Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.win32.Zaccess.ob keeps coming up


  • This topic is locked This topic is locked
25 replies to this topic

#1 redwriter99

redwriter99

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 10 November 2011 - 02:56 PM

Hi all,

I need some help if possible to resolve an issue.
I am currently running WinXP and Kaspersky for protection on my VAIO.
I received a ALARM from Kaspersky that Trojan file backdoor.win32.zaccess.ob is malicious software.
Kaspersky says it needs to disinfect the file and reboot. Necessary files will be deleted on reboot. I accomplish this, but the warning keeps coming back. The file appears in Program Mgr but cannot be deleted.

I downloaded Combifix in Safemode with Networking, ran it, got over 500 errors, fixed 100 files, bought it, fixed the rest, rebooted. In normal mode, re-ran combifix, found more errors, fixed, auto-rebooted. Problem remains.

ALARM continues for backdoor.win32.zaccess.ob
ALARM continues for c:\windows\41160998:425240842.exe

If I connect to the internet and open firefox and try to search in yahoo or google, it redirects me to unrelated websites. It will also automatically open firefox without my command if I am connected to the internet and direct me to various, seemingly random, sites or search engines.

Any help would be appreciated. The following is a report I generated in CombiFix, but I'm not sure if it's the log you are looking for... it doesn't seem to contain much.

<?xml version="1.0" encoding="UTF-8" ?>
- <AROScanLog>
<AROVersion>6.0.793.824</AROVersion>
<ScanningDate>Thu. November 10, 2011. 02:40 PM</ScanningDate>
<TotalRegErrorsFound>5</TotalRegErrorsFound>
<TotalJunkErrorsFound>11</TotalJunkErrorsFound>
<TotalSecErrorsFound>1</TotalSecErrorsFound>
- <Scanning Section="ActiveX and COM">
<Description>ActiveX and COM objects that are based on libraries no longer on your system.</Description>
<ErrorsInThisSection>2 Errors</ErrorsInThisSection>
- <EntryDetails>
<Entry>OutlookAddin 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{EDDBDEA4-5C07-453F-BE8C-81D738984381}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>OutlookAsPlg 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{08B4C065-94FB-46BE-8B98-1A5939631CB5}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</Details>
</EntryDetails>
</Scanning>
- <Scanning Section="Start menu">
<Description>Some shortcuts in the Start menu point to target that are no longer exist and/or the registry contains references to Start menu folders that no longer exist.</Description>
<ErrorsInThisSection>2 Errors</ErrorsInThisSection>
- <EntryDetails>
<Entry>AOL Explorer</Entry>
<Details>The shortcut C:\Documents and Settings\All Users\Start Menu\Programs\America Online\AOL Explorer.lnk points to the target C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe, which was not found on your system, and can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Wal-Mart Digital Photo Manager</Entry>
<Details>The shortcut C:\Documents and Settings\All Users\Start Menu\Programs\Wal-Mart\Wal-Mart Digital Photo Manager.lnk points to the target C:\Documents and Settings\Carrie\Desktop\PhotoApp.exe, which was not found on your system, and can be deleted.</Details>
</EntryDetails>
</Scanning>
- <Scanning Section="Current User">
<Description>Current User settings for installed programs may differ from System settings, be invalid, or orphaned.</Description>
<ErrorsInThisSection>1 Error</ErrorsInThisSection>
- <EntryDetails>
<Entry>Empty Key</Entry>
<Details>The HKEY_CURRENT_USER\Software\Adobe\Backup\Preferences\brr3\Software key HKEY_CURRENT_USER\Software\Adobe\Backup\Preferences\brr3\Software for this object contains no data. This subkey can be deleted for this object.</Details>
</EntryDetails>
</Scanning>
- <Scanning Section="Recent Documents">
<Description>Displays links of recently used documents on your computer that can be deleted periodically to protect your privacy and avoid misuse of your personal data.</Description>
<ErrorsInThisSection>2 Errors</ErrorsInThisSection>
- <EntryDetails>
<Entry>AROscanlog.lnk</Entry>
<Details>File C:\Documents and Settings\Carrie\recent\AROscanlog.lnk found in recent documents.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Carrie.lnk</Entry>
<Details>File C:\Documents and Settings\Carrie\recent\Carrie.lnk found in recent documents.</Details>
</EntryDetails>
</Scanning>
- <Scanning Section="Temporary Files">
<Description>These are files created and left behind by applications and programs when they are launched. These can be deleted.</Description>
<ErrorsInThisSection>9 Errors</ErrorsInThisSection>
- <EntryDetails>
<Entry>859A95E3.TMP</Entry>
<Details>File c:\documents and settings\carrie\local settings\temp\859a95e3.tmp found in temporary files can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>BIT21.tmp</Entry>
<Details>File c:\documents and settings\carrie\local settings\temp\bit21.tmp found in temporary files can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb</Entry>
<Details>File c:\documents and settings\carrie\local settings\temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb found in temporary files can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>defs</Entry>
<Details>File c:\documents and settings\carrie\local settings\temp\defs found in temporary files can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>soref.dll</Entry>
<Details>File c:\documents and settings\carrie\local settings\temp\is-1dshh.tmp\soref.dll found in temporary files can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>is-1DSHH.tmp</Entry>
<Details>File c:\documents and settings\carrie\local settings\temp\is-1dshh.tmp found in temporary files can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>soref.dll</Entry>
<Details>File c:\documents and settings\carrie\local settings\temp\is-s7v1q.tmp\soref.dll found in temporary files can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>is-S7V1Q.tmp</Entry>
<Details>File c:\documents and settings\carrie\local settings\temp\is-s7v1q.tmp found in temporary files can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb</Entry>
<Details>File c:\documents and settings\networkservice\local settings\temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb found in temporary files can be deleted.</Details>
</EntryDetails>
</Scanning>
- <Scanning Section="Antivirus">
<Description>Displays the current status of installed Antivirus software to help protect your computer from the attack of various types of malware.</Description>
<ErrorsInThisSection>1 Error</ErrorsInThisSection>
- <EntryDetails>
<Entry />
<Details>Found Antivirus: Kaspersky Internet Security, Real Time Protection Status: Enabled and Definitions: Not Up-to-date.</Details>
</EntryDetails>
</Scanning>
</AROScanLog>

