Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fix for Boot.Tisderve.B and/or IE redirection


  • This topic is locked This topic is locked
25 replies to this topic

#16 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:06 PM

Posted 09 February 2011 - 05:08 AM

Hello

You don't need to upload normal txt files to rapidshare. It's difficult to us download them 'cause we need to wait always between downloading many files.


Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

ConduitEngine
Antbar toolbar
Softonic English Toolbar



We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof2.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSof2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: []  File not found
    
    :Files
    C:\Program Files\ConduitEngine
    C:\Program Files\Antbar
    C:\Program Files\Softonic_English
    C:\Documents and Settings\Sam T\Local Settings\Application Data\Conduit
    C:\Documents and Settings\Sam T\Local Settings\Application Data\Softonic_English
    C:\Documents and Settings\Sam T\Local Settings\Application Data\ConduitEngine
    
    :Commands
    [emptytemp]
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.



-----------------

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please post Eset results and OTL fix log :)

Edited by Baabiouz, 09 February 2011 - 05:08 AM.

Posted Image

BC AdBot (Login to Remove)

 


#17 Seedtart

Seedtart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 09 February 2011 - 03:09 PM

ran otl and esat

The only file I got is below. I left esat running overnight and this morning had a desktop screen blank and no respnse. Restarted machine could not find any esat information. do I need to run Esat again?

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA3D342F-FF20-4E31-9E82-22334155730C}\ not found.
C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}\ not found.
File C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{930f1200-f5f1-4870-bac6-e233ec8e7023} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930f1200-f5f1-4870-bac6-e233ec8e7023}\ not found.
C:\Program Files\Softonic_English\tbSof2.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}\ not found.
File C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{930F1200-F5F1-4870-BAC6-E233EC8E7023} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930F1200-F5F1-4870-BAC6-E233EC8E7023}\ not found.
File C:\Program Files\Softonic_English\tbSof2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\ConduitEngine not found.
C:\Program Files\Antbar\Ant.com Toolbar folder moved successfully.
C:\Program Files\Antbar folder moved successfully.
C:\Program Files\Softonic_English folder moved successfully.
C:\Documents and Settings\Sam T\Local Settings\Application Data\Conduit\Toolbar\Facebook folder moved successfully.
C:\Documents and Settings\Sam T\Local Settings\Application Data\Conduit\Toolbar folder moved successfully.
C:\Documents and Settings\Sam T\Local Settings\Application Data\Conduit folder moved successfully.
File\Folder C:\Documents and Settings\Sam T\Local Settings\Application Data\Softonic_English not found.
File\Folder C:\Documents and Settings\Sam T\Local Settings\Application Data\ConduitEngine not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 341900 bytes

User: Administrator.SAMHPNOTEBOOK
->Temp folder emptied: 46583726 bytes
->Temporary Internet Files folder emptied: 98142 bytes

User: All Users

User: Daniela
->Temp folder emptied: 89638272 bytes
->Temporary Internet Files folder emptied: 7662461 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Elena
->Temp folder emptied: 1835822 bytes
->Temporary Internet Files folder emptied: 23469500 bytes
->Java cache emptied: 7140 bytes
->Google Chrome cache emptied: 6720300 bytes
->Flash cache emptied: 1948 bytes

User: Liz
->Temp folder emptied: 18267 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 181053101 bytes
->Flash cache emptied: 3846 bytes

User: NetworkService
->Temp folder emptied: 52828 bytes
->Temporary Internet Files folder emptied: 455946419 bytes
->Java cache emptied: 5743 bytes
->Flash cache emptied: 10404 bytes

User: Sam T
->Temp folder emptied: 4235930 bytes
->Temporary Internet Files folder emptied: 216570294 bytes
->Java cache emptied: 7140 bytes
->Flash cache emptied: 2464 bytes

User: Sam Tart
->Temp folder emptied: 790057 bytes
->Temporary Internet Files folder emptied: 31102083 bytes
->Java cache emptied: 7420 bytes
->Flash cache emptied: 708 bytes

