Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

assistance


  • This topic is locked This topic is locked
18 replies to this topic

#1 silicon mud

silicon mud

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 23 August 2011 - 03:04 PM

here is link to orig post

http://www.bleepingcomputer.com/forums/topic415768.html

I have saved the dds on my vista desktop. when following the guide, i dbl click it(run) & get the message, "the service cannot accept control messages at this time" . I get "intrusion blocked" messages when i browse internet from nortons, but nothing from a full system scan shows up. help with my next step would be appreciated. sys restore points are also giving me this error message.
gmer ran as instructed by blade zephon, log following :

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-23 15:00:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-00A0RT0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\REALFR~1\AppData\Local\Temp\kxriafoc.sys


---- System - GMER 1.0.15 ----

SSDT 89F63118 ZwAlertResumeThread
SSDT 89F0C640 ZwAlertThread
SSDT 8A684B50 ZwAllocateVirtualMemory
SSDT 88E50178 ZwAlpcConnectPort
SSDT 8A691200 ZwAssignProcessToJobObject
SSDT 8A6B2C80 ZwCreateMutant
SSDT 8A6B7F00 ZwCreateSymbolicLinkObject
SSDT 8A643008 ZwCreateThread
SSDT 8A691108 ZwDebugActiveProcess
SSDT 8A684D28 ZwDuplicateObject
SSDT 8A684470 ZwFreeVirtualMemory
SSDT 89FCF068 ZwImpersonateAnonymousToken
SSDT 89F5D9C8 ZwImpersonateThread
SSDT 88E3FDA8 ZwLoadDriver
SSDT 8A684350 ZwMapViewOfSection
SSDT 89E7C880 ZwOpenEvent
SSDT 8A661058 ZwOpenProcess
SSDT 89EA51B8 ZwOpenProcessToken
SSDT 8A688108 ZwOpenSection
SSDT 8A684E78 ZwOpenThread
SSDT 8A6B65F0 ZwProtectVirtualMemory
SSDT 89E30430 ZwResumeThread
SSDT 8A01F758 ZwSetContextThread
SSDT 8A6840B8 ZwSetInformationProcess
SSDT 8A68D520 ZwSetSystemInformation
SSDT 8A687108 ZwSuspendProcess
SSDT 89F13108 ZwSuspendThread
SSDT 8A3FF130 ZwTerminateProcess
SSDT 8A17A790 ZwTerminateThread
SSDT 8A4AF258 ZwUnmapViewOfSection
SSDT 8A684800 ZwWriteVirtualMemory
SSDT 8A6B60E0 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 838E88A0 8 Bytes [18, 31, F6, 89, 40, C6, F0, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 838E88B4 4 Bytes [50, 4B, 68, 8A]
.text ntkrnlpa.exe!KeSetEvent + 13D 838E88C0 4 Bytes [78, 01, E5, 88] {JS 0x3; IN EAX, 0x88}
.text ntkrnlpa.exe!KeSetEvent + 191 838E8914 4 Bytes [00, 12, 69, 8A]
.text ntkrnlpa.exe!KeSetEvent + 1F5 838E8978 4 Bytes [80, 2C, 6B, 8A] {SUB BYTE [EBX+EBP*2], 0x8a}
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8CF5D000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8CFA6000, 0x510, 0x40000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9180C000, 0x2BFAE2, 0xE8000020]
? C:\Users\REALFR~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2388] ntdll.dll!NtMapViewOfSection 778D4974 5 Bytes JMP 0880003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] ntdll.dll!NtSetInformationProcess 778D5174 5 Bytes JMP 088000F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] kernel32.dll!ReadProcessMemory + 3E 761F1CB3 7 Bytes JMP 088001B0
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] kernel32.dll!WriteProcessMemory + 106 761F1DBE 7 Bytes JMP 088003D2
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] kernel32.dll!GetTempFileNameW 76201751 5 Bytes JMP 008B2040 C:\Users\Real FRESH Ray\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] kernel32.dll!CreateIoCompletionPort + 52 76219DA6 7 Bytes JMP 08800488
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] kernel32.dll!VirtualAllocEx + 54 7623AF70 7 Bytes JMP 0880031C
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] kernel32.dll!CreateThread 7623CB2E 5 Bytes JMP 66A771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] kernel32.dll!GetProcessHandleCount + 35 76285D4F 7 Bytes JMP 08800266
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateDialogParamW 76A672A2 5 Bytes JMP 07374BA0 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!GetAsyncKeyState 76A6863C 5 Bytes JMP 66A5DC5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SetWindowsHookExW 76A687AD 5 Bytes JMP 66AB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CallNextHookEx 76A68E3B 5 Bytes JMP 66AD7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!UnhookWindowsHookEx 76A698DB 5 Bytes JMP 66AFEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!EnableWindow 76A6CD8B 5 Bytes JMP 66AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DefWindowProcA 76A6DB88 7 Bytes JMP 66A793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateWindowExA 76A6DC2A 2 Bytes JMP 66A83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateWindowExA + 3 76A6DC2D 2 Bytes [01, F0] {ADD EAX, ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateWindowExW 76A71305 5 Bytes JMP 66ADFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!GetKeyState 76A78CB1 5 Bytes JMP 66A5DB37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DefWindowProcW 76A803B4 7 Bytes JMP 66AD7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!IsDialogMessageW 76A80745 5 Bytes JMP 66C0696C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!TrackPopupMenu 76A814F3 5 Bytes JMP 07374320 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateDialogParamA 76A817AA 5 Bytes JMP 66C061C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!IsDialogMessage 76A81847 5 Bytes JMP 66C06944 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateDialogIndirectParamA 76A826F1 5 Bytes JMP 66C06230 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateDialogIndirectParamW 76A89A62 5 Bytes JMP 66C06268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SetKeyboardState 76A90987 5 Bytes JMP 66C07235 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!TrackPopupMenuEx 76A90CE7 5 Bytes JMP 07374480 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamW 76A910B0 5 Bytes JMP 07374D20 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamW 76A92EF5 5 Bytes JMP 66C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SendInput 76A92F75 5 Bytes JMP 66C071DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!EndDialog 76A9326E 5 Bytes JMP 66C06C18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SetCursorPos 76AA6FB2 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SetCursorPos 76AA6FB2 5 Bytes JMP 66C072B6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamA 76AA8152 5 Bytes JMP 66C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamA 76AA847D 5 Bytes JMP 66C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectA 76ABD4D9 5 Bytes JMP 66C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectW 76ABD5D3 5 Bytes JMP 66C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExA 76ABD639 5 Bytes JMP 66C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExW 76ABD65D 5 Bytes JMP 66C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!keybd_event 76ABD972 5 Bytes JMP 66C0719A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] SHELL32.dll!SHRestricted + D95 76DD89A8 4 Bytes [CF, 01, CF, 5F] {IRET ; ADD EDI, ECX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] SHELL32.dll!SHRestricted + D9D 76DD89B0 8 Bytes [E0, 61, CE, 5F, 79, F7, CE, ...] {LOOPNZ 0x63; INTO ; POP EDI; JNS 0xfffffffffffffffd; INTO ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] ole32.dll!OleLoadFromStream 75F61E80 5 Bytes JMP 66C06676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] ole32.dll!CoGetTreatAsClass + D2F 75F7FAE3 7 Bytes JMP 0880053E
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] ole32.dll!CoCreateInstance + 3E 75F99F7C 7 Bytes JMP 088005F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!GetTempFileNameW 76201751 5 Bytes JMP 00322040 C:\Users\Real FRESH Ray\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreateFileW 7623B0EB 5 Bytes JMP 00321D10 C:\Users\Real FRESH Ray\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!EnableWindow 76A6CD8B 5 Bytes JMP 66AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxParamW 76A910B0 5 Bytes JMP 66A115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxIndirectParamW 76A92EF5 5 Bytes JMP 66C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxParamA 76AA8152 5 Bytes JMP 66C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxIndirectParamA 76AA847D 5 Bytes JMP 66C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!MessageBoxIndirectA 76ABD4D9 5 Bytes JMP 66C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!MessageBoxIndirectW 76ABD5D3 5 Bytes JMP 66C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!MessageBoxExA 76ABD639 5 Bytes JMP 66C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!MessageBoxExW 76ABD65D 5 Bytes JMP 66C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4772] kernel32.dll!SetUnhandledExceptionFilter 7621A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ntdll.dll!NtMapViewOfSection 778D4974 5 Bytes JMP 089C003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ntdll.dll!NtSetInformationProcess 778D5174 5 Bytes JMP 089C00F7
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] kernel32.dll!ReadProcessMemory + 3E 761F1CB3 7 Bytes JMP 089C01B0
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] kernel32.dll!WriteProcessMemory + 106 761F1DBE 7 Bytes JMP 089C03D2
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] kernel32.dll!GetTempFileNameW 76201751 5 Bytes JMP 00872040 C:\Users\Real FRESH Ray\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] kernel32.dll!CreateIoCompletionPort + 52 76219DA6 7 Bytes JMP 089C0488
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] kernel32.dll!VirtualAllocEx + 54 7623AF70 7 Bytes JMP 089C031C
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] kernel32.dll!CreateThread 7623CB2E 5 Bytes JMP 66A771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] kernel32.dll!GetProcessHandleCount + 35 76285D4F 7 Bytes JMP 089C0266
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateDialogParamW 76A672A2 5 Bytes JMP 081F4BA0 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!GetAsyncKeyState 76A6863C 5 Bytes JMP 66A5DC5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SetWindowsHookExW 76A687AD 5 Bytes JMP 66AB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CallNextHookEx 76A68E3B 5 Bytes JMP 66AD7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!UnhookWindowsHookEx 76A698DB 5 Bytes JMP 66AFEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!EnableWindow 76A6CD8B 5 Bytes JMP 66AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DefWindowProcA 76A6DB88 7 Bytes JMP 66A793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateWindowExA 76A6DC2A 2 Bytes JMP 66A83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateWindowExA + 3 76A6DC2D 2 Bytes [01, F0] {ADD EAX, ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateWindowExW 76A71305 5 Bytes JMP 66ADFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!GetKeyState 76A78CB1 5 Bytes JMP 66A5DB37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DefWindowProcW 76A803B4 7 Bytes JMP 66AD7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!IsDialogMessageW 76A80745 5 Bytes JMP 66C0696C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!TrackPopupMenu 76A814F3 5 Bytes JMP 081F4320 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateDialogParamA 76A817AA 5 Bytes JMP 66C061C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!IsDialogMessage 76A81847 5 Bytes JMP 66C06944 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateDialogIndirectParamA 76A826F1 5 Bytes JMP 66C06230 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateDialogIndirectParamW 76A89A62 5 Bytes JMP 66C06268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SetKeyboardState 76A90987 5 Bytes JMP 66C07235 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!TrackPopupMenuEx 