Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects, probably TDSS


  • This topic is locked This topic is locked
16 replies to this topic

#1 Okuu

Okuu

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 08 October 2011 - 05:27 PM

My laptop seems to be infected with TDSS. It's a 5+ year old Dell Inspiron E1705 running Windows XP. On October 6, when I was doing a Google Search I noticed that I was being redirected often by bizzclick.com, regardless of which site I tried to visit from Google. It doesn't always redirect even for the same link; I'm usually able to get into the website I want if I hit back in my browser (Firefox) and then click the same link again. Because of the covert nature of the infection, I don't know exactly how long ago the infection happened, but I do enough Google Searches that I think it happened sometime this week.

Other addresses which only show IP address numbers have tried redirecting my search clicks, and one time Norton Antivirus intercepted malware from when I was redirected to one of these sites.

I tried to run DDS, but everything froze a couple of minutes after I started DDS, and I wasn't able to get a log. Instead of "We only require it to run just once. Dispose after use" like the preparation guide showed, it displayed a row of "#" signs and didn't do anything else. After seeing the clock time on the lower-right had been frozen for a good 15 minutes, it seemed the only way to get my laptop working again was to do a hard reset. Windows Firewall is off, Norton Antivirus and Firewall were disabled and Mcafee, which I was using before, has been uninstalled. If the TDSS is running interference, it's the only visible case I've noticed offline so far. However, I did manage to get GMER to run, so ark.txt is attached.

If it helps, I've already run Kaspersky TDSSKiller, but it didn't find anything I could "Cure". The log is as follows:

-- Begin TDSSKiller log --

14:41:51.0756 4016 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
14:41:51.0849 4016 ============================================================
14:41:51.0849 4016 Current date / time: 2011/10/08 14:41:51.0849
14:41:51.0849 4016 SystemInfo:
14:41:51.0849 4016
14:41:51.0849 4016 OS Version: 5.1.2600 ServicePack: 3.0
14:41:51.0849 4016 Product type: Workstation
14:41:51.0849 4016 ComputerName: DANIELPC
14:41:51.0849 4016 UserName: Danny
14:41:51.0849 4016 Windows directory: C:\WINDOWS
14:41:51.0849 4016 System windows directory: C:\WINDOWS
14:41:51.0849 4016 Processor architecture: Intel x86
14:41:51.0849 4016 Number of processors: 2
14:41:51.0849 4016 Page size: 0x1000
14:41:51.0849 4016 Boot type: Normal boot
14:41:51.0849 4016 ============================================================
14:41:54.0443 4016 Initialize success
14:45:14.0521 2560 ============================================================
14:45:14.0521 2560 Scan started
14:45:14.0521 2560 Mode: Manual;
14:45:14.0521 2560 ============================================================
14:45:14.0787 2560 Abiosdsk - ok
14:45:14.0803 2560 abp480n5 - ok
14:45:14.0803 2560 ACPI - ok
14:45:14.0803 2560 ACPIEC - ok
14:45:14.0818 2560 adpu160m - ok
14:45:14.0818 2560 aec - ok
14:45:14.0834 2560 AFD - ok
14:45:14.0834 2560 AFS2K - ok
14:45:14.0849 2560 agp440 - ok
14:45:14.0849 2560 agpCPQ - ok
14:45:14.0865 2560 Aha154x - ok
14:45:14.0865 2560 aic78u2 - ok
14:45:14.0881 2560 aic78xx - ok
14:45:14.0896 2560 AliIde - ok
14:45:14.0896 2560 alim1541 - ok
14:45:14.0912 2560 amdagp - ok
14:45:14.0912 2560 amsint - ok
14:45:14.0928 2560 APPDRV - ok
14:45:14.0928 2560 Arp1394 - ok
14:45:14.0943 2560 asc - ok
14:45:14.0943 2560 asc3350p - ok
14:45:14.0959 2560 asc3550 - ok
14:45:14.0974 2560 AsyncMac - ok
14:45:14.0990 2560 atapi - ok
14:45:14.0990 2560 Atdisk - ok
14:45:15.0006 2560 Atmarpc - ok
14:45:15.0006 2560 audstub - ok
14:45:15.0021 2560 BCM43XX - ok
14:45:15.0021 2560 bcm4sbxp - ok
14:45:15.0037 2560 Beep - ok
14:45:15.0193 2560 BHDrvx86 (431b3adfd5ba5d29f759f1e7b4aee056) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx86.sys
14:45:15.0240 2560 Suspicious file (Forged): C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx86.sys. Real md5: 431b3adfd5ba5d29f759f1e7b4aee056, Fake md5: 163340a63f197c91d65ca9ce4b5811f7
14:45:15.0256 2560 BHDrvx86 ( ForgedFile.Multi.Generic ) - warning
14:45:15.0256 2560 BHDrvx86 - detected ForgedFile.Multi.Generic (1)
14:45:15.0271 2560 Bridge - ok
14:45:15.0271 2560 BridgeMP - ok
14:45:15.0287 2560 cbidf - ok
14:45:15.0287 2560 cbidf2k - ok
14:45:15.0303 2560 cd20xrnt - ok
14:45:15.0303 2560 Cdaudio - ok
14:45:15.0303 2560 Cdfs - ok
14:45:15.0318 2560 Cdrom - ok
14:45:15.0318 2560 Changer - ok
14:45:15.0334 2560 CmBatt - ok
14:45:15.0349 2560 CmdIde - ok
14:45:15.0349 2560 Compbatt - ok
14:45:15.0365 2560 Cpqarray - ok
14:45:15.0381 2560 dac2w2k - ok
14:45:15.0396 2560 dac960nt - ok
14:45:15.0396 2560 DellBIOS - ok
14:45:15.0412 2560 Disk - ok
14:45:15.0428 2560 dmboot - ok
14:45:15.0428 2560 dmio - ok
14:45:15.0443 2560 dmload - ok
14:45:15.0443 2560 DMusic - ok
14:45:15.0459 2560 dpti2o - ok
14:45:15.0474 2560 drmkaud - ok
14:45:15.0474 2560 drvmcdb - ok
14:45:15.0490 2560 drvnddm - ok
14:45:15.0709 2560 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:45:15.0709 2560 DSproct - ok
14:45:15.0709 2560 dsunidrv - ok
14:45:15.0724 2560 E100B - ok
14:45:15.0771 2560 eeCtrl (4d566aaf3ffe6f442d2aab9d92f2d850) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:45:15.0818 2560 Suspicious file (Forged): C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys. Real md5: 4d566aaf3ffe6f442d2aab9d92f2d850, Fake md5: 8f7dbc4be48f5388a6fe1f285e7948ef
14:45:15.0818 2560 eeCtrl ( ForgedFile.Multi.Generic ) - warning
14:45:15.0818 2560 eeCtrl - detected ForgedFile.Multi.Generic (1)
14:45:15.0834 2560 ElbyCDFL - ok
14:45:15.0834 2560 ElbyCDIO - ok
14:45:15.0881 2560 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:45:15.0881 2560 EraserUtilRebootDrv - ok
14:45:15.0896 2560 Fastfat - ok
14:45:15.0912 2560 Fdc - ok
14:45:15.0928 2560 Fips - ok
14:45:15.0928 2560 Flpydisk - ok
14:45:15.0943 2560 FltMgr - ok
14:45:15.0943 2560 FsVga - ok
14:45:15.0959 2560 Fs_Rec - ok
14:45:15.0959 2560 Ftdisk - ok
14:45:15.0974 2560 GEARAspiWDM - ok
14:45:15.0974 2560 Gpc - ok
14:45:15.0990 2560 HDAudBus - ok
14:45:16.0006 2560 HidUsb - ok
14:45:16.0006 2560 hpn - ok
14:45:16.0021 2560 HPZid412 - ok
14:45:16.0021 2560 HPZipr12 - ok
14:45:16.0021 2560 HPZius12 - ok
14:45:16.0037 2560 HSF_DPV - ok
14:45:16.0037 2560 HSXHWAZL - ok
14:45:16.0053 2560 HTTP - ok
14:45:16.0053 2560 i2omgmt - ok
14:45:16.0068 2560 i2omp - ok
14:45:16.0068 2560 i8042prt - ok
14:45:16.0084 2560 ialm - ok
14:45:16.0146 2560 IDSxpx86 (6b502badade40a81e0d56bb69f5eae3d) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111007.030\IDSxpx86.sys
14:45:16.0178 2560 Suspicious file (Forged): C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111007.030\IDSxpx86.sys. Real md5: 6b502badade40a81e0d56bb69f5eae3d, Fake md5: e72d3894d42355e9cd5fd77e1e4fea11
14:45:16.0178 2560 IDSxpx86 ( ForgedFile.Multi.Generic ) - warning
14:45:16.0178 2560 IDSxpx86 - detected ForgedFile.Multi.Generic (1)
14:45:16.0193 2560 Imapi - ok
14:45:16.0209 2560 ini910u - ok
14:45:16.0224 2560 IntelIde - ok
14:45:16.0224 2560 intelppm - ok
14:45:16.0240 2560 Ip6Fw - ok
14:45:16.0240 2560 IpFilterDriver - ok
14:45:16.0256 2560 IpInIp - ok
14:45:16.0256 2560 IpNat - ok
14:45:16.0271 2560 IPSec - ok
14:45:16.0287 2560 IRENUM - ok
14:45:16.0287 2560 isapnp - ok
14:45:16.0303 2560 Kbdclass - ok
14:45:16.0303 2560 kmixer - ok
14:45:16.0318 2560 KSecDD - ok
14:45:16.0334 2560 lbrtfdc - ok
14:45:16.0349 2560 mdmxsdk - ok
14:45:16.0365 2560 MHNDRV - ok
14:45:16.0381 2560 mnmdd - ok
14:45:16.0381 2560 Modem - ok
14:45:16.0396 2560 Mouclass - ok
14:45:16.0396 2560 mouhid - ok
14:45:16.0412 2560 MountMgr - ok
14:45:16.0412 2560 mraid35x - ok
14:45:16.0412 2560 MRxDAV - ok
14:45:16.0428 2560 MRxSmb - ok
14:45:16.0443 2560 Msfs - ok
14:45:16.0443 2560 MSKSSRV - ok
14:45:16.0459 2560 MSPCLOCK - ok
14:45:16.0459 2560 MSPQM - ok
14:45:16.0474 2560 mssmbios - ok
14:45:16.0474 2560 Mup - ok
14:45:16.0490 2560 MusCAudio - ok
14:45:16.0678 2560 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111007.019\NAVENG.SYS
14:45:16.0678 2560 NAVENG - ok
14:45:16.0709 2560 NAVEX15 (6d94b163d68af541698d9c8112a64ed5) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111007.019\NAVEX15.SYS
14:45:16.0787 2560 Suspicious file (Forged): C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111007.019\NAVEX15.SYS. Real md5: 6d94b163d68af541698d9c8112a64ed5, Fake md5: 529d571b551cb9da44237389b936f1ae
14:45:16.0787 2560 NAVEX15 ( ForgedFile.Multi.Generic ) - warning
14:45:16.0787 2560 NAVEX15 - detected ForgedFile.Multi.Generic (1)
14:45:16.0803 2560 NDIS - ok
14:45:16.0803 2560 NdisTapi - ok
14:45:16.0818 2560 Ndisuio - ok
14:45:16.0818 2560 NdisWan - ok
14:45:16.0834 2560 NDProxy - ok
14:45:16.0834 2560 NetBIOS - ok
14:45:16.0849 2560 NetBT - ok
14:45:16.0865 2560 NIC1394 - ok
14:45:16.0881 2560 Npfs - ok
14:45:16.0896 2560 Ntfs - ok
14:45:16.0912 2560 Null - ok
14:45:16.0912 2560 nv - ok
14:45:16.0928 2560 NwlnkFlt - ok
14:45:16.0928 2560 NwlnkFwd - ok
14:45:16.0943 2560 NwlnkIpx - ok
14:45:16.0943 2560 NwlnkNb - ok
14:45:16.0959 2560 NwlnkSpx - ok
14:45:16.0959 2560 ohci1394 - ok
14:45:16.0959 2560 omci - ok
14:45:16.0974 2560 Parport - ok
14:45:16.0990 2560 PartMgr - ok
14:45:16.0990 2560 ParVdm - ok
14:45:17.0006 2560 PCI - ok
14:45:17.0006 2560 PCIDump - ok
14:45:17.0021 2560 PCIIde - ok
14:45:17.0021 2560 Pcmcia - ok
14:45:17.0037 2560 PDCOMP - ok
14:45:17.0037 2560 PDFRAME - ok
14:45:17.0053 2560 PDRELI - ok
14:45:17.0053 2560 PDRFRAME - ok
14:45:17.0053 2560 PenClass - ok
14:45:17.0068 2560 perc2 - ok
14:45:17.0068 2560 perc2hib - ok
14:45:17.0099 2560 PptpMiniport - ok
14:45:17.0115 2560 PSched - ok
14:45:17.0115 2560 Ptilink - ok
14:45:17.0131 2560 PxHelp20 - ok
14:45:17.0131 2560 ql1080 - ok
14:45:17.0146 2560 Ql10wnt - ok
14:45:17.0146 2560 ql12160 - ok
14:45:17.0162 2560 ql1240 - ok
14:45:17.0162 2560 ql1280 - ok
14:45:17.0178 2560 RasAcd - ok
14:45:17.0178 2560 Rasl2tp - ok
14:45:17.0193 2560 RasPppoe - ok
14:45:17.0193 2560 Raspti - ok
14:45:17.0209 2560 Rdbss - ok
14:45:17.0209 2560 RDPCDD - ok
14:45:17.0224 2560 rdpdr - ok
14:45:17.0240 2560 RDPWD - ok
14:45:17.0240 2560 redbook - ok
14:45:17.0256 2560 rimmptsk - ok
14:45:17.0271 2560 rimsptsk - ok
14:45:17.0271 2560 rismxdp - ok
14:45:17.0303 2560 sdbus - ok
14:45:17.0318 2560 Secdrv - ok
14:45:17.0334 2560 serenum - ok
14:45:17.0334 2560 Serial - ok
14:45:17.0349 2560 Sfloppy - ok
14:45:17.0365 2560 Simbad - ok
14:45:17.0381 2560 sisagp - ok
14:45:17.0381 2560 Sparrow - ok
14:45:17.0396 2560 splitter - ok
14:45:17.0412 2560 sptd - ok
14:45:17.0412 2560 sr - ok
14:45:17.0428 2560 SRTSP - ok
14:45:17.0428 2560 SRTSPX - ok
14:45:17.0443 2560 Srv - ok
14:45:17.0443 2560 sscdbhk5 - ok
14:45:17.0459 2560 ssrtln - ok
14:45:17.0459 2560 STEC3 - ok
14:45:17.0474 2560 STHDA - ok
14:45:17.0474 2560 StillCam - ok
14:45:17.0490 2560 swenum - ok
14:45:17.0506 2560 swmidi - ok
14:45:17.0521 2560 symc810 - ok
14:45:17.0521 2560 symc8xx - ok
14:45:17.0521 2560 SymDS - ok
14:45:17.0537 2560 SymEFA - ok
14:45:17.0537 2560 SymEvent - ok
14:45:17.0553 2560 SymIRON - ok
14:45:17.0553 2560 SYMTDI - ok
14:45:17.0568 2560 sym_hi - ok
14:45:17.0568 2560 sym_u3 - ok
14:45:17.0584 2560 SynTP - ok
14:45:17.0584 2560 sysaudio - ok
14:45:17.0599 2560 Tcpip - ok
14:45:17.0615 2560 TDPIPE - ok
14:45:17.0615 2560 TDTCP - ok
14:45:17.0631 2560 TermDD - ok
14:45:17.0631 2560 tfsnboio - ok
14:45:17.0646 2560 tfsncofs - ok
14:45:17.0646 2560 tfsndrct - ok
14:45:17.0662 2560 tfsndres - ok
14:45:17.0662 2560 tfsnifs - ok
14:45:17.0678 2560 tfsnopio - ok
14:45:17.0678 2560 tfsnpool - ok
14:45:17.0693 2560 tfsnudf - ok
14:45:17.0693 2560 tfsnudfa - ok
14:45:17.0709 2560 TosIde - ok
14:45:17.0724 2560 Udfs - ok
14:45:17.0724 2560 ultra - ok
14:45:17.0740 2560 Update - ok
14:45:17.0756 2560 USBAAPL - ok
14:45:17.0756 2560 usbccgp - ok
14:45:17.0771 2560 usbehci - ok
14:45:17.0771 2560 usbhub - ok
14:45:17.0787 2560 usbprint - ok
14:45:17.0787 2560 usbscan - ok
14:45:17.0803 2560 USBSTOR - ok
14:45:17.0803 2560 usbuhci - ok
14:45:17.0818 2560 VgaSave - ok
14:45:17.0818 2560 viaagp - ok
14:45:17.0834 2560 ViaIde - ok
14:45:17.0834 2560 VolSnap - ok
14:45:17.0865 2560 Wanarp - ok
14:45:17.0865 2560 wanatw - ok
14:45:17.0881 2560 WDICA - ok
14:45:17.0881 2560 wdmaud - ok
14:45:17.0896 2560 winachsf - ok
14:45:17.0928 2560 WmiAcpi - ok
14:45:17.0974 2560 MBR (0x1B8) (78424ff01b94bf1f400d98ada7dd8528) \Device\Harddisk0\DR0
14:45:18.0021 2560 \Device\Harddisk0\DR0 - ok
14:45:18.0068 2560 Boot (0x1200) (a1f4dd04fa4e6e7297860fb3167ea055) \Device\Harddisk0\DR0\Partition0
14:45:18.0068 2560 \Device\Harddisk0\DR0\Partition0 - ok
14:45:18.0068 2560 ============================================================
14:45:18.0068 2560 Scan finished
14:45:18.0068 2560 ============================================================
14:45:18.0084 0344 Detected object count: 4
14:45:18.0084 0344 Actual detected object count: 4
14:46:54.0006 0344 BHDrvx86 ( ForgedFile.Multi.Generic ) - skipped by user
14:46:54.0006 0344 BHDrvx86 ( ForgedFile.Multi.Generic ) - User select action: Skip
14:46:54.0006 0344 eeCtrl ( ForgedFile.Multi.Generic ) - skipped by user
14:46:54.0006 0344 eeCtrl ( ForgedFile.Multi.Generic ) - User select action: Skip
14:46:54.0006 0344 IDSxpx86 ( ForgedFile.Multi.Generic ) - skipped by user
14:46:54.0006 0344 IDSxpx86 ( ForgedFile.Multi.Generic ) - User select action: Skip
14:46:54.0006 0344 NAVEX15 ( ForgedFile.Multi.Generic ) - skipped by user
14:46:54.0006 0344 NAVEX15 ( ForgedFile.Multi.Generic ) - User select action: Skip

-- End TDSSKiller log --

Attached Files

  • Attached File  ark.txt   14.61KB   3 downloads

Edited by Okuu, 08 October 2011 - 05:33 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 13 October 2011 - 05:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422548 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:32 PM

Posted 13 October 2011 - 09:58 PM

Hello Okuu,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



1.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Okuu

Okuu
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 14 October 2011 - 10:11 AM

Hello fireman4it, thanks for replying. Included in this post are the following:

{A}. OTL.txt
{B}. Extras.txt
{C}. aswMBR.txt
{D}. ark.txt from GMER, since it's been a few days since my original post

If it helps, recently I haven't seen Google search redirects from bizzclick.com, but other domain names have shown up in the search, such as blendersearch[dot]com and get-answers-fast[dot]com.