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:54 PM

Posted 10 November 2011 - 03:01 PM

Hi,

could you please PM me the link from which you downloaded and bought ComboFix?

Please also run a scan with OTL:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 redwriter99

redwriter99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 10 November 2011 - 03:52 PM

first file...

OTL logfile created on: 11/10/2011 3:31:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Carrie\My Documents\CombiFix Programs
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 526.47 Mb Available Physical Memory | 51.90% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 29.27 Gb Free Space | 42.72% Space Free | Partition Type: NTFS

Computer Name: 078A6A7107074FC | User Name: Carrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\4116096998:425240842.exe
PRC - [2011/11/10 15:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carrie\My Documents\CombiFix Programs\OTL.exe
PRC - [2011/11/06 09:02:33 | 000,200,704 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2008/12/12 14:41:00 | 004,026,457 | ---- | M] (EFI) -- C:\Program Files\Staples\easyprint\dsfhost.exe
PRC - [2008/09/18 09:14:10 | 000,880,640 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2008/09/13 11:52:42 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/11 12:54:44 | 000,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/17 14:24:34 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/13 04:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/10/20 01:07:34 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 17:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 17:41:38 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/09/27 00:13:24 | 000,135,168 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Motive\AsstCommon\motmon.exe
PRC - [2002/09/27 00:13:22 | 000,172,032 | ---- | M] () -- C:\Program Files\Digital Lifeline\bin\mpbtn.exe


========== Modules (No Company Name) ==========

MOD - [2008/09/30 11:38:46 | 000,331,776 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdfeye.dll
MOD - [2008/09/30 11:38:46 | 000,278,528 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdftyphoon.dll
MOD - [2008/09/30 11:38:46 | 000,163,840 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdfwind.dll
MOD - [2008/09/30 11:38:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Staples\easyprint\libtranslib.dll
MOD - [2008/09/30 11:38:40 | 000,073,728 | ---- | M] () -- C:\Program Files\Staples\easyprint\libefizlib.dll
MOD - [2008/07/29 20:21:04 | 002,019,080 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avzkrnl.dll
MOD - [2008/06/20 12:41:10 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2003/11/23 21:23:32 | 000,081,920 | ---- | M] () -- C:\Program Files\Digital Lifeline\bin\AsstCatalog.dll
MOD - [2003/09/16 01:19:48 | 000,010,240 | ---- | M] () -- C:\WINDOWS\system32\virport.dll
MOD - [2002/09/27 00:13:22 | 000,172,032 | ---- | M] () -- C:\Program Files\Digital Lifeline\bin\mpbtn.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/06 09:02:33 | 000,200,704 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2011/11/05 23:30:25 | 000,577,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2011/11/05 23:30:16 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2011/11/05 23:30:03 | 000,368,640 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\mspcl.exe -- (mspcl)
SRV - [2011/11/05 23:30:03 | 000,153,600 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/11/05 23:30:01 | 000,270,336 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2011/11/05 23:29:39 | 000,192,512 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/11/19 18:51:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/09/02 18:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/01/16 13:25:02 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/01/07 01:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/12/21 13:06:28 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/11/28 17:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/25 17:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/11/24 20:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 19:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 19:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/10/11 15:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 15:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2004/08/11 03:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 00:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/10/14 12:01:46 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008030.006\ccHPx86.sys -- (ccHP)
DRV - [2011/09/21 19:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/11/28 20:55:25 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/11/28 20:55:24 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/28 17:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/09/11 13:14:15 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/27 03:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091107.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/27 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/27 03:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091107.004\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/22 02:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008030.006\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 02:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008030.006\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 02:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 02:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1008030.006\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 02:21:06 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 02:21:06 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/07/21 18:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/30 18:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/03/13 19:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2006/10/20 12:42:41 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/06/13 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 04:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 04:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 04:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/02/21 09:12:00 | 000,077,824 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2006/01/17 20:32:44 | 003,325,312 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/07 08:58:30 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/18 19:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 19:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 19:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/21 13:22:42 | 000,468,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2005/06/29 16:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/09/29 15:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 22:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
IE - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.1.20090924050608
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/13 11:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/15 02:05:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/16 10:48:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 14:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.1.0.0\Extensions\\Components: C:\\Program Files\\Netscape\\Netscape Browser\Components [2009/10/28 23:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.1.0.0\Extensions\\Plugins: C:\\Program Files\\Netscape\\Netscape Browser\Plugins [2009/10/28 23:55:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/11/28 18:53:53 | 000,000,000 | ---D | M]

