Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with redirecting/update blocking pest


  • This topic is locked This topic is locked
42 replies to this topic

#1 uziyah

uziyah

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Texas, USA
  • Local time:03:34 AM

Posted 13 September 2011 - 03:34 PM

Howdy Geeks,
Thanks so kindly for this fantastic site and for your humble assistance. Budapest helped me a couple of years ago and he was both articulate in his instruction and patient with my ignorance. With SIX users on this 9 year old Dell 4550 it is a wonder we manage to stay clean at all. Please help restore our Homeschooling Computer. IE8 responding very slowly and freezing up, i see redirect when opening internet files, Norton AV does not always load and sometimes a Warning that firewall is disabled.

Logs:.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by don at 14:29:01 on 2011-09-13
Microsoft Windows XP Professional 5.1.2600.3.1257.372.1033.18.511.197 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Airstream Web Accelerator\slipcore.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Airstream Web Accelerator\slipgui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.airmail.net/src/myportal.php
uWindow Title = Microsoft Internet Explorer
mWindow Title = Microsoft Internet Explorer
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\airstream web accelerator\PBHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SlipStream] "c:\program files\airstream web accelerator\slipcore.exe"
StartupFolder: c:\documents and settings\don\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airstr~1.lnk - c:\program files\airstream web accelerator\slipgui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} - hxxp://cdn.ll.neoedge.com/webgames/TastyPlanet/tastyplanet.1.0.0.4.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://cdn.ll.neoedge.com/webgames/MysteryofSharkIsland/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182996732125
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX25.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - hxxp://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} - hxxp://www.zoomify.com/download/zoomify305.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-2-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110912.030\IDSXpx86.sys [2011-9-13 356280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 WINDDX;WINDDX;c:\windows\system32\drivers\winddx.sys [2004-7-14 14976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-2 105592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110913.002\NAVENG.SYS [2011-9-13 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110913.002\NAVEX15.SYS [2011-9-13 1576312]
R3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2003-7-2 129535]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-9 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-9 136176]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-4-13 366736]
.
=============== Created Last 30 ================
.
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-25 21:01:36 -------- d-----w- c:\documents and settings\all users\application data\MumboJumbo
2011-08-25 12:38:48 -------- d-----w- c:\program files\MSECache
2011-08-25 12:22:55 38808920 ----a-w- C:\FileFormatConverters.exe
.
==================== Find3M ====================
.
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-20 21:53:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-03-07 21:42:55 3876864 ----a-w- c:\program files\icytower15_install.exe
.
============= FINISH: 14:32:20.29 ===============
Thanks again, uziyah

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 19 September 2011 - 11:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418841 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 uziyah

uziyah
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Texas, USA
  • Local time:03:34 AM

Posted 21 September 2011 - 12:49 PM

Howdy,
Having disabled CD emulation and TeaTimer in our four logons proceeded with downloads and creating logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by don at 10:44:43 on 2011-09-21
Microsoft Windows XP Professional 5.1.2600.3.1257.372.1033.18.511.81 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Airstream Web Accelerator\slipcore.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Airstream Web Accelerator\slipgui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.airmail.net/src/myportal.php
uWindow Title = Microsoft Internet Explorer
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyServer = http=127.0.0.1:5402
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5402;*update.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;update.adobe.com;localhost;www.007guard.com;007guard.com;008i.com;www.008k.com;008k.com;www.00hq.com;00hq.com;010402.com;www.032439.com;032439.com;www.0scan.com;0scan.com;1000gratisproben.com;www.1000gratisproben.com;1001namen.com;www.1001namen.com;100888290cs.com;www.100888290cs.com;www.100sexlinks.com;100sexlinks.com;10sek.com;www.10sek.com;www.1-2005-search.com;1-2005-search.com;123fporn.info;www.123fporn.info;123haustiereundmehr.com;www.123haustiereundmehr.com;www.123moviedownload.com;123moviedownload.com;123simsen.com;www.123simsen.com;123topsearch.com;www.123topsearch.com;125sms.co.uk;www.125sms.co.uk;125sms.com;www.125sms.com;132.com;www.132.com;www.1337crew.info;1337crew.info;www.1337-crew.to;1337-crew.to;136136.net;www.136136.net;150freesms.de;www.150freesms.de;163ns.com;www.163ns.com;171203.com;17concepts.info;www.17concepts.info;17-plus.com;1800searchonline.com;www.1800searchonline.com;www.180searchassistant.com;180searchassistant.com;180solutions.com;www.180solutions.com;www.181.365soft.info;181.365soft.info
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\airstream web accelerator\PBHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SlipStream] "c:\program files\airstream web accelerator\slipcore.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\documents and settings\don\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airstr~1.lnk - c:\program files\airstream web accelerator\slipgui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Show All Original Images - c:\program files\airstream web accelerator\gui_resource.dll/327
IE: Show Original Image - c:\program files\airstream web accelerator\gui_resource.dll/328
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-2-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110917.033\IDSXpx86.sys [2011-9-19 356280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-2-4 117640]
R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\seagate replica\bin\Seagate-Replica-Service.exe [2011-7-14 1818624]
R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\seagate replica\bin\Seagate-Replica-SysMon.exe [2011-7-14 78288]
R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2011-9-19 86656]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2011-9-19 28928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-2 105592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110920.032\NAVENG.SYS [2011-9-21 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110920.032\NAVEX15.SYS [2011-9-21 1576312]
S2 WINDDX;WINDDX;\??\c:\windows\system32\drivers\winddx.sys --> c:\windows\system32\drivers\WINDDX.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-4-13 366736]
.
=============== Created Last 30 ================
.
2011-09-19 23:34:34 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-09-19 23:34:34 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2011-09-19 23:16:47 -------- d-----w- c:\program files\Netwaiting
2011-09-19 23:16:47 -------- d-----w- c:\documents and settings\don\local settings\application data\BVRP Software
2011-09-19 23:13:48 212992 ----a-w- c:\windows\system32\UCI32C19.dll
2011-09-19 23:13:48 147456 ----a-w- c:\windows\system32\TAP32C03.dll
2011-09-19 23:13:47 94208 ----a-w- c:\windows\system32\ACFSDK32.dll
2011-09-19 23:13:47 86656 ----a-w- c:\windows\system32\drivers\ACFVA32.sys
2011-09-19 23:13:47 28928 ----a-w- c:\windows\system32\drivers\ACFDCP32.sys
2011-09-19 23:13:47 12672 ----a-w- c:\windows\system32\drivers\ACFSDK32.sys
2011-09-19 23:13:46 -------- d-----w- c:\program files\CONEXANT
2011-09-14 23:25:29 73796 ----a-w- c:\windows\system32\slserv.exe
2011-09-14 23:25:29 73796 ----a-w- c:\windows\system32\dllcache\slserv.exe
2011-09-14 23:25:26 32866 ----a-w- c:\windows\system32\dllcache\slrundll.exe
2011-09-14 23:25:26 32866 ----a-w- c:\windows\slrundll.exe
2011-09-14 23:25:25 188508 ----a-w- c:\windows\system32\slgen.dll
2011-09-14 23:25:25 188508 ----a-w- c:\windows\system32\dllcache\slgen.dll
2011-09-14 23:25:23 286792 ----a-w- c:\windows\system32\slextspk.dll
2011-09-14 23:25:23 286792 ----a-w- c:\windows\system32\dllcache\slextspk.dll
2011-09-14 23:25:01 73832 ----a-w- c:\windows\system32\slcoinst.dll
2011-09-14 23:25:01 73832 ----a-w- c:\windows\system32\dllcache\slcoinst.dll
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-25 21:01:36 -------- d-----w- c:\documents and settings\all users\application data\MumboJumbo
2011-08-25 12:38:48 -------- d-----w- c:\program files\MSECache
2011-08-25 12:22:55 38808920 ----a-w- C:\FileFormatConverters.exe
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-20 21:53:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-07 21:42:55 3876864 ----a-w- c:\program files\icytower15_install.exe
.
============= FINISH: 10:47:39.07 ===============
Downloaded GMER and after unchecking proper boxes ran program. Dreaded blue screen again. Rebooted, dis-abled Norton AV and ran scan again while not connected to the internet...blue screen again.Reboted again and opened in Safe mode, only two lines on the program page and the scan would not run......what next Captain? uziyah Sorry, needed to add that I DO have all the disks that came with this system.

