Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Backdoor.Tidserv.l!inf


  • Please log in to reply
11 replies to this topic

#1 CompFool

CompFool

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 07 November 2010 - 12:09 PM

Ran Norton virus scan and it found "Backdoor.Tidserv.l!inf" on my computer. Instruction from Norton state to remove it mannually, which I do not know how to do. I first experienced a problem last week when my computer would not boot and I had a blue screen (dont recall message). I had a friend remove the virus but apparently it was not successful as my internet is painfully slow and Norton is saying I have this virus. My friend said he removed the virus mannually, ran Malwarebytes, then checked my system with Symantec. He said it was clean and that appeared to be the case as I ran Symnatec earlier this week and it did not report a problem until a couple days ago, when my system alerted me that I had a virus.

Thanks.

DDS (Ver_10-11-08.01) - NTFSx86
Run by ME at 20:51:14.06 on Sun 11/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.306 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ME\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)" -"http://www.shockwave.com/gamelanding/oversizexxl.jsp"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
Trusted Zone: isqft.com
Trusted Zone: isqft.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265857323140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219298059656
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-7 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-7 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101029.001\BHDrvx86.sys [2010-10-29 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-7 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-7 116784]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-11-7 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-6 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101104.004\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101107.003\NAVENG.SYS [2010-11-7 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101107.003\NAVEX15.SYS [2010-11-7 1371184]
S2 gupdate1c9ed53d7469d4c;Google Update Service (gupdate1c9ed53d7469d4c);c:\program files\google\update\GoogleUpdate.exe [2009-6-14 133104]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-9-15 18560]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-21 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-21 40552]

=============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2010-11-07 17:15:07 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-07 05:02:53 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
2010-11-07 05:02:53 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2010-11-07 05:02:53 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2010-11-07 05:02:53 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2010-11-07 05:02:52 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2010-11-07 05:02:52 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2010-11-07 05:02:52 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2010-11-07 05:02:52 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2010-11-07 05:02:27 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2010-11-07 02:28:42 -------- d-----w- c:\docume~1\kendic~1\applic~1\Tific
2010-11-06 02:08:10 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-06 02:08:10 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-06 02:08:09 -------- d-----w- c:\program files\Symantec
2010-11-06 02:08:09 -------- d-----w- c:\program files\common files\Symantec Shared
2010-11-06 02:07:07 -------- d-----w- c:\windows\system32\drivers\N360
2010-11-06 02:07:05 -------- d-----w- c:\program files\Norton 360
2010-11-06 02:02:22 -------- d-----w- c:\program files\NortonInstaller
2010-11-06 02:02:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-11-06 01:59:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-10-27 23:37:56 -------- d-sha-r- C:\cmdcons
2010-10-27 23:32:34 98816 ----a-w- c:\windows\sed.exe
2010-10-27 23:32:34 79872 ----a-w- c:\windows\MBR.exe
2010-10-27 23:32:34 256512 ----a-w- c:\windows\PEV.exe
2010-10-27 23:32:34 161792 ----a-w- c:\windows\SWREG.exe
2010-10-27 23:10:01 -------- d-----w- C:\awork
2010-10-27 23:06:31 -------- d-----w- c:\docume~1\kendic~1\applic~1\Malwarebytes
2010-10-27 23:06:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 23:06:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 23:06:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 23:06:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-27 23:06:04 -------- d-----w- c:\windows\pss
2010-10-14 23:32:22 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 23:32:21 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 23:32:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 20:51:57.01 ===============

Attached Files


Edited by CompFool, 07 November 2010 - 09:48 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:04 PM

Posted 14 November 2010 - 09:22 AM

Hello CompFool

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 CompFool

CompFool
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 15 November 2010 - 03:06 PM

See "OTL.txt" & "Extras.Txt" content below.

OTL logfile created on: 11/15/2010 3:08:47 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 398.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1519 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 168.71 Gb Free Space | 72.48% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 2.65 Gb Free Space | 0.28% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive G: | 965.73 Mb Total Space | 813.02 Mb Free Space | 84.19% Space Free | Partition Type: FAT

Computer Name: BRAINFART | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 15:08:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/11/10 10:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/07/21 16:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2002/10/16 20:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 15:08:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/11/28 15:25:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys -- (EraserUtilDrv11010)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/11/05 21:08:10 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/05 00:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101115.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/11/05 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/05 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/05 00:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101115.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/03 19:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/10/19 15:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101112.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/30 18:42:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Serial.sy@ -- (Serial)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/07/21 20:12:16 | 001,095,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/07/05 15:08:28 | 000,241,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/05/10 14:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/09/27 18:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/11/07 00:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/11/05 21:10:08 | 000,000,000 | ---D | M]