[2010/01/17 14:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carrie\Application Data\Mozilla\Extensions
[2011/11/10 14:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carrie\Application Data\Mozilla\Firefox\Profiles\tlb0x2um.default\extensions
[2011/11/10 14:10:03 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Carrie\Application Data\Mozilla\Firefox\Profiles\tlb0x2um.default\extensions\toolbar@ask.com
[2011/11/10 14:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/17 14:45:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/15 02:05:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DSFHost] C:\Program Files\Staples\easyprint\dsfhost.exe (EFI)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MotiveMonitor] C:\Program Files\Motive\AsstCommon\motmon.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\Partseal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Carrie\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://asomail2.faa.gov/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{354543D2-CCE0-4AC1-936A-F8C844797D79}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{354543D2-CCE0-4AC1-936A-F8C844797D79}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3797448573-3364105993-1231677288-1006 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/02 02:39:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4500c6b7-06b0-11df-a9e4-0013a92f7c85}\Shell - "" = AutoRun
O33 - MountPoints2\{4500c6b7-06b0-11df-a9e4-0013a92f7c85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4500c6b7-06b0-11df-a9e4-0013a92f7c85}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{5da5d908-d7ae-11de-a9d7-00166f70bf78}\Shell - "" = AutoRun
O33 - MountPoints2\{5da5d908-d7ae-11de-a9d7-00166f70bf78}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d3576dd-6834-11de-a957-0013a92f7c85}\Shell - "" = AutoRun
O33 - MountPoints2\{7d3576dd-6834-11de-a957-0013a92f7c85}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
File not found -- C:\WINDOWS\
[2011/11/10 14:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carrie\Local Settings\Application Data\AskToolbar
[2011/11/10 14:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/11/10 13:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carrie\My Documents\CombiFix Programs
[2011/11/10 13:32:27 | 004,195,304 | ---- | C] (Support.com ) -- C:\Documents and Settings\Carrie\Desktop\AROLicense2011.exe
[2011/11/10 13:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carrie\Application Data\Sammsoft
[2011/11/10 13:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/11/10 13:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/11/10 13:10:44 | 006,639,632 | ---- | C] (Support.com ) -- C:\Documents and Settings\Carrie\Desktop\ARO2011_bt.exe
[2011/11/06 00:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/06 00:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/05 23:22:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carrie\Local Settings\Application Data\e6a756f5
[2011/10/15 02:04:11 | 000,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2006/10/15 21:00:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Carrie\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
File not found -- C:\WINDOWS\
[2011/11/10 15:27:17 | 000,000,317 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/11/10 15:27:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 15:27:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4116096998
[2011/11/10 15:27:02 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 14:49:22 | 004,673,568 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/11/10 14:49:22 | 000,679,968 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/11/10 14:49:22 | 000,037,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/11/10 14:49:22 | 000,003,404 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/11/10 14:37:39 | 000,002,724 | ---- | M] () -- C:\Documents and Settings\Carrie\AROscanlog.xml
[2011/11/10 14:28:53 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Carrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/11/10 14:28:52 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Carrie\Desktop\Check PC For Errors.lnk
[2011/11/10 14:04:24 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/10 13:32:33 | 004,195,304 | ---- | M] (Support.com ) -- C:\Documents and Settings\Carrie\Desktop\AROLicense2011.exe
[2011/11/10 13:11:15 | 006,639,632 | ---- | M] (Support.com ) -- C:\Documents and Settings\Carrie\Desktop\ARO2011_bt.exe
[2011/11/10 13:03:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 09:14:23 | 000,228,352 | ---- | M] () -- C:\Documents and Settings\Carrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 01:39:50 | 000,398,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 01:39:50 | 000,060,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 01:04:06 | 000,015,629 | ---- | M] () -- C:\Documents and Settings\Carrie\Desktop\guide-to-delete-backdoor-win32-zaccess-ob-permanently-manual-removal.htm
[2011/11/06 00:35:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/11/05 23:30:03 | 000,368,640 | RHS- | M] () -- C:\WINDOWS\mspcl.exe
[2011/10/15 02:04:56 | 001,115,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1008030.006\Cat.DB
[2011/10/15 02:02:02 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2011/10/14 12:01:46 | 000,467,592 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1008030.006\cchpx86.sys
[2011/10/14 12:01:41 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1008030.006\isolate.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/10 15:27:02 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/10 14:37:39 | 000,002,724 | ---- | C] () -- C:\Documents and Settings\Carrie\AROscanlog.xml
[2011/11/10 14:04:23 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/10 13:13:33 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Carrie\Desktop\Check PC For Errors.lnk
[2011/11/10 13:13:33 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Carrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/11/10 13:03:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4116096998
[2011/11/06 01:03:49 | 000,015,629 | ---- | C] () -- C:\Documents and Settings\Carrie\Desktop\guide-to-delete-backdoor-win32-zaccess-ob-permanently-manual-removal.htm
[2011/09/17 20:02:05 | 000,641,021 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/09/17 20:02:05 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2011/09/17 20:02:05 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\Lame_enc.dll
[2011/09/17 20:02:05 | 000,001,677 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/10/27 18:47:02 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Carrie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/27 18:41:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/01/21 11:42:45 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/01/21 11:31:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2010/01/21 10:38:21 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/01/21 10:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/01/21 10:37:50 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/21 10:37:50 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2010/01/21 10:37:50 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2010/01/21 10:37:48 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2010/01/21 10:34:19 | 000,000,317 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/11/28 18:54:56 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/11/28 18:54:56 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/11/28 18:53:15 | 004,673,568 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/28 18:53:15 | 000,679,968 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/12/01 21:41:01 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2008/12/01 21:41:01 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2008/11/02 12:47:10 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/07/29 20:20:00 | 000,024,774 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2007/11/19 19:16:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/02 19:43:48 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/15 21:00:26 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Carrie\Application Data\ezpinst.exe
[2006/10/15 21:00:26 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Carrie\Application Data\pcouffin.cat
[2006/10/15 21:00:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Carrie\Application Data\pcouffin.inf
[2006/10/15 15:01:53 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Carrie\Application Data\.zreglib
[2006/09/02 21:37:32 | 000,368,640 | RHS- | C] () -- C:\WINDOWS\mspcl.exe
[2006/09/02 21:37:32 | 000,049,152 | RHS- | C] () -- C:\WINDOWS\ScrnInt.exe
[2006/09/02 21:27:44 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/08/01 18:50:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/01 18:50:12 | 000,003,064 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/31 19:09:17 | 000,228,352 | ---- | C] () -- C:\Documents and Settings\Carrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/31 18:52:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Carrie\Local Settings\Application Data\fusioncache.dat
[2006/07/26 21:05:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/06/21 05:43:08 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/06/21 05:33:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/07 10:01:32 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/03/07 09:50:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/03/07 09:47:45 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/07 09:46:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/07 09:46:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/07 09:46:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/07 09:46:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/07 09:46:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/07 09:46:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/07 09:40:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/06 09:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2006/03/02 18:16:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/02 17:32:42 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/03/02 04:42:10 | 000,000,217 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/02 04:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/03/02 03:41:52 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2006/03/02 03:33:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/03/02 03:30:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2006/03/02 03:13:07 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/03/02 02:46:11 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/02 02:42:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/02 02:36:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/02 01:22:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\igfxext.exe
[2006/03/02 01:22:13 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/02 01:21:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 01:21:26 | 000,398,748 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 01:21:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 01:21:26 | 000,060,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 01:21:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 01:21:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 01:21:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 01:21:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/02 01:21:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 01:21:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 01:21:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 01:20:43 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/03/01 18:29:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/01 18:28:36 | 001,481,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/25 15:15:38 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/01 20:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/20 10:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 10:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F4198F