76A90CE7 5 Bytes JMP 081F4480 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxParamW 76A910B0 5 Bytes JMP 081F4D20 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxIndirectParamW 76A92EF5 5 Bytes JMP 66C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SendInput 76A92F75 5 Bytes JMP 66C071DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!EndDialog 76A9326E 5 Bytes JMP 66C06C18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SetCursorPos 76AA6FB2 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SetCursorPos 76AA6FB2 5 Bytes JMP 66C072B6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxParamA 76AA8152 5 Bytes JMP 66C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxIndirectParamA 76AA847D 5 Bytes JMP 66C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxIndirectA 76ABD4D9 5 Bytes JMP 66C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxIndirectW 76ABD5D3 5 Bytes JMP 66C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxExA 76ABD639 5 Bytes JMP 66C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxExW 76ABD65D 5 Bytes JMP 66C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!keybd_event 76ABD972 5 Bytes JMP 66C0719A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] SHELL32.dll!SHRestricted + D95 76DD89A8 4 Bytes [CF, 01, CF, 5F] {IRET ; ADD EDI, ECX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] SHELL32.dll!SHRestricted + D9D 76DD89B0 8 Bytes [E0, 61, CE, 5F, 79, F7, CE, ...] {LOOPNZ 0x63; INTO ; POP EDI; JNS 0xfffffffffffffffd; INTO ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ole32.dll!OleLoadFromStream 75F61E80 5 Bytes JMP 66C06676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ole32.dll!CoGetTreatAsClass + D2F 75F7FAE3 7 Bytes JMP 089C053E
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ole32.dll!CoCreateInstance + 3E 75F99F7C 7 Bytes JMP 089C05F8
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] kernel32.dll!GetTempFileNameW 76201751 5 Bytes JMP 00942040 C:\Users\Real FRESH Ray\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] kernel32.dll!CreateThread 7623CB2E 5 Bytes JMP 66A771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!CreateDialogParamW 76A672A2 5 Bytes JMP 07B94BA0 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!GetAsyncKeyState 76A6863C 5 Bytes JMP 66A5DC5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!SetWindowsHookExW 76A687AD 5 Bytes JMP 66AB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!CallNextHookEx 76A68E3B 5 Bytes JMP 66AD7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!UnhookWindowsHookEx 76A698DB 5 Bytes JMP 66AFEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!EnableWindow 76A6CD8B 5 Bytes JMP 66AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!DefWindowProcA 76A6DB88 7 Bytes JMP 66A793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!CreateWindowExA 76A6DC2A 2 Bytes JMP 66A83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!CreateWindowExA + 3 76A6DC2D 2 Bytes [01, F0] {ADD EAX, ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!CreateWindowExW 76A71305 5 Bytes JMP 66ADFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!GetKeyState 76A78CB1 5 Bytes JMP 66A5DB37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!DefWindowProcW 76A803B4 7 Bytes JMP 66AD7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!IsDialogMessageW 76A80745 5 Bytes JMP 66C0696C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!TrackPopupMenu 76A814F3 5 Bytes JMP 07B94320 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!CreateDialogParamA 76A817AA 5 Bytes JMP 66C061C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!IsDialogMessage 76A81847 5 Bytes JMP 66C06944 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!CreateDialogIndirectParamA 76A826F1 5 Bytes JMP 66C06230 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!CreateDialogIndirectParamW 76A89A62 5 Bytes JMP 66C06268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!SetKeyboardState 76A90987 5 Bytes JMP 66C07235 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!TrackPopupMenuEx 76A90CE7 5 Bytes JMP 07B94480 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!DialogBoxParamW 76A910B0 5 Bytes JMP 07B94D20 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!DialogBoxIndirectParamW 76A92EF5 5 Bytes JMP 66C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!SendInput 76A92F75 5 Bytes JMP 66C071DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!EndDialog 76A9326E 5 Bytes JMP 66C06C18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!SetCursorPos 76AA6FB2 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!SetCursorPos 76AA6FB2 5 Bytes JMP 66C072B6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!DialogBoxParamA 76AA8152 5 Bytes JMP 66C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!DialogBoxIndirectParamA 76AA847D 5 Bytes JMP 66C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!MessageBoxIndirectA 76ABD4D9 5 Bytes JMP 66C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!MessageBoxIndirectW 76ABD5D3 5 Bytes JMP 66C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!MessageBoxExA 76ABD639 5 Bytes JMP 66C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!MessageBoxExW 76ABD65D 5 Bytes JMP 66C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] USER32.dll!keybd_event 76ABD972 5 Bytes JMP 66C0719A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] SHELL32.dll!SHRestricted + D95 76DD89A8 4 Bytes [CF, 01, CF, 5F] {IRET ; ADD EDI, ECX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] SHELL32.dll!SHRestricted + D9D 76DD89B0 8 Bytes [E0, 61, CE, 5F, 79, F7, CE, ...] {LOOPNZ 0x63; INTO ; POP EDI; JNS 0xfffffffffffffffd; INTO ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[6224] ole32.dll!OleLoadFromStream 75F61E80 5 Bytes JMP 66C06676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] ntdll.dll!NtMapViewOfSection 778D4974 5 Bytes JMP 0955003A
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] ntdll.dll!NtSetInformationProcess 778D5174 5 Bytes JMP 095500F7
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] kernel32.dll!ReadProcessMemory + 3E 761F1CB3 7 Bytes JMP 095501B0
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] kernel32.dll!WriteProcessMemory + 106 761F1DBE 7 Bytes JMP 095503D2
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] kernel32.dll!GetTempFileNameW 76201751 5 Bytes JMP 00A52040 C:\Users\Real FRESH Ray\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] kernel32.dll!CreateIoCompletionPort + 52 76219DA6 7 Bytes JMP 09550488
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] kernel32.dll!VirtualAllocEx + 54 7623AF70 7 Bytes JMP 0955031C
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] kernel32.dll!CreateThread 7623CB2E 5 Bytes JMP 66A771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] kernel32.dll!GetProcessHandleCount + 35 76285D4F 7 Bytes JMP 09550266
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!CreateDialogParamW 76A672A2 5 Bytes JMP 073B4BA0 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!GetAsyncKeyState 76A6863C 5 Bytes JMP 66A5DC5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!SetWindowsHookExW 76A687AD 5 Bytes JMP 66AB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!CallNextHookEx 76A68E3B 5 Bytes JMP 66AD7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!UnhookWindowsHookEx 76A698DB 5 Bytes JMP 66AFEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!EnableWindow 76A6CD8B 5 Bytes JMP 66AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!DefWindowProcA 76A6DB88 7 Bytes JMP 66A793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!CreateWindowExA 76A6DC2A 2 Bytes JMP 66A83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!CreateWindowExA + 3 76A6DC2D 2 Bytes [01, F0] {ADD EAX, ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!CreateWindowExW 76A71305 5 Bytes JMP 66ADFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!GetKeyState 76A78CB1 5 Bytes JMP 66A5DB37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!DefWindowProcW 76A803B4 7 Bytes JMP 66AD7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!IsDialogMessageW 76A80745 5 Bytes JMP 66C0696C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!TrackPopupMenu 76A814F3 5 Bytes JMP 073B4320 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!CreateDialogParamA 76A817AA 5 Bytes JMP 66C061C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!IsDialogMessage 76A81847 5 Bytes JMP 66C06944 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!CreateDialogIndirectParamA 76A826F1 5 Bytes JMP 66C06230 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!CreateDialogIndirectParamW 76A89A62 5 Bytes JMP 66C06268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!SetKeyboardState 76A90987 5 Bytes JMP 66C07235 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!TrackPopupMenuEx 76A90CE7 5 Bytes JMP 073B4480 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!DialogBoxParamW 76A910B0 5 Bytes JMP 073B4D20 C:\Program Files\Freecorder\tbFree.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!DialogBoxIndirectParamW 76A92EF5 5 Bytes JMP 66C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!SendInput 76A92F75 5 Bytes JMP 66C071DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!EndDialog 76A9326E 5 Bytes JMP 66C06C18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!SetCursorPos 76AA6FB2 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!SetCursorPos 76AA6FB2 5 Bytes JMP 66C072B6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!DialogBoxParamA 76AA8152 5 Bytes JMP 66C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!DialogBoxIndirectParamA 76AA847D 5 Bytes JMP 66C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!MessageBoxIndirectA 76ABD4D9 5 Bytes JMP 66C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!MessageBoxIndirectW 76ABD5D3 5 Bytes JMP 66C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!MessageBoxExA 76ABD639 5 Bytes JMP 66C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!MessageBoxExW 76ABD65D 5 Bytes JMP 66C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] USER32.dll!keybd_event 76ABD972 5 Bytes JMP 66C0719A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] SHELL32.dll!SHRestricted + D95 76DD89A8 4 Bytes [CF, 01, CF, 5F] {IRET ; ADD EDI, ECX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] SHELL32.dll!SHRestricted + D9D 76DD89B0 8 Bytes [E0, 61, CE, 5F, 79, F7, CE, ...] {LOOPNZ 0x63; INTO ; POP EDI; JNS 0xfffffffffffffffd; INTO ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] ole32.dll!OleLoadFromStream 75F61E80 5 Bytes JMP 66C06676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] ole32.dll!CoGetTreatAsClass + D2F 75F7FAE3 7 Bytes JMP 0955053E
.text C:\Program Files\Internet Explorer\iexplore.exe[6248] ole32.dll!CoCreateInstance + 3E 75F99F7C 7 Bytes JMP 095505F8

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHG4FNY3\Entitlement[2].txt 50 bytes
File C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.0.6002.22676_en-us_859fc235983dbf67.manifest 2487 bytes
File C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.0.6002.18492_en-us_84fc82847f33f4fc.manifest 2487 bytes
File C:\Windows\winsxs\Manifests\x86_ccb26313bf27f5c89252288d94d958b9_31bf3856ad364e35_6.0.6002.18492_none_3015e2c8df35a58f.manifest 711 bytes
File C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18492_none_16ce86f006ff803f.manifest 217595 bytes
File C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22676_none_1771c6a120094aaa.manifest 202408 bytes
File C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18492_none_16ce86f006ff803f 0 bytes
File C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18492_none_16ce86f006ff803f\tzupd.exe 19456 bytes executable