[2010/06/25 11:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2010/10/28 06:20:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: isqft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265857323140 (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219298059656 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/20 23:37:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:17:24 | 000,000,118 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 15:08:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2010/11/13 14:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Mortgage 2010
[2010/11/10 21:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Mortgage
[2010/11/07 00:02:53 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdi.sys
[2010/11/07 00:02:53 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdiv.sys
[2010/11/07 00:02:53 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.sys
[2010/11/07 00:02:53 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.sys
[2010/11/07 00:02:52 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.sys
[2010/11/07 00:02:52 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.sys
[2010/11/07 00:02:52 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\ironx86.sys
[2010/11/07 00:02:52 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.sys
[2010/11/07 00:02:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0403000.005
[2010/11/06 21:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Tific
[2010/11/05 21:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Symantec
[2010/11/05 21:08:10 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/05 21:08:10 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/05 21:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/11/05 21:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/11/05 21:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/11/05 21:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/11/05 21:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/11/05 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/11/05 21:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/11/05 20:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/11/05 20:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/11/05 14:05:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Serial.sy@
[2010/11/03 22:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Games
[2010/10/28 21:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\Streak
[2010/10/28 21:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\Kat
[2010/10/28 21:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\JJ
[2010/10/28 08:08:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/27 18:37:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/27 18:32:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/27 18:32:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/27 18:32:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/27 18:32:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/27 18:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/27 18:31:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 18:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/27 18:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/27 18:10:01 | 000,000,000 | ---D | C] -- C:\awork
[2010/10/27 18:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Malwarebytes
[2010/10/27 18:06:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/27 18:06:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/27 18:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/27 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/27 18:06:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/21 15:13:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 15:08:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2010/11/15 15:06:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/15 15:06:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 14:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 14:24:41 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2003.lnk
[2010/11/15 03:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/13 17:33:59 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2003.lnk
[2010/11/11 22:08:16 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/11/10 15:04:26 | 000,692,850 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2010/11/09 23:34:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/07 20:44:01 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\dds.com
[2010/11/07 12:13:47 | 000,001,889 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/11/06 22:29:44 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\gmer.exe
[2010/11/06 22:16:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ME\defogger_reenable
[2010/11/06 22:15:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Defogger.exe
[2010/11/05 21:08:10 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/05 21:08:10 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/11/05 21:08:10 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/11/05 21:08:09 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/05 21:06:48 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Norton Installation Files.lnk
[2010/11/03 18:48:07 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/10/28 10:06:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/28 06:20:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/28 06:03:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/27 18:06:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/27 18:06:20 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:06:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/25 21:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/07 20:44:00 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\dds.com
[2010/11/07 12:13:09 | 000,692,850 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2010/11/07 00:02:53 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.cat
[2010/11/07 00:02:53 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.cat
[2010/11/07 00:02:53 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.cat
[2010/11/07 00:02:53 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.cat
[2010/11/07 00:02:53 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.inf
[2010/11/07 00:02:53 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.inf
[2010/11/07 00:02:53 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.inf
[2010/11/07 00:02:53 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.inf
[2010/11/07 00:02:52 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.cat
[2010/11/07 00:02:52 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.cat
[2010/11/07 00:02:52 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.cat
[2010/11/07 00:02:52 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.cat
[2010/11/07 00:02:52 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.inf
[2010/11/07 00:02:52 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.inf
[2010/11/07 00:02:52 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.inf
[2010/11/07 00:02:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.inf
[2010/11/07 00:02:27 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini
[2010/11/06 22:16:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ME\defogger_reenable
[2010/11/06 22:15:14 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Defogger.exe
[2010/11/05 21:08:10 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/11/05 21:08:10 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/11/05 21:07:31 | 000,001,889 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/11/05 20:59:51 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Norton Installation Files.lnk
[2010/11/04 10:16:58 | 000,295,424 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\gmer.exe
[2010/10/28 10:06:00 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
[2010/10/27 18:38:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/27 18:37:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/27 18:32:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/27 18:32:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/27 18:32:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/27 18:32:34 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/27 18:32:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/27 18:06:20 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:06:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 17:43:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/08/18 20:33:44 | 000,207,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/30 10:52:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2010/04/30 16:07:14 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MADCCX.INI
[2010/04/29 15:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MADCCS.INI
[2010/04/29 15:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MADCCF.INI
[2010/03/08 19:00:43 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2010/02/07 22:03:22 | 000,000,183 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/02/01 21:41:06 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\fusioncache.dat
[2009/10/02 14:38:29 | 000,001,101 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\ACDAddinLog.txt
[2009/08/07 12:48:02 | 000,006,285 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\Comma Separated Values (Windows).EML
[2009/08/06 15:03:26 | 000,038,520 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\Comma Separated Values (Windows).ADR
[2008/12/20 21:44:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2008/12/20 21:44:00 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2008/12/20 21:15:32 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/12/11 02:18:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/28 15:25:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/11/22 22:21:04 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2008/11/22 21:04:29 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/07 11:46:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/08/21 23:00:24 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/08/21 01:07:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/08/21 01:01:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/21 00:45:29 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/08/21 00:45:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2008/08/21 00:26:59 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2008/08/20 23:59:11 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/20 19:29:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/09 16:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/12/21 10:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/05 09:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll

