903488 bytes
0x8F809000 C:\Windows\system32\drivers\RTKVHDA.sys 2146304 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x998F0000 Win32k 2109440 bytes
0x998F0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAD463000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101101.035\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0x8A607000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82E0E000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8FA15000 C:\Windows\system32\DRIVERS\smserial.sys 1024000 bytes (Motorola Inc., Motorola SM56 Modem WDM Driver)
0x8E40D000 C:\Windows\system32\DRIVERS\athr.sys 983040 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8A407000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA66D6000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA5209000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x91483000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101029.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x8F74C000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x82D42000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x91404000 C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x80605000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82CD1000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA5310000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x90377000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x9031C000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101029.001\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0x8E800000 C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xAD40C000 C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0x82C3E000 C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)
0xA667D000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x80737000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90206000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8E8A5000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8068E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x805B5000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8A5B1000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9152F000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x902D6000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82F44000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9156B000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)
0xA6604000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A71F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E5CB000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x829CB000 ACPI_HAL 208896 bytes
0x829CB000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82C0C000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x82FB9000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E50D000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8E54F000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82CA4000 C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x82F19000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E5A1000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA52C9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA67D4000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xA6655000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A76F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E5000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8E57C000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x915BD000 C:\Windows\System32\Drivers\dump_nvstor32.sys 151552 bytes
0x807B7000 C:\Windows\system32\DRIVERS\nvstor32.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8E86C000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8E940000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x82F97000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x902AE000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8A7A7000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA53C8000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8FB9D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x90285000 C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0x82DCF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80799000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x903D5000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xA537D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A4F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8A50C000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA539A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x82F7F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8A586000 C:\Windows\system32\DRIVERS\enecir.sys 98304 bytes (ENE TECHNOLOGY INC., ENE CIR Driver for eHome)
0xA663D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E8ED000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E91E000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9024E000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E9DD000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA53B3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E986000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xAD5B1000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101101.035\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x8E972000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E891000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8A554000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA52FD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xAD5D4000 C:\Windows\system32\drivers\RTSTOR.SYS 77824 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0x90272000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A796000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8FB2A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82C94000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FB46000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA52B9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80781000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E99B000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E4FD000 C:\Windows\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0x8A545000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0xAD5C5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A760000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070C000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E963000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A5EF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80728000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x99B30000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8E9AD000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x90264000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8FBD9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8FB1C000 C:\Windows\system32\drivers\nvhda32v.sys 57344 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0x915A6000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FB0F000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8E9C5000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80681000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8FB6E000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xA67BE000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8FB91000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F7ED000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xA66CB000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x8FB3B000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8A567000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8A572000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8FBCE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E935000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E53C000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8E9D2000 C:\Windows\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0x8A531000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xA67CA000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x8071E000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x915B3000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x915E2000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E9BB000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA52F3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90312000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA67B4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x902A4000 C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8A5A7000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8A7DC000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x8A7C8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8FB7A000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8FB5D000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAD5E9000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8A59E000 C:\Windows\system32\DRIVERS\nvsmu.sys 36864 bytes (NVIDIA Corporation, NVIDIA nForce™ SMU Microcontroller Driver)
0x8FBE7000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x99B10000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A53C000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A57D000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D4000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80791000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8FB66000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DD000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8FBBE000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FBC6000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E547000 C:\Windows\system32\DRIVERS\RLVrtAuCbl.sys 32768 bytes
0x8A758000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8A717000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x8FB8A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8FB56000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8FB83000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A7D1000 C:\Windows\system32\drivers\BMLoad.sys 24576 bytes (Bytemobile, Inc., Bytemobile Kernel Driver Loader)
0x8A600000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x902D0000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8A7D7000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8FBF0000 C:\Windows\System32\Drivers\tcpipBM.SYS 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0x8A7FC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8E91B000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x8071B000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x87102000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8E9AB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xAD5E7000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x86F5D292 ?_empty_? 3438 bytes
==============================================
>Stealth
==============================================
0x807B7000 WARNING: suspicious driver modification [nvstor32.sys::0x86F5D292]
0x00F90000 Hidden Image-->Inkjet.Automation.dll [ EPROCESS 0x896B14B8 ] PID: 2784, 36864 bytes
0x00F30000 Hidden Image-->Inkjet.AutomationImplementation.dll [ EPROCESS 0x896B14B8 ] PID: 2784, 45056 bytes
0x01550000 Hidden Image-->Inkjet.Utilities.dll [ EPROCESS 0x896B14B8 ] PID: 2784, 53248 bytes
0x8E863E54 Unknown thread object [ ETHREAD 0x87C8DA60 ] TID: 344, 600 bytes
0x8E864220 Unknown thread object [ ETHREAD 0x87C87020 ] TID: 348, 600 bytes
0xAD5F4220 Unknown thread object [ ETHREAD 0x85BF3578 ] TID: 4396, 600 bytes
0xAD5F3E54 Unknown thread object [ ETHREAD 0x859E43C0 ] TID: 5264, 600 bytes
0x010F0000 Hidden Image-->Inkjet.Diagnostics.dll [ EPROCESS 0x896B14B8 ] PID: 2784, 61440 bytes