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 24 August 2011 - 02:27 AM.
Put in the link. ~ OB


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 28 August 2011 - 03:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415798 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 01 September 2011 - 06:39 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 silicon mud

silicon mud
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 02 September 2011 - 11:19 PM

i am having problems opening web pages & getting alot of not responding internet explorer notification & dw20.exe errors. windows explorer also hangs & restarts. i have done a virus scan with nortons & spybot before turning to this forum & have not run them since reading the instructions here. here are the reports requested:

dds log


DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Real FRESH Ray at 23:00:58 on 2011-09-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1872 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Real FRESH Ray\Documents\freecorder\FLVSrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.xfinity.com/customer/start/?attr=self&cid=insDate06232011
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Facetheme: {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - c:\program files\object\bho_project.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)" -"http://www.cartoonnetwork.com/games/knd/rail/index.html"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Module Loader] c:\program files\creative\shared files\module loader\DLLML.exe -StartUpRun
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Skytel] Skytel.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Freecorder FLV Service] "c:\users\real fresh ray\documents\freecorder\FLVSrvc.exe" /run
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\toshib~1.lnk - c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\xfinit~1.lnk - c:\program files\xfinity tv\xfinity tv downloads media manager\MediaManager.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &SHOUTcast Search - c:\programdata\shoutcast radio toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B0F31E43-512B-499E-AAA1-E7828F7C5D43} : DhcpNameServer = 192.168.1.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-24 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-24 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-24 482432]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-6-23 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110830.030\IDSvix86.sys [2011-8-10 368248]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-13 20384]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-4 172032]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-19 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-19 234888]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-7-18 62536]
R2 MotoHelper.exe;Motorola Helper;c:\program files\motorola\moto helper service\MotoHelper.exe [2010-9-15 6656]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-12-2 218432]
R2 N360;Norton Security Suite;c:\program files\norton security suite\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-25 117640]
R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-9-29 2139400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-1 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-31 105592]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-3-24 48688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2009-3-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-3-11 79360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-3-7 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-3-7 8456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-5 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-13 954368]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-3-11 471296]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-9-29 24064]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-09-03 02:31:21 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce2dbb39-9b18-4a69-bc0f-979d862492b4}\mpengine.dll
2011-09-01 16:37:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-01 16:37:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-24 16:03:22 -------- d-----w- c:\users\real fresh ray\appdata\local\CrashDumps
2011-08-24 08:40:41 -------- d-----w- C:\_Serato_Backup
2011-08-23 23:23:03 0 --sha-w- c:\windows\aexswdusr.exe
2011-08-23 19:14:59 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 16:41:54 -------- d-----w- c:\users\real fresh ray\appdata\local\NPE
2011-08-23 04:20:57 0 ---ha-w- c:\users\real fresh ray\appdata\local\BITE85C.tmp
2011-08-22 23:35:00 0 --sha-w- c:\windows\act_apl.exe
2011-08-22 23:29:00 0 --sha-w- c:\windows\admtask.exe
2011-08-22 23:17:00 0 --sha-w- c:\windows\ause3.exe
2011-08-22 11:42:13 -------- d-----w- c:\users\real fresh ray\appdata\roaming\DVDFab
2011-08-22 04:06:22 -------- d-----w- c:\program files\dvdfab
2011-08-22 04:04:30 -------- d-----w- c:\program files\Object
2011-08-19 00:03:07 -------- d-----w- c:\users\real fresh ray\appdata\roaming\HandBrake
2011-08-19 00:03:07 -------- d-----w- c:\users\real fresh ray\appdata\local\HandBrake
2011-08-18 23:58:06 -------- d-----w- c:\program files\Handbrake
2011-08-09 22:10:25 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 22:10:14 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 22:10:09 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-09 22:08:52 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 22:08:51 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 22:08:46 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-09 16:43:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-05 15:25:46 67352 ----a-w- c:\windows\system32\GIDLogonCP.dll
2011-07-05 15:25:38 66328 ----a-w- c:\windows\system32\SysEventMenu.dll
2011-07-05 15:24:42 380696 ----a-w- c:\windows\system32\GIDHookLogon.dll
2011-07-05 15:24:32 398608 ----a-w- c:\windows\system32\GIDHook.dll
2011-07-05 15:24:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-07-05 15:23:48 102160 ----a-w- c:\windows\system32\GIDBIN3.dll
2011-07-05 15:23:30 173840 ----a-w- c:\windows\system32\GIDBIN1.dll
2011-06-17 18:28:24 59715 --sh--w- c:\windows\hpc.exe
2011-06-17 18:28:18 71677 --sh--w- c:\windows\lks.exe
2011-06-17 18:27:56 59897 --sh--w- c:\windows\nst.exe
2011-06-17 18:25:50 71678 --sh--w- c:\windows\chp.exe
2011-06-17 18:25:40 66044 --sh--w- c:\windows\pst.exe
.
============= FINISH: 23:02:31.06 ===============


attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/13/2009 6:17:20 AM
System Uptime: 9/2/2011 9:22:27 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Turion™ X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 111.573 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 166 GiB total, 147.132 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP867: 8/31/2011 5:30:37 PM - Windows Update
RP868: 9/1/2011 9:25:20 AM - Norton_Power_Eraser_20110901092520166
RP869: 9/2/2011 9:30:51 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
1500
1500_Help
1500Trb
32 Bit HP CIO Components Installer
3DVIA player 5.0
Acronis Disk Director 11 Home
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.3.0
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AKAI professional VST Collection v1.0
ALPS Touch Pad Driver
AngelPotion Video Codec V1
Antares Auto-Tune Evo VST
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
ATI Catalyst Install Manager
AVS Image Converter 1.1.3.71
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Batman: Arkham Asylum
Bonjour
BufferChm
C4700
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CD/DVD Drive Acoustic Silencer
Comcast Access
Comcast Desktop Software (v1.2.0.9)
Conduit Engine
Constant Guard Protection Suite
Copy
Creative ALchemy (X-Fi Edition)
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
CustomerResearchQFolder
D3DX10
Desktop Doctor
Destinations
DeviceDiscovery
DeviceManagementQFolder
DJS
DocProc
DocProcQFolder
Dora's Carnival 2 - Boardwalk Adventure!
Dual-Core Optimizer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.1.1.2 (08/08/2011) Qt
EASEUS Partition Master 5.0.1 Home Edition
EPSON Printer Software
ESPN Version 2.0.7.23
eSupportQFolder
Facetheme
Fax
Free Mp3 Wma Converter V 1.91
Free WMA to MP3 Converter 1.16
Freecorder
Freecorder Toolbar
Full Tilt Poker
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
GuardedID
HandBrake 0.9.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP OCR Software 8.0
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel® Integrated Performance Primitives RTI 4.0
iTunes
Java™ 6 Update 6
Junk Mail filter update
LightScribe System Software 1.14.17.1
Macrium Reflect - Free Edition
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Moto Helper Service
MotoHelper 2.0.40 Driver 4.8.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 4.8.0
Mototools Software Update
Move Media Player
Mozilla Firefox (3.0.6)
MP3 Rocket
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Network
Norton Security Suite
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Picasa 2
Pilot Song Book Creator
Pilot Song File Processor
Pioneer CDJ-400 Driver
PrimoPDF -- by Nitro PDF Software
PS_AIO_06_C4700_SW_Min
QuickTime
Ray Gun v1.3.5
RBC Audio Voice Tweaker Pro V3.02
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
SAMSUNG Mobile Modem Driver Set
Scan
Scratch Live 2.0.0 (20049)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shop for HP Supplies
SHOUTcast Radio Toolbar
SHOUTcast Source DSP 1.9.1 (remove only)
SmartWebPrinting
SolutionCenter
Sonic Foundry CD Architect 5.0
Sony ACID Pro 5.0
Sony Noise Reduction Plug-In 2.0e
Sony Sound Forge 9.0
Sound Blaster X-Fi Notebook
Spybot - Search & Destroy
Status
Swift Elite 4 Release 4.0
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Games
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
TweakVI
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vuze
Vuze Toolbar
Waves Diamond Bundle v5.2
Waves L3 v5.2
Waves Native Gold Bundle v3.01
WebReg
Winamp
Winamp Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Wisdom-soft Set up ScreenHunter 5.1 Free
Xfinity TV Downloads Media Manager 2.1.0.97
Xvid 1.2.2 final uninstall
Yahoo! Messenger
Yahoo! Toolbar
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/2/2011 10:41:54 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SMR210\0000 disappeared from the system without first being prepared for removal.
8/31/2011 5:30:29 PM, Error: volsnap [9] - The flush and hold writes operation on volume \\?\Volume{7282de23-e16b-11dd-aa35-806e6f6e6963} timed out while waiting for file system cleanup.
.
==== End Of File ===========================