Attached Files


Edited by uziyah, 21 September 2011 - 01:01 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 21 September 2011 - 12:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 uziyah

uziyah
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Texas, USA
  • Local time:03:34 AM

Posted 21 September 2011 - 03:53 PM

Gringo,
Downloaded ComboFix, closed browser, disabled Norton AV, began running ComboFix. Window appears with: ComboFix preparing to run. Attempting to create new system restore point. Backing up registry begins with 11 files saved. Scanning begins with timeframe expectations info followed with a few seconds by:( T was unexpected at this time.) Nothing moves in the window for 45 minutes. I close the window and rerun Combo...same dialog...close window agian to reboot and get the dreaded blue screen again...memory dump...thanks for your patience...what's next? uziyah

Update: deleted and downloaded fresh copy of Combo, disconnected internet, disabled Norton AV, ran the fix and encountered same dialog in window(T was unexpected at this time). I did notice that when cf is loading that the files seem to stop loading when the bar graph is only half way across and then the bars work they way to the end but no further files are added in the program list, uziyah

Edited by uziyah, 21 September 2011 - 07:45 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 21 September 2011 - 09:12 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 uziyah

uziyah
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Texas, USA
  • Local time:03:34 AM

Posted 21 September 2011 - 10:36 PM

Disabled NAV, booted in safe mode, ran CF and got same message:(T was unexpected at this time)..fix did not run...thanks for your time...what now? Shouldn't I see activity in the CF window when the fix is running?

Edited by uziyah, 21 September 2011 - 10:51 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 22 September 2011 - 07:39 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 uziyah

uziyah
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Texas, USA
  • Local time:03:34 AM

Posted 22 September 2011 - 09:24 AM

:crazy: nothing?
2011/09/22 09:15:10.0640 0344 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 09:15:12.0687 0344

================================================================================
2011/09/22 09:15:12.0687 0344 SystemInfo:
2011/09/22 09:15:12.0687 0344
2011/09/22 09:15:12.0687 0344 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/22 09:15:12.0687 0344 Product type: Workstation
2011/09/22 09:15:12.0687 0344 ComputerName: DONTEAGUESERVIC
2011/09/22 09:15:12.0687 0344 UserName: don
2011/09/22 09:15:12.0687 0344 Windows directory: C:\WINDOWS
2011/09/22 09:15:12.0687 0344 System windows directory: C:\WINDOWS
2011/09/22 09:15:12.0687 0344 Processor architecture: Intel x86
2011/09/22 09:15:12.0718 0344 Number of processors: 1
2011/09/22 09:15:12.0718 0344 Page size: 0x1000
2011/09/22 09:15:12.0718 0344 Boot type: Normal boot
2011/09/22 09:15:12.0718 0344

================================================================================
2011/09/22 09:15:15.0062 0344 Initialize success
2011/09/22 09:15:23.0984 2448

================================================================================
2011/09/22 09:15:23.0984 2448 Scan started
2011/09/22 09:15:23.0984 2448 Mode: Manual;
2011/09/22 09:15:23.0984 2448

================================================================================
2011/09/22 09:15:25.0140 2448 abp480n5 (6abb91494fe6c59089b9336452ab2ea3)

C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/09/22 09:15:25.0640 2448 acfva (426b4845468b690cfeeb268488d3aa0b)

C:\WINDOWS\system32\DRIVERS\ACFVA32.sys
2011/09/22 09:15:26.0156 2448 ACPI (8fd99680a539792a30e97944fdaecf17)