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 02 November 2010 - 03:23 AM

Hi, indeed some malware running here, including a nasty rootkit.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 dr_drews

dr_drews
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 02 November 2010 - 09:36 PM

Hi, I think we will try and fix it for now and may consider formatting later. Below is the log from Combofix

ComboFix 10-11-02.01 - Aimie 02/11/2010 19:58:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1543 [GMT -6:00]
Running from: c:\users\Aimie\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe7EEF.dll
c:\windows\System32\config\systemprofile\AppData\Local\{8E075146-C11B-4296-B4D6-574EC08F1BBF}
c:\windows\System32\config\systemprofile\AppData\Local\{8E075146-C11B-4296-B4D6-574EC08F1BBF}\chrome.manifest
c:\windows\System32\config\systemprofile\AppData\Local\{8E075146-C11B-4296-B4D6-574EC08F1BBF}\chrome\content\_cfg.js
c:\windows\System32\config\systemprofile\AppData\Local\{8E075146-C11B-4296-B4D6-574EC08F1BBF}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{8E075146-C11B-4296-B4D6-574EC08F1BBF}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))
.

2010-11-03 02:16 . 2010-11-03 02:17 -------- d-----w- c:\users\Aimie\AppData\Local\temp
2010-11-03 02:16 . 2010-11-03 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-03 02:16 . 2010-11-03 02:16 -------- d-----w- c:\users\Andy\AppData\Local\temp
2010-11-03 02:16 . 2010-11-03 02:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-10-24 03:42 . 2010-10-24 03:42 -------- d-----w- c:\users\Aimie\AppData\Local\Mozilla
2010-10-21 02:16 . 2010-10-31 02:18 -------- d-----w- c:\users\Aimie\AppData\Local\CrashDumps
2010-10-20 01:55 . 2010-10-20 01:55 -------- d-----w- c:\program files\iPod
2010-10-20 01:44 . 2010-10-20 01:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-20 01:44 . 2010-10-20 01:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-20 01:44 . 2010-10-20 01:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-20 01:44 . 2010-10-20 01:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-10-20 01:44 . 2010-10-20 01:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-10-20 01:44 . 2010-10-20 01:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-10-20 01:44 . 2010-10-20 01:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-10-20 01:43 . 2010-10-20 01:44 -------- d-----w- c:\program files\QuickTime
2010-10-20 01:36 . 2010-10-20 01:36 -------- d-----w- c:\program files\Bonjour
2010-10-20 01:26 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-20 01:26 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-20 01:26 . 2010-10-20 01:26 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-20 01:26 . 2010-10-20 01:26 -------- d-----w- c:\program files\Symantec
2010-10-20 01:25 . 2010-10-27 00:20 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-20 01:25 . 2010-10-20 01:25 -------- d-----w- c:\program files\Norton Security Suite
2010-10-20 01:23 . 2010-10-20 01:23 -------- d-----w- c:\program files\NortonInstaller
2010-10-20 01:07 . 2010-10-20 01:25 -------- d-----w- c:\programdata\Norton
2010-10-16 14:36 . 2005-04-04 05:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-10-16 14:36 . 2005-04-04 05:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-10-16 14:36 . 2005-04-04 05:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-10-16 14:36 . 2005-04-04 05:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-10-16 14:36 . 2005-04-04 04:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-10-16 14:35 . 2010-10-16 14:35 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-10-16 14:35 . 2010-10-16 14:35 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-10-16 04:21 . 2010-10-16 04:21 -------- d-----w- c:\users\Aimie\AppData\Roaming\AVG10
2010-10-16 04:19 . 2010-10-16 04:19 -------- d--h--w- c:\programdata\Common Files
2010-10-16 04:18 . 2010-11-03 01:45 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-16 04:18 . 2010-11-03 01:41 -------- d-----w- c:\programdata\AVG10
2010-10-16 02:57 . 2010-10-16 03:03 -------- d-----w- c:\programdata\MFAData
2010-10-16 02:28 . 2010-10-16 02:28 -------- d-----w- c:\program files\Cisco Systems
2010-10-16 02:21 . 2010-10-16 02:21 -------- d-----w- c:\programdata\Cisco Systems
2010-10-15 04:00 . 2010-10-15 04:00 108032 ----a-w- c:\windows\system32\spoolsv4.dll
2010-10-14 14:51 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 14:51 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:48 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:48 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:48 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:48 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:48 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:48 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 14:48 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 14:48 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 14:40 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 14:36 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 14:36 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 16:06 . 2010-10-12 16:06 -------- d-----w- c:\programdata\TomTom
2010-10-12 16:04 . 2010-10-12 16:04 -------- d-----w- c:\users\Aimie\AppData\Roaming\TomTom
2010-10-12 16:04 . 2010-10-12 16:04 -------- d-----w- c:\users\Aimie\AppData\Local\TomTom
2010-10-12 16:04 . 2010-10-12 16:04 -------- d-----w- c:\program files\TomTom International B.V