rkunhooker log

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x91402000 C:\Windows\system32\DRIVERS\atikmdag.sys 5398528 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x83847000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x83847000 PnpManager 3907584 bytes
0x83847000 RAW 3907584 bytes
0x83847000 WMIxWDM 3907584 bytes
0x81C30000 Win32k 2113536 bytes
0x81C30000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x91E00000 C:\Windows\system32\drivers\RTKVHDA.sys 2093056 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x91A01000 C:\Windows\system32\DRIVERS\athr.sys 1888256 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x92804000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110831.002\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
0x9200B000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x8CE0A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8CC78000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9C80A000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80662000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB0A02000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xAD40D000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x91928000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8D101000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9F008000 C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x8CC07000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8078B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xAD4BD000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9E728000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x9E6CA000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110830.030\IDSvix86.sys 385024 bytes (Symantec Corporation, IDS Core Driver)
0x92134000 C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0x9F1B0000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x83F71000 C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x81E80000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8CF58000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)
0x83EC2000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9C990000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x83E19000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9F083000 C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0x80621000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D082000 C:\Windows\system32\DRIVERS\Rtlh86.sys 266240 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x91C36000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8D0C3000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9E684000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8CDAE000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAD5B5000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8CF1A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x91D61000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x9C925000 C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0x83814000 ACPI_HAL 208896 bytes
0x83814000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80759000 C:\Windows\System32\drivers\FLTMGR.SYS 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9E60D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8D199000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x91C07000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x91DA7000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8CD83000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x91D11000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9F129000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8CFAB000 C:\Windows\system32\DRIVERS\snapman.sys 163840 bytes (Acronis, Acronis Snapshot API)
0x9F188000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x83FC9000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x83E70000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91DD4000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x92984000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x91CA4000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8D001000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAD575000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x929DD000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8D1D4000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAD596000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x83F39000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9E786000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xAD52A000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x9C8F4000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9F0FE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAD547000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x91BD8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9F170000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9E7A4000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91C82000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x929BD000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB0AF6000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9E63F000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9C90F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAD560000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x91CEA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9C967000 C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0x929A9000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110831.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x91CD6000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x921AF000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0x9C97C000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x919E3000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9F15D000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9E671000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8CFE2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91D96000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80608000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x83F61000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x92190000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9F119000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x83F21000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x91CFF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x91D3B000 C:\Windows\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0x9F0EF000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8CFD3000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x83E97000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D06F000 C:\Windows\system32\DRIVERS\processr.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x91CC7000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x919D4000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x83EB3000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x81E70000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9E663000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8CDE9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83F13000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x9C959000 C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS 57344 bytes (Symantec Corporation, NDIS Filter Driver)
0x83E0B000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9F0C5000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x92127000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x91D54000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xB0AEA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x921ED000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x919C8000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9F0D2000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8D18E000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D1C9000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D1F5000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91C99000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x91C77000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8D053000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x83EA9000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x9F0E5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x83F57000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x91D4A000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9F153000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9E6C0000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xB0AE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x921C3000 C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x91BCE000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x91BF6000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB0B24000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8D02A000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x921CD000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x92187000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83FC0000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8CFF3000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9E65A000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0x81E50000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8D05E000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x929D4000 C:\Windows\System32\Drivers\UVCFTR_S.SYS 36864 bytes (Chicony Electronics Co., Ltd., UVCFTR_S.sys)
0x83E5F000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83F31000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8D022000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x80619000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9F0DD000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8D067000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x921A7000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x83E68000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x92000000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x921E4000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CFA3000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x921DD000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x921A0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80601000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB0B14000 C:\Users\REALFR~1\AppData\Local\Temp\mbr.sys 28672 bytes
0x921D6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x83F0C000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x91BF0000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x919F6000 C:\Windows\System32\Drivers\GIDv2.SYS 20480 bytes (StrikeForce Technologies, Inc., GuardedID v2 Keyboard Filter)
0x9E655000 C:\Windows\system32\DRIVERS\jswpslwf.sys 20480 bytes (Atheros Communications, Inc., Atheros Security NDIS 6.0 Filter Driver)
0x8CF53000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8D07E000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x83EA6000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x91D0F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x919FB000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 02 September 2011 - 11:30 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 silicon mud

silicon mud
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 03 September 2011 - 12:19 AM

the computer still does the previously mentioned symptoms. i also found out that all my system restore points are no longer present. Lots of dw20.exe & ie windows not able to open or proceed without a error opening

combofix log

ComboFix 11-09-02.04 - Real FRESH Ray 09/02/2011 23:44:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1838 [GMT -5:00]
Running from: c:\users\Real FRESH Ray\Desktop\virus\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Object\bhO_project.dll
c:\windows\act_apl.exe
c:\windows\admtask.exe
c:\windows\aexswdusr.exe
c:\windows\ause3.exe
c:\windows\system32\no
c:\windows\system32\no\smartfacevcp.dll.mui
c:\windows\system32\no\toscdspd.cpl.mui
c:\windows\system32\SV
c:\windows\system32\SV\smartfacevcp.dll.mui
c:\windows\system32\SV\toscdspd.cpl.mui
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\AtiCim.bin
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\AtiCimUn.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\aticd64a.sys
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\aticds10.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\AtiCIM.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\atiicdxx.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\atiicdxx.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\atiicdxx.sys
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\atiicdxx.vxd
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\atricd6a.dft
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\atricd6a.enu
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\atricdxx.dft
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\atricdxx.enu
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\EnumDev.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\BIN\UpdatPnP.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\CCC\CCC.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\CCC\setup.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\CCC\UCI_ext.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\CheckVer.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\Driver\Driver.DLL
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\Driver\Setup.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\Driver\XP_INF\B_64436\atidemgx.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\Driver\XP_INF\B_64436\atiiiexx.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\DrvUI64A.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\issetup.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\NET32\dotnetfx.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\NET32\NET32.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\NET32\setupnet.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\NET32\WindowsInstaller-KB893803-v2-x86.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\psapi.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\SBDrv\SATA\Si3112.mpd
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\SBDrv\SATA\Si3112.sys
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\SBDrv\SATA\SiiSupp.vxd
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\SBDrv\SATA\SilSupp.cpl
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\SBDrv\SATA\SiWinAcc.sys
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\SBDrv\SBDrv.dll
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\SBDrv\setup.exe
e:\recycler\S-1-5-21-746137067-573735546-839522115-1003\De17\Display Driver ATI\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 04:55 . 2011-09-03 04:55 -------- d-----w- c:\users\Real FRESH Ray\AppData\Local\temp
2011-09-03 02:31 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE2DBB39-9B18-4A69-BC0F-979D862492B4}\mpengine.dll
2011-09-01 16:37 . 2011-09-01 17:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-01 16:37 . 2011-09-01 16:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-24 16:03 . 2011-09-03 04:27 -------- d-----w- c:\users\Real FRESH Ray\AppData\Local\CrashDumps
2011-08-24 08:40 . 2011-08-24 08:40 -------- d-----w- C:\_Serato_Backup
2011-08-23 19:14 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 16:41 . 2011-09-01 14:47 -------- d-----w- c:\users\Real FRESH Ray\AppData\Local\NPE
2011-08-23 04:20 . 2011-08-23 04:20 0 ---ha-w- c:\users\Real FRESH Ray\AppData\Local\BITE85C.tmp
2011-08-22 23:38 . 2011-08-22 23:38 -------- d-----w- c:\windows\Sun
2011-08-22 11:42 . 2011-08-22 11:42 -------- d-----w- c:\users\Real FRESH Ray\AppData\Roaming\DVDFab
2011-08-22 04:06 . 2011-08-23 04:52 -------- d-----w- c:\program files\dvdfab
2011-08-22 04:04 . 2011-09-03 04:54 -------- d-----w- c:\program files\Object
2011-08-19 00:03 . 2011-08-19 00:44 -------- d-----w- c:\users\Real FRESH Ray\AppData\Roaming\HandBrake
2011-08-19 00:03 . 2011-08-19 00:03 -------- d-----w- c:\users\Real FRESH Ray\AppData\Local\HandBrake
2011-08-18 23:58 . 2011-08-18 23:58 -------- d-----w- c:\program files\Handbrake
2011-08-15 22:18 . 2011-08-15 22:18 -------- d-----w- c:\users\Missy\AppData\Roaming\WildTangent
2011-08-15 00:35 . 2011-08-15 00:35 -------- d-----w- c:\users\shorty ipod\AppData\Roaming\Winamp
2011-08-15 00:35 . 2011-08-15 00:35 -------- d-----w- c:\users\shorty ipod\AppData\Local\Adobe
2011-08-15 00:34 . 2011-08-15 00:34 -------- d-----w- c:\users\shorty ipod\AppData\Roaming\ID Vault
2011-08-15 00:34 . 2011-08-15 00:34 -------- d-----w- c:\users\shorty ipod\AppData\Local\Google
2011-08-15 00:34 . 2011-08-15 00:34 -------- d-----w- c:\users\shorty ipod\AppData\Local\SupportSoft
2011-08-09 22:10 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 22:10 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 22:10 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 22:08 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 22:08 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 22:08 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 16:43 . 2011-07-09 16:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-05 15:25 . 2011-07-05 15:25 67352 ----a-w- c:\windows\system32\GIDLogonCP.dll
2011-07-05 15:25 . 2011-07-05 15:25 66328 ----a-w- c:\windows\system32\SysEventMenu.dll
2011-07-05 15:24 . 2011-07-05 15:24 380696 ----a-w- c:\windows\system32\GIDHookLogon.dll
2011-07-05 15:24 . 2011-07-05 15:24 398608 ----a-w- c:\windows\system32\GIDHook.dll
2011-07-05 15:24 . 2011-06-23 16:37 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-07-05 15:23 . 2011-07-05 15:23 102160 ----a-w- c:\windows\system32\GIDBIN3.dll
2011-07-05 15:23 . 2011-07-05 15:23 173840 ----a-w- c:\windows\system32\GIDBIN1.dll
2011-06-17 18:28 . 2011-06-17 18:28 59715 --sh--w- c:\windows\hpc.exe
2011-06-17 18:28 . 2011-06-17 18:28 71677 --sh--w- c:\windows\lks.exe
2011-06-17 18:27 . 2011-06-17 18:27 59897 --sh--w- c:\windows\nst.exe
2011-06-17 18:25 . 2011-06-17 18:25 71678 --sh--w- c:\windows\chp.exe
2011-06-17 18:25 . 2011-06-17 18:25 66044 --sh--w- c:\windows\pst.exe
2010-09-26 21:04 . 2010-09-26 21:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-12-31 2349080]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-10-18 18:26 3908192 ----a-w- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 18:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2009-12-31 17:53 2349080 ----a-w- c:\program files\Zynga\tbZyn0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}]
2011-06-14 19:24 99912 ----a-w- c:\program files\Constant Guard Protection Suite\NativeBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-12-31 2349080]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-12-31 2349080]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-18 57344]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"NDSTray.exe"="NDSTray.exe" [BU]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-26 30192]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-07-01 94720]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2010-11-30 274608]
"Freecorder FLV Service"="c:\users\Real FRESH Ray\Documents\freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-7-18 3307080]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-4-24 98304]
Xfinity TV Downloads Media Manager.lnk - c:\program files\Xfinity TV\Xfinity TV Downloads Media Manager\MediaManager.exe [2010-7-26 453736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck msln\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys [x]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys [x]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys [x]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys [x]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys [x]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-03-12 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-12 79360]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-26 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-07-24 471296]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2010-09-30 24064]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-25 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-25 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-25 482432]
S1 GIDv2;GIDv2; [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110830.030\IDSvix86.sys [2011-08-10 368248]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-04 172032]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2011-07-18 62536]
S2 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-12-02 218432]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-25 117640]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-30 2139400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-02 105592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-25 48688]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-31 c:\windows\Tasks\At1.job
- c:\windows\nst.exe [2011-06-17 18:27]
.
2011-08-31 c:\windows\Tasks\At10.job
- c:\windows\hpc.exe [2011-06-17 18:28]
.
2011-08-31 c:\windows\Tasks\At11.job
- c:\windows\nst.exe [2011-06-17 18:27]
.
2011-08-31 c:\windows\Tasks\At12.job
- c:\windows\chp.exe [2011-06-17 18:25]
.
2011-08-31 c:\windows\Tasks\At13.job
- c:\windows\pst.exe [2011-06-17 18:25]
.
2011-08-31 c:\windows\Tasks\At14.job
- c:\windows\lks.exe [2011-06-17 18:28]
.
2011-08-31 c:\windows\Tasks\At15.job
- c:\windows\hpc.exe [2011-06-17 18:28]
.
2011-08-31 c:\windows\Tasks\At16.job
- c:\windows\nst.exe [2011-06-17 18:27]
.
2011-08-31 c:\windows\Tasks\At17.job
- c:\windows\chp.exe [2011-06-17 18:25]
.
2011-08-31 c:\windows\Tasks\At18.job
- c:\windows\pst.exe [2011-06-17 18:25]
.
2011-08-31 c:\windows\Tasks\At19.job
- c:\windows\lks.exe [2011-06-17 18:28]
.
2011-08-31 c:\windows\Tasks\At2.job
- c:\windows\chp.exe [2011-06-17 18:25]
.
2011-08-31 c:\windows\Tasks\At20.job
- c:\windows\hpc.exe [2011-06-17 18:28]
.
2011-08-31 c:\windows\Tasks\At3.job
- c:\windows\pst.exe [2011-06-17 18:25]
.
2011-08-31 c:\windows\Tasks\At4.job
- c:\windows\lks.exe [2011-06-17 18:28]
.
2011-08-31 c:\windows\Tasks\At5.job
- c:\windows\hpc.exe [2011-06-17 18:28]
.
2011-08-31 c:\windows\Tasks\At6.job
- c:\windows\nst.exe [2011-06-17 18:27]
.
2011-08-31 c:\windows\Tasks\At7.job
- c:\windows\chp.exe [2011-06-17 18:25]
.
2011-08-31 c:\windows\Tasks\At8.job
- c:\windows\pst.exe [2011-06-17 18:25]
.
2011-08-31 c:\windows\Tasks\At9.job
- c:\windows\lks.exe [2011-06-17 18:28]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:26]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:26]
.
2011-09-03 c:\windows\Tasks\User_Feed_Synchronization-{590E18E2-719F-47D0-8C1E-050841BA7DF0}.job
- c:\windows\system32\msfeedssync.exe [2011-05-03 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.xfinity.com/customer/start/?attr=self&cid=insDate06232011
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: &SHOUTcast Search - c:\programdata\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
AddRemove-AVS Image Converter_is1 - c:\program files\AVS4YOU\AVSImageConverter\unins000.exe
AddRemove-Picasa2 - c:\program files\Picasa2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-02 23:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????p?IZ???????????????8 ??`
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-02 23:58:47
ComboFix-quarantined-files.txt 2011-09-03 04:58
.
Pre-Run: 119,585,923,072 bytes free
Post-Run: 123,644,293,120 bytes free
.
- - End Of File - - 93D32978C18EC711C9A9BDBC6751B29E