C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/22 09:15:26.0921 2448 ACPIEC (9859c0f6936e723e4892d7141b1327d5)

C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/22 09:15:27.0468 2448 adpu160m (9a11864873da202c996558b2106b0bbc)

C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/09/22 09:15:28.0343 2448 aeaudio (11c04b17ed2abbb4833694bcd644ac90)

C:\WINDOWS\system32\drivers\aeaudio.sys
2011/09/22 09:15:28.0828 2448 aec (8bed39e3c35d6a489438b8141717a557)

C:\WINDOWS\system32\drivers\aec.sys
2011/09/22 09:15:29.0484 2448 AFD (355556d9e580915118cd7ef736653a89)

C:\WINDOWS\System32\drivers\afd.sys
2011/09/22 09:15:30.0031 2448 agp440 (08fd04aa961bdc77fb983f328334e3d7)

C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/22 09:15:30.0593 2448 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063)

C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/09/22 09:15:31.0109 2448 Aha154x (c23ea9b5f46c7f7910db3eab648ff013)

C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/09/22 09:15:31.0703 2448 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529)

C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/09/22 09:15:32.0156 2448 aic78xx (b7fe594a7468aa0132deb03fb8e34326)

C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/09/22 09:15:32.0828 2448 AliIde (1140ab9938809700b46bb88e46d72a96)

C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/09/22 09:15:33.0218 2448 alim1541 (cb08aed0de2dd889a8a820cd8082d83c)

C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/09/22 09:15:33.0718 2448 amdagp (95b4fb835e28aa1336ceeb07fd5b9398)

C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/09/22 09:15:34.0250 2448 amsint (79f5add8d24bd6893f2903a3e2f3fad6)

C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/09/22 09:15:34.0828 2448 asc (62d318e9a0c8fc9b780008e724283707)

C:\WINDOWS\System32\DRIVERS\asc.sys
2011/09/22 09:15:35.0296 2448 asc3350p (69eb0cc7714b32896ccbfd5edcbea447)

C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/09/22 09:15:35.0718 2448 asc3550 (5d8de112aa0254b907861e9e9c31d597)

C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/09/22 09:15:36.0359 2448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc)

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/22 09:15:36.0812 2448 atapi (9f3a2f5aa6875c72bf062c712cfa2674)

C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/22 09:15:37.0625 2448 Atmarpc (9916c1225104ba14794209cfa8012159)

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/22 09:15:38.0796 2448 audstub (d9f724aa26c010a217c97606b160ed68)

C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/22 09:15:39.0187 2448 Beep (da1f27d85e0d1525f6621372e7b685e9)

C:\WINDOWS\system32\drivers\Beep.sys
2011/09/22 09:15:39.0703 2448 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057)

C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys
2011/09/22 09:15:40.0234 2448 cbidf (90a673fc8e12a79afbed2576f6a7aaf9)

C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/09/22 09:15:40.0734 2448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9)

C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/22 09:15:41.0343 2448 ccHP (8973ff34b83572d867b5b928905ad5ac)

C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys
2011/09/22 09:15:42.0109 2448 cd20xrnt (f3ec03299634490e97bbce94cd2954c7)

C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/09/22 09:15:42.0500 2448 Cdaudio (c1b486a7658353d33a10cc15211a873b)

C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/22 09:15:43.0109 2448 Cdfs (c885b02847f5d2fd45a24e219ed93b32)

C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/22 09:15:43.0625 2448 Cdr4_xp (4dee321b7d830231853bc722d3acfdf8)

C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/09/22 09:15:44.0171 2448 Cdralw2k (18eb04a0dfd3ffae2ab736c3c1dfea34)

C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/09/22 09:15:44.0625 2448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe)

C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/22 09:15:45.0093 2448 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b)

C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/09/22 09:15:45.0937 2448 cis1284 (7e1d1616c7e2fbba784e5dbd05d88eca)

C:\WINDOWS\System32\drivers\cis1284.sys
2011/09/22 09:15:46.0406 2448 CmdIde (e5dcb56c533014ecbc556a8357c929d5)

C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/09/22 09:15:46.0890 2448 Cpqarray (3ee529119eed34cd212a215e8c40d4b6)

C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/09/22 09:15:47.0437 2448 dac2w2k (e550e7418984b65a78299d248f0a7f36)

C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/09/22 09:15:47.0875 2448 dac960nt (683789caa3864eb46125ae86ff677d34)

C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/09/22 09:15:48.0343 2448 dgcfltr (ff2cfb06e8019e5bed0497cd629a4bd5)

C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys
2011/09/22 09:15:48.0781 2448 Disk (044452051f3e02e7963599fc8f4f3e25)

C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/22 09:15:49.0640 2448 dmboot (d992fe1274bde0f84ad826acae022a41)

C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/22 09:15:50.0375 2448 dmio (7c824cf7bbde77d95c08005717a95f6f)

C:\WINDOWS\system32\drivers\dmio.sys
2011/09/22 09:15:50.0796 2448 dmload (e9317282a63ca4d188c0df5e09c6ac5f)

C:\WINDOWS\system32\drivers\dmload.sys
2011/09/22 09:15:51.0187 2448 DMusic (8a208dfcf89792a484e76c40e5f50b45)

C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/22 09:15:51.0671 2448 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660)

C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/09/22 09:15:52.0093 2448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8)

C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/22 09:15:52.0281 2448 DSproct (413f2d5f9d802688242c23b38f767ecb)

C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/09/22 09:15:52.0687 2448 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a)

C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/09/22 09:15:53.0109 2448 dvd_2K (a3997baab606caa92f27e07bc4f070f0)

C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/09/22 09:15:53.0578 2448 E100B (56ab585a307909c4447d5900a10c6bc7)

C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/22 09:15:53.0921 2448 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef)

C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/09/22 09:15:54.0453 2448 EL90XBC (6e883bf518296a40959131c2304af714)

C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/09/22 09:15:54.0640 2448 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022)