< End of report >


second file (extras)...

OTL Extras logfile created on: 11/10/2011 3:31:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Carrie\My Documents\CombiFix Programs
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 526.47 Mb Available Physical Memory | 51.90% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 29.27 Gb Free Space | 42.72% Space Free | Partition Type: NTFS

Computer Name: 078A6A7107074FC | User Name: Carrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3797448573-3364105993-1231677288-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trend Micro Anti-Spyware...] -- "C:\Program Files\Trend Micro\Tmas\tmas.exe" "-sc" "%1" (Trend Micro Incorporated)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33DD2D2D-FDD5-44A4-A92B-200CCFEBCA41}" = Brother HL-2140
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5ABB5D02-BBAA-41D4-BDED-A52DB89A2D2F}" = Wal-Mart Digital Photo Manager
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{721C0B3A-3E8E-445B-B81E-651699B87945}" = Staples EasyPrint MSI
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = Media Player Utilities 5.20
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.20
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.0.3.2
"1Click DVD Copy_is1" = 1Click DVD Copy 4.2.9.13
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AnyDVD" = AnyDVD
"AOL Search Enhancement" = Search Enhancement by AOL Search
"AOL Uninstaller" = AOL Uninstaller
"ARO 2011_is1" = ARO 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Lifeline" = Digital Lifeline
"Easy DVD Rip" = Easy DVD Rip
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp instant support" = hp instant support
"HP PSC 2200 Series" = HP Photo and Imaging 2.0 - hp psc 2200 series
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"JEOPARDY!" = JEOPARDY! (remove only)
"LimeWire" = LimeWire 4.12.4
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Netscape Browser" = Netscape Browser (remove only)
"NIS" = Norton Internet Security
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wheel of Fortune" = Wheel of Fortune (remove only)
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"winusb0100" = Microsoft WinUsb 1.0
"WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.14
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2011 3:01:55 AM | Computer Name = 078A6A7107074FC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 11/10/2011 3:28:13 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

Error - 11/10/2011 3:32:34 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

Error - 11/10/2011 4:09:10 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

Error - 11/10/2011 4:13:06 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

Error - 11/10/2011 4:16:03 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

Error - 11/10/2011 4:19:00 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

Error - 11/10/2011 4:30:59 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

Error - 11/10/2011 4:34:15 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

Error - 11/10/2011 4:37:28 PM | Computer Name = 078A6A7107074FC | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module wuauclt.exe, version 5.4.3790.2180, fault address 0x00014154.