Don't know if it's related, but I got the BSOD the first time I tried to run the aswMBR.exe scan. It provided the following:

---

DRIVER_IRQL_NOT_LESS_OR_EQUAL

*** STOP: 0x000000D1 (0x00000005, 0x00000001, 0xF74685F7)
*** atapi.sys - address F74685F7 base at F7460000, Datestamp 4802539d

---

Also not sure if related, but it seems like the computer has been running a little slower since yesterday (mouse cursor lags at times). Don't know if it's all the scanning tools I've been downloading to the desktop lately, or if it's whatever is causing this whole thing.


{A}. OTL.txt

OTL logfile created on: 10/13/2011 10:53:26 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Danny\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 252.69 Mb Available Physical Memory | 24.91% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.34 Gb Total Space | 13.63 Gb Free Space | 21.52% Space Free | Partition Type: NTFS

Computer Name: DANIELPC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/13 22:35:57 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny\Desktop\OTL.exe
PRC - [2011/10/06 10:25:19 | 004,093,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 14\nu.exe
PRC - [2011/09/30 16:32:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/17 01:05:26 | 001,462,272 | ---- | M] ( ) -- C:\Program Files\Codebox\BitMeter\BitMeter2.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/01/05 10:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2010/11/05 11:29:00 | 000,108,424 | ---- | M] (SecureW2 B.V.) -- C:\Program Files\SecureW2\sw2_service.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/07/06 18:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 17:12:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2007/05/21 01:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 14:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/02/28 14:47:32 | 000,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/02/28 14:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 17:58:42 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4200c062\mscorlib.dll
MOD - [2011/10/11 17:58:26 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_82888875\system.drawing.dll
MOD - [2011/10/11 17:57:51 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_76e7c9ca\system.xml.dll
MOD - [2011/10/11 17:57:24 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_66c72b97\system.windows.forms.dll
MOD - [2011/10/11 17:56:12 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4d0247f4\system.dll
MOD - [2011/10/11 17:55:29 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/09/30 16:32:15 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/24 08:47:25 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/27 13:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2011/01/05 10:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM7\nssckbi.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/12/19 13:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/08/16 19:02:54 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/08/16 19:02:54 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/16 19:02:54 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (0000721317922986mcinstcleanup) McAfee Application Installer Cleanup (0000721317922986)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/12/31 09:39:54 | 008,133,120 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/12/31 09:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/11/05 11:29:00 | 000,108,424 | ---- | M] (SecureW2 B.V.) [Auto | Running] -- C:\Program Files\SecureW2\sw2_service.exe -- (SW2SVC)
SRV - [2010/02/17 18:21:24 | 000,245,760 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2010/02/17 12:19:44 | 000,335,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AllMusicConverter Media Suite\STSService.exe -- (STSService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/02/28 14:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/10/06 12:29:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111013.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/06 12:29:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/06 12:29:36 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/06 12:29:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111013.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/06 11:48:57 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/05 15:31:30 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111012.034\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/09/29 21:38:50 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/06/17 09:02:47 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 17:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 22:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/18 07:46:14 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MusCAudio.sys -- (MusCAudio)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/11/17 18:23:30 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/07/30 22:05:13 | 000,005,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\DellBIOS.Sys -- (DellBIOS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/15 17:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/16 19:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 17:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 14:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 14:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 21:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 20:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 22:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/10 03:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/02/13 14:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/04/09 12:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 1B F1 05 0B D1 0A 4F A5 19 3F E8 A5 3C 55 5C [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CE1FE0E3-AC25-4144-97EF-1F8D17A6EA1A}:1.9.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CE1FE0E3-AC25-4144-97EF-1F8D17A6EA1A}: C:\Documents and Settings\Danny\Local Settings\Application Data\{CE1FE0E3-AC25-4144-97EF-1F8D17A6EA1A} [2010/05/27 16:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/13 14:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_2_3 [2011/10/13 22:45:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 16:32:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 08:59:30 | 000,000,000 | ---D | M]