C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/22 09:15:55.0187 2448 Fastfat (38d332a6d56af32635675f132548343e)

C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/22 09:15:55.0625 2448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81)

C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/22 09:15:56.0062 2448 Fips (d45926117eb9fa946a6af572fbe1caa3)

C:\WINDOWS\system32\drivers\Fips.sys
2011/09/22 09:15:56.0515 2448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0)

C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/22 09:15:57.0046 2448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0)

C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/22 09:15:57.0828 2448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)

C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/22 09:15:58.0234 2448 Ftdisk (6ac26732762483366c3969c9e4d2259d)

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/22 09:15:58.0687 2448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2)

C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/22 09:15:59.0171 2448 hpn (b028377dea0546a5fcfba928a8aefae0)

C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/09/22 09:15:59.0656 2448 HTTP (f80a415ef82cd06ffaf0d971528ead38)

C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/22 09:16:00.0359 2448 i2omgmt (9368670bd426ebea5e8b18a62416ec28)

C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/22 09:16:00.0734 2448 i2omp (f10863bf1ccc290babd1a09188ae49e0)

C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/09/22 09:16:01.0171 2448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30)

C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/22 09:16:01.0734 2448 i81x (06b7ef73ba5f302eecc294cdf7e19702)

C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/09/22 09:16:02.0218 2448 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23)

C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/09/22 09:16:02.0703 2448 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9)

C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/09/22 09:16:03.0125 2448 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06)

C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/09/22 09:16:03.0531 2448 iAimFP3 (525849b4469de021d5d61b4db9be3a9d)

C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/09/22 09:16:03.0953 2448 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c)

C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/09/22 09:16:04.0375 2448 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2)

C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/09/22 09:16:04.0765 2448 iAimTV1 (ed968d23354daa0d7c621580c012a1f6)

C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/09/22 09:16:05.0562 2448 iAimTV3 (d738273f218a224c1ddac04203f27a84)

C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/09/22 09:16:06.0015 2448 iAimTV4 (0052d118995cbab152daabe6106d1442)

C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/09/22 09:16:06.0406 2448 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11)

C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\Norton\Definitions\ipsdefs\20110921.030\IDSxpx86.sys
2011/09/22 09:16:06.0968 2448 Imapi (083a052659f5310dd8b6a6cb05edcf8e)

C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/22 09:16:07.0421 2448 ini910u (4a40e045faee58631fd8d91afc620719)

C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/09/22 09:16:07.0843 2448 IntelIde (b5466a9250342a7aa0cd1fba13420678)

C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/09/22 09:16:08.0250 2448 intelppm (8c953733d8f36eb2133f5bb58808b66b)

C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/22 09:16:08.0656 2448 ip6fw (3bb22519a194418d5fec05d800a19ad0)

C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/22 09:16:09.0078 2448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182)

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/22 09:16:09.0500 2448 IpInIp (b87ab476dcf76e72010632b5550955f5)

C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/22 09:16:09.0953 2448 IpNat (cc748ea12c6effde940ee98098bf96bb)

C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/22 09:16:10.0421 2448 IPSec (23c74d75e36e7158768dd63d92789a91)

C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/22 09:16:11.0078 2448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89)

C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/22 09:16:11.0500 2448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7)

C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/22 09:16:11.0953 2448 Kbdclass (463c1ec80cd17420a542b7f36a36f128)

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/22 09:16:12.0437 2448 kmixer (692bcf44383d056aed41b045a323d378)

C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/22 09:16:12.0921 2448 KSecDD (b467646c54cc746128904e1654c750c1)

C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/22 09:16:13.0750 2448 mdmxsdk (1968508adb20192a03a30c25f16db506)

C:\WINDOWS\system32\DRIVERS\ACFSDK32.sys
2011/09/22 09:16:14.0203 2448 mmc_2K (e97e3fe03b6f271336cb2fbb24734989)

C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/09/22 09:16:14.0609 2448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6)

C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/22 09:16:15.0046 2448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1)

C:\WINDOWS\system32\drivers\Modem.sys
2011/09/22 09:16:15.0484 2448 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65)

C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/22 09:16:15.0921 2448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04)

C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/22 09:16:16.0328 2448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd)

C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/22 09:16:16.0765 2448 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737)

C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/09/22 09:16:17.0515 2448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd)

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/22 09:16:18.0140 2448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0)

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/22 09:16:18.0765 2448 Msfs (c941ea2454ba8350021d774daf0f1027)

C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/22 09:16:19.0140 2448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1)

C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/22 09:16:19.0562 2448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e)

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/22 09:16:19.0968 2448 MSPQM (bad59648ba099da4a17680b39730cb3d)

C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/22 09:16:20.0406 2448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136)

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/22 09:16:20.0796 2448 Mup (de6a75f5c270e756c5508d94b6cf68f5)

C:\WINDOWS\system32\drivers\Mup.sys
2011/09/22 09:16:21.0125 2448 NAVENG (862f55824ac81295837b0ab63f91071f)

C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\Norton\Definitions\VirusDefs\20110921.025\NAVENG.SYS
2011/09/22 09:16:22.0109 2448 NAVEX15 (529d571b551cb9da44237389b936f1ae)

C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\Norton\Definitions\VirusDefs\20110921.025\NAVEX15.SYS
2011/09/22 09:16:23.0109 2448 NDIS (1df7f42665c94b825322fae71721130d)

C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/22 09:16:23.0656 2448 NdisTapi (0109c4f3850dfbab279542515386ae22)

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/22 09:16:24.0062 2448 Ndisuio (f927a4434c5028758a842943ef1a3849)

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/22 09:16:24.0500 2448 NdisWan (edc1531a49c80614b2cfda43ca8659ab)

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/22 09:16:24.0953 2448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b)

C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/22 09:16:25.0515 2448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0)

C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/22 09:16:26.0015 2448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d)

C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/22 09:16:26.0546 2448 NMSCFG (847d6d775524fa5e58d851ddec566a12)