[ OSession Events ]
Error - 1/21/2010 1:05:48 PM | Computer Name = 078A6A7107074FC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 412
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/15/2010 3:56:48 PM | Computer Name = 078A6A7107074FC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 856
seconds with 600 seconds of active time. This session ended with a crash.

Error - 3/1/2010 12:28:57 PM | Computer Name = 078A6A7107074FC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 579
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7000
Description = The VAIO Entertainment UPnP Client Adapter service failed to start
due to the following error: %%299

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7001
Description = The VAIO Entertainment Database Service service depends on the VAIO
Entertainment UPnP Client Adapter service which failed to start because of the
following error: %%299

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7001
Description = The VAIO Entertainment File Import Service service depends on the
VAIO Entertainment Database Service service which failed to start because of the
following error: %%1068

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IDSxpx86

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/10/2011 4:28:04 PM | Computer Name = 078A6A7107074FC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:54 PM

Posted 10 November 2011 - 04:54 PM

Hi,

can you please reboot and afterwards run tdsskiller:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or Kaspersky. Let me know which one you choose and Ill link you the uninstaller for it.

Edited by myrti, 10 November 2011 - 04:54 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 redwriter99

redwriter99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 10 November 2011 - 05:03 PM

Norton should be disabled... havent used it in awhile and its not currently subscribed to. So if you could link me to that,I'd appreciate it. I'll run the other program shortly.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:54 PM

Posted 10 November 2011 - 05:14 PM

Hi,

absolutely:
Please click HERE and follow the instructions in STEP 3 to download and run the norton removal tool.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 redwriter99

redwriter99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 10 November 2011 - 05:39 PM

here's the txt file from TSS Killer. I have uninstalled norton but I'll do that next.
thanks again.