2010-10-07 19:47 . 2010-10-07 19:47 -------- d-----w- c:\users\Aimie\AppData\Local\Eastman_Kodak_Company
2010-10-07 04:01 . 2010-10-07 05:00 -------- d-----w- c:\programdata\Update
2010-10-07 04:01 . 2010-10-07 04:01 105 ----a-w- c:\windows\system32\config\systemprofile\AppData\Roaming\asdsada.bat
2010-10-07 03:39 . 2010-10-07 03:39 -------- d-----w- c:\programdata\kds_kodak
2010-10-07 03:39 . 2010-10-07 03:39 -------- d-----w- c:\programdata\Eastman Kodak Company
2010-10-07 02:29 . 2009-08-03 15:33 192512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-10-07 02:26 . 2010-10-07 02:26 -------- d-----w- c:\users\Aimie\AppData\Local\KODAK
2010-10-07 02:26 . 2010-10-28 03:06 -------- d-----w- c:\users\Aimie\AppData\Local\Eastman Kodak Company
2010-10-07 02:26 . 2010-10-07 02:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Eastman Kodak Company
2010-10-07 02:25 . 2010-10-07 02:25 -------- d-----w- c:\windows\system32\kodak
2010-10-07 02:23 . 2010-10-07 02:26 -------- d-----w- c:\program files\Kodak
2010-10-07 02:21 . 2010-11-03 01:41 -------- d-----w- c:\programdata\Kodak
2010-10-06 02:49 . 2010-10-06 02:49 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-06 01:59 . 2010-10-06 01:59 -------- d-----w- c:\program files\Avanquest update
2010-10-05 02:11 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-05 01:57 . 2010-10-05 01:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2010-10-05 01:46 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-05 01:29 . 2010-10-05 01:29 -------- d-----w- c:\users\Aimie\AppData\Local\BVRP Software
2010-10-05 01:26 . 2009-10-27 08:12 112144 ----a-w- c:\windows\system32\ptumwmcp64.dll
2010-10-05 01:26 . 2009-10-27 08:12 100880 ----a-w- c:\windows\system32\ptumwmcp.dll
2010-10-05 01:26 . 2009-10-27 07:28 115216 ----a-w- c:\windows\system32\drivers\PTUMWNET.sys
2010-10-05 01:26 . 2009-10-27 07:28 12048 ----a-w- c:\windows\system32\drivers\PTUMWFLT.sys
2010-10-05 01:26 . 2009-10-27 07:28 22032 ----a-w- c:\windows\system32\drivers\PTUMWCDF.sys
2010-10-05 01:26 . 2009-10-21 21:15 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-10-05 01:26 . 2009-09-09 09:01 10440 ----a-w- c:\windows\system32\ptumwcit.dll
2010-10-05 01:26 . 2010-10-05 01:26 -------- d-----w- c:\program files\PANTECH
2010-10-05 01:26 . 2009-10-27 07:28 160400 ----a-w- c:\windows\system32\drivers\PTUMWVsp.sys
2010-10-05 01:26 . 2009-10-27 07:28 160400 ----a-w- c:\windows\system32\drivers\PTUMWMdm.sys
2010-10-05 01:26 . 2009-10-27 07:28 54544 ----a-w- c:\windows\system32\drivers\PTUMWBus.sys
2010-10-05 01:25 . 2010-10-05 01:25 -------- d-----w- c:\program files\Common Files\Avanquest software Shared
2010-10-05 01:25 . 2010-10-06 02:00 -------- d-----w- c:\program files\Cricket Broadband Connect
2010-10-05 01:25 . 2010-10-06 01:31 -------- d-----w- c:\programdata\BVRP Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 22:27 . 2010-09-13 22:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 09:49 . 2010-09-07 09:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 09:48 . 2010-09-07 09:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 09:48 . 2010-09-07 09:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 09:48 . 2010-09-07 09:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-21 15:10 . 2010-08-21 15:10 110080 ----a-r- c:\users\Aimie\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe
2010-08-21 15:10 . 2010-08-21 15:10 110080 ----a-r- c:\users\Aimie\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe
2010-08-21 11:52 . 2009-11-26 19:50 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2010-08-20 03:42 . 2010-08-20 03:42 27216 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-20 03:42 . 2010-08-20 03:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 03:42 . 2010-08-20 03:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-17 14:11 . 2010-09-14 19:07 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 21:02 . 2010-08-11 21:02 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Elogusefube.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-28 2424560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-10 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-10 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-19 6244896]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-09-22 708608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-07-28 554328]
"{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}"="c:\program files\Cricket Broadband Connect\AvqAutoRun.exe" [2009-10-19 73728]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-13 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-08-27 159744]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-08-23 313344]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-10-27 54544]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [2009-10-27 22032]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-10-27 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-10-27 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-10-27 115216]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-10-27 160400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [2010-10-02 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101029.001\IDSvix86.sys [2010-10-19 353840]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-20 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-20 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-20 27216]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-19 102448]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]