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 03 September 2011 - 12:51 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\hpc.exe
c:\windows\lks.exe
c:\windows\nst.exe
c:\windows\chp.exe
c:\windows\pst.exe

Folder::
c:\program files\ConduitEngine

AtJob::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 silicon mud

silicon mud
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 03 September 2011 - 10:02 AM

here is the new log requested.. the pc seems a little smoother. a few "not responding" errors but overall, BETTER !!

NEW COMBOFIX LOG

ComboFix 11-09-02.04 - Real FRESH Ray 09/03/2011 9:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2212 [GMT -5:00]
Running from: c:\users\Real FRESH Ray\Desktop\virus\ComboFix.exe
Command switches used :: c:\users\Real FRESH Ray\Desktop\virus\CFScript.txt
AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\chp.exe"
"c:\windows\hpc.exe"
"c:\windows\lks.exe"
"c:\windows\nst.exe"
"c:\windows\pst.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\windows\chp.exe
c:\windows\dasetup.log
c:\windows\hpc.exe
c:\windows\iun6002.exe
c:\windows\jestertb.dll
c:\windows\lks.exe
c:\windows\nst.exe
c:\windows\pst.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 14:52 . 2011-09-03 14:52 -------- d-----w- c:\users\Real FRESH Ray\AppData\Local\temp
2011-09-03 14:52 . 2011-09-03 14:52 -------- d-----w- c:\users\shorty ipod\AppData\Local\temp
2011-09-03 14:52 . 2011-09-03 14:52 -------- d-----w- c:\users\Missy\AppData\Local\temp
2011-09-03 14:52 . 2011-09-03 14:52 -------- d-----w- c:\users\Fresh Almighty\AppData\Local\temp
2011-09-03 14:52 . 2011-09-03 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-03 02:31 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE2DBB39-9B18-4A69-BC0F-979D862492B4}\mpengine.dll
2011-09-01 16:37 . 2011-09-01 17:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-01 16:37 . 2011-09-01 16:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-24 16:03 . 2011-09-03 14:50 -------- d-----w- c:\users\Real FRESH Ray\AppData\Local\CrashDumps
2011-08-24 08:40 . 2011-08-24 08:40 -------- d-----w- C:\_Serato_Backup
2011-08-23 19:14 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 16:41 . 2011-09-01 14:47 -------- d-----w- c:\users\Real FRESH Ray\AppData\Local\NPE
2011-08-23 04:20 . 2011-08-23 04:20 0 ---ha-w- c:\users\Real FRESH Ray\AppData\Local\BITE85C.tmp
2011-08-22 23:38 . 2011-08-22 23:38 -------- d-----w- c:\windows\Sun
2011-08-22 11:42 . 2011-08-22 11:42 -------- d-----w- c:\users\Real FRESH Ray\AppData\Roaming\DVDFab
2011-08-22 04:06 . 2011-08-23 04:52 -------- d-----w- c:\program files\dvdfab
2011-08-22 04:04 . 2011-09-03 04:54 -------- d-----w- c:\program files\Object
2011-08-19 00:03 . 2011-08-19 00:44 -------- d-----w- c:\users\Real FRESH Ray\AppData\Roaming\HandBrake
2011-08-19 00:03 . 2011-08-19 00:03 -------- d-----w- c:\users\Real FRESH Ray\AppData\Local\HandBrake
2011-08-18 23:58 . 2011-08-18 23:58 -------- d-----w- c:\program files\Handbrake
2011-08-15 22:18 . 2011-08-15 22:18 -------- d-----w- c:\users\Missy\AppData\Roaming\WildTangent
2011-08-15 00:35 . 2011-08-15 00:35 -------- d-----w- c:\users\shorty ipod\AppData\Roaming\Winamp
2011-08-15 00:35 . 2011-08-15 00:35 -------- d-----w- c:\users\shorty ipod\AppData\Local\Adobe
2011-08-15 00:34 . 2011-08-15 00:34 -------- d-----w- c:\users\shorty ipod\AppData\Roaming\ID Vault
2011-08-15 00:34 . 2011-08-15 00:34 -------- d-----w- c:\users\shorty ipod\AppData\Local\Google
2011-08-15 00:34 . 2011-08-15 00:34 -------- d-----w- c:\users\shorty ipod\AppData\Local\SupportSoft
2011-08-09 22:10 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 22:10 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 22:10 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 22:08 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 22:08 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 22:08 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 16:43 . 2011-07-09 16:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-05 15:25 . 2011-07-05 15:25 67352 ----a-w- c:\windows\system32\GIDLogonCP.dll
2011-07-05 15:25 . 2011-07-05 15:25 66328 ----a-w- c:\windows\system32\SysEventMenu.dll
2011-07-05 15:24 . 2011-07-05 15:24 380696 ----a-w- c:\windows\system32\GIDHookLogon.dll
2011-07-05 15:24 . 2011-07-05 15:24 398608 ----a-w- c:\windows\system32\GIDHook.dll
2011-07-05 15:24 . 2011-06-23 16:37 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-07-05 15:23 . 2011-07-05 15:23 102160 ----a-w- c:\windows\system32\GIDBIN3.dll
2011-07-05 15:23 . 2011-07-05 15:23 173840 ----a-w- c:\windows\system32\GIDBIN1.dll
2010-09-26 21:04 . 2010-09-26 21:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-12-31 2349080]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-10-18 18:26 3908192 ----a-w- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-12-31 2349080]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2009-12-31 2349080]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-18 57344]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"NDSTray.exe"="NDSTray.exe" [BU]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-26 30192]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-07-01 94720]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2010-11-30 274608]
"Freecorder FLV Service"="c:\users\Real FRESH Ray\Documents\freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-8-31 3507784]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-4-24 98304]
Xfinity TV Downloads Media Manager.lnk - c:\program files\Xfinity TV\Xfinity TV Downloads Media Manager\MediaManager.exe [2010-7-26 453736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck msln\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2011-08-31 62536]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys [x]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys [x]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys [x]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys [x]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys [x]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-03-12 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-12 79360]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-26 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-07-24 471296]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2010-09-30 24064]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-25 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-25 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-25 482432]
S1 GIDv2;GIDv2; [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110830.030\IDSvix86.sys [2011-08-10 368248]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-04 172032]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-12-02 218432]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-25 117640]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-30 2139400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-02 105592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-25 48688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:26]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:26]
.
2011-09-03 c:\windows\Tasks\User_Feed_Synchronization-{590E18E2-719F-47D0-8C1E-050841BA7DF0}.job
- c:\windows\system32\msfeedssync.exe [2011-05-03 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.xfinity.com/customer/start/?attr=self&cid=insDate06232011
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: &SHOUTcast Search - c:\programdata\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
BHO-{B84CDBE7-1B46-494B-A188-01D4C52DEB61} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-SwiftElite40 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-03 09:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????p?IZ???????????????8 ??`
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-03 09:58:00
ComboFix-quarantined-files.txt 2011-09-03 14:57
ComboFix2.txt 2011-09-03 04:58
.
Pre-Run: 123,517,063,168 bytes free
Post-Run: 123,467,423,744 bytes free
.
- - End Of File - - 15DEA4B48FB636199E7AD00DC9AFE477

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 03 September 2011 - 01:14 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 silicon mud

silicon mud
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 05 September 2011 - 09:31 PM

tdss report :-) this seems to be good news...Thanks for all your help.