C:\WINDOWS\system32\drivers\NMSCFG.SYS
2011/09/22 09:16:27.0015 2448 Npfs (3182d64ae053d6fb034f44b6def8034a)

C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/22 09:16:27.0656 2448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca)

C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/22 09:16:28.0296 2448 Null (73c1e1f395918bc2c6dd67af7591a3ad)

C:\WINDOWS\system32\drivers\Null.sys
2011/09/22 09:16:29.0203 2448 nv (71dbdc08df86b80511e72953fa1ad6b0)

C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/22 09:16:30.0156 2448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57)

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/22 09:16:30.0593 2448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/22 09:16:30.0968 2448 omci (1d98907d80461371437a7c898c58c8ae)

C:\WINDOWS\system32\DRIVERS\omci.sys
2011/09/22 09:16:31.0390 2448 P3 (c90018bafdc7098619a4a95b046b30f3)

C:\WINDOWS\system32\DRIVERS\p3.sys
2011/09/22 09:16:31.0843 2448 Parport (5575faf8f97ce5e713d108c2a58d7c7c)

C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/22 09:16:32.0312 2448 PartMgr (beb3ba25197665d82ec7065b724171c6)

C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/22 09:16:32.0890 2448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1)

C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/22 09:16:33.0312 2448 PCI (a219903ccf74233761d92bef471a07b1)

C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/22 09:16:34.0109 2448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0)

C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/22 09:16:34.0546 2448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1)

C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/22 09:16:36.0390 2448 perc2 (6c14b9c19ba84f73d3a86dba11133101)

C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/09/22 09:16:36.0796 2448 perc2hib (f50f7c27f131afe7beba13e14a3b9416)

C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/09/22 09:16:37.0562 2448 pfc (ed2e7f396b4098608c95bc3806bdf6fc)

C:\WINDOWS\system32\drivers\pfc.sys
2011/09/22 09:16:38.0062 2448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99)

C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/22 09:16:38.0500 2448 Processor (a32bebaf723557681bfc6bd93e98bd26)

C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/22 09:16:38.0937 2448 PSched (09298ec810b07e5d582cb3a3f9255424)

C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/22 09:16:39.0375 2448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd)

C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/22 09:16:39.0796 2448 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22)

C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/09/22 09:16:40.0281 2448 ql1080 (0a63fb54039eb5662433caba3b26dba7)

C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/09/22 09:16:40.0687 2448 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706)

C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/09/22 09:16:41.0078 2448 ql12160 (156ed0ef20c15114ca097a34a30d8a01)

C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/09/22 09:16:41.0531 2448 ql1240 (70f016bebde6d29e864c1230a07cc5e6)

C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/09/22 09:16:41.0968 2448 ql1280 (907f0aeea6bc451011611e732bd31fcf)

C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/09/22 09:16:42.0390 2448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c)

C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/22 09:16:42.0828 2448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6)

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/22 09:16:43.0281 2448 RasPppoe (5bc962f2654137c9909c3d4603587dee)

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/22 09:16:43.0843 2448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242)

C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/22 09:16:44.0296 2448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a)

C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/22 09:16:44.0734 2448 RDPCDD (4912d5b403614ce99c28420f75353332)

C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/22 09:16:45.0203 2448 rdpdr (15cabd0f7c00c47c70124907916af3f1)

C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/22 09:16:45.0750 2448 RDPWD (fc105dd312ed64eb66bff111e8ec6eac)

C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/22 09:16:46.0234 2448 redbook (f828dd7e1419b6653894a8f97a0094c5)

C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/22 09:16:46.0421 2448 SASDIFSV (39763504067962108505bff25f024345)

C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/22 09:16:46.0531 2448 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85)

C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/22 09:16:47.0046 2448 Secdrv (90a3935d05b494a5a39d37e71f09a677)

C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/22 09:16:47.0796 2448 serenum (0f29512ccd6bead730039fb4bd2c85ce)

C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/22 09:16:48.0218 2448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7)

C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/22 09:16:48.0734 2448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562)

C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/22 09:16:49.0484 2448 sisagp (6b33d0ebd30db32e27d1d78fe946a754)

C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/09/22 09:16:50.0125 2448 smwdm (8583e3dc5285eb3ddfb74fb646cdf295)

C:\WINDOWS\system32\drivers\smwdm.sys
2011/09/22 09:16:50.0718 2448 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84)

C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/22 09:16:51.0140 2448 Sparrow (83c0f71f86d3bdaf915685f3d568b20e)

C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/09/22 09:16:51.0578 2448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f)

C:\WINDOWS\system32\drivers\splitter.sys
2011/09/22 09:16:52.0015 2448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d)

C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/22 09:16:52.0609 2448 SRTSP (e81f6caeab9ad5732e94c07c97866aa2)

C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS
2011/09/22 09:16:53.0171 2448 SRTSPX (e28de499d942b08058bffac69d4122b6)

C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS
2011/09/22 09:16:53.0734 2448 Srv (47ddfc2f003f7f9f0592c6874962a2e7)

C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/22 09:16:54.0296 2448 swenum (3941d127aef12e93addf6fe6ee027e0f)

C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/22 09:16:54.0906 2448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01)

C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/22 09:16:55.0359 2448 symc810 (1ff3217614018630d0a6758630fc698c)

C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/09/22 09:16:55.0781 2448 symc8xx (070e001d95cf725186ef8b20335f933c)

C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/09/22 09:16:56.0359 2448 SymEFA (d0885f6e24259a6c65e68d6ad749910a)

C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS
2011/09/22 09:16:56.0937 2448 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0)

C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/09/22 09:16:57.0640 2448 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c)

C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS
2011/09/22 09:16:58.0125 2448 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772)

C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS
2011/09/22 09:16:58.0593 2448 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9)

C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/09/22 09:16:58.0687 2448 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9)

C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/09/22 09:16:59.0109 2448 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039)