17:25:54.0015 0560 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26
17:25:54.0234 0560 ============================================================
17:25:54.0234 0560 Current date / time: 2011/11/10 17:25:54.0234
17:25:54.0234 0560 SystemInfo:
17:25:54.0234 0560
17:25:54.0234 0560 OS Version: 5.1.2600 ServicePack: 2.0
17:25:54.0234 0560 Product type: Workstation
17:25:54.0234 0560 ComputerName: 078A6A7107074FC
17:25:54.0234 0560 UserName: Carrie
17:25:54.0234 0560 Windows directory: C:\WINDOWS
17:25:54.0234 0560 System windows directory: C:\WINDOWS
17:25:54.0234 0560 Processor architecture: Intel x86
17:25:54.0234 0560 Number of processors: 1
17:25:54.0234 0560 Page size: 0x1000
17:25:54.0234 0560 Boot type: Safe boot with network
17:25:54.0234 0560 ============================================================
17:25:56.0890 0560 Initialize success
17:26:05.0781 0940 ============================================================
17:26:05.0781 0940 Scan started
17:26:05.0781 0940 Mode: Manual;
17:26:05.0781 0940 ============================================================
17:26:06.0859 0940 Abiosdsk - ok
17:26:06.0906 0940 abp480n5 - ok
17:26:07.0015 0940 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:26:07.0015 0940 ACPI - ok
17:26:07.0078 0940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:26:07.0078 0940 ACPIEC - ok
17:26:07.0171 0940 adpu160m - ok
17:26:07.0250 0940 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:26:07.0265 0940 aec - ok
17:26:07.0328 0940 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:26:07.0328 0940 AegisP - ok
17:26:07.0421 0940 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:26:07.0421 0940 AFD - ok
17:26:07.0453 0940 Aha154x - ok
17:26:07.0468 0940 aic78u2 - ok
17:26:07.0500 0940 aic78xx - ok
17:26:07.0531 0940 AliIde - ok
17:26:07.0562 0940 amsint - ok
17:26:07.0671 0940 AnyDVD (ef832e448aa61e4833844c34cb04b2f1) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:26:07.0671 0940 AnyDVD - ok
17:26:07.0718 0940 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:26:07.0718 0940 ApfiltrService - ok
17:26:07.0765 0940 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:26:07.0765 0940 Arp1394 - ok
17:26:07.0796 0940 asc - ok
17:26:07.0828 0940 asc3350p - ok
17:26:07.0859 0940 asc3550 - ok
17:26:08.0000 0940 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
17:26:08.0000 0940 ASPI32 - ok
17:26:08.0046 0940 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:26:08.0046 0940 AsyncMac - ok
17:26:08.0171 0940 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:26:08.0171 0940 atapi - ok
17:26:08.0218 0940 Atdisk - ok
17:26:08.0296 0940 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:26:08.0296 0940 Atmarpc - ok
17:26:08.0359 0940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:26:08.0375 0940 audstub - ok
17:26:08.0484 0940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:26:08.0484 0940 Beep - ok
17:26:08.0625 0940 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
17:26:08.0625 0940 BHDrvx86 - ok
17:26:08.0781 0940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:26:08.0781 0940 cbidf2k - ok
17:26:08.0906 0940 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\WINDOWS\System32\Drivers\NIS\1008030.006\ccHPx86.sys
17:26:08.0921 0940 ccHP - ok
17:26:08.0953 0940 cd20xrnt - ok
17:26:09.0000 0940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:26:09.0015 0940 Cdaudio - ok
17:26:09.0093 0940 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:26:09.0093 0940 Cdfs - ok
17:26:09.0171 0940 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:26:09.0171 0940 Cdrom - ok
17:26:09.0203 0940 Changer - ok
17:26:09.0250 0940 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:26:09.0250 0940 CmBatt - ok
17:26:09.0281 0940 CmdIde - ok
17:26:09.0312 0940 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:26:09.0312 0940 Compbatt - ok
17:26:09.0359 0940 Cpqarray - ok
17:26:09.0390 0940 dac2w2k - ok
17:26:09.0421 0940 dac960nt - ok
17:26:09.0453 0940 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:26:09.0453 0940 Disk - ok
17:26:09.0515 0940 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:26:09.0515 0940 DLABOIOM - ok
17:26:09.0531 0940 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:26:09.0531 0940 DLACDBHM - ok
17:26:09.0562 0940 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:26:09.0562 0940 DLADResN - ok
17:26:09.0609 0940 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:26:09.0609 0940 DLAIFS_M - ok
17:26:09.0640 0940 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:26:09.0640 0940 DLAOPIOM - ok
17:26:09.0671 0940 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:26:09.0671 0940 DLAPoolM - ok
17:26:09.0703 0940 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:26:09.0703 0940 DLARTL_N - ok
17:26:09.0734 0940 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:26:09.0734 0940 DLAUDFAM - ok
17:26:09.0765 0940 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:26:09.0765 0940 DLAUDF_M - ok
17:26:09.0890 0940 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:26:09.0906 0940 dmboot - ok
17:26:10.0000 0940 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
17:26:10.0000 0940 DMICall - ok
17:26:10.0031 0940 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:26:10.0031 0940 dmio - ok
17:26:10.0093 0940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:26:10.0093 0940 dmload - ok
17:26:10.0140 0940 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:26:10.0140 0940 DMusic - ok
17:26:10.0187 0940 dpti2o - ok
17:26:10.0203 0940 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:26:10.0203 0940 drmkaud - ok
17:26:10.0265 0940 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:26:10.0265 0940 DRVMCDB - ok
17:26:10.0296 0940 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:26:10.0296 0940 DRVNDDM - ok
17:26:10.0375 0940 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:26:10.0375 0940 E100B - ok
17:26:10.0609 0940 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:26:10.0625 0940 eeCtrl - ok
17:26:10.0828 0940 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:26:10.0828 0940 ElbyCDIO - ok
17:26:10.0968 0940 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:26:10.0984 0940 EraserUtilRebootDrv - ok