2011/09/05 21:28:17.0409 1300 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 21:28:19.0415 1300 ================================================================================
2011/09/05 21:28:19.0415 1300 SystemInfo:
2011/09/05 21:28:19.0415 1300
2011/09/05 21:28:19.0415 1300 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/05 21:28:19.0415 1300 Product type: Workstation
2011/09/05 21:28:19.0415 1300 ComputerName: FRESHPOD-5
2011/09/05 21:28:19.0416 1300 UserName: Real FRESH Ray
2011/09/05 21:28:19.0416 1300 Windows directory: C:\Windows
2011/09/05 21:28:19.0416 1300 System windows directory: C:\Windows
2011/09/05 21:28:19.0416 1300 Processor architecture: Intel x86
2011/09/05 21:28:19.0416 1300 Number of processors: 2
2011/09/05 21:28:19.0416 1300 Page size: 0x1000
2011/09/05 21:28:19.0416 1300 Boot type: Normal boot
2011/09/05 21:28:19.0416 1300 ================================================================================
2011/09/05 21:28:21.0290 1300 Initialize success
2011/09/05 21:28:27.0616 3344 ================================================================================
2011/09/05 21:28:27.0616 3344 Scan started
2011/09/05 21:28:27.0616 3344 Mode: Manual;
2011/09/05 21:28:27.0616 3344 ================================================================================
2011/09/05 21:28:28.0994 3344 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/05 21:28:29.0121 3344 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/05 21:28:29.0201 3344 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/05 21:28:29.0259 3344 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/05 21:28:29.0390 3344 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/05 21:28:29.0471 3344 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/05 21:28:29.0562 3344 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/09/05 21:28:29.0612 3344 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/05 21:28:29.0648 3344 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/05 21:28:29.0694 3344 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/05 21:28:29.0859 3344 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/05 21:28:29.0896 3344 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/05 21:28:29.0935 3344 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/05 21:28:29.0973 3344 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/05 21:28:30.0009 3344 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
2011/09/05 21:28:30.0051 3344 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/09/05 21:28:30.0253 3344 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/05 21:28:30.0295 3344 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/05 21:28:30.0577 3344 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 21:28:30.0658 3344 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/05 21:28:30.0786 3344 athr (d59e7a5daa08c91172e95b4f1ca6d8c3) C:\Windows\system32\DRIVERS\athr.sys
2011/09/05 21:28:30.0974 3344 atikmdag (840f85a04744ff065881333295e7fa5d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/05 21:28:31.0047 3344 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/09/05 21:28:31.0290 3344 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/05 21:28:31.0371 3344 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2011/09/05 21:28:31.0514 3344 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/05 21:28:31.0718 3344 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 21:28:31.0847 3344 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/05 21:28:31.0989 3344 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/05 21:28:32.0151 3344 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/05 21:28:32.0220 3344 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/05 21:28:32.0368 3344 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/05 21:28:32.0468 3344 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/05 21:28:32.0532 3344 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
2011/09/05 21:28:32.0646 3344 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/05 21:28:33.0250 3344 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys
2011/09/05 21:28:33.0549 3344 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 21:28:33.0711 3344 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/05 21:28:33.0977 3344 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/05 21:28:34.0167 3344 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/05 21:28:34.0278 3344 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/05 21:28:34.0387 3344 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/05 21:28:34.0548 3344 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/05 21:28:34.0682 3344 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/05 21:28:34.0782 3344 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/05 21:28:34.0923 3344 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 21:28:35.0029 3344 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/05 21:28:35.0115 3344 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/05 21:28:35.0245 3344 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/05 21:28:35.0441 3344 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/05 21:28:35.0634 3344 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 21:28:35.0886 3344 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 21:28:36.0080 3344 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/05 21:28:36.0232 3344 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/05 21:28:36.0419 3344 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/09/05 21:28:36.0666 3344 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/05 21:28:36.0924 3344 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2011/09/05 21:28:37.0118 3344 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/05 21:28:37.0230 3344 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/05 21:28:37.0512 3344 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2011/09/05 21:28:37.0861 3344 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/05 21:28:38.0022 3344 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 21:28:38.0201 3344 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 21:28:38.0418 3344 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 21:28:38.0573 3344 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 21:28:38.0748 3344 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 21:28:38.0888 3344 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 21:28:39.0109 3344 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/09/05 21:28:39.0286 3344 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 21:28:39.0440 3344 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/09/05 21:28:39.0581 3344 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/05 21:28:39.0741 3344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/05 21:28:39.0884 3344 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
2011/09/05 21:28:40.0136 3344 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/05 21:28:40.0333 3344 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/05 21:28:40.0655 3344 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/05 21:28:40.0872 3344 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/05 21:28:41.0142 3344 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/05 21:28:41.0336 3344 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/05 21:28:41.0701 3344 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 21:28:41.0984 3344 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/05 21:28:42.0191 3344 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/05 21:28:42.0436 3344 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/05 21:28:42.0699 3344 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110830.030\IDSvix86.sys
2011/09/05 21:28:42.0881 3344 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/05 21:28:43.0148 3344 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/05 21:28:43.0375 3344 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/05 21:28:43.0484 3344 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 21:28:43.0709 3344 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 21:28:44.0084 3344 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/05 21:28:44.0213 3344 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/05 21:28:44.0307 3344 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/05 21:28:44.0399 3344 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/05 21:28:44.0500 3344 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/05 21:28:44.0541 3344 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/05 21:28:44.0577 3344 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/05 21:28:44.0852 3344 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/09/05 21:28:44.0952 3344 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/05 21:28:45.0154 3344 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/05 21:28:45.0258 3344 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2011/09/05 21:28:45.0321 3344 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2011/09/05 21:28:45.0389 3344 ksaud (019e5c48240c3a6bc56de171711734c9) C:\Windows\system32\drivers\ksaud.sys
2011/09/05 21:28:45.0527 3344 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 21:28:45.0696 3344 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 21:28:45.0859 3344 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/05 21:28:46.0035 3344 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/05 21:28:46.0100 3344 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/05 21:28:46.0215 3344 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/05 21:28:46.0312 3344 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/05 21:28:46.0724 3344 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/05 21:28:47.0015 3344 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/05 21:28:47.0086 3344 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 21:28:47.0273 3344 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
2011/09/05 21:28:47.0455 3344 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
2011/09/05 21:28:47.0605 3344 motport (8f408e9ed2feb8a8b8837c380faf7ad6) C:\Windows\system32\DRIVERS\motport.sys
2011/09/05 21:28:47.0953 3344 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/05 21:28:48.0388 3344 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 21:28:48.0461 3344 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 21:28:48.0624 3344 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/05 21:28:48.0822 3344 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 21:28:49.0031 3344 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/05 21:28:49.0124 3344 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 21:28:49.0183 3344 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 21:28:49.0333 3344 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 21:28:49.0466 3344 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 21:28:49.0522 3344 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/09/05 21:28:49.0573 3344 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/05 21:28:49.0789 3344 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 21:28:49.0851 3344 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/05 21:28:49.0957 3344 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 21:28:50.0021 3344 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 21:28:50.0053 3344 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 21:28:50.0161 3344 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 21:28:50.0220 3344 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/05 21:28:50.0282 3344 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 21:28:50.0350 3344 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/05 21:28:50.0519 3344 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 21:28:50.0750 3344 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110831.002\NAVENG.SYS
2011/09/05 21:28:51.0054 3344 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110831.002\NAVEX15.SYS
2011/09/05 21:28:51.0306 3344 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/05 21:28:51.0554 3344 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 21:28:51.0849 3344 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 21:28:52.0081 3344 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 21:28:52.0261 3344 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 21:28:52.0473 3344 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 21:28:52.0729 3344 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 21:28:53.0038 3344 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/05 21:28:53.0274 3344 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 21:28:53.0511 3344 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 21:28:53.0826 3344 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 21:28:54.0071 3344 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/05 21:28:54.0297 3344 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/05 21:28:54.0587 3344 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/05 21:28:54.0780 3344 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/05 21:28:54.0934 3344 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/05 21:28:55.0488 3344 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/09/05 21:28:55.0825 3344 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/05 21:28:55.0972 3344 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 21:28:56.0158 3344 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/05 21:28:56.0308 3344 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/05 21:28:56.0504 3344 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/09/05 21:28:56.0892 3344 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/05 21:28:57.0265 3344 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/05 21:28:57.0577 3344 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 21:28:57.0849 3344 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/09/05 21:28:57.0957 3344 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 21:28:58.0228 3344 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/05 21:28:58.0586 3344 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/05 21:28:58.0961 3344 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/05 21:28:59.0251 3344 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 21:28:59.0617 3344 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 21:29:00.0012 3344 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 21:29:00.0487 3344 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 21:29:00.0913 3344 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 21:29:01.0381 3344 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 21:29:01.0604 3344 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 21:29:02.0139 3344 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/05 21:29:02.0279 3344 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 21:29:02.0430 3344 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 21:29:02.0713 3344 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 21:29:02.0967 3344 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/09/05 21:29:03.0293 3344 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
2011/09/05 21:29:03.0534 3344 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/05 21:29:03.0833 3344 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 21:29:04.0068 3344 SeratoUsb (fb2d6ff234f5d8d6a1477fb4dc5daf82) C:\Windows\system32\Drivers\SeratoUsb.sys
2011/09/05 21:29:04.0202 3344 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/05 21:29:04.0467 3344 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/05 21:29:04.0723 3344 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/05 21:29:04.0970 3344 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/05 21:29:05.0027 3344 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/05 21:29:05.0275 3344 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/05 21:29:05.0322 3344 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/05 21:29:05.0425 3344 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/05 21:29:05.0600 3344 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/05 21:29:05.0748 3344 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/05 21:29:05.0896 3344 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 21:29:05.0993 3344 snapman (bd3863c139f3380a9f44fb188feefc6e) C:\Windows\system32\DRIVERS\snapman.sys
2011/09/05 21:29:06.0100 3344 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/05 21:29:06.0306 3344 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS
2011/09/05 21:29:06.0491 3344 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS
2011/09/05 21:29:06.0597 3344 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 21:29:06.0702 3344 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 21:29:06.0808 3344 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 21:29:07.0086 3344 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/09/05 21:29:07.0283 3344 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/09/05 21:29:07.0491 3344 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/09/05 21:29:07.0723 3344 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\Windows\system32\DRIVERS\sscdserd.sys
2011/09/05 21:29:07.0909 3344 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/09/05 21:29:08.0171 3344 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
2011/09/05 21:29:08.0569 3344 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/05 21:29:09.0210 3344 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/05 21:29:10.0068 3344 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS
2011/09/05 21:29:10.0638 3344 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/09/05 21:29:11.0151 3344 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS
2011/09/05 21:29:11.0690 3344 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/09/05 21:29:12.0062 3344 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
2011/09/05 21:29:12.0608 3344 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2011/09/05 21:29:12.0820 3344 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/05 21:29:13.0042 3344 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/05 21:29:13.0186 3344 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/05 21:29:13.0525 3344 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 21:29:13.0925 3344 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 21:29:14.0182 3344 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 21:29:14.0390 3344 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/09/05 21:29:14.0648 3344 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 21:29:14.0880 3344 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 21:29:15.0091 3344 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 21:29:15.0189 3344 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/05 21:29:15.0504 3344 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/09/05 21:29:15.0766 3344 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 21:29:15.0908 3344 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/05 21:29:16.0118 3344 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 21:29:16.0366 3344 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/09/05 21:29:16.0636 3344 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/05 21:29:16.0793 3344 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 21:29:17.0024 3344 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/05 21:29:17.0118 3344 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/05 21:29:17.0208 3344 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/05 21:29:17.0331 3344 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/05 21:29:17.0550 3344 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/05 21:29:17.0711 3344 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/05 21:29:17.0965 3344 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/09/05 21:29:18.0124 3344 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/05 21:29:18.0271 3344 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/05 21:29:18.0452 3344 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 21:29:18.0628 3344 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 21:29:18.0858 3344 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/05 21:29:19.0071 3344 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/05 21:29:19.0326 3344 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/05 21:29:19.0578 3344 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/05 21:29:19.0725 3344 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/05 21:29:20.0042 3344 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/05 21:29:20.0276 3344 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/05 21:29:20.0540 3344 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/09/05 21:29:20.0754 3344 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 21:29:20.0958 3344 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/05 21:29:21.0125 3344 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/05 21:29:21.0251 3344 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/05 21:29:21.0659 3344 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/05 21:29:22.0157 3344 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/05 21:29:22.0584 3344 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 21:29:23.0134 3344 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/05 21:29:23.0602 3344 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/05 21:29:24.0132 3344 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/05 21:29:24.0698 3344 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 21:29:24.0734 3344 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 21:29:25.0710 3344 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/05 21:29:25.0957 3344 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/09/05 21:29:26.0203 3344 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 21:29:26.0507 3344 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/05 21:29:26.0629 3344 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 21:29:26.0837 3344 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 21:29:26.0943 3344 MBR (0x1B8) (d1ad4c53eadd115593e05fa56d6b9dea) \Device\Harddisk0\DR0
2011/09/05 21:29:27.0007 3344 Boot (0x1200) (f2cc9711e6fddb1b985cc446a06b5412) \Device\Harddisk0\DR0\Partition0
2011/09/05 21:29:27.0049 3344 Boot (0x1200) (22e998fdbbad2e2549e0cb3d1dcfbc0e) \Device\Harddisk0\DR0\Partition1
2011/09/05 21:29:27.0057 3344 ================================================================================
2011/09/05 21:29:27.0058 3344 Scan finished
2011/09/05 21:29:27.0058 3344 ================================================================================
2011/09/05 21:29:27.0084 5920 Detected object count: 0
2011/09/05 21:29:27.0084 5920 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 06 September 2011 - 08:40 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 silicon mud

