Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spontaneous Internet Explorer Pop Ups + Google Redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 bassplayer22

bassplayer22

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 11 December 2010 - 10:56 PM

Hello. I have Symantec Antivirus and use Malwarebytes' Anti-Malware occasionally for random virus checks.
I started having problems with my computer running XP Professional yesterday after clicking on a link from youtube. Since then, I've been getting annoying pop ups on Internet Explorer, even though I never use IE and usually use Firefox. Then I started noticing that some of the Google searches I was doing were redirecting me to different pages. I've used MBAM to try to rid myself of this problem, but after it told me to reboot to remove remaining threats, I had the popup problem once again.

Please help!!





This is my DDS log.


DDS (Ver_10-12-12.01) - NTFSx86
Run by phrst4 at 18:46:20.50 on Sat 12/11/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.279 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\NetMotion Client\messerv.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\NetMotion Client\nomtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Vid\Vid.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Program Files\Logitech\LWS\LU\LULnchr.exe
C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\phrst4\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Logitech Vid] "c:\program files\logitech\vid\Vid.exe" -bootmode
uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPWRTOOLBOX] c:\program files\hewlett-packard\hp deskjet 460 series\toolbox\HPWRTBX.exe "-i"
mRun: [nomtray] c:\program files\netmotion client\nomtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [dldfmon.exe] "c:\program files\dell aio printer 948\dldfmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell aio printer 948\memcard.exe"
mRun: [Dell AIO Printer 948 Fax Server] "c:\program files\dell aio printer 948\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
dRun: [oeynyhyf] c:\documents and settings\networkservice\local settings\application data\mmidfpupd\cemmufetssd.exe
dRun: [likqwrml] c:\documents and settings\networkservice\local settings\application data\mlhquijca\wfkgvytshdw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe.vir
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\phrst4\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: karna.dat iphlpinfo.dll devrgwiz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\phrst4\application data\mozilla\firefox\profiles\x60otuaw.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Xmarks: foxmarks@kei.com - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\foxmarks@kei.com
FF - Extension: FastestFox: smarterwiki@wikiatic.com - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\smarterwiki@wikiatic.com
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-10-27 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-10-27 5248]
R1 fsclm;FIPS Driver;c:\program files\netmotion client\fsclm.sys [2006-11-3 97760]
R1 NMDRV;NetMotion Client Driver;c:\program files\netmotion client\nmdrv.sys [2006-11-3 591872]
R1 NMRoam;NetMotion Roaming Detection Daemon;c:\windows\system32\drivers\nmroam.sys [2006-11-3 15872]
R1 NMutilnt;NetMotion Utility Driver;c:\windows\system32\drivers\nmutilnt.sys [2006-11-3 14848]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 MESSERV;NetMotion Client;c:\program files\netmotion client\messerv.exe [2006-11-3 1003520]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-25 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-12 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101108.002\naveng.sys [2010-11-8 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101108.002\navex15.sys [2010-11-8 1371184]
R3 nmvnic;NMVNIC Network Adapter;c:\windows\system32\drivers\nmvnic.sys [2006-11-3 37888]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [2008-8-13 98952]
S2 gupdate1c9503c5af7bb5a;Google Update Service (gupdate1c9503c5af7bb5a);c:\program files\google\update\GoogleUpdate.exe [2008-11-26 133104]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys [2007-6-21 40064]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-9-5 509312]

=============== Created Last 30 ================

2010-12-11 23:27:36 388096 -c--a-r- c:\docume~1\phrst4\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-11 23:27:30 -------- d-----w- c:\program files\Trend Micro
2010-12-11 04:51:26 478720 --sh--w- c:\windows\system32\iphlpinfo.dll
2010-12-11 04:51:19 62976 --sh--w- c:\windows\system32\devrgwiz.dll
2010-12-03 03:51:54 -------- d-----w- c:\program files\Portal
2010-12-01 00:59:59 -------- dc----w- c:\docume~1\phrst4\locals~1\applic~1\Installer4704
2010-12-01 00:40:30 -------- dc----w- c:\docume~1\phrst4\locals~1\applic~1\Installer3264
2010-11-14 02:02:01 -------- d-----w- c:\program files\The Weather Channel FW

==================== Find3M ====================

2008-10-30 19:19:02 11528 -c--a-w- c:\program files\common files\vubygixozy.bin
2008-10-30 15:04:28 10917 -c--a-w- c:\program files\common files\ipufupefy.pif
2008-10-30 15:04:27 16675 -c--a-w- c:\program files\common files\alafyc.vbs
2008-10-30 15:04:27 12005 -c--a-w- c:\program files\common files\rekicup.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86C8DF00]<<
_asm { JMP 0x4; }
1 ntkrnlpa!IofCallDriver[0x804EDFEA] -> \Device\Harddisk0\DR0[0x86F6CAB8]
3 CLASSPNP[0xF762C05B] -> ntkrnlpa!IofCallDriver[0x804EDFEA] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86F9FD98]
\Driver\atapi[0x86EF17D0] -> IRP_MJ_CREATE -> 0x86C8DF00
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x86c8df00
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 18:47:46.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:14 PM

Posted 19 December 2010 - 11:01 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 bassplayer22

bassplayer22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 19 December 2010 - 08:07 PM

Thank you for responding! Here's my DDS log.




DDS (Ver_10-12-12.01) - NTFSx86
Run by phrst4 at 17:33:54.07 on Sun 12/19/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.85 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\NetMotion Client\messerv.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetMotion Client\nomtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Vid\vid.exe
C:\Program Files\ooVoo\oovoo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\phrst4\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Logitech Vid] "c:\program files\logitech\vid\Vid.exe" -bootmode
uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPWRTOOLBOX] c:\program files\hewlett-packard\hp deskjet 460 series\toolbox\HPWRTBX.exe "-i"
mRun: [nomtray] c:\program files\netmotion client\nomtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [dldfmon.exe] "c:\program files\dell aio printer 948\dldfmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell aio printer 948\memcard.exe"
mRun: [Dell AIO Printer 948 Fax Server] "c:\program files\dell aio printer 948\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
dRun: [oeynyhyf] c:\documents and settings\networkservice\local settings\application data\mmidfpupd\cemmufetssd.exe
dRun: [likqwrml] c:\documents and settings\networkservice\local settings\application data\mlhquijca\wfkgvytshdw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe.vir
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\phrst4\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: karna.dat iphlpinfo.dll devrgwiz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\phrst4\application data\mozilla\firefox\profiles\x60otuaw.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Xmarks: foxmarks@kei.com - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\foxmarks@kei.com
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-10-27 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-10-27 5248]
R1 fsclm;FIPS Driver;c:\program files\netmotion client\fsclm.sys [2006-11-3 97760]
R1 NMDRV;NetMotion Client Driver;c:\program files\netmotion client\nmdrv.sys [2006-11-3 591872]
R1 NMRoam;NetMotion Roaming Detection Daemon;c:\windows\system32\drivers\nmroam.sys [2006-11-3 15872]
R1 NMutilnt;NetMotion Utility Driver;c:\windows\system32\drivers\nmutilnt.sys [2006-11-3 14848]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-12 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101108.002\naveng.sys [2010-11-8 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101108.002\navex15.sys [2010-11-8 1371184]
R3 nmvnic;NMVNIC Network Adapter;c:\windows\system32\drivers\nmvnic.sys [2006-11-3 37888]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys [2007-6-21 40064]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-9-5 509312]

=============== Created Last 30 ================

2010-12-13 00:10:32 -------- d-----w- c:\windows\pss
2010-12-11 23:27:36 388096 -c--a-r- c:\docume~1\phrst4\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-11 23:27:30 -------- d-----w- c:\program files\Trend Micro
2010-12-11 04:51:26 478720 --sh--w- c:\windows\system32\iphlpinfo.dll
2010-12-11 04:51:19 62976 --sh--w- c:\windows\system32\devrgwiz.dll
2010-12-03 03:51:54 -------- d-----w- c:\program files\Portal
2010-12-01 00:59:59 -------- dc----w- c:\docume~1\phrst4\locals~1\applic~1\Installer4704
2010-12-01 00:40:30 -------- dc----w- c:\docume~1\phrst4\locals~1\applic~1\Installer3264

==================== Find3M ====================

2008-10-30 19:19:02 11528 -c--a-w- c:\program files\common files\vubygixozy.bin
2008-10-30 15:04:28 10917 -c--a-w- c:\program files\common files\ipufupefy.pif
2008-10-30 15:04:27 16675 -c--a-w- c:\program files\common files\alafyc.vbs
2008-10-30 15:04:27 12005 -c--a-w- c:\program files\common files\rekicup.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86D19E90]<<
_asm { JMP 0x4; }
1 ntkrnlpa!IofCallDriver[0x804EDFEA] -> \Device\Harddisk0\DR0[0x86F1FAB8]
3 CLASSPNP[0xF761C05B] -> ntkrnlpa!IofCallDriver[0x804EDFEA] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86F92D98]
\Driver\atapi[0x86FDE7D8] -> IRP_MJ_CREATE -> 0x86D19E90
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x86d19e90
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 17:36:34.65 ===============

Attached Files

  • Attached File  ark.txt   10.36KB   3 downloads


#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:14 PM

Posted 20 December 2010 - 09:24 PM

Hi, bassplayer22-

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please don't make any further changes or run any other tools unless instructed to. Additional changes may hinder the cleaning of your machine.