User: TEMP
->Temp folder emptied: 16384 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 11545240 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1457081 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 90367824 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,116.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02092011_213753

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Sam T\Local Settings\Temp\~DF2F8B.tmp not found!
File\Folder C:\Documents and Settings\Sam T\Local Settings\Temp\~DF3019.tmp not found!
File\Folder C:\Documents and Settings\Sam T\Local Settings\Temp\~DF328B.tmp not found!
File\Folder C:\Documents and Settings\Sam T\Local Settings\Temp\~DF32B7.tmp not found!
File\Folder C:\Documents and Settings\Sam T\Local Settings\Temp\~DF3592.tmp not found!
File\Folder C:\Documents and Settings\Sam T\Local Settings\Temp\~DF35EE.tmp not found!
C:\Documents and Settings\Sam T\Local Settings\Temporary Internet Files\Content.IE5\P8VI861T\upload[1].htm moved successfully.
C:\Documents and Settings\Sam T\Local Settings\Temporary Internet Files\Content.IE5\P8VI861T\upload[2].htm moved successfully.
C:\Documents and Settings\Sam T\Local Settings\Temporary Internet Files\Content.IE5\AF3D3RU5\page__st__15[1].htm moved successfully.
C:\Documents and Settings\Sam T\Local Settings\Temporary Internet Files\Content.IE5\3S5851YW\upload[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6bc.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_788.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_9c.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_d8.dat moved successfully.

Registry entries deleted on Reboot...

#18 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:06 PM

Posted 10 February 2011 - 12:14 AM

Hello

Yes please try run Eset again and also run OTL.exe and post both logs back here :)
Posted Image

#19 Seedtart

Seedtart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 10 February 2011 - 05:40 AM

Hello ran OTL and and below is pasted log. Also ran ESTAT and reported "NO THREATS FOUND", infected files 0, cleaned files 0, did not have option to create text file. There appeared to be quarantined files which could be restored.

OTL logfile created on: 2/10/2011 6:23:20 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Sam T\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.00 Mb Total Physical Memory | 425.00 Mb Available Physical Memory | 58.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 9.06 Gb Free Space | 24.31% Space Free | Partition Type: NTFS