C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS
2011/09/22 09:16:59.0640 2448 SYMTDI (e4fa8bbb96e314e9508865de1a767538)

C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS
2011/09/22 09:17:00.0125 2448 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c)

C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/09/22 09:17:00.0562 2448 sym_u3 (bf4fab949a382a8e105f46ebb4937058)

C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/09/22 09:17:01.0000 2448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290)

C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/22 09:17:01.0562 2448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d)

C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/22 09:17:02.0156 2448 TDPIPE (6471a66807f5e104e4885f5b67349397)

C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/22 09:17:02.0593 2448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61)

C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/22 09:17:03.0000 2448 TermDD (88155247177638048422893737429d9e)

C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/22 09:17:03.0437 2448 TosIde (f2790f6af01321b172aa62f8e1e187d9)

C:\WINDOWS\System32\DRIVERS\toside.sys
2011/09/22 09:17:03.0921 2448 UdfReadr (3831d5499ad1e61217abb88e93bb17dc)

C:\WINDOWS\system32\drivers\UdfReadr.sys
2011/09/22 09:17:04.0484 2448 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869)

C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/09/22 09:17:04.0984 2448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9)

C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/22 09:17:05.0546 2448 ultra (1b698a51cd528d8da4ffaed66dfc51b9)

C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/09/22 09:17:06.0109 2448 Update (402ddc88356b1bac0ee3dd1580c76a31)

C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/22 09:17:06.0687 2448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7)

C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/22 09:17:07.0078 2448 usbhub (1ab3cdde553b6e064d2e754efe20285c)

C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/22 09:17:07.0671 2448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4)

C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/22 09:17:08.0171 2448 usbser (1c888b000c2f9492f4b15b5b6b84873e)

C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/09/22 09:17:08.0593 2448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9)

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/22 09:17:09.0015 2448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/22 09:17:09.0406 2448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1)

C:\WINDOWS\System32\drivers\vga.sys
2011/09/22 09:17:09.0859 2448 viaagp (754292ce5848b3738281b4f3607eaef4)

C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/09/22 09:17:10.0281 2448 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e)

C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/09/22 09:17:10.0687 2448 VolSnap (4c8fcb5cc53aab716d810740fe59d025)

C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/22 09:17:11.0156 2448 vsdatant (e97a5987a3feaa5d7d1ce4acb83102c8)

C:\WINDOWS\system32\vsdatant.sys
2011/09/22 09:17:11.0812 2448 Wanarp (e20b95baedb550f32dd489265c1da1f6)

C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/22 09:17:12.0562 2448 wdmaud (6768acf64b18196494413695f0c3a00f)

C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/22 09:17:13.0484 2448 WudfPf (f15feafffbb3644ccc80c5da584e6311)

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/22 09:17:13.0625 2448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861)

\Device\Harddisk0\DR0
2011/09/22 09:17:13.0890 2448 Boot (0x1200) (085d0dd4c996f59b2a2592ef8e1a8d85)

\Device\Harddisk0\DR0\Partition0
2011/09/22 09:17:13.0906 2448

================================================================================
2011/09/22 09:17:13.0906 2448 Scan finished
2011/09/22 09:17:13.0906 2448

================================================================================
2011/09/22 09:17:13.0953 2924 Detected object count: 0
2011/09/22 09:17:13.0953 2924 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 22 September 2011 - 09:48 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 uziyah

uziyah
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Texas, USA
  • Local time:03:34 AM

Posted 22 September 2011 - 10:47 AM

OTL logfile created on: 9/22/2011 10:11:55 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\don\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 231.11 Mb Available Physical Memory | 45.23% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 73.22% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 21.02 Gb Free Space | 28.22% Space Free | Partition Type: NTFS

Computer Name: DONTEAGUESERVIC | User Name: don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\don\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe ()
PRC - C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe ()
PRC - C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe ()
PRC - C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Airstream Web Accelerator\slipcore.exe (SlipStream Data Inc.)
PRC - C:\Program Files\Airstream Web Accelerator\slipgui.exe (SlipStream Data Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\Program Files\Canon\MultiPASS4\mpservic.exe (Canon Inc)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe ()
MOD - C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe ()
MOD - C:\Program Files\Seagate Replica\bin\rbcfs.dll ()
MOD - C:\Program Files\Seagate Replica\bin\CQTranslator.dll ()
MOD - C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe ()
MOD - C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe ()
MOD - C:\Program Files\Seagate Replica\bin\QtSql4.dll ()
MOD - C:\Program Files\Seagate Replica\bin\QtGui4.dll ()
MOD - C:\Program Files\Seagate Replica\bin\QtCore4.dll ()
MOD - C:\WINDOWS\SYSTEM32\msjetoledb40.dll ()
MOD - C:\WINDOWS\SYSTEM32\MpUpMon.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (Seagate-Replica-SysMon) -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe ()
SRV - (Seagate-Replica-Service) -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe ()
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (NMSSvc) Intel® -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)
SRV - (MpService) -- C:\Program Files\Canon\MultiPASS4\mpservic.exe (Canon Inc)