When asked to copy logs or reports into your reply, please copy them directly into your reply. Do not include them in quotes. Do not attach them unless asked to do so. In Notepad, please turn off Word Wrap under the Format menu.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Please give me some time to look over your log. I will post the reply as soon as possible.
Shannon

#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:14 PM

Posted 22 December 2010 - 09:21 AM

Hi-

Thanks for the logs. They show several infections which we need to attack, and one of those infections is a backdoor trojan. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleaning -

Your logs show that you are using peer-to-peer (P2P) or file-sharing programs like FrostWire.

These programs allow to share files between users as the name(s) suggest. In today's world, the cyber crime has grown to an enormous business and any means is used to infect personal computers and to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject - Risks of File-Sharing Technology

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall Frostwire, however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Double click TDSSKiller.exe
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected
  • Click Continue > Reboot now
  • Copy and paste the log in your next reply
    Note:A copy of the log will be saved automatically to the root of the drive (typically C:\)

Next, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

Next, please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.

In your reply, please copy in the TDSSKiller, ComboFix, and MBRCheck reports, and let me know how your computer is doing.
Shannon

#6 bassplayer22

bassplayer22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 22 December 2010 - 04:04 PM

Thank you again for the help!!
I went ahead and removed Frostwire from my computer, I definitely don't want a repeat of this.
I used the TDSS Killer, but it didn't seem to find anything.

Also, the computer is set up to block me from disabling my Symantec Antivirus Corporate Edition, so I wasn't sure if I should run ComboFix yet.


Here's the TDSS log:

2010/12/22 15:29:33.0688 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/22 15:29:33.0688 ================================================================================
2010/12/22 15:29:33.0688 SystemInfo:
2010/12/22 15:29:33.0688
2010/12/22 15:29:33.0688 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/22 15:29:33.0688 Product type: Workstation
2010/12/22 15:29:33.0688 ComputerName: PHRSTDELLM70
2010/12/22 15:29:33.0688 UserName: phrst4
2010/12/22 15:29:33.0688 Windows directory: C:\WINDOWS
2010/12/22 15:29:33.0688 System windows directory: C:\WINDOWS
2010/12/22 15:29:33.0688 Processor architecture: Intel x86
2010/12/22 15:29:33.0688 Number of processors: 1
2010/12/22 15:29:33.0688 Page size: 0x1000
2010/12/22 15:29:33.0688 Boot type: Normal boot
2010/12/22 15:29:33.0688 ================================================================================
2010/12/22 15:29:34.0532 Initialize success
2010/12/22 15:29:49.0636 ================================================================================
2010/12/22 15:29:49.0636 Scan started
2010/12/22 15:29:49.0636 Mode: Manual;
2010/12/22 15:29:49.0636 ================================================================================
2010/12/22 15:29:50.0590 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/22 15:29:50.0684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/22 15:29:50.0856 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/22 15:29:50.0934 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/12/22 15:29:51.0309 AnyDVD (82ce157ff3701ab50769b2654d0b0215) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2010/12/22 15:29:51.0466 apusbsnt (560c2c951fc28cee28952115076e8e3b) C:\WINDOWS\system32\DRIVERS\apusbsnt.sys
2010/12/22 15:29:51.0716 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/22 15:29:51.0810 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/22 15:29:51.0935 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/22 15:29:52.0044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/22 15:29:52.0154 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/22 15:29:52.0247 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
2010/12/22 15:29:52.0451 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/22 15:29:52.0560 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/22 15:29:52.0717 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/22 15:29:52.0842 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/22 15:29:52.0935 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/22 15:29:53.0154 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/22 15:29:53.0279 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/22 15:29:53.0514 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/12/22 15:29:53.0608 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/12/22 15:29:53.0717 CVPNDRVA (f7eb6ec14c1f614b89abc3c10beb1054) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/12/22 15:29:53.0858 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/12/22 15:29:53.0920 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
2010/12/22 15:29:54.0171 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/22 15:29:54.0327 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/22 15:29:54.0436 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/22 15:29:54.0530 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/22 15:29:54.0655 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/22 15:29:54.0765 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/12/22 15:29:54.0906 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/22 15:29:55.0078 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/22 15:29:55.0187 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2010/12/22 15:29:55.0281 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2010/12/22 15:29:55.0406 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2010/12/22 15:29:55.0515 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/12/22 15:29:55.0578 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/22 15:29:55.0719 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/22 15:29:55.0812 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/22 15:29:55.0906 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/12/22 15:29:56.0016 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/22 15:29:56.0360 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/22 15:29:56.0516 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/22 15:29:56.0672 fsclm (1bc72b8e36b9ca0602552bd5155225aa) C:\Program Files\NetMotion Client\fsclm.sys
2010/12/22 15:29:56.0797 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/22 15:29:56.0844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/22 15:29:56.0938 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/22 15:29:57.0001 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/22 15:29:57.0110 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/22 15:29:57.0267 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/12/22 15:29:57.0407 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/12/22 15:29:57.0548 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/22 15:29:57.0736 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/22 15:29:57.0845 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/22 15:29:58.0001 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/22 15:29:58.0127 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/22 15:29:58.0173 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/22 15:29:58.0267 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/22 15:29:58.0345 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/22 15:29:58.0439 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/22 15:29:58.0549 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/22 15:29:58.0643 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/22 15:29:58.0752 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/22 15:29:58.0861 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/22 15:29:58.0955 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/22 15:29:59.0190 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/22 15:29:59.0299 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/22 15:29:59.0502 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/12/22 15:29:59.0643 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/12/22 15:30:00.0097 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/12/22 15:30:00.0550 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/22 15:30:00.0660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/22 15:30:00.0753 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/22 15:30:00.0863 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/22 15:30:00.0925 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/22 15:30:00.0988 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/22 15:30:01.0144 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/22 15:30:01.0269 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/22 15:30:01.0379 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/22 15:30:01.0488 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/22 15:30:01.0551 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/22 15:30:01.0613 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/22 15:30:01.0707 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/22 15:30:01.0801 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/22 15:30:01.0926 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/22 15:30:02.0082 MusCDriverV32 (5e0a4cbf363b658baa80e4e00e1ea366) C:\WINDOWS\system32\drivers\MusCDriverV32.sys
2010/12/22 15:30:02.0208 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/22 15:30:02.0395 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\naveng.sys
2010/12/22 15:30:02.0505 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\navex15.sys
2010/12/22 15:30:02.0692 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/22 15:30:02.0802 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/22 15:30:02.0911 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/22 15:30:02.0989 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/22 15:30:03.0099 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/22 15:30:03.0177 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/22 15:30:03.0255 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/22 15:30:03.0380 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/22 15:30:03.0583 NMDRV (102e1f68b38d843913714740bb860197) C:\Program Files\NetMotion Client\nmdrv.sys
2010/12/22 15:30:03.0709 NMRoam (3d7c3f5a1c96bcd6f2ebb72199f7fed4) C:\WINDOWS\system32\DRIVERS\nmroam.sys
2010/12/22 15:30:03.0771 NMutilnt (584df50daa11506734948612f6b74314) C:\WINDOWS\system32\drivers\nmutilnt.sys
2010/12/22 15:30:03.0849 nmvnic (47c765a5fcb9579f9a9479a1bad2ef86) C:\WINDOWS\system32\DRIVERS\nmvnic.sys
2010/12/22 15:30:03.0927 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/22 15:30:04.0115 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/22 15:30:04.0256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/22 15:30:04.0522 nv (2de1d6c74713eef65e7557a7c086d022) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/22 15:30:04.0819 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/22 15:30:04.0913 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/22 15:30:05.0022 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/12/22 15:30:05.0116 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/12/22 15:30:05.0178 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/12/22 15:30:05.0257 NWRDR (3f18d9365be71c7b2e43b7cf4a0c1a10) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/12/22 15:30:05.0350 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/22 15:30:05.0491 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/22 15:30:05.0569 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/22 15:30:05.0663 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/22 15:30:05.0757 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/22 15:30:05.0851 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/22 15:30:06.0320 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/22 15:30:06.0414 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/22 15:30:06.0554 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/22 15:30:06.0867 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/22 15:30:06.0930 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/22 15:30:06.0992 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/22 15:30:07.0102 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/22 15:30:07.0195 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/22 15:30:07.0274 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/22 15:30:07.0399 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/22 15:30:07.0508 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/22 15:30:07.0727 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/22 15:30:07.0883 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/12/22 15:30:08.0087 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/12/22 15:30:08.0134 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/12/22 15:30:08.0243 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/22 15:30:08.0368 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/22 15:30:08.0431 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/22 15:30:08.0540 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/22 15:30:08.0712 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/22 15:30:08.0962 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/22 15:30:09.0181 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/22 15:30:09.0291 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/22 15:30:09.0416 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/22 15:30:09.0541 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2010/12/22 15:30:09.0666 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/22 15:30:09.0728 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/22 15:30:09.0807 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/22 15:30:09.0916 SWMX00 (f89b491d497dffa233d9678842f33cef) C:\WINDOWS\system32\DRIVERS\swmx00.sys
2010/12/22 15:30:10.0010 SWNC5E00 (9a21343d1d72a43cb9f49eec9453b221) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
2010/12/22 15:30:10.0291 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2010/12/22 15:30:10.0385 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/12/22 15:30:10.0479 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/12/22 15:30:10.0667 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/22 15:30:10.0792 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/22 15:30:10.0932 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/22 15:30:11.0120 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/22 15:30:11.0292 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/22 15:30:11.0495 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/22 15:30:11.0683 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/22 15:30:11.0886 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/22 15:30:11.0964 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/22 15:30:12.0121 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/22 15:30:12.0199 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/22 15:30:12.0293 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/22 15:30:12.0371 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/22 15:30:12.0480 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/22 15:30:12.0574 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/22 15:30:12.0652 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/22 15:30:12.0762 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/22 15:30:12.0871 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/22 15:30:13.0028 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/22 15:30:13.0356 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/12/22 15:30:13.0575 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/22 15:30:13.0731 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/22 15:30:13.0872 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/22 15:30:14.0169 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/22 15:30:14.0278 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/22 15:30:14.0388 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/22 15:30:14.0622 ================================================================================
2010/12/22 15:30:14.0622 Scan finished
2010/12/22 15:30:14.0622 ================================================================================
2010/12/22 15:30:29.0414 ================================================================================
2010/12/22 15:30:29.0414 Scan started
2010/12/22 15:30:29.0414 Mode: Manual;
2010/12/22 15:30:29.0414 ================================================================================
2010/12/22 15:30:29.0758 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/22 15:30:29.0836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/22 15:30:29.0961 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/22 15:30:30.0024 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/12/22 15:30:30.0352 AnyDVD (82ce157ff3701ab50769b2654d0b0215) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2010/12/22 15:30:30.0477 apusbsnt (560c2c951fc28cee28952115076e8e3b) C:\WINDOWS\system32\DRIVERS\apusbsnt.sys
2010/12/22 15:30:30.0743 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/22 15:30:30.0837 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/22 15:30:30.0946 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/22 15:30:31.0071 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/22 15:30:31.0165 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/22 15:30:31.0290 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
2010/12/22 15:30:31.0462 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/22 15:30:31.0572 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/22 15:30:31.0697 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/22 15:30:31.0806 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/22 15:30:31.0900 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/22 15:30:32.0150 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/22 15:30:32.0275 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/22 15:30:32.0494 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/12/22 15:30:32.0604 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/12/22 15:30:32.0729 CVPNDRVA (f7eb6ec14c1f614b89abc3c10beb1054) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/12/22 15:30:32.0870 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/12/22 15:30:32.0932 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
2010/12/22 15:30:33.0167 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/22 15:30:33.0292 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/22 15:30:33.0385 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/22 15:30:33.0495 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/22 15:30:33.0636 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/22 15:30:33.0729 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/12/22 15:30:33.0855 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/22 15:30:34.0027 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/22 15:30:34.0136 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2010/12/22 15:30:34.0261 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2010/12/22 15:30:34.0417 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2010/12/22 15:30:34.0511 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/12/22 15:30:34.0589 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/22 15:30:34.0715 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/22 15:30:34.0793 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/22 15:30:34.0871 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/12/22 15:30:34.0980 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/22 15:30:35.0137 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/22 15:30:35.0215 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/22 15:30:35.0340 fsclm (1bc72b8e36b9ca0602552bd5155225aa) C:\Program Files\NetMotion Client\fsclm.sys
2010/12/22 15:30:35.0418 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/22 15:30:35.0465 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/22 15:30:35.0543 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/22 15:30:35.0653 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/22 15:30:35.0731 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/22 15:30:35.0903 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/12/22 15:30:36.0012 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/12/22 15:30:36.0137 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/22 15:30:36.0341 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/22 15:30:36.0450 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/22 15:30:36.0638 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/22 15:30:36.0732 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/22 15:30:36.0810 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/22 15:30:36.0888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/22 15:30:36.0950 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/22 15:30:37.0060 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/22 15:30:37.0169 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/22 15:30:37.0294 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/22 15:30:37.0388 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/22 15:30:37.0466 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/22 15:30:37.0576 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/22 15:30:37.0685 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/22 15:30:37.0748 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/22 15:30:37.0998 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/12/22 15:30:38.0233 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/12/22 15:30:38.0686 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/12/22 15:30:38.0905 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/22 15:30:39.0014 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/22 15:30:39.0124 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/22 15:30:39.0202 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/22 15:30:39.0358 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/22 15:30:39.0437 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/22 15:30:39.0577 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/22 15:30:39.0702 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/22 15:30:39.0812 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/22 15:30:39.0921 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/22 15:30:39.0984 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/22 15:30:40.0093 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/22 15:30:40.0203 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/22 15:30:40.0297 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/22 15:30:40.0375 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/22 15:30:40.0469 MusCDriverV32 (5e0a4cbf363b658baa80e4e00e1ea366) C:\WINDOWS\system32\drivers\MusCDriverV32.sys
2010/12/22 15:30:40.0547 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/22 15:30:40.0734 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\naveng.sys
2010/12/22 15:30:40.0844 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\navex15.sys
2010/12/22 15:30:41.0000 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/22 15:30:41.0203 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/22 15:30:41.0297 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/22 15:30:41.0375 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/22 15:30:41.0438 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/22 15:30:41.0516 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/22 15:30:41.0594 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/22 15:30:41.0704 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/22 15:30:41.0891 NMDRV (102e1f68b38d843913714740bb860197) C:\Program Files\NetMotion Client\nmdrv.sys
2010/12/22 15:30:42.0001 NMRoam (3d7c3f5a1c96bcd6f2ebb72199f7fed4) C:\WINDOWS\system32\DRIVERS\nmroam.sys
2010/12/22 15:30:42.0110 NMutilnt (584df50daa11506734948612f6b74314) C:\WINDOWS\system32\drivers\nmutilnt.sys
2010/12/22 15:30:42.0204 nmvnic (47c765a5fcb9579f9a9479a1bad2ef86) C:\WINDOWS\system32\DRIVERS\nmvnic.sys
2010/12/22 15:30:42.0282 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/22 15:30:42.0454 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/22 15:30:42.0783 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/22 15:30:43.0158 nv (2de1d6c74713eef65e7557a7c086d022) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/22 15:30:43.0314 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/22 15:30:43.0361 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/22 15:30:43.0471 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/12/22 15:30:43.0564 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/12/22 15:30:43.0627 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/12/22 15:30:43.0690 NWRDR (3f18d9365be71c7b2e43b7cf4a0c1a10) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/12/22 15:30:43.0783 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/22 15:30:43.0893 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/22 15:30:43.0955 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/22 15:30:44.0065 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/22 15:30:44.0221 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/22 15:30:44.0315 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/22 15:30:44.0768 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/22 15:30:44.0847 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/22 15:30:44.0940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/22 15:30:45.0284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/22 15:30:45.0347 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/22 15:30:45.0425 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/22 15:30:45.0472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/22 15:30:45.0550 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/22 15:30:45.0613 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/22 15:30:45.0738 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/22 15:30:45.0863 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/22 15:30:45.0988 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/22 15:30:46.0160 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/12/22 15:30:46.0301 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/12/22 15:30:46.0348 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/12/22 15:30:46.0457 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/22 15:30:46.0567 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/22 15:30:46.0645 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/22 15:30:46.0754 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/22 15:30:46.0926 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/22 15:30:47.0192 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/22 15:30:47.0301 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/22 15:30:47.0411 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/22 15:30:47.0520 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/22 15:30:47.0677 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2010/12/22 15:30:47.0802 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/22 15:30:47.0880 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/22 15:30:47.0958 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/22 15:30:48.0052 SWMX00 (f89b491d497dffa233d9678842f33cef) C:\WINDOWS\system32\DRIVERS\swmx00.sys
2010/12/22 15:30:48.0130 SWNC5E00 (9a21343d1d72a43cb9f49eec9453b221) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
2010/12/22 15:30:48.0380 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2010/12/22 15:30:48.0505 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/12/22 15:30:48.0599 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/12/22 15:30:48.0787 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/22 15:30:48.0896 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/22 15:30:49.0006 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/22 15:30:49.0162 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/22 15:30:49.0272 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/22 15:30:49.0522 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/22 15:30:49.0694 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/22 15:30:49.0850 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/22 15:30:49.0975 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/22 15:30:50.0100 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/22 15:30:50.0178 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/22 15:30:50.0257 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/22 15:30:50.0335 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/22 15:30:50.0429 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/22 15:30:50.0507 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/22 15:30:50.0554 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/22 15:30:50.0648 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/22 15:30:50.0726 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/22 15:30:50.0835 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/22 15:30:51.0038 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/12/22 15:30:51.0164 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/22 15:30:51.0382 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/22 15:30:51.0664 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/22 15:30:51.0930 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/22 15:30:52.0023 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/22 15:30:52.0227 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/22 15:30:52.0446 ================================================================================
2010/12/22 15:30:52.0446 Scan finished
2010/12/22 15:30:52.0446 ================================================================================
2010/12/22 15:31:13.0820 Deinitialize success

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:14 PM

Posted 22 December 2010 - 09:56 PM

Hi-

Is this a business/institution computer?

If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask because I do not HELP remove malware from any business or corporate or institution related computers for several reasons:

  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

Shannon

#8 bassplayer22

bassplayer22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 22 December 2010 - 10:09 PM

The laptop infected was used a long time ago for work, but it has since been outdated and replaced, no work related documents or information remain on the computer. It no longer connects to a computer network. We were allowed to keep these, however, I believe it is still set up as a work computer (as far as the computer's settings go).

I hope this doesn't affect my ability to repair the computer.