========== LOP Check ==========

[2010/10/07 20:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/03/24 14:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/05/01 20:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/28 15:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/09/15 09:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008/11/10 20:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/06/04 01:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/09 02:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/11/25 23:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2009/11/14 13:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/17 09:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/06 21:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 17:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/02 23:13:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
[2010/02/12 02:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Autodesk
[2009/05/01 20:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Azureus
[2008/11/28 15:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\DassaultSystemes
[2008/11/28 15:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\EDrawings
[2010/02/10 22:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Facebook
[2010/09/27 23:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\GrabIt
[2008/11/20 22:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Leadertech
[2010/02/06 23:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Moyea
[2008/08/21 00:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\MSNInstaller
[2010/02/15 20:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\SmartDraw
[2010/11/06 21:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Tific
[2009/04/30 22:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Uniblue
[2010/05/23 16:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Unity
[2009/01/03 16:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589

< End of report >

OTL Extras logfile created on: 11/15/2010 2:41:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 313.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1519 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 168.69 Gb Free Space | 72.47% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 2.65 Gb Free Space | 0.28% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive G: | 965.73 Mb Total Space | 813.00 Mb Free Space | 84.18% Space Free | Partition Type: FAT

Computer Name: BRAINFART | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43D2A1DD-69C9-4E86-8F51-4890A6263863}" = VTech® Photo Editor
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}" =
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A35F91E-1D16-454F-A248-B9B782A2327C}" = Dell Support 3.2.1
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E15C4B8-85FC-4539-94F2-8280C0B213A3}" = LeapFrog Tag Plugin
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{913A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C193C75D-02BF-4F9D-8981-0843A7EABF39}" = Surveillix Remote
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}" =
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"audcle" = Plus! MP3 Audio Converter LE
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bejeweled Blitz" = Bejeweled Blitz
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"DWG TrueView 2010" = DWG TrueView 2010
"ffdshow_is1" = ffdshow [rev 2460] [2008-12-09]
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOPDKey" = Hooked on Phonics Learn to Read
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{C193C75D-02BF-4F9D-8981-0843A7EABF39}" = Surveillix Remote
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"MadelineThinkingGamesToy" = Madeline Thinking Games
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoRecord" = Canon PhotoRecord
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2010 11:43:32 PM | Computer Name = KDSBRAINFART | Source = Bonjour Service | ID = 100
Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/8/2010 11:43:32 PM | Computer Name = KDSBRAINFART | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 4:00:35 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Small Business Edition 2003 -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 11/11/2010 4:00:35 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Small Business Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB2435682): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/11/2010 4:00:42 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Small Business Edition 2003 -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 11/11/2010 4:00:42 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Small Business Edition 2003 - Update 'Security
Update for PowerPoint 2003 (KB2413304): POWERPNT' could not be installed. Error
code 1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/11/2010 4:02:49 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Small Business Edition 2003 -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 11/11/2010 4:02:49 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Small Business Edition 2003 - Update 'Security
Update for Office 2003 (KB2289187): MSO' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/11/2010 4:02:53 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 11719
Description = Product: Compatibility Pack for the 2007 Office system -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 11/11/2010 4:02:53 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 1024
Description = Product: Compatibility Pack for the 2007 Office system - Update 'Security
Update for 2007 Microsoft Office System (KB2289158)' could not be installed. Error
code 1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