[2008/06/19 19:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Extensions
[2011/10/13 12:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\ycz6qugv.default\extensions
[2010/04/27 08:26:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\ycz6qugv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/13 12:36:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\ycz6qugv.default\extensions\{51a5583b-4a82-48ce-823a-4fe28df3594a}
[2011/10/11 23:42:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\ycz6qugv.default\extensions\{526d535a-b2ab-4ed2-9dd3-03b77a196036}
[2009/07/20 20:01:57 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\ycz6qugv.default\searchplugins\aim-search.xml
[2008/07/12 22:00:53 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\ycz6qugv.default\searchplugins\winamp-search.xml
[2011/08/08 18:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 11:23:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
[2011/10/13 22:45:55 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_2_3
[2011/10/13 14:27:51 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YCZ6QUGV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2009/11/01 23:25:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/30 16:32:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/01/23 12:38:28 | 000,000,052 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Danny\Start Menu\Programs\Startup\Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C791573D-B4B6-4068-A303-001AFF2A05C7}: DhcpNameServer = 192.168.0.1 68.94.156.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b1d6547-17ca-11de-b252-001422f5c974}\Shell\AutoRun\command - "" = G:\WDSetup.exe
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{5aa4887f-c65a-11dd-b1a7-001422f5c974}\Shell - "" = AutoRun
O33 - MountPoints2\{5aa4887f-c65a-11dd-b1a7-001422f5c974}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5aa4887f-c65a-11dd-b1a7-001422f5c974}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 22:37:16 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Danny\Desktop\aswMBR.exe
[2011/10/13 22:36:01 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Danny\Desktop\OTL.exe
[2011/10/12 00:38:18 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Danny\Desktop\TDSSKiller.exe
[2011/10/11 17:45:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/11 10:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/10/07 22:41:36 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Danny\Desktop\FixTDSS.exe
[2011/10/07 21:24:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Danny\Desktop\dds.com
[2011/10/07 11:01:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/07 08:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
[2011/10/07 08:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/07 08:56:22 | 012,410,448 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2011/10/06 21:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/06 21:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\Start Menu\Programs\HiJackThis
[2011/10/06 21:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/06 21:11:15 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\cnet_HitmanPro35_exe.exe
[2011/10/06 20:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\My Documents\PassMark
[2011/10/06 20:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\Local Settings\Application Data\PassMark
[2011/10/06 11:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\My Documents\Symantec
[2011/10/06 11:48:57 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/06 11:48:57 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/06 11:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/06 11:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/06 11:48:36 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/10/06 11:48:36 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/10/06 11:48:35 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symefa.sys
[2011/10/06 11:48:35 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symds.sys
[2011/10/06 11:48:35 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/10/06 11:48:35 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/10/06 11:48:34 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/10/06 11:48:34 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\ironx86.sys
[2011/10/06 11:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1206000.01D
[2011/10/06 11:46:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/10/06 11:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/10/06 11:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/10/06 11:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/10/06 11:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/10/06 11:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/10/06 11:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/10/06 11:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\Application Data\Norton Utilities 14
[2011/10/06 10:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton Installer
[2011/10/06 10:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/06 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Utilities 14
[2011/10/06 09:52:52 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2011/10/06 09:52:52 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2011/10/06 09:52:52 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2011/10/06 09:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Utilities 14
[2011/10/06 09:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\a-squared HiJackFree
[2011/10/06 09:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared HiJackFree
[2011/10/05 15:37:49 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2011/09/17 17:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitMeter
[2011/09/17 17:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\Application Data\Bitmeter2
[2011/09/17 17:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitmeter2
[2011/09/17 17:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Codebox
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Danny\My Documents\*.tmp files -> C:\Documents and Settings\Danny\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Danny\*.tmp files -> C:\Documents and Settings\Danny\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/13 22:51:05 | 000,443,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 22:51:05 | 000,072,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 22:48:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/13 22:45:54 | 000,017,642 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/10/13 22:44:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 22:44:31 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/13 22:37:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Danny\Desktop\aswMBR.exe
[2011/10/13 22:35:57 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny\Desktop\OTL.exe
[2011/10/12 07:31:52 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Danny\Desktop\TDSSKiller.exe
[2011/10/11 23:50:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/11 23:22:28 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Danny\Desktop\HiJackThis.lnk
[2011/10/11 19:01:29 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:37:01 | 000,720,622 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/10/11 18:37:00 | 000,719,870 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/10/11 18:21:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/10 15:45:34 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Danny\Desktop\Microsoft Office Word 2003.lnk
[2011/10/07 23:18:22 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/07 22:41:26 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Danny\Desktop\FixTDSS.exe
[2011/10/07 22:10:27 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Danny\defogger_reenable
[2011/10/07 22:08:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Danny\Desktop\Defogger.exe
[2011/10/07 21:24:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Danny\Desktop\dds.com
[2011/10/07 21:22:31 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2011/10/07 08:56:39 | 012,410,448 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2011/10/06 21:55:31 | 001,402,880 | ---- | M] () -- C:\Program Files\HijackThis.msi
[2011/10/06 21:11:10 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\cnet_HitmanPro35_exe.exe
[2011/10/06 20:56:14 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\5f691745
[2011/10/06 20:50:25 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\a81160bf
[2011/10/06 20:31:56 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\bfb4e8ba
[2011/10/06 11:48:57 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/06 11:48:57 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/06 11:48:57 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/06 11:48:57 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/06 11:48:41 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/10/06 09:57:43 | 000,002,764 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2011/10/06 09:29:56 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\a-squared HiJackFree.lnk
[2011/10/06 09:29:54 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared HiJackFree.lnk
[2011/10/06 09:27:23 | 000,286,088 | ---- | M] () -- C:\SoftonicDownloader_for_a-squared-hijackfree.exe
[2011/10/05 15:35:28 | 001,846,075 | ---- | M] () -- C:\ProcessExplorer.zip
[2011/09/30 16:40:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/26 18:41:56 | 000,028,255 | ---- | M] () -- C:\Documents and Settings\Danny\My Documents\usagestats_since_9_17.png
[2011/09/19 10:36:22 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2011/09/17 17:25:27 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Danny\Start Menu\Programs\Startup\Bitmeter2.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Danny\My Documents\*.tmp files -> C:\Documents and Settings\Danny\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Danny\*.tmp files -> C:\Documents and Settings\Danny\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/11 23:50:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/11 10:10:20 | 000,719,870 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/10/08 09:42:53 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Danny\Desktop\gmer.exe
[2011/10/07 23:43:00 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/07 22:10:09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Danny\defogger_reenable
[2011/10/07 22:08:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Danny\Desktop\Defogger.exe
[2011/10/06 21:56:23 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Danny\Desktop\HiJackThis.lnk
[2011/10/06 21:55:41 | 001,402,880 | ---- | C] () -- C:\Program Files\HijackThis.msi
[2011/10/06 21:13:00 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/06 11:49:02 | 000,720,622 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/10/06 11:48:57 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/06 11:48:57 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/06 11:48:41 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/10/06 11:48:35 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/10/06 11:48:35 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnet.cat
[2011/10/06 11:48:35 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symefa.cat
[2011/10/06 11:48:35 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symefa.inf
[2011/10/06 11:48:35 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symds.inf
[2011/10/06 11:48:35 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.inf
[2011/10/06 11:48:35 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnet.inf
[2011/10/06 11:48:34 | 000,007,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.cat
[2011/10/06 11:48:34 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/10/06 11:48:34 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/10/06 11:48:34 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/10/06 11:48:34 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/10/06 11:48:34 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.inf
[2011/10/06 11:48:34 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/10/06 11:47:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symds.cat
[2011/10/06 09:29:56 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\a-squared HiJackFree.lnk
[2011/10/06 09:29:54 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared HiJackFree.lnk
[2011/10/06 09:27:37 | 000,286,088 | ---- | C] () -- C:\SoftonicDownloader_for_a-squared-hijackfree.exe
[2011/10/05 15:37:48 | 000,072,268 | ---- | C] () -- C:\procexp.chm
[2011/10/05 15:35:44 | 001,846,075 | ---- | C] () -- C:\ProcessExplorer.zip
[2011/10/05 10:21:03 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\a81160bf
[2011/10/05 09:03:18 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\bfb4e8ba
[2011/10/05 00:34:33 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\5f691745
[2011/09/26 18:41:52 | 000,028,255 | ---- | C] () -- C:\Documents and Settings\Danny\My Documents\usagestats_since_9_17.png
[2011/09/17 17:25:27 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Danny\Start Menu\Programs\Startup\Bitmeter2.lnk
[2011/09/17 17:19:24 | 001,432,685 | ---- | C] () -- C:\BitMeterInstaller.exe
[2011/03/19 16:29:44 | 000,000,193 | ---- | C] () -- C:\WINDOWS\custerscore.ini
[2011/03/19 16:26:35 | 000,000,215 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2010/09/13 18:46:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/05/27 16:06:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xjofed.bin
[2010/05/27 16:06:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vceyup.dat
[2010/04/15 23:45:40 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/01/31 12:06:18 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2009/12/28 18:21:29 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\usb.inf
[2009/11/15 14:22:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/14 17:07:42 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2008/01/13 00:49:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\AVSDVDPlayer.m3u
[2007/11/20 22:08:27 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/09/30 16:24:44 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/30 22:05:13 | 000,005,120 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys
[2007/06/09 19:34:14 | 000,087,552 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2007/06/09 19:34:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vfind.exe
[2006/12/23 18:35:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/24 16:36:57 | 000,419,866 | ---- | C] () -- C:\Program Files\student.exe
[2006/08/02 22:55:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/08/02 09:53:00 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/07/28 10:31:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/07/28 10:31:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/28 10:14:42 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\Danny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/10 23:47:25 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D8A93F796A.sys
[2006/06/19 17:39:16 | 000,017,642 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2006/06/19 17:39:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2006/05/21 12:13:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/20 23:05:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/20 17:21:30 | 000,007,518 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/20 17:21:30 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\6A793FA9D8.sys
[2006/04/29 22:29:05 | 000,003,590 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/25 20:50:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Danny\Local Settings\Application Data\fusioncache.dat
[2006/04/21 08:07:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/21 08:00:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/04/21 07:55:50 | 000,000,183 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/21 07:54:24 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/21 07:50:52 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/21 07:24:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/04/21 07:24:18 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/21 07:24:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/04/21 07:24:00 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/04/21 07:23:56 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/04/21 07:23:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 000,443,248 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,072,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/11/16 02:48:02 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 02:48:00 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 09:54:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 15:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/05/15 16:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2009/01/07 22:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/30 21:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/10/13 23:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitmeter2
[2006/12/14 10:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/02/18 18:13:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/06/20 18:44:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2007/07/30 21:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/10/06 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/03/23 15:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/10/20 18:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/31 16:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/06/25 23:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/10/13 23:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/07 22:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/17 11:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/08/20 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/09 10:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/12/23 18:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\acccore
[2006/06/16 18:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Aim
[2011/07/18 16:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Anvil Studio
[2011/09/17 17:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Bitmeter2
[2011/06/14 11:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Canon
[2006/07/28 10:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\CoreCodec
[2011/04/11 15:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\FileZilla
[2010/04/22 12:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\fltk.org
[2011/03/06 21:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\GetRightToGo
[2009/12/31 16:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Leadertech
[2008/04/24 14:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Publish Providers
[2011/07/23 00:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\RenPy
[2008/04/24 14:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Sony
[2010/07/21 20:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Subversion
[2011/06/25 23:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\SYSTEMAX Software Development
[2007/01/11 11:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Viewpoint
[2009/03/24 09:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\WD
[2009/11/11 20:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\X-Chat 2
[2010/10/18 21:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\ヤブサメ

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/11/14 22:44:02 | 007,315,472 | ---- | M] (AOL LLC.) -- C:\AIM7_7.1.2.18_beta1.exe
[2011/07/18 16:06:07 | 002,072,296 | ---- | M] () -- C:\asinstall.exe
[2011/04/20 19:52:58 | 001,432,685 | ---- | M] () -- C:\BitMeterInstaller.exe
[2011/10/06 21:11:10 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\cnet_HitmanPro35_exe.exe
[2011/04/10 15:32:51 | 004,256,366 | ---- | M] () -- C:\FileZilla_3.4.0_win32-setup.exe
[2011/08/08 18:35:53 | 013,683,064 | ---- | M] (Mozilla) -- C:\Firefox Setup 5.0.exe
[2009/09/07 17:58:30 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flash_player.exe
[2008/02/14 22:48:36 | 000,123,107 | ---- | M] () -- C:\JTabletSetupv0.9.5.exe
[2009/12/18 14:50:40 | 004,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/09/19 10:36:22 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2011/10/06 09:27:23 | 000,286,088 | ---- | M] () -- C:\SoftonicDownloader_for_a-squared-hijackfree.exe
[2011/10/07 08:56:39 | 012,410,448 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe


< MD5 for: AGP440.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/26 19:51:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/26 19:51:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/26 19:51:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/26 19:51:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



{B}. Extras.txt

OTL Extras logfile created on: 10/13/2011 10:53:26 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Danny\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 252.69 Mb Available Physical Memory | 24.91% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.34 Gb Total Space | 13.63 Gb Free Space | 21.52% Space Free | Partition Type: NTFS