Computer Name: SAMHPNOTEBOOK | User Name: Sam T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/09 19:26:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam T\Desktop\OTL.exe
PRC - [2010/11/24 13:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2010/05/23 16:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
PRC - [2009/06/08 09:29:12 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/01/13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/09 19:26:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam T\Desktop\OTL.exe
MOD - [2010/12/04 17:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asOEHook.dll
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/09 09:15:26 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/11/24 13:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/05/23 16:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
SRV - [2009/06/08 09:29:12 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2009/01/13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/03/19 08:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/01/16 20:51:40 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/15 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110209.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/15 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/15 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/15 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110209.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/01 16:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/23 15:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/23 15:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 15:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/18 13:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/16 12:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/11 12:46:29 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110208.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/10/21 13:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2009/06/08 09:29:12 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/05/13 11:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/05/13 11:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2009/05/13 11:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009/01/13 12:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/28 18:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/04/14 06:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/29 07:40:18 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/05 05:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/05/27 04:10:36 | 000,182,720 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/04/30 01:10:00 | 000,274,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/04/30 01:09:00 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/04/28 02:03:00 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2004/04/15 02:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/23 03:27:30 | 001,657,344 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2004/03/10 22:40:00 | 000,199,552 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/03/10 22:37:00 | 000,682,624 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/03/10 22:35:00 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/07 21:45:52 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/06/07 06:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/05/04 13:42:56 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2001/08/18 02:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theage.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\ [2011/01/16 18:47:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/16 20:57:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/16 20:50:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/01/20 07:22:51 | 000,000,974 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/09 21:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/09 21:37:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/09 19:26:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam T\Desktop\OTL.exe
[2011/02/08 19:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Local Settings\Application Data\Temp
[2011/02/08 06:05:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/07 19:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Malwarebytes
[2011/02/07 19:39:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/07 19:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/07 19:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/07 19:39:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/07 19:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/07 19:37:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sam T\Desktop\mbam-setup.exe
[2011/02/05 22:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\My Documents\Notebook HP pavilion ze4900us
[2011/02/05 22:44:09 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/02/05 22:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Local Settings\Application Data\Adobe
[2011/02/05 22:38:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/02/05 22:03:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/05 21:57:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/05 21:57:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/05 21:57:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/05 21:57:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/05 21:55:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/05 21:54:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/30 07:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Desktop\gmer
[2011/01/27 06:31:06 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/01/26 11:05:40 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/01/26 11:02:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard
[2011/01/26 11:02:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0305000.017
[2011/01/26 11:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/01/26 11:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/01/26 10:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Start Menu\Programs\Norton
[2011/01/22 08:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/01/22 01:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/19 22:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2011/01/19 21:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Local Settings\Application Data\NPE
[2011/01/19 21:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Tific
[2011/01/17 22:50:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam T\My Documents\My Videos
[2011/01/17 19:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\PriceGong
[2011/01/17 19:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Macromedia
[2011/01/17 19:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Adobe
[2011/01/17 19:50:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sam T\PrivacIE
[2011/01/17 19:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Real
[2011/01/17 19:15:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sam T\IETldCache
[2011/01/17 19:14:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sam T\Application Data\Microsoft
[2011/01/17 19:14:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sam T\Application Data
[2011/01/17 19:14:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam T\Favorites
[2011/01/17 19:14:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sam T\Cookies
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Symantec
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Sun
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Sonic
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Local Settings\Application Data\Microsoft
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Identities
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Desktop
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Local Settings\Application Data\ApplicationHistory
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Local Settings\Application Data\Apple Computer
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Application Data\Apple Computer
[2011/01/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/01/17 19:14:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sam T\SendTo