--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-03 c:\windows\Tasks\User_Feed_Synchronization-{6B1AD602-6BDD-497D-881E-B01B2C8A5936}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Aimie\AppData\Roaming\Mozilla\Firefox\Profiles\u1jx1ig9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 20:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD25 rev.11.0 -> \Device\Ide\IdePort0

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86F5E446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f64504]; MOV EAX, [0x86f64580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82645962] -> \Device\Harddisk0\DR0[0x868BD550]
3 CLASSPNP[0x8A7AB8B3] -> ntkrnlpa!IofCallDriver[0x82645962] -> [0x8613F700]
5 acpi[0x806986BC] -> ntkrnlpa!IofCallDriver[0x82645962] -> [0x85D20B58]
\Driver\nvstor32[0x8614D030] -> IRP_MJ_CREATE -> 0x86F5E446
error: Read The system cannot find the file specified.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected hooks:
\Device\00000072 -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00BEVT-22ZCT#4&116b3f3d&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

Filesystem trace:
called modules: ntkrnlpa.exe hal.dll AVGIDSFilter.Sys fltmgr.sys BHDrvx86.sys eeCtrl.sys SRTSP.SYS avgmfx86.sys SYMEFA.SYS luafv.sys fileinfo.sys Ntfs.sys
1 ntkrnlpa!IofCallDriver[0x82645962] -> [0x89B0B020]
3 AVGIDSFilter[0xA6DCD404] -> ntkrnlpa!IofCallDriver[0x82645962] -> [0x86FACC38]
5 fltmgr[0x82C0ABA1] -> ntkrnlpa!IofCallDriver[0x82645962] -> [0x86FAD020]
7 ntkrnlpa[0x8284779E] -> ntkrnlpa!IofCallDriver[0x82645962] -> [0x89B0B020]
9 AVGIDSFilter[0xA6DCB0EF] -> ntkrnlpa!IofCallDriver[0x82645962] -> [0x86FACC38]
11 fltmgr[0x82C0ABA1] -> ntkrnlpa!IofCallDriver[0x82645962] -> [0x86FAD020]