Computer Name: DANIELPC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL "%l"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL "%l"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet
"C:\Program Files\AIM6\aim.exe" = C:\Program Files\AIM6\aim.exe:*:Enabled:AIM
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 19
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32470264-B8B8-408E-A404-73A9DF16B8FE}" = ILLUSION BattleRaper2
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36AD3BF9-0ED1-4514-B52A-C22FA6AECC6D}" = EMS Data Generator 2011 for MySQL
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3E9C2463-454A-3D20-A8AB-FDF544A829F9}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - JPN
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46B69F5F-E77D-49DE-9729-0F562564A15E}" = ILLUSION すくぅ~るメイト2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109E056-E84C-4E38-9CAD-0784330E5091}" = Anvil Studio 2011
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8027B590-CD2B-3C7E-9F00-CDC0916CC915}" = Microsoft .NET Framework 3.5 Language Pack - jpn
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1" = 東方非想天則 Ver1.02アップデート
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4A132BC-D64F-4B89-91F2-60DDF5199D55}" = ILLUSION すくぅ~るメイト『写真撮影会』
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2878DE1-173A-3042-9C2C-3F2B958F61AA}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - JPN
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10227CA-792C-4517-872A-8AF5DB472D48}" = PCSpim
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E4D02EF2-6F12-4BE9-9928-2F27DA01A915}" = ILLUSION 人工少女3
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EF03FD0D-A510-4FB7-822F-14FA8FEFCE37}" = 尾行3
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F70E2622-ECD9-42F5-B032-5AC0349A0038}" = SecureW2 Enterprise Client 3.4.7 MSI Installer
"{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1" = 東方緋想天 Ver1.06
"ՂɂՂFlash Vol.1" = ՂɂՂFlash Vol.1
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 4.57
"AAC Parser" = AAC Parser (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"AIM_7" = AIM 7
"AllMusicConverter_is1" = AllMusicConverter 3.9.8
"AMCMediaSuite" = AllMusicConverter Media Suite 3.9.8
"AOL Instant Messenger" = AOL Instant Messenger
"ASIO4ALL" = ASIO4ALL
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"AVI Movie Player" = AVI Movie Player
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitMeter" = BitMeter
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"Canon MX860 series User Registration" = Canon MX860 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CloneCD" = CloneCD
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DQ女戦士~陵辱無限回廊~" = DQ女戦士~陵辱無限回廊~
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"EncVorbis" = EncVorbis 1.1
"ESPNMotion" = ESPNMotion
"FANTASYS" = TRINITRON CG FANTASYS
"Fate-stay night English" = Fate/stay night English v3.1
"Flash Movie Player" = Flash Movie Player 1.4
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"JTablet" = JTablet
"Katawa Shoujo Act 1" = Katawa Shoujo Act 1
"KINGDOM" = 恋する王国
"LPL Software_is1" = LPL Software 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - jpn" = Microsoft .NET Framework 3.5 Language Pack - 日本語
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSNINST" = MSN
"Muv-Luv Alternative DVD Ver." = Muv-Luv Alternative DVD Ver. 0.1
"Muv-Luv DVD Ver." = Muv-Luv DVD Ver. 1.0
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities_is1" = Norton Utilities
"NX Client Fonts 100dpi_is1" = NX Client Fonts 100dpi
"NX Client Fonts 75dpi_is1" = NX Client Fonts 75dpi
"NX Client Fonts Misc_is1" = NX Client Fonts Misc
"NX Client Fonts Others_is1" = NX Client Fonts Others
"nxclient_is1" = NX Client for Windows 2.1.0-6
"PHOENIX DRIVE" = PHOENIX DRIVE
"Quick AVI MPEG Joiner v2.0_is1" = Quick AVI MPEG Joiner v2.0
"RealPlayer 6.0" = RealPlayer
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"Sexy Beach 3_is1" = 3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SWR English" = NSIS SWR English
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tablet Driver" = Tablet
"The Core Media Player" = The Core Media Player 4.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WampServer 2_is1" = WampServer 2.1
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"X-Chat 2_is1" = X-Chat 2.8.6-2
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"FileZilla Client" = FileZilla Client 3.4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2011 1:51:21 PM | Computer Name = DANIELPC | Source = McLogEvent | ID = 5022
Description =

Error - 10/6/2011 1:51:21 PM | Computer Name = DANIELPC | Source = McLogEvent | ID = 5004
Description =

Error - 10/6/2011 1:51:21 PM | Computer Name = DANIELPC | Source = McLogEvent | ID = 5022
Description =

Error - 10/8/2011 6:34:34 AM | Computer Name = DANIELPC | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f,
faulting module winword.exe, version 11.0.5604.0, stamp 3f314a2f, debug? 0, fault
address 0x00214b02.

Error - 10/8/2011 6:55:02 AM | Computer Name = DANIELPC | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f,
faulting module winword.exe, version 11.0.5604.0, stamp 3f314a2f, debug? 0, fault
address 0x00214b02.

Error - 10/8/2011 6:55:19 AM | Computer Name = DANIELPC | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f,
faulting module winword.exe, version 11.0.5604.0, stamp 3f314a2f, debug? 0, fault
address 0x00214b02.

Error - 10/8/2011 6:55:29 AM | Computer Name = DANIELPC | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f,
faulting module winword.exe, version 11.0.5604.0, stamp 3f314a2f, debug? 0, fault
address 0x00214b02.

Error - 10/11/2011 2:22:09 PM | Computer Name = DANIELPC | Source = pctsSvc.exe | ID = 0
Description =

Error - 10/11/2011 8:39:49 PM | Computer Name = DANIELPC | Source = pctsSvc.exe | ID = 0
Description =

Error - 10/12/2011 2:51:13 AM | Computer Name = DANIELPC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.51.0.1118, faulting module
unknown, version 0.0.0.0, fault address 0x00030003.

[ System Events ]
Error - 10/13/2011 8:59:11 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/13/2011 9:50:12 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/13/2011 9:50:13 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/13/2011 9:50:31 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/13/2011 9:59:48 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/13/2011 9:59:59 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/13/2011 9:59:59 PM | Computer Name = DANIELPC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/13/2011 10:00:04 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/13/2011 10:00:40 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/13/2011 10:00:44 PM | Computer Name = DANIELPC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >



{C}. aswMBR.txt


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-13 23:27:40
-----------------------------
23:27:40.500 OS Version: Windows 5.1.2600 Service Pack 3
23:27:40.500 Number of processors: 2 586 0xE08
23:27:40.500 ComputerName: DANIELPC UserName: Danny
23:27:50.781 Initialize success
23:32:06.343 AVAST engine defs: 11101301
23:32:27.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:32:27.140 Disk 0 Vendor: FUJITSU_MHV2080BH 00850028 Size: 74881MB BusType: 3
23:32:27.171 Disk 0 MBR read successfully
23:32:27.187 Disk 0 MBR scan
23:32:27.375 Disk 0 unknown MBR code
23:32:27.406 Disk 0 scanning sectors +153356490
23:32:27.500 Disk 0 scanning C:\WINDOWS\system32\drivers
23:33:14.968 Service scanning
23:33:20.718 Modules scanning
23:33:50.468 Disk 0 trace - called modules:
23:33:50.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
23:33:51.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d63ab8]
23:33:51.109 3 CLASSPNP.SYS[f763dfd7] -> nt!IofCallDriver -> \Device\0000007f[0x86d72a98]
23:33:51.125 5 ACPI.sys[f74d4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d71940]
23:33:56.281 AVAST engine scan C:\WINDOWS
23:34:39.593 AVAST engine scan C:\WINDOWS\system32
23:45:27.656 AVAST engine scan C:\WINDOWS\system32\drivers
23:46:23.875 AVAST engine scan C:\Documents and Settings\Danny
00:16:57.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Danny\Desktop\MBR.dat"
00:16:57.546 The log file has been saved successfully to "C:\Documents and Settings\Danny\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-14 00:46:25
-----------------------------
00:46:25.640 OS Version: Windows 5.1.2600 Service Pack 3
00:46:25.640 Number of processors: 2 586 0xE08
00:46:25.640 ComputerName: DANIELPC UserName: Danny
00:46:31.593 Initialize success
00:47:27.906 AVAST engine defs: 11101301
00:47:39.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:47:39.406 Disk 0 Vendor: FUJITSU_MHV2080BH 00850028 Size: 74881MB BusType: 3
00:47:39.437 Disk 0 MBR read successfully
00:47:39.453 Disk 0 MBR scan
00:47:39.625 Disk 0 unknown MBR code
00:47:39.656 Disk 0 scanning sectors +153356490
00:47:39.796 Disk 0 scanning C:\WINDOWS\system32\drivers
00:48:19.921 Service scanning
00:48:25.234 Modules scanning
00:48:54.984 Disk 0 trace - called modules:
00:48:55.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
00:48:55.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dd0ab8]
00:48:55.625 3 CLASSPNP.SYS[f763dfd7] -> nt!IofCallDriver -> \Device\0000007f[0x86dc0f18]
00:48:55.640 5 ACPI.sys[f74d4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d6dd98]
00:48:59.593 AVAST engine scan C:\WINDOWS
00:49:55.578 AVAST engine scan C:\WINDOWS\system32
01:05:41.125 AVAST engine scan C:\WINDOWS\system32\drivers
01:06:44.203 AVAST engine scan C:\Documents and Settings\Danny
05:59:14.640 AVAST engine scan C:\Documents and Settings\All Users
06:05:46.265 Scan finished successfully
07:41:42.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Danny\Desktop\MBR.dat"
07:41:42.640 The log file has been saved successfully to "C:\Documents and Settings\Danny\Desktop\aswMBR.txt"



{D}. ark.txt from GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-13 22:24:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080BH rev.00850028
Running: gmer.exe; Driver: C:\DOCUME~1\Danny\LOCALS~1\Temp\uwdcapog.sys


---- System - GMER 1.0.15 ----

SSDT 8645A600 ZwAlertResumeThread
SSDT 8645A6A0 ZwAlertThread
SSDT 86A777A0 ZwAllocateVirtualMemory
SSDT 86A637C8 ZwAssignProcessToJobObject
SSDT 86807BF8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA176710]
SSDT 8646F2E0 ZwCreateMutant
SSDT 86468388 ZwCreateSymbolicLinkObject
SSDT 86A87730 ZwCreateThread
SSDT 86460F10 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA176990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA176EF0]
SSDT 86A87400 ZwDuplicateObject
SSDT 86A77680 ZwFreeVirtualMemory
SSDT 8646F390 ZwImpersonateAnonymousToken
SSDT 8645A560 ZwImpersonateThread
SSDT 867C0B90 ZwLoadDriver
SSDT 86A6A540 ZwMapViewOfSection
SSDT 86299560 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xAA176CA0]
SSDT 86A87658 ZwOpenProcess
SSDT 86589668 ZwOpenProcessToken
SSDT 86298F90 ZwOpenSection
SSDT 86A87490 ZwOpenThread
SSDT 86A636F8 ZwProtectVirtualMemory
SSDT 862EB9C8 ZwResumeThread
SSDT 862EBCB0 ZwSetContextThread
SSDT 862EBD30 ZwSetInformationProcess
SSDT 86460FD0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA177140]
SSDT 862994E0 ZwSuspendProcess
SSDT 862EBA68 ZwSuspendThread
SSDT 86916A78 ZwTerminateProcess
SSDT 862EBC10 ZwTerminateThread
SSDT 86A6A4C0 ZwUnmapViewOfSection
SSDT 86A77710 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2400] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2400] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2400] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2400] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2824] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 03FF003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0126FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2824] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 03FF0319
.text C:\Program Files\Mozilla Firefox\firefox.exe[2824] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 03FF00F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[2824] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 03FF0263
.text C:\Program Files\Mozilla Firefox\firefox.exe[2824] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 03FF03CF
.text C:\Program Files\Mozilla Firefox\firefox.exe[2824] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 03FF01AD