========== Driver Services (SafeList) ==========

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110921.030\IDSXpx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110921.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110921.025\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (dgcfltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\ACFDCP32.sys (Conexant Systems, Inc.)
DRV - (acfva) -- C:\WINDOWS\SYSTEM32\DRIVERS\ACFVA32.sys (Conexant Systems Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\ACFSDK32.sys (Conexant)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Zone Labs, LLC)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (pfc) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys (Padus, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (UdfReadr) -- C:\WINDOWS\System32\drivers\udfreadr.sys (Roxio)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (cis1284) -- C:\WINDOWS\SYSTEM32\DRIVERS\cis1284.sys (Canon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://smbusiness.dellnet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://smbusiness.dellnet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.airmail.net/src/myportal.php
IE - HKU\S-1-5-21-4252987929-672805076-375560330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/09/21 09:37:15 | 000,437,605 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15053 more lines...
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Airstream Web Accelerator\PBHelper.dll (SlipStream Data Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No CLSID value found.
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SlipStream] C:\Program Files\Airstream Web Accelerator\slipcore.exe (SlipStream Data Inc.)
O4 - HKU\S-1-5-21-4252987929-672805076-375560330-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-4252987929-672805076-375560330-1005..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 File not found
O4 - HKU\S-1-5-21-4252987929-672805076-375560330-1005..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Airstream Web Accelerator.lnk = C:\Program Files\Airstream Web Accelerator\slipgui.exe (SlipStream Data Inc.)
O4 - Startup: C:\Documents and Settings\don\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\hezekiyah\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Teague Boys\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O15 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfield.com/coupons/scriptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} http://cdn.ll.neoedge.com/webgames/TastyPlanet/tastyplanet.1.0.0.4.cab (CPlayFirsttastyplanetControl Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://cdn.ll.neoedge.com/webgames/MysteryofSharkIsland/MysteryOfSharkIslandWeb.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zonelabs.com/bin/free/cm/ICSCM.cab (ICSScannerLight Class)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182996732125 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX25.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} http://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab (Autodesk Express Viewer Control)
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab (RealArcadeRdxIE Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/activedata/SymAData.dll (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab (Microsoft Office Tools on the Web Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} http://www.zoomify.com/download/zoomify305.cab (Zoom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\don\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\don\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.000 -- [ NTFS ]
O32 - AutoRun File - [2007/05/12 09:15:38 | 000,000,083 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/12 09:15:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.TMP -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 10:08:21 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\don\Desktop\OTL.exe
[2011/09/22 09:59:50 | 004,223,304 | ---- | C] (Swearware) -- C:\Documents and Settings\don\Desktop\ComboFix.exe
[2011/09/22 09:11:08 | 001,403,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\don\Desktop\tdsskiller.exe
[2011/09/22 08:01:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/21 14:04:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/21 14:04:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/21 14:04:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/21 14:04:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/21 14:03:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/21 11:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\don\Desktop\gmer
[2011/09/21 10:26:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\don\Desktop\dds.scr
[2011/09/19 18:34:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/09/19 18:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Netwaiting
[2011/09/19 18:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Netwaiting
[2011/09/19 18:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\don\Local Settings\Application Data\BVRP Software
[2011/09/19 18:13:48 | 000,212,992 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\UCI32C19.dll
[2011/09/19 18:13:48 | 000,147,456 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\TAP32C03.dll
[2011/09/19 18:13:47 | 000,094,208 | ---- | C] (Conexant) -- C:\WINDOWS\System32\ACFSDK32.dll
[2011/09/19 18:13:47 | 000,086,656 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\ACFVA32.sys
[2011/09/19 18:13:47 | 000,028,928 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\ACFDCP32.sys
[2011/09/19 18:13:47 | 000,012,672 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\ACFSDK32.sys
[2011/09/19 18:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/09/14 18:25:29 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/09/14 18:25:29 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slserv.exe
[2011/09/14 18:25:26 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slrundll.exe
[2011/09/14 18:25:26 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/09/14 18:25:25 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/09/14 18:25:25 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slgen.dll
[2011/09/14 18:25:23 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/09/14 18:25:23 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slextspk.dll
[2011/09/14 18:25:01 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/09/14 18:25:01 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slcoinst.dll
[2011/09/03 05:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/25 16:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/08/25 07:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/08/25 07:22:55 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\FileFormatConverters.exe
[2003/07/02 04:40:08 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv(2).exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/22 10:08:21 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\don\Desktop\OTL.exe
[2011/09/22 09:59:51 | 004,223,304 | ---- | M] (Swearware) -- C:\Documents and Settings\don\Desktop\ComboFix.exe
[2011/09/22 09:11:08 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\don\Desktop\tdsskiller.exe
[2011/09/22 08:47:12 | 004,194,441 | ---- | M] () -- C:\Documents and Settings\don\Application Data\sdi.db
[2011/09/22 08:43:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/09/22 08:02:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{480E30B6-869D-4F20-8AB1-CD811AB3C59A}.job
[2011/09/22 05:47:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/09/21 22:43:36 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FBE8D378-D2FE-49C1-9651-4871142252D0}.job
[2011/09/21 10:35:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\don\defogger_reenable
[2011/09/21 10:34:43 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\don\Desktop\gmer.zip
[2011/09/21 10:28:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\don\Desktop\Defogger.exe
[2011/09/21 10:26:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\don\Desktop\dds.scr
[2011/09/21 09:37:15 | 000,437,605 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2011/09/20 08:58:59 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\don\Desktop\Advancial.url
[2011/09/19 22:25:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/18 17:00:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/18 09:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - don - Full System Scan.job
[2011/09/17 20:38:06 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 07:35:06 | 000,437,315 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110921-093714.backup
[2011/09/03 08:30:58 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\don\Desktop\e-Sword.lnk
[2011/09/02 07:23:35 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\don\Desktop\Data Services USNO.url
[2011/08/25 07:23:17 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\FileFormatConverters.exe
[2011/08/24 20:18:21 | 000,001,305 | ---- | M] () -- C:\Documents and Settings\don\My Documents\Download Details - Microsoft Download Center - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/21 14:04:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/21 14:04:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/21 14:04:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/21 14:04:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/21 14:04:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/21 10:35:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\don\defogger_reenable
[2011/09/21 10:34:42 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\don\Desktop\gmer.zip
[2011/09/21 10:28:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\don\Desktop\Defogger.exe
[2011/08/25 08:17:24 | 000,001,305 | ---- | C] () -- C:\Documents and Settings\don\My Documents\Download Details - Microsoft Download Center - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats.url
[2011/05/26 12:40:32 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/05/26 12:40:32 | 000,012,325 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-Jardinains!.dat
[2011/05/23 14:53:08 | 000,000,205 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2011/03/21 20:16:32 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/03/07 16:42:55 | 003,876,864 | ---- | C] () -- C:\Program Files\icytower15_install.exe
[2010/11/01 05:45:12 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\don\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/01 05:40:04 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/02/08 00:30:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/25 09:00:51 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2008/09/07 09:24:49 | 000,000,190 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/09/07 09:23:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2008/08/14 09:10:31 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/05/13 07:36:29 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\don\Application Data\sdi.db
[2008/02/06 19:55:32 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/06 19:55:32 | 000,003,450 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/09 15:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2006/10/22 13:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/11/01 17:58:25 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/01 11:45:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RAWImage.INI
[2005/10/26 19:14:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/08/07 20:10:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/06 08:42:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\don\Local Settings\Application Data\fusioncache.dat
[2004/09/05 12:02:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/11 20:23:56 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2004/02/28 09:03:13 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/02/24 22:04:08 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/01 09:36:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2003/07/02 05:04:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/04/10 19:07:13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/03/01 11:41:26 | 000,226,304 | ---- | C] () -- C:\WINDOWS\System32\cp211_msjava.dll
[2003/03/01 11:41:26 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\cp211_vrml1to2.dll
[2003/03/01 11:41:26 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\vrml1tovrml2.exe
[2003/03/01 11:41:25 | 000,779,776 | ---- | C] () -- C:\WINDOWS\System32\cp211_main.dll
[2003/03/01 11:41:25 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicslarge8.dll
[2003/03/01 11:41:25 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicslarge16.dll
[2003/03/01 11:41:25 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\cp211_javascript.dll
[2003/03/01 11:41:25 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicsmed8.dll
[2003/03/01 11:41:25 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicsmed16.dll
[2003/03/01 11:41:25 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicssmall8.dll
[2003/03/01 11:41:25 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicssmall16.dll
[2003/03/01 11:41:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cp211_lang.dll
[2003/03/01 11:41:25 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\cp211_basic.dll
[2003/03/01 11:41:25 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicspos.dll
[2003/02/08 15:54:13 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/12 08:33:25 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/01/01 12:37:23 | 000,007,640 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/25 18:07:25 | 000,012,983 | ---- | C] () -- C:\WINDOWS\System32\MpUpMon.dll
[2002/12/25 18:02:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\OPDIRDEL.exe
[2002/12/18 21:57:30 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/18 21:56:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2002/12/18 07:49:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/12/18 07:27:23 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2002/12/17 19:35:42 | 000,000,302 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2002/12/05 20:31:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/12/05 20:30:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/12/05 20:22:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/12/05 20:17:41 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/05 20:10:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/12/05 20:08:54 | 000,434,560 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2002/12/05 20:08:54 | 000,068,464 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2002/12/05 19:38:52 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 14:42:36 | 000,337,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 14:35:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 14:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\don\Desktop\ATF-Cleaner.exe:SummaryInformation