Registry trace:
called modules: ntkrnlpa.exe BHDrvx86.sys AVGIDSDriver.Sys avgmfx86.sys hal.dll

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-02 20:23:28
ComboFix-quarantined-files.txt 2010-11-03 02:23

Pre-Run: 7,513,546,752 bytes free
Post-Run: 7,857,676,288 bytes free

- - End Of File - - FBEA909E505E10D9FA6165EE0BEC102B

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 03 November 2010 - 08:06 AM

Well, combofix told us the infection is there, but couldn't clean it.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 dr_drews

dr_drews
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 04 November 2010 - 12:30 PM

Hi,

I followed the steps and rebooted machine. When it got back to the windows logon screen it came up with the "Blue Screen". Everytime I restart it blue screens. I can get in through safe mode but not normal boot.

I'm not sure of the exact message on blue screen, but it basically says there was a system failure due to either lack of disk space or some recently installed software or hardware. recommends disabling recently installed items and getting latest drivers.

Does a memory dump and then restarts... and back to blue screen.

Any ideas?

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 04 November 2010 - 02:54 PM

Did TDSSkiller detect TDL4 and did you allow it to cure it. Was there anything else detected?

Do you have your Vista DVD at hand?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 dr_drews

dr_drews
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 04 November 2010 - 05:56 PM

It found something (not sure if it was TDL4 or not) and I selected Cure and let it do its thing.

When we got our laptop it had no disks, I think I read something in the manual about all the software just being on the computer, but I can't find the manual at the moment. If I can't find it then I guess I can just buy a copy of Vista and try formatting the PC?

#10 dr_drews

dr_drews
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 04 November 2010 - 08:20 PM