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A847DD20
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x50 0x24 0x8B 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC0 0x66 0x9F 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB5 0xA7 0x80 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC0 0x59 0x99 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x50 0x24 0x8B 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC0 0x66 0x9F 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB5 0xA7 0x80 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC0 0x59 0x99 0x4E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x50 0x24 0x8B 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC0 0x66 0x9F 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0x99 0x67 0x66 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC0 0x59 0x99 0x4E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1

---- EOF - GMER 1.0.15 ----

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:32 PM

Posted 14 October 2011 - 10:16 PM

Hello,


Lets see if we can get your machine cleaned up.


1.
Please run TDSSKiller again. This time please select Cure,Quarantine,or Delete which ever option it give you.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
Are you connected to the internet using a Router? If so we need to reset that router.
How to reset your Router.

4.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Things to include in your next reply::
TdssKiller log
Combofix.txt
aswMBR log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Okuu

Okuu
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 14 October 2011 - 10:58 PM

So I'm running ComboFix now, and it looks the same as when I ran DDS. Something occured to me after I ran aswMBR before though; looking back at the log I posted, it seems that scan took over 5 hours overnight. Maybe the laptop is just that slow right now.

Just to check: If the little underscore in the blue "AutoScan" window of ComboFix is still blinking, is ComboFix still working? The clock time on the lower right seems to have stopped at 10:18 PM, and right now it's 11:46 PM (I'm typing on another computer). Also, the laptop fan has been very quiet so I'm not even sure if it's still going. It seems like the Recovery Console installed successfully though.

As I've mentioned this other computer, I'll say this in case it opens up any options. What I want to do in the end is transfer the files from my old computer (the one we're trying to disinfect) to the new one. I'm mainly trying to make sure the old one is clean before I transfer the files; I don't mind so much if the old comp is lacking some functionality afterwards so long as I can get the files out safely.

Edited by Okuu, 15 October 2011 - 02:01 AM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:32 PM

Posted 15 October 2011 - 08:55 AM

If Combofix doesn't restart the computer on its own or doesn't finish running go ahead and do a hard shutdown and reboot. Then see if the is a log located at C:\Combofix.txt if there isn't one present after reboot. Could you also post the other logs as requested.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Okuu

Okuu
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 15 October 2011 - 11:36 AM

Well, I'm really confused as to what just happened. After letting ComboFix blink the underscore for 10 hours I finally did a hard reset. There is indeed a "ComboFix-quarantined-files.txt" in the C drive, but it seems to be dated 6/9/2007. I don't remember using this program before. Also, there is a folder called C:\ComboFix now even though I saved the .exe to the desktop, but it just lists the same things as "My Computer" (lists the different drives on my computer).

I'm going to post the log from step 1 and that log I found (Don't know if it's an actual ComboFix log, or if it just renamed something already there). Should I proceed with steps 3 and 4?