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:14 PM

Posted 23 December 2010 - 10:28 AM

Hi-

Thanks for clarifying the ownership of your computer. Since it is no longer corporate owned, you should consider replacing the corporate edition of Symantec Antivirus with a anti-virus package that you can control. There are several good free ones - see here.

I don't think the Symantec AV will interfere with ComboFix or MBRCheck. Please run both and copy into your reply the ComboFix and MBRCheck reports.
Shannon

#10 bassplayer22

bassplayer22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 23 December 2010 - 07:44 PM

Ok, I ran ComboFix with nearly no issues. ComboFix rebooted my computer, and it was beginning to prepare the log, but after a few, there were about 20 Internet Explorer popups (that couldn't connect to the internet) that slowed the computer til nothing else was happening.

I manually shut the computer off and turned it back on, and after seeing if by some chance it created a log, I discovered it didn't.

I ran a fresh copy of ComboFix, and it did not need to reboot the computer. Gave me a report log which I have pasted below:



ComboFix 10-12-23.02 - phrst4 12/23/2010 19:16:33.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.277 [GMT -5:00]
Running from: c:\documents and settings\phrst4\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\phrst4\LOCALS~1\Temp\~160F.tmp
c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
c:\documents and settings\phrst4\Cookies\bulutupini.bat
c:\documents and settings\phrst4\Cookies\cyrim.sys
c:\documents and settings\phrst4\Cookies\ejyz.sys
c:\documents and settings\phrst4\Cookies\exilyluhi.vbs
c:\documents and settings\phrst4\Cookies\hobysizare._sy
c:\documents and settings\phrst4\Cookies\mapehygi.scr
c:\documents and settings\phrst4\Cookies\ojuqapu.ban
c:\documents and settings\phrst4\Cookies\onamycako.com
c:\documents and settings\phrst4\Cookies\surezi.dl
c:\documents and settings\phrst4\Cookies\upazi.vbs
c:\documents and settings\phrst4\Cookies\urasis.bin
c:\documents and settings\phrst4\Cookies\usuqyte.com
c:\documents and settings\phrst4\Cookies\ykeny.dll
c:\documents and settings\phrst4\Cookies\ylezigipaj.bat
c:\documents and settings\phrst4\Local Settings\Temp\~160F.tmp
c:\windows\daemon.dll
c:\windows\dyquzaxy.scr
c:\windows\ekepidahix._sy
c:\windows\mywu.dll
c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-23 03:30 . 2010-12-23 03:30 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-20 17:39 . 2004-08-04 05:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-12-20 17:39 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-12-20 17:39 . 2004-08-04 03:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-12-20 17:39 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-11 22:55 . 2010-12-11 22:55 -------- d-----w- c:\program files\Common Files\Skype
2010-12-11 04:51 . 2010-12-11 04:51 478720 --sh--w- c:\windows\system32\iphlpinfo.dll
2010-12-11 04:51 . 2010-12-11 04:51 62976 --sh--w- c:\windows\system32\devrgwiz.dll
2010-12-03 03:51 . 2010-12-03 04:00 -------- d-----w- c:\program files\Portal
2010-12-01 00:59 . 2010-12-01 01:00 -------- dc----w- c:\documents and settings\phrst4\Local Settings\Application Data\Installer4704
2010-12-01 00:40 . 2010-12-01 00:40 -------- dc----w- c:\documents and settings\phrst4\Local Settings\Application Data\Installer3264

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-08-02 19:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-08-02 19:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-10-30 19:19 . 2008-10-30 19:19 11528 -c--a-w- c:\program files\Common Files\vubygixozy.bin
2008-10-30 15:04 . 2008-10-30 15:04 10917 -c--a-w- c:\program files\Common Files\ipufupefy.pif
2008-10-30 15:04 . 2008-10-30 15:04 16675 -c--a-w- c:\program files\Common Files\alafyc.vbs
2008-10-30 15:04 . 2008-10-30 15:04 12005 -c--a-w- c:\program files\Common Files\rekicup.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-14 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-14 13:26 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"Steam"="c:\program files\steam\steam.exe" [2010-11-24 1242448]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-07-14 4430784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-23 7561216]
"nwiz"="nwiz.exe" [2006-03-23 1519616]
"NVHotkey"="nvHotkey.dll" [2006-03-23 73728]
"NvMediaCenter"="NvMCTray.dll" [2006-03-23 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPWRTOOLBOX"="c:\program files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" [2005-10-26 344064]
"nomtray"="c:\program files\NetMotion Client\nomtray.exe" [2006-11-03 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 455336]
"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-09-18 410280]
"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-09-20 312560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe.vir [2010-8-2 66864]
MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-4-18 541976]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\Wireless\\dldfwpss.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\theoriginalmixey\\counter-strike\\hl.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"12082:TCP"= 12082:TCP:PORT_12082
"25130:TCP"= 25130:TCP:PORT_25130
"30533:TCP"= 30533:TCP:PORT_30533
"61881:TCP"= 61881:TCP:PORT_61881
"54494:TCP"= 54494:TCP:PORT_54494
"31045:TCP"= 31045:TCP:PORT_31045
"9825:TCP"= 9825:TCP:PORT_9825
"56029:TCP"= 56029:TCP:PORT_56029
"22133:TCP"= 22133:TCP:PORT_22133
"16438:TCP"= 16438:TCP:PORT_16438
"65485:TCP"= 65485:TCP:PORT_65485
"16840:TCP"= 16840:TCP:PORT_16840
"20896:TCP"= 20896:TCP:PORT_20896
"31774:TCP"= 31774:TCP:PORT_31774
"59063:TCP"= 59063:TCP:PORT_59063
"54363:TCP"= 54363:TCP:PORT_54363
"15568:TCP"= 15568:TCP:PORT_15568
"42283:TCP"= 42283:TCP:PORT_42283
"40984:TCP"= 40984:TCP:PORT_40984
"7981:TCP"= 7981:TCP:PORT_7981
"54781:TCP"= 54781:TCP:PORT_54781
"14755:TCP"= 14755:TCP:PORT_14755
"62536:TCP"= 62536:TCP:PORT_62536
"53505:TCP"= 53505:TCP:PORT_53505
"56340:TCP"= 56340:TCP:PORT_56340
"5876:TCP"= 5876:TCP:PORT_5876
"61446:TCP"= 61446:TCP:PORT_61446
"8684:TCP"= 8684:TCP:PORT_8684
"20837:TCP"= 20837:TCP:PORT_20837
"20977:TCP"= 20977:TCP:PORT_20977
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [10/27/2007 7:31 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [10/27/2007 7:31 PM 5248]
R1 fsclm;FIPS Driver;c:\program files\NetMotion Client\fsclm.sys [11/3/2006 1:41 PM 97760]
R1 NMDRV;NetMotion Client Driver;c:\program files\NetMotion Client\nmdrv.sys [11/3/2006 1:41 PM 591872]
R1 NMRoam;NetMotion Roaming Detection Daemon;c:\windows\system32\drivers\nmroam.sys [11/3/2006 1:41 PM 15872]
R1 NMutilnt;NetMotion Utility Driver;c:\windows\system32\drivers\nmutilnt.sys [11/3/2006 1:41 PM 14848]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 MESSERV;NetMotion Client;c:\program files\NetMotion Client\messerv.exe [11/3/2006 1:41 PM 1003520]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 7:33 PM 116464]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2007 8:10 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/12/2010 8:25 PM 102448]
R3 nmvnic;NMVNIC Network Adapter;c:\windows\system32\drivers\nmvnic.sys [11/3/2006 1:41 PM 37888]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [8/13/2008 5:46 PM 98952]
S2 gupdate1c9503c5af7bb5a;Google Update Service (gupdate1c9503c5af7bb5a);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2008 10:00 PM 133104]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys [6/21/2007 3:38 PM 40064]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [9/5/2008 3:12 PM 509312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-27 03:00]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-27 03:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\phrst4\Start Menu\Programs\IMVU\Run IMVU.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 19:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CD7598]<<
c:\docume~1\phrst4\LOCALS~1\Temp\catchme.sys
_asm { JMP 0x4; }
1 ntkrnlpa!IofCallDriver[0x804EDFEA] -> \Device\Harddisk0\DR0[0x86F3FAB8]
3 CLASSPNP[0xF75DC05B] -> ntkrnlpa!IofCallDriver[0x804EDFEA] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86F97D98]
\Driver\atapi[0x86F5E4E0] -> IRP_MJ_CREATE -> 0x86CD7598
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x86cd7598
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1904)
c:\program files\NetMotion Client\nmlogon.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(2024)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-12-23 19:33:57
ComboFix-quarantined-files.txt 2010-12-24 00:33

Pre-Run: 4,497,948,672 bytes free
Post-Run: 4,476,411,904 bytes free

- - End Of File - - 0D7D3EE312D8034DB80707FA27BCBD0E
















And this is the MBRCheck log:






MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF7A9B000 \WINDOWS\system32\KDCOM.DLL
0xF79AB000 \WINDOWS\system32\BOOTVID.dll
0xF7474000 d347bus.sys
0xF7446000 ACPI.sys
0xF7A9D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7435000 pci.sys
0xF759B000 isapnp.sys
0xF79AF000 compbatt.sys
0xF79B3000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B63000 PCIIde.sys
0xF781B000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7A9F000 intelide.sys
0xF7417000 pcmcia.sys
0xF75AB000 MountMgr.sys
0xF73F8000 ftdisk.sys
0xF7823000 PartMgr.sys
0xF75BB000 VolSnap.sys
0xF73E0000
0xF7AA1000 d347prt.sys
0xF73C8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF75CB000 disk.sys
0xF75DB000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73A8000 fltMgr.sys
0xF7396000 sr.sys
0xF737F000 KSecDD.sys
0xF72F2000 Ntfs.sys
0xF72C5000 NDIS.sys
0xF72AA000 Mup.sys
0xF76FB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A5F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF67E1000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF67CD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF67AF000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7893000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF678C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF789B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF656E000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF652B000 \SystemRoot\system32\drivers\STAC97.sys
0xF6507000 \SystemRoot\system32\drivers\portcls.sys
0xF770B000 \SystemRoot\system32\drivers\drmk.sys
0xF64E4000 \SystemRoot\system32\drivers\ks.sys
0xF64B1000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF63B4000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xF6307000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78A3000 \SystemRoot\System32\Drivers\Modem.SYS
0xF771B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78AB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF78B3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF772B000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A77000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF773B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF78BB000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xF62EE000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xF774B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF775B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF776B000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6295000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xF7BD6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77AB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A87000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF627E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77BB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77CB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78CB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6245000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77DB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78D3000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78DB000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77FB000 \SystemRoot\system32\DRIVERS\nmvnic.sys
0xF615E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF780B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AC5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6105000 \SystemRoot\system32\DRIVERS\update.sys
0xF7265000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF761B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF763B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AC9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF3EA9000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xF3E87000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xF3E73000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xF7A53000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF764B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7913000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A57000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7AD1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CEA000 \SystemRoot\System32\Drivers\Null.SYS
0xF7933000 \SystemRoot\System32\drivers\vga.sys
0xF7AD3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AD5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7943000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF794B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF5F6A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3C3E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3BE6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7963000 \??\C:\WINDOWS\system32\drivers\nmutilnt.sys
0xF3BC5000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76CB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF796B000 \SystemRoot\system32\DRIVERS\nmroam.sys
0xF3BAD000 \??\C:\Program Files\NetMotion Client\fsclm.sys
0xF3B0E000 \??\C:\Program Files\NetMotion Client\nmdrv.sys
0xF3AD3000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xF3AAB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3A89000 \SystemRoot\System32\drivers\afd.sys
0xF76DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3A27000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xF39D4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3965000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76EB000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79A3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xF3907000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF38EA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF6225000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF38D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AFB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5F72000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7853000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF7CA8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBAC82000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF767B000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xF7873000 \SystemRoot\system32\DRIVERS\elagopro.sys
0xBAD88000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBAD7C000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBA8C2000 \SystemRoot\system32\DRIVERS\nwrdr.sys
0xBA86D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA9FA000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF7AF1000 \??\C:\WINDOWS\system32\Drivers\BASFND.sys
0xBA6FB000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xF7B11000 \SystemRoot\system32\DRIVERS\elaunidr.sys
0xBA429000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA8FE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF793B000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xB9DF8000 \SystemRoot\System32\Drivers\HTTP.sys
0xB9B92000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\navex15.sys
0xB9B7E000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\naveng.sys
0xB9189000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9D70000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9EB9000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xF7ADF000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF787B000 \??\C:\DOCUME~1\phrst4\LOCALS~1\Temp\catchme.sys
0xB61C3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB5997000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
1452 C:\WINDOWS\system32\smss.exe
1660 csrss.exe
1904 C:\WINDOWS\system32\winlogon.exe
1948 C:\WINDOWS\system32\services.exe
1960 C:\WINDOWS\system32\lsass.exe
292 C:\WINDOWS\system32\svchost.exe
380 svchost.exe
432 C:\WINDOWS\system32\svchost.exe
468 C:\Program Files\NetMotion Client\messerv.exe
940 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
996 svchost.exe
1028 svchost.exe
1408 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1492 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1604 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
1724 C:\WINDOWS\system32\spoolsv.exe
1284 C:\WINDOWS\system32\BAsfIpM.exe
1336 C:\Program Files\Bonjour\mDNSResponder.exe
1368 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1504 C:\Program Files\Symantec AntiVirus\DefWatch.exe
320 C:\WINDOWS\system32\dldfcoms.exe
504 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
900 C:\Program Files\Java\jre6\bin\jqs.exe
1384 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
1508 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1320 C:\WINDOWS\system32\nvsvc32.exe
884 C:\WINDOWS\system32\svchost.exe
1128 C:\WINDOWS\system32\PSIService.exe
2052 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2084 C:\Program Files\Symantec AntiVirus\SavRoam.exe
2136 C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
2176 C:\WINDOWS\system32\svchost.exe
2260 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2360 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2472 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
2548 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3080 wmiprvse.exe
3288 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3884 wmiprvse.exe
3956 alg.exe
1532 C:\WINDOWS\system32\svchost.exe
3680 C:\WINDOWS\system32\rundll32.exe
744 C:\WINDOWS\system32\rundll32.exe
1488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1164 C:\PROGRA~1\SYMANT~1\VPTray.exe
3256 C:\Program Files\NetMotion Client\nomtray.exe
3492 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2392 C:\Program Files\Dell AIO Printer 948\dldfmon.exe
3628 C:\Program Files\Dell AIO Printer 948\memcard.exe
3812 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
2536 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3064 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
3872 C:\WINDOWS\system32\wbem\unsecapp.exe
2796 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3068 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
2092 C:\Program Files\Steam\Steam.exe
3500 C:\WINDOWS\system32\ctfmon.exe
2200 C:\Program Files\Palm\Hotsync.exe
2024 C:\WINDOWS\explorer.exe
4016 C:\WINDOWS\system32\wuauclt.exe
3368 C:\Documents and Settings\phrst4\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4026GAX, Rev: PA102D

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#11 bassplayer22

bassplayer22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 23 December 2010 - 08:38 PM

Oh and it seems that I'm not having any problems with google redirecting anymore, and I haven't seen popups either.

#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:14 PM

Posted 26 December 2010 - 12:43 PM

Hi-

It looks like you have an infection in the Master Boot Record(MBR) on your hard disk drive. In order to determine what the infection is and how to remove it, I need to look at a copy your MBR. The first part of the following MBR copy instructions should be done on a computer other that the infected one.

You will need a USB drive. Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?) - please note that if you do not see sbd1 simply remove then replace the USB while xPud is running and it will then appear!
  • Press Tool at the top
  • Choose Open Terminal
  • Type dd if=/dev/sda of=MBRbackup.zip bs=512 count=1
  • Press Enter
  • After it has finished a report will be located on your USB drive named MBRbackup.zip
  • Remove the USB drive and insert back in your working computer and navigate to MBRbackup.zip Please note - all text entries are case sensitive
In your reply, please attach the MBRbackup.zip.
Shannon

#13 bassplayer22

bassplayer22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 28 December 2010 - 08:22 PM

Hi, here is my zip file.

Attached Files



#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:14 PM

Posted 29 December 2010 - 10:32 AM

Hi-

Thank you for the MBR dump file. The good news is that your Master Boot Record is not infected. So, we will use ComboFix to clean up some other problems and then get a fresh scan with OTL.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\program files\Common Files\vubygixozy.bin
c:\program files\Common Files\ipufupefy.pif
c:\program files\Common Files\alafyc.vbs
c:\program files\Common Files\rekicup.sys
c:\windows\system32\iphlpinfo.dll
c:\windows\system32\devrgwiz.dll
Firefox::
FF - ProfilePath - c:\docume~1\phrst4\applic~1\mozilla\firefox\profiles\x60otuaw.default\
FF - prefs.js: network.proxy.type - 4
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
dRun: [oeynyhyf] c:\documents and settings\networkservice\local settings\application data\mmidfpupd\cemmufetssd.exe
dRun: [likqwrml] c:\documents and settings\networkservice\local settings\application data\mlhquijca\wfkgvytshdw.exe
AppInit_DLLs: karna.dat iphlpinfo.dll devrgwiz.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Next, we need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

In your reply, please copy in the ComboFix report and the two OTL reports. Also, let me know how your computer is doing.
Shannon

#15 bassplayer22

bassplayer22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 29 December 2010 - 05:36 PM

Hi, thank you so much again for your help! My computer seems to be running with no visible issues at the moment.