silicon mud
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 07 September 2011 - 06:31 PM

here is the olt results as requested :

OTL logfile created on: 9/7/2011 6:13:53 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Real FRESH Ray\Desktop\virus
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 49.97% Memory free
7.19 Gb Paging File | 5.20 Gb Available in Paging File | 72.26% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.26 Gb Total Space | 118.57 Gb Free Space | 39.75% Space Free | Partition Type: NTFS
Drive E: | 166.45 Gb Total Space | 147.28 Gb Free Space | 88.48% Space Free | Partition Type: NTFS

Computer Name: FRESHPOD-5 | User Name: Real FRESH Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Real FRESH Ray\Desktop\virus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
PRC - C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\SFT\GuardedID\GIDD.exe (StrikeForce Technologies Inc.)
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe (Motorola)
PRC - C:\Program Files\Xfinity TV\Xfinity TV Downloads Media Manager\MediaManager.exe (thePlatform Inc.)
PRC - C:\Program Files\Xfinity TV\Xfinity TV Downloads Media Manager\DownloadManager.exe ()
PRC - C:\Users\Real FRESH Ray\Documents\freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\TOSHIBA\IVP\ISM\pinger.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\fa1ca040b93a3e4675311b4efcff91cc\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\798dad8e1b1dae489aa30b4341bcdba7\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\21c45e88bbc379aaed3baadd0bd14a8b\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9ea6cff5cccb649eb8ad7cc6e3f03c88\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca54e016986a14796591228eaa80cce1\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\64e6bc21d6554252e53e87c04a70a04d\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\811f6e7fa8d47ab2fcb98cb91df4774d\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a6485a160959fbed092dc2ddbed3509e\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\Xfinity TV\Xfinity TV Downloads Media Manager\DownloadManager.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3595.17931__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3595.17935__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3595.17950__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3595.17822__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3595.17843__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3595.17838__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3595.17832__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3595.17931__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3595.17931__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3595.17918__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3595.17898__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3595.17832__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3595.17878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3595.17868__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3595.17919__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3595.17883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3595.17918__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3595.17884__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3595.17883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3595.17917__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3595.17871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3595.17892__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3595.17844__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3595.17870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3595.17875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3595.17946__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3595.17844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3595.17849__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3595.17875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3595.17848__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3595.17869__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3595.17877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3595.17869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3595.17869__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3595.17877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3586.20615__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3586.20610__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3586.20627__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3586.20645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3586.20643__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3586.20625__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3586.20643__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3586.20597__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3586.20598__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3586.20661__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3586.20623__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3586.20631__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3586.20608__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3586.20602__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3586.20620__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3586.20619__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3586.20609__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3586.20616__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3586.20632__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3586.20621__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3586.20634__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3586.20641__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3586.20640__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3586.20621__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3586.20634__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3586.20623__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3586.20619__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3586.20632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3586.20631__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3586.20633__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3586.20625__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3586.20633__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3586.20621__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3586.20614__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3586.20624__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3595.17944__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3595.17924__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3586.20615__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3595.17819__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3595.17837__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3595.17913__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3595.17911__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3586.20612__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3586.20605__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3586.20622__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3586.20614__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3586.20620__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3595.17907__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3595.17821__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3595.17819__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3586.20627__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3586.20623__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3595.17828__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3595.17817__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3586.20618__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3586.20635__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3595.17912__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3595.17818__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\System32\EasyHook32.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (IDVaultSvc) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (OS Selector) -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (MotoHelper.exe) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe (Motorola)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110831.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110831.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110830.030\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GIDv2) -- C:\Windows\System32\drivers\gidv2.sys (StrikeForce Technologies, Inc.)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (SeratoUsb) -- C:\Windows\System32\drivers\SeratoUsb.sys (Cristalink Ltd)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/customer/start/?attr=self&cid=insDate06232011
IE - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Real FRESH Ray\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Real FRESH Ray\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Real FRESH Ray\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/29 17:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/04 23:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/08/21 23:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/30 09:40:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 19:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Real FRESH Ray\AppData\Roaming\Move Networks [2011/05/07 16:19:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/04 23:05:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/08/21 23:04:31 | 000,000,000 | ---D | M]