{A}. TDSSKiller

21:00:58.0265 0548 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
21:01:00.0265 0548 ============================================================
21:01:00.0265 0548 Current date / time: 2011/10/14 21:01:00.0265
21:01:00.0265 0548 SystemInfo:
21:01:00.0265 0548
21:01:00.0265 0548 OS Version: 5.1.2600 ServicePack: 3.0
21:01:00.0265 0548 Product type: Workstation
21:01:00.0265 0548 ComputerName: DANIELPC
21:01:00.0265 0548 UserName: Danny
21:01:00.0265 0548 Windows directory: C:\WINDOWS
21:01:00.0265 0548 System windows directory: C:\WINDOWS
21:01:00.0265 0548 Processor architecture: Intel x86
21:01:00.0265 0548 Number of processors: 2
21:01:00.0265 0548 Page size: 0x1000
21:01:00.0265 0548 Boot type: Normal boot
21:01:00.0265 0548 ============================================================
21:01:17.0906 0548 Initialize success
21:01:28.0781 2864 ============================================================
21:01:28.0781 2864 Scan started
21:01:28.0781 2864 Mode: Manual;
21:01:28.0781 2864 ============================================================
21:01:34.0062 2864 Abiosdsk - ok
21:01:35.0750 2864 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:01:35.0875 2864 abp480n5 - ok
21:01:37.0984 2864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:01:38.0234 2864 ACPI - ok
21:01:40.0484 2864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:01:40.0609 2864 ACPIEC - ok
21:01:42.0281 2864 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:01:42.0765 2864 adpu160m - ok
21:01:44.0781 2864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:01:45.0093 2864 aec - ok
21:01:46.0890 2864 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:01:47.0109 2864 AFD - ok
21:01:48.0859 2864 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
21:01:49.0125 2864 AFS2K - ok
21:01:51.0187 2864 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:01:51.0343 2864 agp440 - ok
21:01:54.0125 2864 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:01:54.0265 2864 agpCPQ - ok
21:01:56.0281 2864 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:01:56.0437 2864 Aha154x - ok
21:01:57.0984 2864 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:01:58.0062 2864 aic78u2 - ok
21:01:59.0734 2864 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:01:59.0875 2864 aic78xx - ok
21:02:01.0328 2864 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:02:01.0421 2864 AliIde - ok
21:02:03.0187 2864 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:02:03.0343 2864 alim1541 - ok
21:02:04.0359 2864 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:02:04.0421 2864 amdagp - ok
21:02:05.0281 2864 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:02:05.0312 2864 amsint - ok
21:02:06.0406 2864 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:02:06.0609 2864 APPDRV - ok
21:02:07.0843 2864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:02:07.0906 2864 Arp1394 - ok
21:02:08.0640 2864 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:02:08.0812 2864 asc - ok
21:02:09.0828 2864 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:02:09.0828 2864 asc3350p - ok
21:02:11.0359 2864 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:02:11.0390 2864 asc3550 - ok
21:02:13.0140 2864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:02:13.0171 2864 AsyncMac - ok
21:02:15.0375 2864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:02:15.0375 2864 atapi - ok
21:02:16.0156 2864 Atdisk - ok
21:02:17.0031 2864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:02:17.0093 2864 Atmarpc - ok
21:02:18.0343 2864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:02:18.0343 2864 audstub - ok
21:02:19.0984 2864 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:02:20.0656 2864 BCM43XX - ok
21:02:22.0500 2864 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:02:22.0781 2864 bcm4sbxp - ok
21:02:24.0531 2864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:02:24.0750 2864 Beep - ok
21:02:27.0953 2864 BHDrvx86 (163340a63f197c91d65ca9ce4b5811f7) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx86.sys
21:02:28.0625 2864 BHDrvx86 - ok
21:02:30.0203 2864 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:02:30.0281 2864 Bridge - ok
21:02:30.0328 2864 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:02:30.0328 2864 BridgeMP - ok
21:02:31.0453 2864 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:02:31.0531 2864 cbidf - ok
21:02:32.0562 2864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:02:32.0562 2864 cbidf2k - ok
21:02:33.0468 2864 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:02:33.0515 2864 cd20xrnt - ok
21:02:35.0000 2864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:02:35.0062 2864 Cdaudio - ok
21:02:35.0937 2864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:02:36.0046 2864 Cdfs - ok
21:02:37.0015 2864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:02:37.0046 2864 Cdrom - ok
21:02:37.0640 2864 Changer - ok
21:02:38.0593 2864 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:02:38.0640 2864 CmBatt - ok
21:02:39.0546 2864 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:02:39.0546 2864 CmdIde - ok
21:02:40.0500 2864 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:02:40.0500 2864 Compbatt - ok
21:02:41.0343 2864 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:02:41.0359 2864 Cpqarray - ok
21:02:42.0156 2864 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:02:42.0265 2864 dac2w2k - ok
21:02:43.0015 2864 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:02:43.0031 2864 dac960nt - ok
21:02:43.0328 2864 DellBIOS (637cf50b06bc53deae846b252d56bbdc) C:\WINDOWS\DellBIOS.Sys
21:02:48.0093 2864 DellBIOS - ok
21:02:48.0984 2864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:02:49.0015 2864 Disk - ok
21:02:51.0531 2864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:02:52.0265 2864 dmboot - ok
21:02:53.0156 2864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:02:53.0234 2864 dmio - ok
21:02:53.0765 2864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:02:53.0812 2864 dmload - ok
21:02:54.0562 2864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:02:54.0593 2864 DMusic - ok
21:02:55.0421 2864 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:02:55.0437 2864 dpti2o - ok
21:02:56.0156 2864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:02:56.0156 2864 drmkaud - ok
21:02:56.0843 2864 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
21:02:56.0890 2864 drvmcdb - ok
21:02:57.0468 2864 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
21:02:57.0500 2864 drvnddm - ok
21:02:57.0812 2864 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:02:57.0828 2864 DSproct - ok
21:02:58.0484 2864 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:02:58.0484 2864 dsunidrv - ok
21:02:59.0078 2864 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:02:59.0140 2864 E100B - ok
21:02:59.0531 2864 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:02:59.0734 2864 eeCtrl - ok
21:03:00.0359 2864 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
21:03:00.0390 2864 ElbyCDFL - ok
21:03:00.0921 2864 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:03:00.0937 2864 ElbyCDIO - ok
21:03:01.0187 2864 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:03:01.0250 2864 EraserUtilRebootDrv - ok
21:03:02.0156 2864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:03:02.0281 2864 Fastfat - ok
21:03:02.0921 2864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:03:02.0937 2864 Fdc - ok
21:03:03.0546 2864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:03:03.0562 2864 Fips - ok
21:03:04.0078 2864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:03:04.0093 2864 Flpydisk - ok
21:03:04.0703 2864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:03:04.0781 2864 FltMgr - ok
21:03:05.0343 2864 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
21:03:05.0359 2864 FsVga - ok
21:03:05.0968 2864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:03:05.0984 2864 Fs_Rec - ok
21:03:06.0593 2864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:03:06.0656 2864 Ftdisk - ok
21:03:07.0218 2864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:03:07.0265 2864 GEARAspiWDM - ok
21:03:07.0812 2864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:03:07.0828 2864 Gpc - ok
21:03:08.0375 2864 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:03:08.0453 2864 HDAudBus - ok
21:03:08.0953 2864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:03:08.0968 2864 HidUsb - ok
21:03:09.0562 2864 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:03:09.0578 2864 hpn - ok
21:03:10.0171 2864 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:03:10.0203 2864 HPZid412 - ok
21:03:10.0750 2864 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:03:10.0765 2864 HPZipr12 - ok
21:03:11.0359 2864 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:03:11.0375 2864 HPZius12 - ok
21:03:12.0437 2864 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
21:03:12.0937 2864 HSF_DPV - ok
21:03:13.0671 2864 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
21:03:13.0765 2864 HSXHWAZL - ok
21:03:14.0437 2864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:03:14.0625 2864 HTTP - ok
21:03:15.0171 2864 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:03:15.0187 2864 i2omgmt - ok
21:03:15.0765 2864 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:03:15.0781 2864 i2omp - ok
21:03:16.0375 2864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:03:16.0406 2864 i8042prt - ok
21:03:17.0828 2864 ialm (93aa9660aacb82f73d854180afd9817e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:03:18.0593 2864 ialm - ok
21:03:19.0328 2864 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111012.034\IDSxpx86.sys
21:03:19.0546 2864 IDSxpx86 - ok
21:03:20.0250 2864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:03:20.0281 2864 Imapi - ok
21:03:21.0421 2864 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:03:21.0468 2864 ini910u - ok
21:03:22.0359 2864 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:03:22.0375 2864 IntelIde - ok
21:03:22.0968 2864 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:03:22.0984 2864 intelppm - ok
21:03:23.0625 2864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:03:23.0656 2864 Ip6Fw - ok
21:03:24.0218 2864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:03:24.0281 2864 IpFilterDriver - ok
21:03:24.0984 2864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:03:25.0000 2864 IpInIp - ok
21:03:25.0765 2864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:03:25.0859 2864 IpNat - ok
21:03:26.0593 2864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:03:26.0656 2864 IPSec - ok
21:03:27.0234 2864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:03:27.0250 2864 IRENUM - ok
21:03:27.0875 2864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:03:27.0906 2864 isapnp - ok
21:03:28.0500 2864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:03:28.0515 2864 Kbdclass - ok
21:03:29.0468 2864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:03:29.0578 2864 kmixer - ok
21:03:30.0312 2864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:03:30.0375 2864 KSecDD - ok
21:03:30.0906 2864 lbrtfdc - ok
21:03:31.0843 2864 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:03:31.0859 2864 mdmxsdk - ok
21:03:32.0734 2864 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:03:32.0750 2864 MHNDRV - ok
21:03:33.0468 2864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:03:33.0468 2864 mnmdd - ok
21:03:34.0078 2864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:03:34.0093 2864 Modem - ok
21:03:34.0640 2864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:03:34.0640 2864 Mouclass - ok
21:03:35.0218 2864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:03:35.0218 2864 mouhid - ok
21:03:35.0812 2864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:03:35.0843 2864 MountMgr - ok
21:03:36.0437 2864 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:03:36.0453 2864 mraid35x - ok
21:03:37.0109 2864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:03:37.0218 2864 MRxDAV - ok
21:03:37.0968 2864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:03:38.0234 2864 MRxSmb - ok
21:03:38.0765 2864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:03:38.0781 2864 Msfs - ok
21:03:39.0343 2864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:03:39.0343 2864 MSKSSRV - ok
21:03:39.0890 2864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:03:39.0906 2864 MSPCLOCK - ok
21:03:40.0390 2864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:03:40.0390 2864 MSPQM - ok
21:03:40.0890 2864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:03:40.0906 2864 mssmbios - ok
21:03:41.0515 2864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:03:41.0578 2864 Mup - ok
21:03:42.0109 2864 MusCAudio (78a3e03ab4792e3514fcfdb893ef7d39) C:\WINDOWS\system32\drivers\MusCAudio.sys
21:03:42.0125 2864 MusCAudio - ok
21:03:42.0515 2864 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111013.003\NAVENG.SYS
21:03:42.0562 2864 NAVENG - ok
21:03:43.0609 2864 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111013.003\NAVEX15.SYS
21:03:44.0453 2864 NAVEX15 - ok
21:03:45.0125 2864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:03:45.0218 2864 NDIS - ok
21:03:45.0750 2864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:03:45.0765 2864 NdisTapi - ok
21:03:46.0250 2864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:03:46.0250 2864 Ndisuio - ok
21:03:46.0843 2864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:03:46.0890 2864 NdisWan - ok
21:03:47.0484 2864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:03:47.0515 2864 NDProxy - ok
21:03:48.0046 2864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:03:48.0062 2864 NetBIOS - ok
21:03:48.0625 2864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:03:48.0703 2864 NetBT - ok
21:03:49.0281 2864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:03:49.0312 2864 NIC1394 - ok
21:03:49.0828 2864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:03:49.0843 2864 Npfs - ok
21:03:50.0671 2864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:03:50.0984 2864 Ntfs - ok
21:03:51.0468 2864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:03:51.0484 2864 Null - ok
21:03:53.0062 2864 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:03:54.0078 2864 nv - ok
21:03:54.0625 2864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:03:54.0625 2864 NwlnkFlt - ok
21:03:55.0156 2864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:03:55.0171 2864 NwlnkFwd - ok
21:03:55.0750 2864 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:03:55.0812 2864 NwlnkIpx - ok
21:03:56.0343 2864 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:03:56.0359 2864 NwlnkNb - ok
21:03:56.0984 2864 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:03:57.0015 2864 NwlnkSpx - ok
21:03:57.0531 2864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:03:57.0562 2864 ohci1394 - ok
21:03:58.0093 2864 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
21:03:58.0109 2864 omci - ok
21:03:58.0671 2864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:03:58.0718 2864 Parport - ok
21:03:59.0312 2864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:03:59.0312 2864 PartMgr - ok
21:03:59.0812 2864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:03:59.0812 2864 ParVdm - ok
21:04:00.0359 2864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:04:00.0390 2864 PCI - ok
21:04:00.0859 2864 PCIDump - ok
21:04:01.0421 2864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:04:01.0437 2864 PCIIde - ok
21:04:02.0187 2864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:04:02.0250 2864 Pcmcia - ok
21:04:02.0765 2864 PDCOMP - ok
21:04:03.0234 2864 PDFRAME - ok
21:04:03.0765 2864 PDRELI - ok
21:04:04.0265 2864 PDRFRAME - ok
21:04:04.0765 2864 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\drivers\PenClass.sys
21:04:04.0781 2864 PenClass - ok
21:04:05.0296 2864 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:04:05.0312 2864 perc2 - ok
21:04:05.0843 2864 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:04:05.0843 2864 perc2hib - ok
21:04:06.0484 2864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:04:06.0515 2864 PptpMiniport - ok
21:04:07.0046 2864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:04:07.0093 2864 PSched - ok
21:04:07.0578 2864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:04:07.0593 2864 Ptilink - ok
21:04:08.0156 2864 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:04:08.0187 2864 PxHelp20 - ok
21:04:08.0765 2864 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:04:08.0796 2864 ql1080 - ok
21:04:09.0500 2864 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:04:09.0515 2864 Ql10wnt - ok
21:04:10.0140 2864 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:04:10.0171 2864 ql12160 - ok
21:04:10.0734 2864 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:04:10.0765 2864 ql1240 - ok
21:04:11.0328 2864 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:04:11.0343 2864 ql1280 - ok
21:04:11.0859 2864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:04:11.0875 2864 RasAcd - ok
21:04:12.0453 2864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:04:12.0484 2864 Rasl2tp - ok
21:04:13.0015 2864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:04:13.0046 2864 RasPppoe - ok
21:04:13.0515 2864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:04:13.0531 2864 Raspti - ok
21:04:14.0093 2864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:04:14.0203 2864 Rdbss - ok
21:04:14.0671 2864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:04:14.0687 2864 RDPCDD - ok
21:04:15.0328 2864 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:04:15.0437 2864 rdpdr - ok
21:04:16.0015 2864 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:04:16.0125 2864 RDPWD - ok
21:04:16.0734 2864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:04:16.0765 2864 redbook - ok
21:04:17.0390 2864 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:04:17.0406 2864 rimmptsk - ok
21:04:17.0921 2864 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:04:17.0953 2864 rimsptsk - ok
21:04:18.0656 2864 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:04:18.0843 2864 rismxdp - ok
21:04:19.0468 2864 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:04:19.0546 2864 sdbus - ok
21:04:20.0093 2864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:04:20.0109 2864 Secdrv - ok
21:04:20.0718 2864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:04:20.0718 2864 serenum - ok
21:04:21.0265 2864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:04:21.0296 2864 Serial - ok
21:04:21.0859 2864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:04:21.0875 2864 Sfloppy - ok
21:04:22.0421 2864 Simbad - ok
21:04:22.0984 2864 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:04:23.0000 2864 sisagp - ok
21:04:23.0578 2864 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:04:23.0593 2864 Sparrow - ok
21:04:24.0109 2864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:04:24.0109 2864 splitter - ok
21:04:25.0046 2864 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\System32\Drivers\sptd.sys
21:04:25.0406 2864 sptd - ok
21:04:25.0968 2864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:04:26.0000 2864 sr - ok
21:04:26.0953 2864 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS
21:04:27.0250 2864 SRTSP - ok
21:04:27.0843 2864 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
21:04:27.0875 2864 SRTSPX - ok
21:04:28.0640 2864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:04:28.0843 2864 Srv - ok
21:04:29.0359 2864 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:04:29.0359 2864 sscdbhk5 - ok
21:04:29.0921 2864 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
21:04:29.0953 2864 ssrtln - ok
21:04:30.0453 2864 STEC3 (e4ebf293d1f612bda19b646c36715b20) C:\WINDOWS\system32\STEC3.sys
21:04:30.0546 2864 STEC3 - ok
21:04:31.0640 2864 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
21:04:32.0203 2864 STHDA - ok
21:04:32.0812 2864 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:04:32.0828 2864 StillCam - ok
21:04:33.0328 2864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:04:33.0343 2864 swenum - ok
21:04:33.0859 2864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:04:33.0890 2864 swmidi - ok
21:04:34.0406 2864 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:04:34.0421 2864 symc810 - ok
21:04:35.0015 2864 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:04:35.0031 2864 symc8xx - ok
21:04:35.0859 2864 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
21:04:36.0046 2864 SymDS - ok
21:04:37.0140 2864 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
21:04:37.0796 2864 SymEFA - ok
21:04:38.0437 2864 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:04:38.0500 2864 SymEvent - ok
21:04:39.0140 2864 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
21:04:39.0218 2864 SymIRON - ok
21:04:39.0984 2864 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS
21:04:40.0203 2864 SYMTDI - ok
21:04:40.0781 2864 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:04:40.0796 2864 sym_hi - ok
21:04:41.0312 2864 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:04:41.0343 2864 sym_u3 - ok
21:04:41.0953 2864 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:04:42.0062 2864 SynTP - ok
21:04:42.0609 2864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:04:42.0640 2864 sysaudio - ok
21:04:43.0421 2864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:04:43.0625 2864 Tcpip - ok
21:04:44.0140 2864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:04:44.0140 2864 TDPIPE - ok
21:04:44.0671 2864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:04:44.0687 2864 TDTCP - ok
21:04:45.0187 2864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:04:45.0218 2864 TermDD - ok
21:04:45.0703 2864 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
21:04:45.0718 2864 tfsnboio - ok
21:04:46.0250 2864 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
21:04:46.0265 2864 tfsncofs - ok
21:04:46.0750 2864 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
21:04:46.0765 2864 tfsndrct - ok
21:04:47.0203 2864 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
21:04:47.0203 2864 tfsndres - ok
21:04:47.0687 2864 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
21:04:47.0734 2864 tfsnifs - ok
21:04:48.0265 2864 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
21:04:48.0281 2864 tfsnopio - ok
21:04:48.0765 2864 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
21:04:48.0765 2864 tfsnpool - ok
21:04:49.0343 2864 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
21:04:49.0390 2864 tfsnudf - ok
21:04:49.0890 2864 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
21:04:49.0953 2864 tfsnudfa - ok
21:04:50.0484 2864 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:04:50.0484 2864 TosIde - ok
21:04:51.0093 2864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:04:51.0125 2864 Udfs - ok
21:04:51.0671 2864 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:04:51.0703 2864 ultra - ok
21:04:52.0484 2864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:04:52.0703 2864 Update - ok
21:04:53.0359 2864 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:04:53.0390 2864 USBAAPL - ok
21:04:53.0921 2864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:04:53.0968 2864 usbccgp - ok
21:04:54.0484 2864 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:04:54.0500 2864 usbehci - ok
21:04:55.0015 2864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:04:55.0046 2864 usbhub - ok
21:04:55.0578 2864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:04:55.0593 2864 usbprint - ok
21:04:56.0187 2864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:04:56.0187 2864 usbscan - ok
21:04:56.0734 2864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:04:56.0765 2864 USBSTOR - ok
21:04:57.0281 2864 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:04:57.0296 2864 usbuhci - ok
21:04:57.0843 2864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:04:57.0859 2864 VgaSave - ok
21:04:58.0453 2864 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:04:58.0484 2864 viaagp - ok
21:04:58.0984 2864 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:04:59.0000 2864 ViaIde - ok
21:04:59.0515 2864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:04:59.0546 2864 VolSnap - ok
21:05:00.0156 2864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:05:00.0187 2864 Wanarp - ok
21:05:00.0656 2864 wanatw - ok
21:05:01.0171 2864 WDICA - ok
21:05:01.0734 2864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:05:01.0781 2864 wdmaud - ok
21:05:02.0703 2864 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
21:05:03.0062 2864 winachsf - ok
21:05:03.0640 2864 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:05:03.0640 2864 WmiAcpi - ok
21:05:04.0218 2864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:05:04.0218 2864 WS2IFSL - ok
21:05:04.0296 2864 MBR (0x1B8) (78424ff01b94bf1f400d98ada7dd8528) \Device\Harddisk0\DR0
21:05:04.0390 2864 \Device\Harddisk0\DR0 - ok
21:05:04.0437 2864 Boot (0x1200) (a1f4dd04fa4e6e7297860fb3167ea055) \Device\Harddisk0\DR0\Partition0
21:05:04.0437 2864 \Device\Harddisk0\DR0\Partition0 - ok
21:05:04.0437 2864 ============================================================
21:05:04.0437 2864 Scan finished
21:05:04.0437 2864 ============================================================
21:05:04.0453 2608 Detected object count: 0
21:05:04.0453 2608 Actual detected object count: 0