Here are the logs you asked for:
COMBOFIX:

ComboFix 10-12-28.03 - phrst4 12/29/2010 14:22:02.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.325 [GMT -5:00]
Running from: c:\documents and settings\phrst4\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\phrst4\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\program files\Common Files\alafyc.vbs"
"c:\program files\Common Files\ipufupefy.pif"
"c:\program files\Common Files\rekicup.sys"
"c:\program files\Common Files\vubygixozy.bin"
"c:\windows\system32\devrgwiz.dll"
"c:\windows\system32\iphlpinfo.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\alafyc.vbs
c:\program files\Common Files\ipufupefy.pif
c:\program files\Common Files\rekicup.sys
c:\program files\Common Files\vubygixozy.bin
c:\windows\system32\devrgwiz.dll
c:\windows\system32\iphlpinfo.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-23 03:30 . 2010-12-23 03:30 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-20 17:39 . 2004-08-04 05:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-12-20 17:39 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-12-20 17:39 . 2004-08-04 03:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-12-20 17:39 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-11 22:55 . 2010-12-11 22:55 -------- d-----w- c:\program files\Common Files\Skype
2010-12-03 03:51 . 2010-12-03 04:00 -------- d-----w- c:\program files\Portal
2010-12-01 00:59 . 2010-12-01 01:00 -------- dc----w- c:\documents and settings\phrst4\Local Settings\Application Data\Installer4704
2010-12-01 00:40 . 2010-12-01 00:40 -------- dc----w- c:\documents and settings\phrst4\Local Settings\Application Data\Installer3264

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-08-02 19:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-08-02 19:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-24_00.28.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-29 18:28 . 2010-12-29 18:28 16384 c:\windows\Temp\Perflib_Perfdata_394.dat
+ 2006-02-28 12:00 . 2010-12-29 18:32 71370 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2010-12-23 23:37 71370 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2010-12-29 18:32 439832 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2010-12-23 23:37 439832 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-14 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-14 13:26 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"Steam"="c:\program files\steam\steam.exe" [2010-11-24 1242448]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-07-14 4430784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-23 7561216]
"nwiz"="nwiz.exe" [2006-03-23 1519616]
"NVHotkey"="nvHotkey.dll" [2006-03-23 73728]
"NvMediaCenter"="NvMCTray.dll" [2006-03-23 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPWRTOOLBOX"="c:\program files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" [2005-10-26 344064]
"nomtray"="c:\program files\NetMotion Client\nomtray.exe" [2006-11-03 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 455336]
"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-09-18 410280]
"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-09-20 312560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe.vir [2010-8-2 66864]
MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-4-18 541976]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\Wireless\\dldfwpss.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\theoriginalmixey\\counter-strike\\hl.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"12082:TCP"= 12082:TCP:PORT_12082
"25130:TCP"= 25130:TCP:PORT_25130
"30533:TCP"= 30533:TCP:PORT_30533
"61881:TCP"= 61881:TCP:PORT_61881
"54494:TCP"= 54494:TCP:PORT_54494
"31045:TCP"= 31045:TCP:PORT_31045
"9825:TCP"= 9825:TCP:PORT_9825
"56029:TCP"= 56029:TCP:PORT_56029
"22133:TCP"= 22133:TCP:PORT_22133
"16438:TCP"= 16438:TCP:PORT_16438
"65485:TCP"= 65485:TCP:PORT_65485
"16840:TCP"= 16840:TCP:PORT_16840
"20896:TCP"= 20896:TCP:PORT_20896
"31774:TCP"= 31774:TCP:PORT_31774
"59063:TCP"= 59063:TCP:PORT_59063
"54363:TCP"= 54363:TCP:PORT_54363
"15568:TCP"= 15568:TCP:PORT_15568
"42283:TCP"= 42283:TCP:PORT_42283
"40984:TCP"= 40984:TCP:PORT_40984
"7981:TCP"= 7981:TCP:PORT_7981
"54781:TCP"= 54781:TCP:PORT_54781
"14755:TCP"= 14755:TCP:PORT_14755
"62536:TCP"= 62536:TCP:PORT_62536
"53505:TCP"= 53505:TCP:PORT_53505
"56340:TCP"= 56340:TCP:PORT_56340
"5876:TCP"= 5876:TCP:PORT_5876
"61446:TCP"= 61446:TCP:PORT_61446
"8684:TCP"= 8684:TCP:PORT_8684
"20837:TCP"= 20837:TCP:PORT_20837
"20977:TCP"= 20977:TCP:PORT_20977
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [10/27/2007 7:31 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [10/27/2007 7:31 PM 5248]
R1 fsclm;FIPS Driver;c:\program files\NetMotion Client\fsclm.sys [11/3/2006 1:41 PM 97760]
R1 NMDRV;NetMotion Client Driver;c:\program files\NetMotion Client\nmdrv.sys [11/3/2006 1:41 PM 591872]
R1 NMRoam;NetMotion Roaming Detection Daemon;c:\windows\system32\drivers\nmroam.sys [11/3/2006 1:41 PM 15872]
R1 NMutilnt;NetMotion Utility Driver;c:\windows\system32\drivers\nmutilnt.sys [11/3/2006 1:41 PM 14848]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 MESSERV;NetMotion Client;c:\program files\NetMotion Client\messerv.exe [11/3/2006 1:41 PM 1003520]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 7:33 PM 116464]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2007 8:10 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/12/2010 8:25 PM 102448]
R3 nmvnic;NMVNIC Network Adapter;c:\windows\system32\drivers\nmvnic.sys [11/3/2006 1:41 PM 37888]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [8/13/2008 5:46 PM 98952]
S2 gupdate1c9503c5af7bb5a;Google Update Service (gupdate1c9503c5af7bb5a);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2008 10:00 PM 133104]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys [6/21/2007 3:38 PM 40064]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [9/5/2008 3:12 PM 509312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-27 03:00]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-27 03:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\phrst4\Start Menu\Programs\IMVU\Run IMVU.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 14:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1940)
c:\program files\NetMotion Client\nmlogon.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-12-29 14:35:14
ComboFix-quarantined-files.txt 2010-12-29 19:34
ComboFix2.txt 2010-12-24 00:33

Pre-Run: 4,371,660,800 bytes free
Post-Run: 4,372,623,360 bytes free

- - End Of File - - 5DA7BC8EB1C3E32EB4C4FA93C01F0EC1

















OTL:

OTL logfile created on: 12/29/2010 2:40:07 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\phrst4\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 348.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.09 Gb Free Space | 10.97% Space Free | Partition Type: NTFS

Computer Name: PHRSTDELLM70 | User Name: phrst4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 14:39:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\phrst4\Desktop\OTL.exe
PRC - [2010/12/10 10:54:56 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 10:54:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 20:14:09 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/09/30 19:17:55 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/05/11 15:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid\Vid.exe
PRC - [2010/05/07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/11/03 14:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 14:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/11/03 14:45:48 | 001,372,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/11/03 14:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/11/03 14:35:14 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/11/03 14:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/01/29 17:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008/01/03 17:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/09/18 13:45:44 | 000,455,336 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/09/18 13:45:39 | 000,410,280 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/06/26 01:56:06 | 000,598,664 | ---- | M] ( ) -- C:\WINDOWS\system32\dldfcoms.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 17:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/03 13:41:26 | 001,003,520 | ---- | M] (NetMotion Wireless, Inc.) -- C:\Program Files\NetMotion Client\messerv.exe
PRC - [2006/11/03 13:41:26 | 000,221,184 | ---- | M] (NetMotion Wireless, Inc.) -- C:\Program Files\NetMotion Client\nomtray.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/09/27 19:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 19:33:38 | 000,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 19:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 19:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/08/09 12:59:34 | 000,139,264 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2006/07/19 18:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 18:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 18:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/01/07 13:15:58 | 001,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe


========== Modules (SafeList) ==========

MOD - [2010/12/29 14:39:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\phrst4\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/11/03 14:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/11/03 14:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2009/11/03 14:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/11/03 14:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008/07/03 17:36:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/06/26 01:56:08 | 000,098,952 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 01:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 13:41:26 | 001,003,520 | ---- | M] (NetMotion Wireless, Inc.) [Auto | Running] -- C:\Program Files\NetMotion Client\messerv.exe -- (MESSERV)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/27 19:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 19:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 19:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 11:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/09 12:59:34 | 000,139,264 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2006/08/07 15:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 18:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 18:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/01/07 13:15:58 | 001,409,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\phrst4\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/18 03:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101108.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 03:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101108.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/27 03:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 03:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2010/07/27 03:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/17 07:36:44 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/17 07:36:44 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/09 15:41:03 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/01/01 12:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 03:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2008/08/19 14:37:48 | 000,509,312 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCDriverV32.sys -- (MusCDriverV32)
DRV - [2008/08/13 15:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/03 13:41:26 | 000,591,872 | ---- | M] (NetMotion Wireless, Inc.) [Kernel | System | Running] -- C:\Program Files\NetMotion Client\nmdrv.sys -- (NMDRV)
DRV - [2006/11/03 13:41:26 | 000,097,760 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\NetMotion Client\fsclm.sys -- (fsclm)
DRV - [2006/11/03 13:41:26 | 000,037,888 | ---- | M] (NetMotion Wireless, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmvnic.sys -- (nmvnic)
DRV - [2006/11/03 13:41:26 | 000,015,872 | ---- | M] (NetMotion Wireless, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nmroam.sys -- (NMRoam)
DRV - [2006/11/03 13:41:26 | 000,014,848 | ---- | M] (NetMotion Wireless, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nmutilnt.sys -- (NMutilnt)
DRV - [2006/09/18 16:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 15:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 15:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/06/23 18:57:18 | 000,064,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2006/06/02 15:55:10 | 000,082,048 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2006/04/11 16:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/22 22:32:00 | 003,656,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/02/28 07:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006/02/28 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005/11/15 15:46:50 | 000,040,064 | ---- | M] (Sierra Wireless America, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\apusbsnt.sys -- (apusbsnt)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/07 13:14:30 | 000,297,035 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2004/08/23 13:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/22 15:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 15:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/07/24 17:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 12:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



IE - HKU\S-1-5-21-1757981266-1708537768-725345543-1006\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-1757981266-1708537768-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/23 19:29:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 10:55:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 10:55:05 | 000,000,000 | ---D | M]