[2011/01/17 19:14:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sam T\Recent
[2011/01/17 19:14:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam T\Start Menu\Programs\Startup
[2011/01/17 19:14:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam T\Start Menu
[2011/01/17 19:14:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam T\My Documents\My Pictures
[2011/01/17 19:14:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam T\My Documents\My Music
[2011/01/17 19:14:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam T\My Documents
[2011/01/17 19:14:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam T\Start Menu\Programs\Accessories
[2011/01/17 19:14:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sam T\Templates
[2011/01/17 19:14:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sam T\PrintHood
[2011/01/17 19:14:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sam T\NetHood
[2011/01/17 19:14:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sam T\Local Settings
[2011/01/17 19:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam T\Start Menu\Programs\Online Services
[2011/01/16 20:51:41 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/16 20:51:40 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/16 20:51:19 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymEFA.sys
[2011/01/16 20:51:19 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.sys
[2011/01/16 20:51:19 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2011/01/16 20:51:19 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdi.sys
[2011/01/16 20:51:19 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymDS.sys
[2011/01/16 20:51:19 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.sys
[2011/01/16 20:51:19 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdiv.sys
[2011/01/16 20:51:19 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnets.sys
[2011/01/16 20:51:19 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2011/01/16 20:51:19 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011/01/16 20:51:18 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011/01/16 20:51:18 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Ironx86.sys
[2011/01/16 20:51:18 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\Ironx86.sys
[2011/01/16 20:50:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/01/16 20:50:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1205000.07D
[2011/01/16 20:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/01/16 20:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/01/16 20:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/01/16 20:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/01/16 18:46:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST
[2011/01/16 18:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite
[2011/01/16 18:46:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\0100010.008
[2011/01/16 18:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2011/01/16 18:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2011/01/16 18:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Scan
[2011/01/16 18:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0300000.067
[2011/01/16 18:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/01/16 18:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/01/16 18:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/01/15 21:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/01/15 08:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/01/15 08:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/01/15 08:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2005/04/02 20:17:40 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2004/09/09 02:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2011/02/10 18:21:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/02/10 18:21:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/10 18:16:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 18:16:25 | 000,360,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 18:16:23 | 770,166,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 07:53:47 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/02/10 07:53:32 | 000,722,796 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/02/10 07:53:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/10 07:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/09 19:26:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam T\Desktop\OTL.exe
[2011/02/09 07:33:13 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\Mini020911-02.dmp
[2011/02/09 07:11:31 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/08 06:47:53 | 000,393,334 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\Error screen2 8Feb2010.bmp
[2011/02/08 06:47:01 | 000,393,334 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\Error screen1 8Feb2010.bmp
[2011/02/08 06:28:33 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\Mini020811-01.dmp
[2011/02/08 06:04:49 | 004,264,433 | R--- | M] () -- C:\Documents and Settings\Sam T\Desktop\ComboFix.exe
[2011/02/07 19:39:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/07 19:37:10 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sam T\Desktop\mbam-setup.exe
[2011/02/07 19:14:25 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\error 9Feb2011.bmp
[2011/02/05 22:37:11 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\error after combifix.bmp
[2011/02/05 22:03:53 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/02/05 18:52:25 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\Virus Sequence of events.doc
[2011/02/05 17:11:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/30 07:45:14 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\gmer.zip
[2011/01/30 07:28:26 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\dds.scr
[2011/01/30 07:25:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sam T\defogger_reenable
[2011/01/30 07:24:16 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\Defogger.exe
[2011/01/27 07:11:39 | 000,000,337 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\redirected to sites 27 Jan2010.rtf
[2011/01/27 07:01:28 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Sam T.job
[2011/01/26 11:05:07 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/01/26 10:50:30 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\Norton Installation Files.lnk
[2011/01/26 10:29:43 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2011/01/22 01:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/22 01:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/20 21:25:59 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\startup message.bmp
[2011/01/19 19:01:25 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\virus redirect 19Jan2010.bmp
[2011/01/17 22:50:22 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/17 21:57:30 | 001,739,226 | ---- | M] () -- C:\Documents and Settings\Sam T\My Documents\Full History 17 Jan2011.mcf
[2011/01/17 19:58:43 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Sam T\Desktop\virus redirect 17Jan2010.bmp
[2011/01/17 19:16:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/16 21:25:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2011/01/16 20:51:40 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/16 20:51:40 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/16 20:51:40 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/16 20:51:40 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/01/16 20:51:22 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/01/16 18:37:02 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Elena.job
[2011/01/16 18:35:48 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2011/01/16 02:02:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/15 19:41:50 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/15 08:31:44 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2011/02/09 07:33:22 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Mini020911-02.dmp
[2011/02/08 06:32:45 | 000,393,334 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Error screen2 8Feb2010.bmp