[ Application Events ]
Error - 11/8/2010 11:43:32 PM | Computer Name = KDSBRAINFART | Source = Bonjour Service | ID = 100
Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/8/2010 11:43:32 PM | Computer Name = KDSBRAINFART | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 4:00:35 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Small Business Edition 2003 -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 11/11/2010 4:00:35 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Small Business Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB2435682): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/11/2010 4:00:42 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Small Business Edition 2003 -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 11/11/2010 4:00:42 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Small Business Edition 2003 - Update 'Security
Update for PowerPoint 2003 (KB2413304): POWERPNT' could not be installed. Error
code 1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/11/2010 4:02:49 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Small Business Edition 2003 -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 11/11/2010 4:02:49 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Small Business Edition 2003 - Update 'Security
Update for Office 2003 (KB2289187): MSO' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/11/2010 4:02:53 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 11719
Description = Product: Compatibility Pack for the 2007 Office system -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 11/11/2010 4:02:53 AM | Computer Name = KDSBRAINFART | Source = MsiInstaller | ID = 1024
Description = Product: Compatibility Pack for the 2007 Office system - Update 'Security
Update for 2007 Microsoft Office System (KB2289158)' could not be installed. Error
code 1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 11/8/2010 10:59:19 PM | Computer Name = KDSBRAINFART | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 11/9/2010 6:44:55 AM | Computer Name = KDSBRAINFART | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 11/9/2010 9:34:41 PM | Computer Name = KDSBRAINFART | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 11/10/2010 2:02:29 PM | Computer Name = KDSBRAINFART | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 11/11/2010 4:00:40 AM | Computer Name = KDSBRAINFART | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB2435682).

Error - 11/11/2010 4:00:47 AM | Computer Name = KDSBRAINFART | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office PowerPoint 2003 (KB2413304).

Error - 11/11/2010 4:02:53 AM | Computer Name = KDSBRAINFART | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289187).

Error - 11/11/2010 4:03:22 AM | Computer Name = KDSBRAINFART | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2007 System (KB2289158).

Error - 11/11/2010 1:49:18 PM | Computer Name = KDSBRAINFART | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 11/12/2010 8:49:11 PM | Computer Name = KDSBRAINFART | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2


< End of report >

Edited by CompFool, 15 November 2010 - 03:33 PM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:04 PM

Posted 15 November 2010 - 03:48 PM

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 CompFool

CompFool
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 15 November 2010 - 03:57 PM

results of scan are "not found".

2010/11/15 16:17:46.0078 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/15 16:17:46.0078 ================================================================================
2010/11/15 16:17:46.0078 SystemInfo:
2010/11/15 16:17:46.0078
2010/11/15 16:17:46.0078 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/15 16:17:46.0078 Product type: Workstation
2010/11/15 16:17:46.0078 ComputerName: BRAINFART
2010/11/15 16:17:46.0078 UserName: ME
2010/11/15 16:17:46.0078 Windows directory: C:\WINDOWS
2010/11/15 16:17:46.0078 System windows directory: C:\WINDOWS
2010/11/15 16:17:46.0078 Processor architecture: Intel x86
2010/11/15 16:17:46.0078 Number of processors: 2
2010/11/15 16:17:46.0078 Page size: 0x1000
2010/11/15 16:17:46.0078 Boot type: Normal boot
2010/11/15 16:17:46.0078 ================================================================================
2010/11/15 16:17:46.0359 Initialize success

Edited by CompFool, 15 November 2010 - 04:06 PM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:04 PM

Posted 15 November 2010 - 07:09 PM

Ok.
Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 CompFool

CompFool
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 15 November 2010 - 10:16 PM