[2010/06/28 17:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Extensions
[2010/06/28 17:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/03/07 22:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/29 13:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\extensions
[2010/09/25 07:19:02 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/15 01:41:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2010/10/08 16:21:08 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/11/12 14:59:39 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\extensions\smarterwiki@wikiatic.com
[2010/10/24 19:00:29 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\extensions\youtube2mp3@mondayx.de
[2010/12/29 13:50:59 | 000,001,221 | ---- | M] () -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\searchplugins\ultimate-guitar---bands.xml
[2010/12/29 13:50:58 | 000,001,400 | ---- | M] () -- C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Profiles\x60otuaw.default\searchplugins\ultimate-guitar---tabs.xml
[2010/12/29 13:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/23 22:44:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/23 19:29:16 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/01/05 00:00:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/01/06 22:49:29 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/12/29 14:31:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nomtray] C:\Program Files\NetMotion Client\nomtray.exe (NetMotion Wireless, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe.vir (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1757981266-1708537768-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phrst4\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = co.wake.nc.us
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\phrst4\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/21 07:39:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 14:39:27 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\phrst4\Desktop\OTL.exe
[2010/12/23 17:45:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/23 15:41:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/23 15:41:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/23 15:41:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/23 15:41:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/23 15:37:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/22 22:30:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/12/22 15:25:56 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\phrst4\Desktop\TDSSKiller.exe
[2010/12/20 13:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phrst4\Desktop\Counter-Strike 2D
[2010/12/20 12:39:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/12/20 12:39:42 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/12/12 19:10:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/11 17:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/05 18:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phrst4\Desktop\Half Life 2 (fresh download)
[2010/12/04 19:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phrst4\Desktop\%ProgramFilesDir%
[2010/12/02 22:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Portal
[2010/12/02 21:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phrst4\Desktop\RHCP Music
[2010/12/02 18:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phrst4\Desktop\Portal
[2010/12/02 18:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phrst4\Application Data\WinRAR
[2010/12/02 17:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/30 19:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phrst4\Local Settings\Application Data\Installer4704
[2010/11/30 19:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phrst4\Local Settings\Application Data\Installer3264
[2008/08/13 17:37:43 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfhcp.dll
[2008/08/13 17:37:42 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfinpa.dll
[2008/08/13 17:37:42 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfiesc.dll
[2008/08/13 17:37:41 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfserv.dll
[2008/08/13 17:37:41 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfusb1.dll
[2008/08/13 17:37:40 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfprox.dll
[2008/08/13 17:37:39 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfpmui.dll
[2008/08/13 17:37:39 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldflmpm.dll
[2008/08/13 17:37:37 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfhbn3.dll
[2008/08/13 17:37:34 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcomc.dll
[2008/08/13 17:37:34 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcomm.dll
[2007/10/27 19:31:05 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2007/10/27 19:31:05 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys

========== Files - Modified Within 30 Days ==========

[2010/12/29 14:39:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\phrst4\Desktop\OTL.exe
[2010/12/29 14:31:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/29 14:16:55 | 003,999,260 | R--- | M] () -- C:\Documents and Settings\phrst4\Desktop\ComboFix.exe
[2010/12/29 13:32:46 | 000,439,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/29 13:32:45 | 000,071,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/29 13:30:36 | 000,048,289 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/12/29 13:30:27 | 000,060,807 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/12/29 13:30:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/29 13:30:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/29 13:28:48 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/12/29 13:27:49 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 13:27:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/23 19:39:41 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\phrst4\Desktop\MBRCheck.exe
[2010/12/23 17:45:50 | 000,000,441 | RHS- | M] () -- C:\boot.ini
[2010/12/22 22:29:30 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\notespis.inf
[2010/12/22 22:29:29 | 000,000,022 | ---- | M] () -- C:\WINDOWS\lotus.ini
[2010/12/20 13:02:32 | 000,048,289 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/12/17 22:46:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\phrst4\Desktop\TDSSKiller.exe
[2010/12/12 19:45:02 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2010/12/11 18:42:13 | 000,624,640 | ---- | M] () -- C:\Documents and Settings\phrst4\Desktop\dds.scr
[2010/12/05 18:21:33 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/04 19:28:15 | 000,036,212 | ---- | M] () -- C:\Documents and Settings\phrst4\Desktop\hamov4ca.jpg
[2010/12/02 23:00:39 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\phrst4\Desktop\Portal.lnk
[2010/12/02 21:34:19 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\phrst4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/01 06:24:25 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/23 19:39:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\phrst4\Desktop\MBRCheck.exe
[2010/12/23 18:48:04 | 003,999,260 | R--- | C] () -- C:\Documents and Settings\phrst4\Desktop\ComboFix.exe
[2010/12/23 17:45:50 | 000,000,325 | ---- | C] () -- C:\Boot.bak
[2010/12/23 17:45:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/23 15:41:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/23 15:41:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/23 15:41:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/23 15:41:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/23 15:41:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/11 18:55:43 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\phrst4\Desktop\gmer.exe
[2010/12/11 18:42:11 | 000,624,640 | ---- | C] () -- C:\Documents and Settings\phrst4\Desktop\dds.scr
[2010/12/04 19:28:10 | 000,036,212 | ---- | C] () -- C:\Documents and Settings\phrst4\Desktop\hamov4ca.jpg
[2010/12/02 23:00:38 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\phrst4\Desktop\Portal.lnk
[2010/11/06 14:21:53 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2010/09/07 22:29:04 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/07/27 03:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 03:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/27 02:56:04 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/19 00:39:49 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[2008/12/19 00:39:49 | 000,000,343 | ---- | C] () -- C:\WINDOWS\PlayItTrebleClef.ini
[2008/12/19 00:39:49 | 000,000,304 | ---- | C] () -- C:\WINDOWS\PlayItBassClef.ini
[2008/10/30 14:20:00 | 000,017,851 | ---- | C] () -- C:\Documents and Settings\phrst4\Local Settings\Application Data\ecozala.dat
[2008/10/30 14:20:00 | 000,015,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\okovebemi.com
[2008/10/30 14:20:00 | 000,014,751 | ---- | C] () -- C:\Documents and Settings\phrst4\Local Settings\Application Data\conyx.dat
[2008/10/30 14:20:00 | 000,013,640 | ---- | C] () -- C:\Documents and Settings\phrst4\Local Settings\Application Data\kihosiwym.reg
[2008/10/30 14:20:00 | 000,011,916 | ---- | C] () -- C:\Program Files\Common Files\vohony.dat
[2008/10/30 14:20:00 | 000,011,113 | ---- | C] () -- C:\Documents and Settings\phrst4\Local Settings\Application Data\zoly.scr
[2008/10/30 14:20:00 | 000,010,992 | ---- | C] () -- C:\Documents and Settings\phrst4\Local Settings\Application Data\opar.ban
[2008/10/30 14:19:59 | 000,018,648 | ---- | C] () -- C:\Program Files\Common Files\tucyl.dat
[2008/10/30 14:19:59 | 000,012,136 | ---- | C] () -- C:\Program Files\Common Files\gobola.dl
[2008/10/30 14:19:59 | 000,011,065 | ---- | C] () -- C:\Documents and Settings\phrst4\Application Data\tifufadi.exe
[2008/10/30 14:19:02 | 000,017,659 | ---- | C] () -- C:\Documents and Settings\phrst4\Application Data\izuhirur.bin
[2008/10/30 14:19:02 | 000,015,411 | ---- | C] () -- C:\WINDOWS\ukolak.sys
[2008/10/30 14:19:02 | 000,010,608 | ---- | C] () -- C:\WINDOWS\System32\utinavujah.dll
[2008/10/30 14:19:02 | 000,010,242 | ---- | C] () -- C:\Documents and Settings\phrst4\Application Data\wodo.scr
[2008/10/30 14:19:01 | 000,010,801 | ---- | C] () -- C:\WINDOWS\System32\terofinef.sys
[2008/10/30 10:04:28 | 000,019,429 | ---- | C] () -- C:\WINDOWS\System32\yqylyh.sys
[2008/10/30 10:04:28 | 000,017,873 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qysuwusup._sy
[2008/10/30 10:04:28 | 000,017,026 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gyhehaki.dat
[2008/10/30 10:04:27 | 000,019,622 | ---- | C] () -- C:\Documents and Settings\phrst4\Application Data\olok.scr
[2008/10/30 10:04:27 | 000,016,475 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hosi.sys
[2008/10/30 10:04:27 | 000,014,808 | ---- | C] () -- C:\Documents and Settings\phrst4\Application Data\evomoz.bat
[2008/10/30 10:04:27 | 000,011,402 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pege.exe
[2008/08/13 17:57:39 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/13 17:57:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F46D5E5059.sys
[2008/08/13 17:46:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldfvs.dll
[2008/08/13 17:46:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldfcoin.dll
[2008/08/13 17:43:37 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldfdrs.dll
[2008/08/13 17:43:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldfcaps.dll
[2008/08/13 17:43:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldfcnv4.dll
[2008/08/13 17:40:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDFPMON.DLL
[2008/08/13 17:40:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDFFXPU.DLL
[2008/08/13 17:40:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldfoem.dll
[2008/08/13 17:40:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDFPMRC.DLL
[2008/08/13 17:37:44 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldfinst.dll
[2008/08/13 17:37:42 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\dldfutil.dll
[2008/08/13 17:37:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldfinsb.dll
[2008/08/13 17:37:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldfins.dll
[2008/08/13 17:37:38 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldfjswr.dll
[2008/08/13 17:37:38 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldfinsr.dll
[2008/08/13 17:37:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldfgrd.dll
[2008/08/13 17:37:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldfcub.dll
[2008/08/13 17:37:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldfcu.dll
[2008/08/13 17:37:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldfcur.dll
[2008/08/13 17:37:32 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldfcfg.dll
[2008/04/28 21:59:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/03/01 11:24:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2008/02/29 20:57:52 | 000,002,770 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/12/29 15:38:15 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/29 15:38:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/25 20:42:56 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/10/13 18:00:02 | 000,004,931 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/10 17:24:49 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/10 17:24:49 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\phrst4\Application Data\PnkBstrK.sys
[2007/07/07 18:39:30 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\phrst4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/02 14:41:13 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/02 14:36:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/01 19:22:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/28 23:04:37 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/27 19:21:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\phrst4\Application Data\$_hpcst$.hpc
[2007/06/27 16:53:51 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\phrst4\Local Settings\Application Data\FASTWiz.log
[2007/06/22 10:12:43 | 000,000,232 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/06/22 09:15:27 | 000,000,041 | ---- | C] () -- C:\WINDOWS\ArcPad.INI
[2007/06/22 08:44:05 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2007/06/22 08:44:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2007/06/21 15:32:24 | 000,000,443 | R--- | C] () -- C:\WINDOWS\hpw0460k.ini
[2007/06/21 15:30:51 | 000,000,092 | ---- | C] () -- C:\WINDOWS\hpdj460.ini
[2007/06/21 15:28:26 | 000,001,366 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2007/06/21 15:13:57 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/06/21 15:13:55 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/06/21 14:57:07 | 000,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2007/06/21 14:55:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/21 14:31:14 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/06/21 13:47:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/06/21 13:34:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/21 13:34:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/21 13:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/21 13:33:58 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/21 13:33:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/06/20 12:41:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/28 13:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/09/26 13:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/02/28 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/25 13:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1