17:26:11.0093 0940 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:26:11.0093 0940 Fastfat - ok
17:26:11.0140 0940 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:26:11.0140 0940 Fdc - ok
17:26:11.0218 0940 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:26:11.0218 0940 Fips - ok
17:26:11.0265 0940 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:26:11.0265 0940 Flpydisk - ok
17:26:11.0343 0940 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:26:11.0343 0940 FltMgr - ok
17:26:11.0375 0940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:26:11.0375 0940 Fs_Rec - ok
17:26:11.0421 0940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:26:11.0421 0940 Ftdisk - ok
17:26:11.0531 0940 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:26:11.0531 0940 GEARAspiWDM - ok
17:26:11.0609 0940 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:26:11.0609 0940 Gpc - ok
17:26:11.0687 0940 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:26:11.0687 0940 HDAudBus - ok
17:26:11.0796 0940 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:26:11.0796 0940 HidUsb - ok
17:26:11.0812 0940 hpn - ok
17:26:11.0921 0940 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:26:11.0921 0940 HPZid412 - ok
17:26:11.0953 0940 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:26:11.0953 0940 HPZipr12 - ok
17:26:12.0015 0940 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:26:12.0031 0940 HPZius12 - ok
17:26:12.0109 0940 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:26:12.0109 0940 HSFHWAZL - ok
17:26:12.0203 0940 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:26:12.0281 0940 HSF_DPV - ok
17:26:12.0343 0940 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:26:12.0359 0940 HTTP - ok
17:26:12.0375 0940 i2omgmt - ok
17:26:12.0406 0940 i2omp - ok
17:26:12.0468 0940 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:26:12.0468 0940 i8042prt - ok
17:26:12.0609 0940 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:26:12.0671 0940 ialm - ok
17:26:12.0984 0940 IDSxpx86 (6e42876010256ee5119baf0838574e0c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091105.001\IDSxpx86.sys
17:26:12.0984 0940 IDSxpx86 - ok
17:26:13.0156 0940 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:26:13.0156 0940 Imapi - ok
17:26:13.0203 0940 ini910u - ok
17:26:13.0437 0940 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:26:13.0625 0940 IntcAzAudAddService - ok
17:26:13.0687 0940 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:26:13.0687 0940 IntelIde - ok
17:26:13.0765 0940 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:26:13.0765 0940 intelppm - ok
17:26:13.0843 0940 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:26:13.0843 0940 Ip6Fw - ok
17:26:13.0875 0940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:26:13.0875 0940 IpFilterDriver - ok
17:26:13.0906 0940 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:26:13.0906 0940 IpInIp - ok
17:26:13.0984 0940 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:26:13.0984 0940 IpNat - ok
17:26:14.0046 0940 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:26:14.0062 0940 IPSec - ok
17:26:14.0125 0940 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:26:14.0125 0940 IRENUM - ok
17:26:14.0203 0940 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:26:14.0203 0940 isapnp - ok
17:26:14.0234 0940 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:26:14.0234 0940 Kbdclass - ok
17:26:14.0328 0940 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:26:14.0328 0940 kbdhid - ok
17:26:14.0390 0940 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\WINDOWS\system32\drivers\kl1.sys
17:26:14.0390 0940 kl1 - ok
17:26:14.0453 0940 klbg (f9089982ed97340984e3dd60edd75490) C:\WINDOWS\system32\drivers\klbg.sys
17:26:14.0453 0940 klbg - ok
17:26:14.0500 0940 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\WINDOWS\system32\DRIVERS\klfltdev.sys
17:26:14.0500 0940 KLFLTDEV - ok
17:26:14.0546 0940 KLIF (e79b5c88876451c0c5c83b02805e6957) C:\WINDOWS\system32\DRIVERS\klif.sys
17:26:14.0562 0940 KLIF ( Rootkit.Win32.ZAccess.g ) - infected
17:26:14.0562 0940 KLIF - detected Rootkit.Win32.ZAccess.g (0)
17:26:14.0593 0940 klim5 (cd16a39c6f61c2ae0272e1f431353bf7) C:\WINDOWS\system32\DRIVERS\klim5.sys
17:26:14.0593 0940 klim5 - ok
17:26:14.0671 0940 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
17:26:14.0671 0940 kmixer - ok
17:26:14.0765 0940 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:26:14.0765 0940 KSecDD - ok
17:26:14.0828 0940 lbrtfdc - ok
17:26:14.0937 0940 LEX_AS_NIC_SERVICE_YNOS (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
17:26:14.0968 0940 LEX_AS_NIC_SERVICE_YNOS - ok
17:26:15.0125 0940 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:26:15.0125 0940 mdmxsdk - ok
17:26:15.0156 0940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:26:15.0156 0940 mnmdd - ok
17:26:15.0203 0940 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:26:15.0203 0940 Modem - ok
17:26:15.0281 0940 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:26:15.0281 0940 Mouclass - ok
17:26:15.0359 0940 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:26:15.0359 0940 mouhid - ok
17:26:15.0390 0940 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:26:15.0390 0940 MountMgr - ok
17:26:15.0421 0940 mraid35x - ok
17:26:15.0468 0940 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:26:15.0468 0940 MRxDAV - ok
17:26:15.0531 0940 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:26:15.0546 0940 MRxSmb - ok
17:26:15.0671 0940 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:26:15.0671 0940 Msfs - ok
17:26:15.0750 0940 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:26:15.0750 0940 MSKSSRV - ok
17:26:15.0812 0940 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:26:15.0812 0940 MSPCLOCK - ok
17:26:15.0843 0940 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:26:15.0843 0940 MSPQM - ok
17:26:15.0890 0940 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:26:15.0906 0940 mssmbios - ok
17:26:15.0953 0940 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:26:15.0968 0940 Mup - ok
17:26:16.0234 0940 NAVENG (78d629767dbcdbb1ee888f4fda841acd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091107.004\NAVENG.SYS