{B}. ComboFix log?

2007-06-09 18:48      72832    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir
2007-06-09 19:37      1118    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
2007-06-09 19:38      218936    --a------    C:\Qoobox\Quarantine\catchme2007-06-09_194256.18.zip
2007-06-09 19:38      340    --a------    C:\Qoobox\Quarantine\catchme.log
2007-06-09 19:38      994    --a------    C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf


Folder PATH listing
Volume serial number is 28E1-17BA
C:\QOOBOX
\---Quarantine
    |   catchme.log
    |   catchme2007-06-09_194256.18.zip
    |   
    +---C
    |   \---WINDOWS
    |       \---system32
    |           \---drivers
    |                   core.sys.vir
    |                   
    \---Registry_backups
            LEGACY_CORE.reg.cf
            services_core.reg.cf
            

Edited by Okuu, 15 October 2011 - 12:27 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:32 PM

Posted 15 October 2011 - 02:01 PM

Hello,

Go ahead and run Combofix again and see if it will run to completion this time. Try running it in Safemode.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Okuu

Okuu
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 15 October 2011 - 02:34 PM

I booted into safe mode, but ComboFix is complaining about Norton Internet Security. However, I can't seem to open Norton Internet Security like this (popup says "Some features may be unavailable when running in safe mode. Perform a full system scan now?")

Can I assume NIS is inactive and proceed?

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:32 PM

Posted 15 October 2011 - 03:22 PM

Yes, Norton shouldn't be running in Safemode. IF we keep having problems w will need to uninstall Norton.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Okuu

Okuu
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 15 October 2011 - 10:28 PM

Well, it's a little different, but I still haven't seen any sign that it's working.

Posted Image

ComboFix has been showing this for the past seven hours. At least the underscore didn't stop blinking when I clicked something, and the computer fan sounds a little bit active. However the taskbar at the bottom went away early in the scan, so I don't know if the clock time stopped. Abort? Run overnight?

I guess I should try to mention everything I can here. In addition to Norton, Combofix also complained about Mcafee Antivirus... but I've already uninstalled the Mcafee products using Add/Remove programs in the Control Panel, and deleted the "Mcafee" and "Mcafee.com" folders from the C drive. If there's any trace of it leftover I would guess it's in the registry somewhere. It shouldn't be able to interfere like that, right?

EDIT: After ten hours, at 11:20 PM, I ended the ComboFix scan with a hard reset. When I turned on the machine again, there weren't any changes I immediately noticed in the C drive; no new logs.

Edited by Okuu, 16 October 2011 - 01:44 AM.


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:32 PM

Posted 16 October 2011 - 04:03 PM

Hello,

Did Combofix finish? If so is there a log? If not please reboot and look for the log located at C:\Combofix.txt.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Okuu

Okuu
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 16 October 2011 - 04:22 PM

As I mentioned in the previous post, I ended the scan with a hard reset. There was no log at C:\Combofix.txt when I rebooted.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:32 PM

Posted 16 October 2011 - 06:08 PM

Go ahead and proceed with steps 3 and 4 and post the logs and tell me if the machine is still redirecting after you do a router reset?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users