Hi,

I managed to get the TDSS log file off the computer see below

2010/11/03 20:03:46.0073 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/03 20:03:46.0073 ================================================================================
2010/11/03 20:03:46.0073 SystemInfo:
2010/11/03 20:03:46.0073
2010/11/03 20:03:46.0073 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/03 20:03:46.0073 Product type: Workstation
2010/11/03 20:03:46.0073 ComputerName: AIMIES-LAPTOP
2010/11/03 20:03:46.0073 UserName: Aimie
2010/11/03 20:03:46.0073 Windows directory: C:\Windows
2010/11/03 20:03:46.0073 System windows directory: C:\Windows
2010/11/03 20:03:46.0073 Processor architecture: Intel x86
2010/11/03 20:03:46.0073 Number of processors: 2
2010/11/03 20:03:46.0073 Page size: 0x1000
2010/11/03 20:03:46.0073 Boot type: Normal boot
2010/11/03 20:03:46.0073 ================================================================================
2010/11/03 20:03:46.0759 Initialize success
2010/11/03 20:03:51.0860 ================================================================================
2010/11/03 20:03:51.0860 Scan started
2010/11/03 20:03:51.0860 Mode: Manual;
2010/11/03 20:03:51.0860 ================================================================================
2010/11/03 20:03:52.0375 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/03 20:03:52.0547 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/03 20:03:52.0827 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/03 20:03:53.0171 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/03 20:03:53.0280 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/03 20:03:53.0561 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/03 20:03:53.0763 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/03 20:03:54.0044 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/03 20:03:54.0185 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/03 20:03:54.0419 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/03 20:03:54.0590 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/03 20:03:54.0793 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/03 20:03:55.0074 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/11/03 20:03:55.0323 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/03 20:03:55.0589 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/03 20:03:55.0776 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/03 20:03:56.0041 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/11/03 20:03:56.0415 athr (44362605f5fff00c9b7696b47680a8c5) C:\Windows\system32\DRIVERS\athr.sys
2010/11/03 20:03:56.0696 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/03 20:03:56.0899 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/11/03 20:03:57.0039 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/03 20:03:57.0258 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2010/11/03 20:03:57.0523 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys
2010/11/03 20:03:57.0773 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2010/11/03 20:03:57.0960 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2010/11/03 20:03:58.0365 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\Windows\system32\DRIVERS\avgtdix.sys
2010/11/03 20:03:58.0631 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/03 20:03:59.0161 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
2010/11/03 20:03:59.0317 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/03 20:03:59.0489 BMLoad (98f4630b5867d911ad6eae79874bf5e6) C:\Windows\system32\drivers\BMLoad.sys
2010/11/03 20:03:59.0660 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/03 20:03:59.0863 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/03 20:04:00.0113 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/03 20:04:00.0440 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/03 20:04:00.0627 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/03 20:04:00.0783 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/03 20:04:01.0002 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/03 20:04:01.0236 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/03 20:04:01.0766 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
2010/11/03 20:04:02.0156 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/03 20:04:02.0577 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/03 20:04:02.0780 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/03 20:04:03.0123 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/03 20:04:03.0545 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/03 20:04:03.0716 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/03 20:04:03.0935 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/03 20:04:04.0215 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/03 20:04:04.0418 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/03 20:04:04.0715 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/03 20:04:05.0120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/03 20:04:05.0432 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/03 20:04:05.0822 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/03 20:04:06.0197 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/03 20:04:06.0462 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/03 20:04:06.0680 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/03 20:04:07.0023 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/03 20:04:07.0179 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2010/11/03 20:04:07.0351 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/03 20:04:07.0460 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/11/03 20:04:07.0601 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2010/11/03 20:04:07.0835 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/03 20:04:08.0022 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/03 20:04:08.0131 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/03 20:04:08.0193 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/03 20:04:08.0240 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/03 20:04:08.0303 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/03 20:04:08.0365 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/03 20:04:08.0443 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/03 20:04:08.0521 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/03 20:04:08.0552 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/03 20:04:08.0615 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/03 20:04:08.0739 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/03 20:04:08.0864 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/03 20:04:08.0911 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/03 20:04:08.0958 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/03 20:04:09.0020 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/03 20:04:09.0083 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/03 20:04:09.0161 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/03 20:04:09.0207 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/03 20:04:09.0254 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/03 20:04:09.0317 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/03 20:04:09.0613 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101102.001\IDSvix86.sys