ComboFix 10-11-15.05 - ME 11/15/2010 22:12:41.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.454 [GMT -5:00]
Running from: c:\documents and settings\ME\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-07 17:15 . 2010-11-07 17:15 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-07 02:28 . 2010-11-07 02:28 -------- d-----w- c:\documents and settings\ME\Application Data\Tific
2010-11-06 02:08 . 2010-11-06 02:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-06 02:08 . 2010-11-06 02:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-06 02:08 . 2010-11-06 02:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-11-06 02:08 . 2010-11-06 02:08 -------- d-----w- c:\program files\Symantec
2010-11-06 02:07 . 2010-11-07 17:13 -------- d-----w- c:\windows\system32\drivers\N360
2010-11-06 02:07 . 2010-11-06 02:07 -------- d-----w- c:\program files\Norton 360
2010-11-06 02:07 . 2010-11-06 02:07 -------- d-----w- c:\program files\Windows Sidebar
2010-11-06 02:02 . 2010-11-06 02:02 -------- d-----w- c:\program files\NortonInstaller
2010-11-06 01:59 . 2010-11-06 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-27 23:12 . 2010-10-27 23:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-10-27 23:10 . 2010-10-28 01:39 -------- d-----w- C:\awork
2010-10-27 23:06 . 2010-10-27 23:06 -------- d-----w- c:\documents and settings\ME\Application Data\Malwarebytes
2010-10-27 23:06 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 23:06 . 2010-10-27 23:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 23:06 . 2010-10-27 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-27 23:06 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-18 14:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-28_11.21.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-16 02:39 . 2010-11-16 02:39 16384 c:\windows\Temp\Perflib_Perfdata_4ac.dat
+ 2010-11-16 02:37 . 2010-11-16 02:37 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
- 2009-09-10 05:27 . 2009-05-18 18:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2009-09-10 05:27 . 2009-05-18 21:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2004-08-04 10:00 . 2008-04-13 19:15 64512 c:\windows\system32\drivers\serial.sys
- 2004-08-04 10:00 . 2008-04-13 19:15 64512 c:\windows\system32\drivers\serial.sys
+ 2010-11-07 05:02 . 2010-04-22 02:29 43696 c:\windows\system32\drivers\N360\0403000.005\srtspx.sys
- 2008-01-29 16:01 . 2009-05-18 18:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:01 . 2009-05-18 21:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2004-08-04 10:00 . 2008-04-13 19:15 64512 c:\windows\system32\dllcache\serial.sys
- 2008-08-21 04:39 . 2010-10-27 23:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-21 04:39 . 2010-11-06 01:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-11-01 16:30 . 2010-11-06 01:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-11-11 17:50 . 2010-11-11 17:50 87710 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- 2008-08-27 14:30 . 2008-08-06 20:21 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-10-22 11:56 . 2010-10-22 11:56 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-10-22 11:46 . 2010-10-22 11:46 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2010-10-22 12:05 . 2010-10-22 12:05 65816 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-11-11 18:12 . 2010-11-11 18:12 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-10-15 07:31 . 2010-10-15 07:31 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-08-27 14:30 . 2008-08-06 20:22 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-10-22 11:57 . 2010-10-22 11:57 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2008-08-21 06:01 . 2010-10-15 07:30 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-31 16:46 . 2010-11-11 18:12 4096 c:\windows\Installer\{913A0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-08-31 16:46 . 2010-09-16 07:03 4096 c:\windows\Installer\{913A0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-11-11 17:50 . 2010-11-11 17:50 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2010-11-11 17:50 . 2010-11-11 17:50 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2008-01-29 16:02 . 2008-04-17 20:12 107368 c:\windows\system32\GEARAspi.dll
- 2008-01-29 16:02 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-09-10 05:27 . 2008-04-17 20:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
- 2009-09-10 05:27 . 2008-04-17 17:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-11-07 05:02 . 2010-05-06 04:01 339504 c:\windows\system32\drivers\N360\0403000.005\symtdiv.sys
+ 2010-11-07 05:02 . 2010-05-06 04:01 361904 c:\windows\system32\drivers\N360\0403000.005\symtdi.sys
+ 2010-11-07 05:02 . 2010-04-22 03:02 173104 c:\windows\system32\drivers\N360\0403000.005\symefa.sys
+ 2010-11-07 05:02 . 2010-02-04 01:40 328752 c:\windows\system32\drivers\N360\0403000.005\symds.sys
+ 2010-11-07 05:02 . 2010-04-22 02:29 325680 c:\windows\system32\drivers\N360\0403000.005\srtsp.sys
+ 2010-11-07 05:02 . 2010-04-29 05:03 116784 c:\windows\system32\drivers\N360\0403000.005\ironx86.sys
+ 2010-11-07 05:02 . 2010-02-26 00:22 501888 c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys
- 2008-08-27 14:30 . 2008-08-06 20:24 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2010-10-22 11:56 . 2010-10-22 11:56 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2010-10-22 12:05 . 2010-10-22 12:05 467224 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1159615.exe
+ 2010-10-22 11:46 . 2010-10-22 11:46 136568 c:\windows\system32\Adobe\Shockwave 11\SCC.dll
- 2008-08-27 14:30 . 2008-08-06 20:24 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2010-10-22 11:58 . 2010-10-22 11:58 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2010-10-22 11:57 . 2010-10-22 11:57 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2010-10-22 11:46 . 2010-10-22 11:46 810496 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2010-10-22 11:56 . 2010-10-22 11:56 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2010-10-22 12:05 . 2010-10-22 12:05 213272 c:\windows\system32\Adobe\Director\swdir.dll
+ 2010-10-22 11:57 . 2010-10-22 11:57 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-08-21 06:01 . 2010-11-11 18:12 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-21 06:01 . 2010-11-11 18:12 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-21 06:01 . 2010-10-15 07:30 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-08-31 16:46 . 2010-09-16 07:03 147456 c:\windows\Installer\{913A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2009-08-31 16:46 . 2010-11-11 18:12 147456 c:\windows\Installer\{913A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
- 2009-08-31 16:46 . 2010-09-16 07:03 135168 c:\windows\Installer\{913A0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-08-31 16:46 . 2010-11-11 18:12 135168 c:\windows\Installer\{913A0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-10-22 11:49 . 2010-10-22 11:49 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2010-10-22 11:46 . 2010-10-22 11:46 2224816 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2010-10-22 11:51 . 2010-10-22 11:51 1802240 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\3001ff7.msp
+ 2010-10-01 22:42 . 2010-10-01 22:42 5054464 c:\windows\Installer\3001ff5.msp
+ 2010-10-22 18:25 . 2010-10-22 18:25 5521408 c:\windows\Installer\3001ff4.msp
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\14d66b.msp
+ 2010-10-01 22:42 . 2010-10-01 22:42 5054464 c:\windows\Installer\14d643.msp
+ 2010-10-22 18:25 . 2010-10-22 18:25 5521408 c:\windows\Installer\14d62e.msp
+ 2008-08-21 07:34 . 2010-11-11 08:00 35758536 c:\windows\system32\MRT.exe
+ 2010-10-14 21:57 . 2010-10-14 21:57 11189248 c:\windows\Installer\3001ff6.msp
+ 2010-10-14 21:57 . 2010-10-14 21:57 11189248 c:\windows\Installer\14d658.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2008-12-20 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 01:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-07-21 22:50 86016 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 22:48 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 22:47 81920 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-01 14:07 843776 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [11/7/2010 12:02 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [11/7/2010 12:02 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/3/2010 7:07 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [11/7/2010 12:02 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [11/7/2010 12:02 AM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [11/7/2010 12:02 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2010 12:01 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101112.001\IDSXpx86.sys [10/19/2010 3:36 PM 341880]
S2 gupdate1c9ed53d7469d4c;Google Update Service (gupdate1c9ed53d7469d4c);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2009 7:54 PM 133104]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [9/15/2009 9:30 AM 18560]
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-15 00:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: isqft.com
Trusted Zone: isqft.com\www
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265857323140
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 22:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sy@"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-15 22:23:21
ComboFix-quarantined-files.txt 2010-11-16 03:23
ComboFix2.txt 2010-10-28 11:23
ComboFix3.txt 2010-10-28 01:36