[2009/08/19 00:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Real FRESH Ray\AppData\Roaming\Mozilla\Firefox\extensions
[2009/08/19 00:53:37 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Real FRESH Ray\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/09/07 17:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/09/03 09:52:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Users\Real FRESH Ray\Documents\freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1063116495-4114681664-2467881189-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0F31E43-512B-499E-AAA1-E7828F7C5D43}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fresh Almighty\Pictures\graphic-art-bug-wallpapers_7218_1600x1200.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fresh Almighty\Pictures\graphic-art-bug-wallpapers_7218_1600x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck msln) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 21:20:55 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\Desktop\sept 2011
[2011/09/04 02:19:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/04 02:19:24 | 000,000,000 | ---D | C] -- C:\_Serato_Backup
[2011/09/03 09:58:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/03 09:58:04 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\AppData\Local\temp
[2011/09/02 23:42:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/02 23:42:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/02 23:42:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/02 23:42:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/02 23:40:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/02 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\Desktop\virus
[2011/09/01 11:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/01 11:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/01 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/31 21:12:34 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\Documents\fantasy football
[2011/08/27 10:02:59 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\Desktop\luau
[2011/08/24 11:03:22 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\AppData\Local\CrashDumps
[2011/08/23 14:14:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/23 11:41:54 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\AppData\Local\NPE
[2011/08/22 18:38:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/22 06:42:13 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\AppData\Roaming\DVDFab
[2011/08/21 23:18:47 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\Documents\DVDFab
[2011/08/21 23:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2011/08/21 23:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\dvdfab
[2011/08/21 23:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/08/18 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\Documents\phone flicks
[2011/08/18 19:03:07 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\AppData\Roaming\HandBrake
[2011/08/18 19:03:07 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\AppData\Local\HandBrake
[2011/08/18 18:58:06 | 000,000,000 | ---D | C] -- C:\Users\Real FRESH Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/08/18 18:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/08/18 18:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2011/08/10 11:17:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 11:17:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 11:17:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/10 11:17:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/10 11:17:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/09 17:10:25 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/09 17:08:52 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/09 17:08:51 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Real FRESH Ray\AppData\Local\*.tmp files -> C:\Users\Real FRESH Ray\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 18:24:00 | 000,000,464 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{590E18E2-719F-47D0-8C1E-050841BA7DF0}.job
[2011/09/07 17:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/07 17:23:28 | 000,660,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/07 17:23:28 | 000,127,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/07 17:18:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/07 17:17:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 17:17:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 17:17:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/06 21:26:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/03 09:52:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/03 09:28:48 | 000,002,071 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2011/09/03 09:28:47 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2011/09/02 23:00:05 | 000,000,000 | ---- | M] () -- C:\Users\Real FRESH Ray\defogger_reenable
[2011/09/01 09:44:33 | 000,001,356 | ---- | M] () -- C:\Users\Real FRESH Ray\AppData\Local\d3d9caps.dat
[2011/09/01 03:24:44 | 000,396,131 | ---- | M] () -- C:\Users\Real FRESH Ray\AppData\Local\census.cache
[2011/09/01 03:24:23 | 000,000,000 | ---- | M] () -- C:\Users\Real FRESH Ray\AppData\Local\ars.cache
[2011/08/31 22:18:54 | 000,000,036 | ---- | M] () -- C:\Users\Real FRESH Ray\AppData\Local\housecall.guid.cache
[2011/08/26 21:03:30 | 101,116,900 | ---- | M] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011 pt 2.mp3
[2011/08/23 22:04:00 | 066,292,038 | ---- | M] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011.mp3
[2011/08/23 12:33:31 | 000,294,216 | ---- | M] () -- C:\Users\Real FRESH Ray\Desktop\gmer.zip
[2011/08/23 11:46:07 | 001,038,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/22 23:23:26 | 350,948,676 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/22 23:20:44 | 000,000,000 | ---- | M] () -- C:\Users\Real FRESH Ray\AppData\Local\{A61F6296-D493-432F-85AC-5D3524E924CD}
[2011/08/18 18:58:06 | 000,000,797 | ---- | M] () -- C:\Users\Real FRESH Ray\Desktop\Handbrake.lnk
[2011/08/18 15:52:09 | 005,787,608 | ---- | M] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011 pt 2.mp3.sfk
[2011/08/18 15:52:07 | 000,005,496 | ---- | M] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011 pt 2.cdp
[2011/08/17 13:17:19 | 000,001,940 | ---- | M] () -- C:\Users\Real FRESH Ray\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/08/16 20:16:41 | 039,368,064 | ---- | M] () -- C:\Users\Real FRESH Ray\Desktop\DJ 33 - Live on 107.5 WGCI Rush Hour Mix 8-8-11.mp3
[2011/08/13 01:24:52 | 000,948,616 | ---- | M] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011.mp3.sfk
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Real FRESH Ray\AppData\Local\*.tmp files -> C:\Users\Real FRESH Ray\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/02 23:42:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/02 23:42:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/02 23:42:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/02 23:42:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/02 23:42:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/02 23:00:05 | 000,000,000 | ---- | C] () -- C:\Users\Real FRESH Ray\defogger_reenable
[2011/09/01 03:24:44 | 000,396,131 | ---- | C] () -- C:\Users\Real FRESH Ray\AppData\Local\census.cache
[2011/09/01 03:24:23 | 000,000,000 | ---- | C] () -- C:\Users\Real FRESH Ray\AppData\Local\ars.cache
[2011/08/31 22:18:54 | 000,000,036 | ---- | C] () -- C:\Users\Real FRESH Ray\AppData\Local\housecall.guid.cache
[2011/08/23 12:33:30 | 000,294,216 | ---- | C] () -- C:\Users\Real FRESH Ray\Desktop\gmer.zip
[2011/08/22 23:20:26 | 000,000,000 | ---- | C] () -- C:\Users\Real FRESH Ray\AppData\Local\{A61F6296-D493-432F-85AC-5D3524E924CD}
[2011/08/18 18:58:06 | 000,000,797 | ---- | C] () -- C:\Users\Real FRESH Ray\Desktop\Handbrake.lnk
[2011/08/18 15:52:07 | 000,005,496 | ---- | C] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011 pt 2.cdp
[2011/08/18 15:41:50 | 005,787,608 | ---- | C] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011 pt 2.mp3.sfk
[2011/08/18 10:08:32 | 101,116,900 | ---- | C] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011 pt 2.mp3
[2011/08/16 20:15:52 | 039,368,064 | ---- | C] () -- C:\Users\Real FRESH Ray\Desktop\DJ 33 - Live on 107.5 WGCI Rush Hour Mix 8-8-11.mp3
[2011/08/13 01:20:43 | 000,948,616 | ---- | C] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011.mp3.sfk
[2011/08/13 00:54:21 | 066,292,038 | ---- | C] () -- C:\Users\Real FRESH Ray\Desktop\hip mix 8 2011.mp3
[2011/05/26 21:42:12 | 000,001,940 | ---- | C] () -- C:\Users\Real FRESH Ray\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/02/20 11:10:35 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2011/02/14 14:46:03 | 000,037,888 | ---- | C] () -- C:\Windows\System32\setupnt.dll
[2011/02/04 10:59:35 | 000,001,466 | ---- | C] () -- C:\Windows\X3D.INI
[2011/01/30 23:11:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/04 22:35:24 | 000,193,197 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/10/09 09:15:28 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/09/02 14:38:34 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/02 14:38:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/31 20:28:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\APmpg4v1.dll
[2010/03/20 14:07:35 | 000,520,267 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2010/03/07 21:36:10 | 001,692,288 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/03/07 21:36:10 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/03/07 21:36:09 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/03/07 21:36:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/03/07 21:36:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/02/23 12:36:39 | 000,012,288 | ---- | C] () -- C:\Windows\System32\Hlinkprx.dll
[2010/02/20 13:07:30 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/02/04 00:20:10 | 000,040,352 | ---- | C] () -- C:\Windows\System32\drivers\Usbkey.sys
[2010/02/04 00:20:03 | 000,077,824 | ---- | C] () -- C:\Windows\System32\NWKL2_32.DLL
[2010/02/04 00:20:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\KL2DLL32.DLL
[2010/02/04 00:20:03 | 000,024,136 | ---- | C] () -- C:\Windows\System32\ppmon.exe
[2010/02/04 00:20:03 | 000,012,480 | ---- | C] () -- C:\Windows\System32\KL2N.DLL
[2010/02/04 00:20:03 | 000,008,968 | ---- | C] () -- C:\Windows\System32\KL2DLL.DLL
[2010/02/04 00:20:03 | 000,007,440 | ---- | C] () -- C:\Windows\System32\ppmon.dll
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/20 21:54:31 | 000,148,891 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/11/20 21:53:42 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/09/18 11:57:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 11:57:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/01 15:55:54 | 000,195,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/12 15:32:16 | 000,104,456 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2009/06/11 05:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/05/17 13:59:25 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/05/09 22:04:07 | 000,001,356 | ---- | C] () -- C:\Users\Real FRESH Ray\AppData\Local\d3d9caps.dat
[2009/04/14 19:40:13 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/04/10 23:18:29 | 000,000,102 | ---- | C] () -- C:\Users\Real FRESH Ray\AppData\Local\fusioncache.dat
[2009/04/06 22:22:12 | 000,098,304 | ---- | C] () -- C:\Users\Real FRESH Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/25 00:39:42 | 000,002,878 | ---- | C] () -- C:\Windows\checkip.dat
[2009/03/11 21:11:26 | 000,127,488 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/03/11 21:11:26 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/03/11 21:09:53 | 000,022,350 | R--- | C] () -- C:\Windows\System32\kschimp.ini
[2009/03/11 21:09:34 | 000,000,500 | ---- | C] () -- C:\ProgramData\CfgVivoWireless.ini
[2009/03/11 21:09:33 | 000,028,234 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2009/03/11 21:09:33 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/02/07 15:28:20 | 000,000,020 | ---- | C] () -- C:\Windows\SN.ini
[2009/02/04 18:59:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/04 18:07:43 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/02/04 18:07:41 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/01/13 06:59:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/13 06:54:19 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/01/13 06:54:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/01/13 06:54:19 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/01/13 06:54:19 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/05/05 13:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/05 04:49:37 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/05/05 04:49:37 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/05/04 11:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/04/24 21:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 21:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 21:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 21:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 21:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 21:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/04/23 00:35:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/04 22:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,038,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,660,736 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,127,748 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 08 September 2011 - 07:51 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O34 - HKLM BootExecute: (autocheck msln) - File not found 
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 silicon mud

silicon mud
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 September 2011 - 06:34 PM

here is the requested report. this process took almost 20 minutes, if thats normal. seemedto be doing alot of things.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck msln deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Real FRESH Ray\Desktop\virus\cmd.bat deleted successfully.
C:\Users\Real FRESH Ray\Desktop\virus\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fresh Almighty
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 536 bytes
->FireFox cache emptied: 53975095 bytes
->Flash cache emptied: 18898 bytes

User: Missy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2875255109 bytes
->Java cache emptied: 2239918 bytes
->Flash cache emptied: 57338 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ray
->Temp folder emptied: 0 bytes

User: Real FRESH Ray
->Temp folder emptied: 3271811 bytes
->Temporary Internet Files folder emptied: 15604311364 bytes
->Java cache emptied: 1886976 bytes
->Flash cache emptied: 57080 bytes

User: shorty ipod
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56816 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2908160 bytes
%systemroot%\System32\drivers .tmp files removed: 82464 bytes
Windows Temp folder emptied: 13984463 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 120266 bytes

Total Files Cleaned = 17,699.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fresh Almighty
->Flash cache emptied: 0 bytes

User: Missy
->Flash cache emptied: 0 bytes

User: Public

User: Ray

User: Real FRESH Ray
->Flash cache emptied: 0 bytes

User: shorty ipod
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09082011_175352

Files\Folders moved on Reboot...
File\Folder C:\Users\Real FRESH Ray\AppData\Local\Temp\Low\hsperfdata_Real FRESH Ray\6968 not found!
C:\Users\Real FRESH Ray\AppData\Local\Temp\Low\jar_cache27206.tmp moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBPEY6HI\blankHistory[2].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PMNYV89Z\msgviewAds[1] moved successfully.
File\Folder C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PMNYV89Z\overviewAds[1].htm not found!
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MW8MILL9\local-page[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MW8MILL9\search[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MW8MILL9\xpbar[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HSXFOAX7\adServer[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HSXFOAX7\click[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F9W7TWX0\15bb_football_cbssports_com[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DEFFJX4O\DtCol[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DEFFJX4O\getInPage[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5VSVF9E0\index[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2L4XQTF4\overviewAds[1].htm moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Real FRESH Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\JETE407.tmp not found!

Registry entries deleted on Reboot...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 PM

Posted 08 September 2011 - 06:43 PM

How are things running at this time?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users