< End of report >

















EXTRAS:

OTL Extras logfile created on: 12/29/2010 2:40:07 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\phrst4\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 348.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.09 Gb Free Space | 10.97% Space Free | Partition Type: NTFS

Computer Name: PHRSTDELLM70 | User Name: phrst4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1757981266-1708537768-725345543-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"12082:TCP" = 12082:TCP:*:Enabled:PORT_12082
"25130:TCP" = 25130:TCP:*:Enabled:PORT_25130
"30533:TCP" = 30533:TCP:*:Enabled:PORT_30533
"61881:TCP" = 61881:TCP:*:Enabled:PORT_61881
"54494:TCP" = 54494:TCP:*:Enabled:PORT_54494
"31045:TCP" = 31045:TCP:*:Enabled:PORT_31045
"9825:TCP" = 9825:TCP:*:Enabled:PORT_9825
"56029:TCP" = 56029:TCP:*:Enabled:PORT_56029
"22133:TCP" = 22133:TCP:*:Enabled:PORT_22133
"16438:TCP" = 16438:TCP:*:Enabled:PORT_16438
"65485:TCP" = 65485:TCP:*:Enabled:PORT_65485
"16840:TCP" = 16840:TCP:*:Enabled:PORT_16840
"20896:TCP" = 20896:TCP:*:Enabled:PORT_20896
"31774:TCP" = 31774:TCP:*:Enabled:PORT_31774
"59063:TCP" = 59063:TCP:*:Enabled:PORT_59063
"54363:TCP" = 54363:TCP:*:Enabled:PORT_54363
"15568:TCP" = 15568:TCP:*:Enabled:PORT_15568
"42283:TCP" = 42283:TCP:*:Enabled:PORT_42283
"40984:TCP" = 40984:TCP:*:Enabled:PORT_40984
"7981:TCP" = 7981:TCP:*:Enabled:PORT_7981
"54781:TCP" = 54781:TCP:*:Enabled:PORT_54781
"14755:TCP" = 14755:TCP:*:Enabled:PORT_14755
"62536:TCP" = 62536:TCP:*:Enabled:PORT_62536
"53505:TCP" = 53505:TCP:*:Enabled:PORT_53505
"56340:TCP" = 56340:TCP:*:Enabled:PORT_56340
"5876:TCP" = 5876:TCP:*:Enabled:PORT_5876
"61446:TCP" = 61446:TCP:*:Enabled:PORT_61446
"8684:TCP" = 8684:TCP:*:Enabled:PORT_8684
"20837:TCP" = 20837:TCP:*:Enabled:PORT_20837
"20977:TCP" = 20977:TCP:*:Enabled:PORT_20977
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\system32\dldfcoms.exe" = C:\WINDOWS\system32\dldfcoms.exe:*:Enabled:Dell Communications System -- ( )
"C:\Program Files\Dell AIO Printer 948\dldfmon.exe" = C:\Program Files\Dell AIO Printer 948\dldfmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe:*:Enabled:Time Executable -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Dell AIO Printer 948\dldfaiox.exe" = C:\Program Files\Dell AIO Printer 948\dldfaiox.exe:*:Enabled:AIOC exe -- ()
"C:\Program Files\Dell AIO Printer 948\Wireless\dldfwpss.exe" = C:\Program Files\Dell AIO Printer 948\Wireless\dldfwpss.exe:*:Enabled: -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\theoriginalmixey\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\theoriginalmixey\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program Files\Logitech\Vid\Vid.exe" = C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01F12667-C37C-4E8E-A192-AE007B3AC98F}" = ArcPad StreetMap - GDT Southeastern US Dataset
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3E166714-D5E1-4215-8D68-58452EAA46F1}" = ArcGIS Desktop Developer Kit
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40F8FD5F-4701-48D6-A8FC-1F188007DF38}" = ArcGIS Desktop
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCE1668-B34B-4A51-A73D-1A7074A38787}" = Sprint PCS Connection Manager (3.3.6.5)
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v6.10.05
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel® PROSet/Wireless WiFi Software
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.8
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9875BF9C-8565-4085-B6A4-5D8D838FB5C3}" = HP Deskjet 460
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D41D3066-DED8-4E22-8703-425CCFE6CCC1}" = ESRI ArcPad StreetMap 6.0.1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0CA85B5-113A-4E76-A018-6D7ECE65767D}" = ArcGIS Tutorial Data
"{E507954A-99B8-44E6-8C84-014884C9B524}" = NetMotion Mobility XE Client
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AnyDVD" = AnyDVD
"AskSBar Uninstall" = Ask Toolbar
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Dell AIO Printer 948" = Dell AIO Printer 948
"Ear Training Play It By Ear HN" = Ear Training Play It By Ear HN
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"ESRI ArcPad 6.0.3" = ESRI ArcPad 6.0.3
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HiDigit_is1" = HiDigit 1.1
"hp deskjet 460 series" = HP Deskjet 460 Series
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Portal" = Portal
"ProInst" = Intel PROSet Wireless
"Python 2.1" = Python 2.1
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"SecondLife" = SecondLife (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"snagexp" = Snag Exp
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 10" = Counter-Strike
"The KMPlayer" = The KMPlayer (remove only)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-1708537768-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2010 2:28:17 PM | Computer Name = PHRSTDELLM70 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/29/2010 2:29:18 PM | Computer Name = PHRSTDELLM70 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/29/2010 3:15:58 PM | Computer Name = PHRSTDELLM70 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 712) Time: Wednesday, December 29, 2010 2:15:58
PM

Error - 12/29/2010 3:15:59 PM | Computer Name = PHRSTDELLM70 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 2208) Time: Wednesday, December 29,
2010 2:15:59 PM

Error - 12/29/2010 3:15:59 PM | Computer Name = PHRSTDELLM70 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 2308) Time: Wednesday, December 29, 2010 2:15:59
PM

Error - 12/29/2010 3:16:01 PM | Computer Name = PHRSTDELLM70 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\firefox.exe (PID 196) Time: Wednesday, December 29, 2010
2:16:01 PM

Error - 12/29/2010 3:17:25 PM | Computer Name = PHRSTDELLM70 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 2416) Time: Wednesday, December 29, 2010 2:17:25
PM

Error - 12/29/2010 3:17:26 PM | Computer Name = PHRSTDELLM70 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 2492) Time: Wednesday, December 29,
2010 2:17:26 PM

Error - 12/29/2010 3:17:26 PM | Computer Name = PHRSTDELLM70 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 3712) Time: Wednesday, December 29, 2010 2:17:26
PM

Error - 12/29/2010 3:17:28 PM | Computer Name = PHRSTDELLM70 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\firefox.exe (PID 696) Time: Wednesday, December 29, 2010
2:17:28 PM

[ System Events ]
Error - 12/29/2010 2:32:08 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/29/2010 2:32:08 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/29/2010 2:32:08 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Logitech\Vid\plugins\imageformats\qgif4.dll.
Reference
error message: The operation completed successfully. .

Error - 12/29/2010 2:32:08 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/29/2010 2:32:08 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/29/2010 2:32:08 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Logitech\Vid\plugins\imageformats\qico4.dll.
Reference
error message: The operation completed successfully. .

Error - 12/29/2010 2:32:09 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/29/2010 2:32:09 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/29/2010 2:32:09 PM | Computer Name = PHRSTDELLM70 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Logitech\Vid\plugins\imageformats\qjpeg4.dll.
Reference
error message: The operation completed successfully. .

Error - 12/29/2010 3:15:58 PM | Computer Name = PHRSTDELLM70 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users