Pre-Run: 181,113,901,056 bytes free
Post-Run: 181,106,507,776 bytes free

- - End Of File - - 8FCD358C5597FA40B0F604C0EBD8633D

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:04 PM

Posted 15 November 2010 - 11:02 PM

Do you still get warnings from Norton about this infection?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 CompFool

CompFool
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 16 November 2010 - 11:30 PM

I just ran virus scan and nothing... In my Norton Security History file, though, it still includes the virus with a note to remove it manually. I havent removed it so who knows... Attached is a screen shot of the note in the unresolved security history. Please share your thoughts. Thanks!

Edited by CompFool, 17 November 2010 - 01:53 PM.


#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:04 PM

Posted 17 November 2010 - 08:04 AM

Hi it is not recurring so it is gone.
You can simply click on clear entries and it will not longer be present.

How does the computer behave any redirections etc...?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 CompFool

CompFool
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 17 November 2010 - 01:52 PM

sounds good. right now it seems to be doing fine. Thanks for your help.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:04 PM

Posted 17 November 2010 - 02:17 PM

=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.
======Next======
  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
======================Clear out infected System Restore points======================
Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.


After that your all set.


===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...



===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware
superantispyware

===Free antivirus links===

This is antivirus and antispyware.
Microsoft Security Essentials
This is free antispyware protection and Antivirus protection.
AVG free
This is just antivirus protection.
Antivir
This is antivirus and antispyware protection.
Avast
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users