[2011/02/08 06:32:14 | 000,393,334 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Error screen1 8Feb2010.bmp
[2011/02/08 06:28:40 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Mini020811-01.dmp
[2011/02/07 19:39:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/07 19:14:24 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\error 9Feb2011.bmp
[2011/02/05 22:37:10 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\error after combifix.bmp
[2011/02/05 22:03:52 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/02/05 22:03:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/05 21:57:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/05 21:57:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/05 21:57:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/05 21:57:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/05 21:57:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/05 21:33:36 | 004,264,433 | R--- | C] () -- C:\Documents and Settings\Sam T\Desktop\ComboFix.exe
[2011/02/05 18:51:17 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Virus Sequence of events.doc
[2011/01/30 07:45:07 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\gmer.zip
[2011/01/30 07:28:24 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\dds.scr
[2011/01/30 07:25:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sam T\defogger_reenable
[2011/01/30 07:24:15 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Defogger.exe
[2011/01/30 06:34:39 | 770,166,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/27 07:11:39 | 000,000,337 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\redirected to sites 27 Jan2010.rtf
[2011/01/27 01:12:42 | 000,000,478 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Sam T.job
[2011/01/26 11:05:07 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/01/26 11:02:36 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0305000.017\isolate.ini
[2011/01/26 10:50:30 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Norton Installation Files.lnk
[2011/01/20 21:25:59 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\startup message.bmp
[2011/01/19 19:01:23 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\virus redirect 19Jan2010.bmp
[2011/01/17 22:50:21 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/17 21:57:26 | 001,739,226 | ---- | C] () -- C:\Documents and Settings\Sam T\My Documents\Full History 17 Jan2011.mcf
[2011/01/17 19:58:42 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\virus redirect 17Jan2010.bmp
[2011/01/17 19:48:33 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Shortcut to services.lnk
[2011/01/17 19:44:10 | 001,099,264 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\printer uninstall.doc
[2011/01/17 19:44:10 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Elena contacts.pst
[2011/01/17 19:44:10 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\The Future of ADCA.doc
[2011/01/17 19:44:10 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\TAC Telephone Listing.xls
[2011/01/17 19:44:10 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Dear Sir.doc
[2011/01/17 19:43:20 | 113,787,904 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Inbox.pst
[2011/01/17 19:43:19 | 000,094,565 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\greenDay05.jpg
[2011/01/17 19:43:19 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Sam T\Desktop\Hitach TV problem.doc
[2011/01/17 19:16:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Sam T\Start Menu\Programs\Internet Explorer.lnk
[2011/01/17 19:15:42 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Sam T\Start Menu\Programs\Windows Media Player.lnk
[2011/01/17 19:15:16 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/17 19:15:16 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/01/17 19:15:16 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/17 19:15:16 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/01/17 19:15:16 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Sam T\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/17 19:14:53 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Sam T\Start Menu\Programs\Remote Assistance.lnk
[2011/01/17 19:14:53 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Sam T\Start Menu\Programs\Software Setup.lnk
[2011/01/17 19:14:53 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Sam T\Start Menu\Programs\Outlook Express.lnk
[2011/01/16 20:54:57 | 000,722,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/01/16 20:51:40 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/16 20:51:40 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/01/16 20:51:22 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/01/16 20:50:47 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNetV.inf
[2011/01/16 20:50:46 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.inf
[2011/01/16 20:50:46 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.inf
[2011/01/16 20:50:46 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNet.inf
[2011/01/16 20:50:46 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011/01/16 20:50:46 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011/01/16 20:50:46 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Iron.inf
[2011/01/16 20:50:41 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnetv.cat
[2011/01/16 20:50:41 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\iron.cat
[2011/01/16 20:50:41 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNet.cat
[2011/01/16 20:50:41 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.cat
[2011/01/16 20:50:41 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011/01/16 20:50:41 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.cat
[2011/01/16 20:50:41 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011/01/16 20:50:41 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\isolate.ini
[2011/01/16 18:46:49 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\0100010.008\isolate.ini
[2011/01/16 18:35:53 | 000,000,478 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Elena.job
[2011/01/16 18:35:48 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2011/01/16 18:35:46 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0300000.067\isolate.ini
[2011/01/16 18:25:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2009/12/24 09:46:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/24 09:46:17 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/01/13 12:29:00 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/01/13 12:28:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/03/19 07:18:19 | 000,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2008/03/09 12:07:15 | 000,000,143 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/03/09 12:07:14 | 000,003,567 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/03/09 12:05:26 | 000,000,693 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/03/05 22:44:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005/05/12 03:50:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/05/06 02:14:15 | 000,000,075 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2005/04/30 08:11:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/04/29 10:10:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/29 10:06:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2005/04/02 20:14:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/08/08 00:39:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/08 00:30:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/08 00:18:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/09 22:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/05/04 13:34:48 | 000,005,464 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/05/04 13:33:56 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/05/04 13:28:01 | 000,000,912 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/04 13:16:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/04 13:10:22 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/01/30 01:32:47 | 000,026,430 | ---- | C] () -- C:\Program Files\COPYING.LIB
[2001/01/28 16:00:00 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System32\setupkit.dll
[2000/12/19 09:47:20 | 000,017,992 | ---- | C] () -- C:\Program Files\COPYING