2010/11/03 20:04:09.0769 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/03 20:04:10.0003 IntcAzAudAddService (cf2219a2fed4f8f2e0817a2bf1658799) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/03 20:04:10.0065 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/03 20:04:10.0128 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/03 20:04:10.0221 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/03 20:04:10.0346 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/03 20:04:10.0377 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/03 20:04:10.0471 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/03 20:04:10.0565 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/03 20:04:10.0799 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/03 20:04:10.0939 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/03 20:04:10.0986 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/03 20:04:11.0033 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/03 20:04:11.0095 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/03 20:04:11.0189 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/03 20:04:11.0501 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/03 20:04:11.0610 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/03 20:04:11.0703 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/03 20:04:11.0750 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/03 20:04:11.0813 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/03 20:04:11.0922 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/03 20:04:11.0984 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/03 20:04:12.0062 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/03 20:04:12.0109 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/03 20:04:12.0156 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/03 20:04:12.0203 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/03 20:04:12.0249 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/03 20:04:12.0327 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/03 20:04:12.0390 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/03 20:04:12.0452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/03 20:04:12.0530 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/03 20:04:12.0671 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/03 20:04:12.0873 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/03 20:04:12.0983 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/03 20:04:13.0061 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/11/03 20:04:13.0139 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/03 20:04:13.0279 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/03 20:04:13.0388 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/03 20:04:13.0451 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/03 20:04:13.0482 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/03 20:04:13.0513 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/03 20:04:13.0575 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/03 20:04:13.0638 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/03 20:04:13.0685 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/03 20:04:13.0731 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/03 20:04:13.0856 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/03 20:04:14.0121 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101103.002\NAVENG.SYS
2010/11/03 20:04:14.0231 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101103.002\NAVEX15.SYS
2010/11/03 20:04:14.0745 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/03 20:04:14.0855 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/03 20:04:14.0948 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/03 20:04:15.0057 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/03 20:04:15.0198 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/03 20:04:15.0260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/03 20:04:15.0338 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/03 20:04:15.0572 netr28 (d9f2ebe53fe0647a9a9383590bbf0cb2) C:\Windows\system32\DRIVERS\netr28.sys
2010/11/03 20:04:15.0697 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/03 20:04:15.0884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/03 20:04:15.0978 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/03 20:04:16.0259 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/03 20:04:16.0571 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/03 20:04:16.0617 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/03 20:04:16.0664 NVHDA (faa22e6256d9fa2c7f77b67c68cdd749) C:\Windows\system32\drivers\nvhda32v.sys
2010/11/03 20:04:17.0163 nvlddmkm (2f1d07b205a4c29b80378a1e3c8ab1dc) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/03 20:04:17.0491 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/03 20:04:17.0600 nvsmu (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/11/03 20:04:17.0725 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/03 20:04:17.0881 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/11/03 20:04:17.0959 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/03 20:04:18.0115 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/03 20:04:18.0224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/03 20:04:18.0287 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/03 20:04:18.0349 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/03 20:04:18.0427 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/03 20:04:18.0489 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/11/03 20:04:18.0536 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/03 20:04:18.0614 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/03 20:04:18.0770 Ph3xIB32 (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
2010/11/03 20:04:18.0895 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/03 20:04:18.0942 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/03 20:04:19.0020 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/03 20:04:19.0082 PTUMWBus (9866479c5c894c3a064eeb6f68618822) C:\Windows\system32\DRIVERS\PTUMWBus.sys
2010/11/03 20:04:19.0129 PTUMWCDF (c51eac8fb88163304329279e82f1d89f) C:\Windows\system32\DRIVERS\PTUMWCDF.sys
2010/11/03 20:04:19.0191 PTUMWFLT (4f840761bb4d674856f6c36f9b66624c) C:\Windows\system32\DRIVERS\PTUMWFLT.sys
2010/11/03 20:04:19.0254 PTUMWMdm (411e332a6426c9b87f5f9b02bcdd15bf) C:\Windows\system32\DRIVERS\PTUMWMdm.sys
2010/11/03 20:04:19.0332 PTUMWNET (bdc1f41f77415a432ca030f30f2ab898) C:\Windows\system32\DRIVERS\PTUMWNET.sys
2010/11/03 20:04:19.0379 PTUMWVsp (e4812824cdc46a90dde225c0fd284098) C:\Windows\system32\DRIVERS\PTUMWVsp.sys
2010/11/03 20:04:19.0472 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/03 20:04:19.0535 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/03 20:04:19.0581 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/03 20:04:19.0628 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/03 20:04:19.0675 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/03 20:04:19.0737 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/03 20:04:19.0784 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/03 20:04:19.0831 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/03 20:04:19.0878 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/03 20:04:19.0940 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/11/03 20:04:20.0003 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/03 20:04:20.0065 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/03 20:04:20.0112 ReallusionVirtualAudio (f13cfbecd7f6d08fb8763a6d7646a5cb) C:\Windows\system32\DRIVERS\RLVrtAuCbl.sys
2010/11/03 20:04:20.0221 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/03 20:04:20.0283 RTL8169 (41d6c5e32463668490ca4f157507ee80) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/11/03 20:04:20.0330 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
2010/11/03 20:04:20.0424 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/03 20:04:20.0486 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/03 20:04:20.0533 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/03 20:04:20.0611 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/03 20:04:20.0689 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/03 20:04:20.0720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/03 20:04:20.0767 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/03 20:04:20.0845 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/03 20:04:20.0876 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/03 20:04:20.0923 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/03 20:04:20.0954 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/03 20:04:21.0032 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/03 20:04:21.0095 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/03 20:04:21.0126 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/03 20:04:21.0282 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/03 20:04:21.0360 smserial (39b3889368d5138887efbf9db1fecd28) C:\Windows\system32\DRIVERS\smserial.sys