< End of report >
thanks again Gringo...looks like I may need some help restricting some sites in an appropriate forum when we are clean...uziyah

Edited by uziyah, 22 September 2011 - 10:50 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 22 September 2011 - 11:18 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-4252987929-672805076-375560330-1005\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No CLSID value found.
    O4 - HKU\S-1-5-21-4252987929-672805076-375560330-1005..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 File not found
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/activedata/SymAData.dll (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\don\Desktop\ATF-Cleaner.exe:SummaryInformation
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 uziyah

uziyah
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Texas, USA
  • Local time:03:34 AM

Posted 22 September 2011 - 11:27 AM

do I once again adjust the setting in the program? re-read post ans am proceeding without changes to program

Edited by uziyah, 22 September 2011 - 11:33 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 22 September 2011 - 11:47 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 uziyah

uziyah
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Texas, USA
  • Local time:03:34 AM

Posted 22 September 2011 - 12:09 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4252987929-672805076-375560330-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4252987929-672805076-375560330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4252987929-672805076-375560330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}\ not found.
Registry value HKEY_USERS\S-1-5-21-4252987929-672805076-375560330-1005\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\oscan8.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\don\Desktop\ATF-Cleaner.exe:SummaryInformation deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\Documents and Settings\don\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\don\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: debbie
->Temp folder emptied: 8157631 bytes
->Temporary Internet Files folder emptied: 13237897 bytes
->Java cache emptied: 45876815 bytes
->Flash cache emptied: 1514 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: don
->Temp folder emptied: 34951815 bytes
->Temporary Internet Files folder emptied: 31537306 bytes
->Java cache emptied: 76033919 bytes
->Flash cache emptied: 1638 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: hezekiyah
->Temp folder emptied: 69428 bytes
->Temporary Internet Files folder emptied: 186978 bytes
->Java cache emptied: 23897890 bytes
->Flash cache emptied: 2016 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Teague Boys
->Temp folder emptied: 51265167 bytes
->Temporary Internet Files folder emptied: 5361653 bytes
->Java cache emptied: 81022 bytes
->Flash cache emptied: 901 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 173415 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 246608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 130623708 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 140702 bytes
RecycleBin emptied: 4921844 bytes

Total Files Cleaned = 407.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: debbie
->Flash cache emptied: 0 bytes

User: Default User

User: don
->Flash cache emptied: 0 bytes

User: Guest

User: hezekiyah
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Teague Boys
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09222011_113407

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\don\Local Settings\Temp\Temporary Internet Files\Content.IE5\6N81JFWR\%26ui%3D1%26n%3D21989356%26alid%3D0%26u%3D2%26LRR%3D1%26L3%3DTX;ref=;ce=1;je=1;sr=1024x768x32;dc=1236381199-1997886-31586379;dst=1;et=1236381214953;tzo=360;a=p-10v8JLtUuOYqQ[1].gif not found!
File\Folder C:\WINDOWS\temp\JET574F.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat not found!

Registry entries deleted on Reboot...

Heading in the right direction...after reboot, logon, desktop and tray loaded, clicked to open IE8 and there was about a 60 second delay before I saw the page begin to load...what next Captain? uziyah :clapping:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users