< End of report >

#20 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:06 PM

Posted 10 February 2011 - 05:58 AM

edit

Edited by Baabiouz, 10 February 2011 - 06:00 AM.

Posted Image

#21 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:06 PM

Posted 10 February 2011 - 06:02 AM

Looks good.
How's your computer working?

Let's run Rootrepal:

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image

#22 Seedtart

Seedtart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 10 February 2011 - 03:06 PM

Hello,

The computer seems to be working well. No signs of the original problems.
I assume you are trying to confirm that the computer is completely clean?
I have rub RootReal and the log is below.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2011/02/11 07:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED768000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7F87000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC5B7000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8367ed88

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x836b5d40

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x83684d30

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x83699d20

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8391e198

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xedd54720

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8369ed10

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8369dd78

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x83682d20

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8369fce8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xedd549a0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xedd54f00

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8367cdb8

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x83679d78

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x836a0ce8

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x836a0dc8

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x83706af0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x83680da8

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x836b8d40

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8367fd30

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8367ccf8

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8369bdc8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8367dd78

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x83698d58

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8367ad08

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8363dd40

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x83678d10

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8369fdc8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xedd55150

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8369cd88

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8367adc8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8368cd00

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x836b6d88

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x83680ce8

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8367bd58

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8356eb38

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x8356cbc0

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x8356cb00

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x8356ea78

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x8356dbb0

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x8356ab70

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8356bbb0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8356bae0

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x83570a78

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x83909448

==EOF==

#23 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:06 PM

Posted 11 February 2011 - 03:10 AM

Hi :)

I assume you are trying to confirm that the computer is completely clean?

Yes I was trying.

Looks clean, great job! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Hide system files

  • Open My Computer.
  • Go to Tools > Folder Options.
  • Select the View tab.
  • Scroll down to Hidden files and folders.
  • Select Do not show hidden files and folders.
  • Check (tick) Hide extensions of known file types.
  • Check (tick) Hide protected operating system files (Recommended).
  • Click OK.
  • Close My Computer.

Create a new, clean System Restore point

  • Click on Start > All Programs > Accessories > System Tools > System Restore.
  • On the Welcome Page, select Create a restore point. Click Next.
  • Give this restore point a descriptive name and click Create.
  • When done, click Close.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Clear infected System Restore points

  • Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
  • Select C drive and click OK.
  • Select the More Options tab.
  • Under System Restore, click on Clean up....
  • You will be prompted. Click Yes.
  • When done, click OK.
  • You will be prompted again. Press Yes to confirm.
  • When done, Disk Cleanup will close automatically.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  • Go to Start > Control Panel > Automatic Updates
  • Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  • Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  • Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, please refer to this website to learn how to secure Internet Explorer 6.

To secure Internet Explorer 7, please read this article.


Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  • Spyware Blaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from Javacool.

    If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.

  • Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  • Malwarebytes RogueNET Bleeping Computer
    Before downloading any anti-spyware programs, always check it. This will save you from a lot of trouble. If in doubt, don't ever download it.

Here are some more things to read about:

Securing Skype
Greater email safety
Phishing - what is it?
80 Super Security Tips

Happy surfing and stay clean!
Posted Image

#24 Seedtart

Seedtart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 11 February 2011 - 06:23 AM

Dear Baabiouz,
Thanks very much for your help. I do not know how I could have solved this without you.
I will recommend this site whenever possible.
Regards
Seedtart

#25 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:06 PM

Posted 11 February 2011 - 06:39 AM

You're welcome! I'm glad I was able to help!
Posted Image

#26 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:06 PM

Posted 16 February 2011 - 12:30 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users