2010/11/03 20:04:21.0469 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/03 20:04:21.0656 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS
2010/11/03 20:04:21.0750 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS
2010/11/03 20:04:21.0828 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/03 20:04:21.0890 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/03 20:04:22.0093 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/03 20:04:22.0265 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/03 20:04:22.0311 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/03 20:04:22.0561 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS
2010/11/03 20:04:22.0811 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS
2010/11/03 20:04:22.0951 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/11/03 20:04:23.0216 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS
2010/11/03 20:04:23.0310 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
2010/11/03 20:04:23.0388 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/03 20:04:23.0435 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/03 20:04:23.0653 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/03 20:04:23.0731 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/03 20:04:23.0778 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\Windows\system32\drivers\tcpipBM.sys
2010/11/03 20:04:23.0918 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/03 20:04:24.0012 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/03 20:04:24.0059 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/03 20:04:24.0105 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/03 20:04:24.0261 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/03 20:04:24.0667 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
2010/11/03 20:04:24.0854 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\Windows\system32\DRIVERS\tosrfbd.sys
2010/11/03 20:04:25.0260 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
2010/11/03 20:04:25.0307 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\Windows\system32\Drivers\tosrfcom.sys
2010/11/03 20:04:25.0463 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2010/11/03 20:04:25.0525 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2010/11/03 20:04:25.0587 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\Windows\system32\drivers\tosrfsnd.sys
2010/11/03 20:04:25.0697 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\Windows\system32\DRIVERS\tosrfusb.sys
2010/11/03 20:04:25.0821 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/03 20:04:26.0118 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/03 20:04:26.0258 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/03 20:04:26.0367 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/03 20:04:26.0586 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/03 20:04:26.0991 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/03 20:04:27.0132 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/03 20:04:27.0194 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/03 20:04:27.0257 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/03 20:04:27.0288 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/03 20:04:27.0444 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/11/03 20:04:27.0537 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/11/03 20:04:27.0600 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/03 20:04:27.0678 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/03 20:04:27.0725 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/03 20:04:27.0834 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/03 20:04:27.0974 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/03 20:04:28.0068 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/03 20:04:28.0193 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/03 20:04:28.0286 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/03 20:04:28.0411 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/03 20:04:28.0707 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/03 20:04:28.0879 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/03 20:04:29.0004 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/03 20:04:29.0175 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/03 20:04:29.0253 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/03 20:04:29.0285 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/03 20:04:29.0331 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/03 20:04:29.0519 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/03 20:04:29.0768 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/03 20:04:30.0018 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/03 20:04:30.0205 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/03 20:04:30.0314 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/03 20:04:30.0330 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/03 20:04:30.0455 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/03 20:04:30.0642 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/03 20:04:31.0032 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/03 20:04:31.0188 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/03 20:04:31.0219 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/03 20:04:31.0328 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/03 20:04:31.0453 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/03 20:04:31.0469 ================================================================================
2010/11/03 20:04:31.0469 Scan finished
2010/11/03 20:04:31.0469 ================================================================================
2010/11/03 20:04:31.0500 Detected object count: 1
2010/11/03 20:04:46.0101 \HardDisk0 - will be cured after reboot
2010/11/03 20:04:46.0101 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/03 20:04:48.0847 Deinitialize success

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 05 November 2010 - 06:18 AM

Hi, please tap F8 when the computer starts up and let me know if you see an option in the Advanced Boot Options menu to "Repair windows" or "recovery environment". If so, access it and see if you can do a Startup Repair.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 dr_drews

dr_drews
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 07 November 2010 - 11:20 PM

Hi, that didn't work either... but, I managed to create a recovery DVD and have formatted PC and reinstalled windows.

Will the PC now be secure or do I still need to check if I have any viruses?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 08 November 2010 - 04:34 AM

Hi, if you did a complete reformat/reinstall, you should be okay. :)

Please let me know if you have any other questions or if this can be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 dr_drews

dr_drews
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 November 2010 - 02:21 PM

One question. How do I stop this happening again? I have Norton Internet Security installed, should that be sufficient?

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 08 November 2010 - 02:46 PM

Hi, please see below. :)

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

I will now close this topic. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

Edited by elise025, 08 November 2010 - 02:46 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users