17:26:16.0234 0940 NAVENG - ok
17:26:16.0343 0940 NAVEX15 (6176ce576509ee71bac1b61fc8f1f138) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091107.004\NAVEX15.SYS
17:26:16.0453 0940 NAVEX15 - ok
17:26:16.0609 0940 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:26:16.0609 0940 NDIS - ok
17:26:16.0687 0940 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:26:16.0687 0940 NdisTapi - ok
17:26:16.0750 0940 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:26:16.0750 0940 Ndisuio - ok
17:26:16.0796 0940 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:26:16.0796 0940 NdisWan - ok
17:26:16.0828 0940 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:26:16.0828 0940 NDProxy - ok
17:26:16.0906 0940 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:26:16.0906 0940 NetBIOS - ok
17:26:16.0953 0940 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:26:16.0953 0940 NetBT - ok
17:26:17.0046 0940 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:26:17.0046 0940 NIC1394 - ok
17:26:17.0140 0940 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:26:17.0140 0940 Npfs - ok
17:26:17.0234 0940 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
17:26:17.0281 0940 Ntfs - ok
17:26:17.0359 0940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:26:17.0359 0940 Null - ok
17:26:17.0437 0940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:26:17.0437 0940 NwlnkFlt - ok
17:26:17.0453 0940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:26:17.0453 0940 NwlnkFwd - ok
17:26:17.0546 0940 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:26:17.0546 0940 ohci1394 - ok
17:26:17.0640 0940 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
17:26:17.0640 0940 Parport - ok
17:26:17.0671 0940 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:26:17.0671 0940 PartMgr - ok
17:26:17.0734 0940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:26:17.0734 0940 ParVdm - ok
17:26:17.0765 0940 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:26:17.0765 0940 PCI - ok
17:26:17.0796 0940 PCIDump - ok
17:26:17.0828 0940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:26:17.0828 0940 PCIIde - ok
17:26:17.0859 0940 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:26:17.0859 0940 Pcmcia - ok
17:26:17.0984 0940 Pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
17:26:18.0000 0940 Pcouffin - ok
17:26:18.0031 0940 PDCOMP - ok
17:26:18.0062 0940 PDFRAME - ok
17:26:18.0078 0940 PDRELI - ok
17:26:18.0109 0940 PDRFRAME - ok
17:26:18.0156 0940 perc2 - ok
17:26:18.0187 0940 perc2hib - ok
17:26:18.0296 0940 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
17:26:18.0312 0940 Point32 - ok
17:26:18.0390 0940 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:26:18.0390 0940 PptpMiniport - ok
17:26:18.0437 0940 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:26:18.0437 0940 PSched - ok
17:26:18.0515 0940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:26:18.0515 0940 Ptilink - ok
17:26:18.0578 0940 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:26:18.0578 0940 PxHelp20 - ok
17:26:18.0609 0940 ql1080 - ok
17:26:18.0640 0940 Ql10wnt - ok
17:26:18.0656 0940 ql12160 - ok
17:26:18.0687 0940 ql1240 - ok
17:26:18.0718 0940 ql1280 - ok
17:26:18.0781 0940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:26:18.0781 0940 RasAcd - ok
17:26:18.0828 0940 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:26:18.0828 0940 Rasl2tp - ok
17:26:18.0906 0940 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:26:18.0906 0940 RasPppoe - ok
17:26:18.0953 0940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:26:18.0953 0940 Raspti - ok
17:26:19.0031 0940 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:26:19.0031 0940 Rdbss - ok
17:26:19.0093 0940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:26:19.0093 0940 RDPCDD - ok
17:26:19.0187 0940 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:26:19.0187 0940 RDPWD - ok
17:26:19.0312 0940 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:26:19.0312 0940 redbook - ok
17:26:19.0437 0940 s24trans (123f270a7f89c1a826ff8a1ae7dc41e5) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:26:19.0437 0940 s24trans - ok
17:26:19.0546 0940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:26:19.0546 0940 Secdrv - ok
17:26:19.0609 0940 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
17:26:19.0609 0940 Serial - ok
17:26:19.0640 0940 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:26:19.0656 0940 Sfloppy - ok
17:26:19.0687 0940 Simbad - ok
17:26:19.0765 0940 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
17:26:19.0765 0940 SNC - ok
17:26:19.0859 0940 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:26:19.0859 0940 SONYPVU1 - ok
17:26:19.0890 0940 Sparrow - ok
17:26:19.0968 0940 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
17:26:19.0968 0940 splitter - ok
17:26:20.0078 0940 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:26:20.0078 0940 sr - ok
17:26:20.0203 0940 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\NIS\1008030.006\SRTSP.SYS
17:26:20.0218 0940 SRTSP - ok
17:26:20.0328 0940 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\NIS\1008030.006\SRTSPX.SYS
17:26:20.0328 0940 SRTSPX - ok
17:26:20.0406 0940 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:26:20.0421 0940 Srv - ok
17:26:20.0515 0940 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:26:20.0515 0940 swenum - ok
17:26:20.0609 0940 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:26:20.0609 0940 swmidi - ok
17:26:20.0640 0940 symc810 - ok
17:26:20.0656 0940 symc8xx - ok
17:26:20.0718 0940 SYMDNS - ok
17:26:20.0828 0940 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\NIS\1008030.006\SYMEFA.SYS
17:26:20.0843 0940 SymEFA - ok
17:26:20.0906 0940 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:26:20.0921 0940 SymEvent - ok
17:26:20.0968 0940 SYMFW - ok
17:26:20.0984 0940 SYMIDS - ok
17:26:21.0078 0940 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
17:26:21.0078 0940 SymIM - ok
17:26:21.0109 0940 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
17:26:21.0109 0940 SymIMMP - ok
17:26:21.0140 0940 SYMNDIS - ok
17:26:21.0156 0940 SYMREDRV - ok
17:26:21.0281 0940 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
17:26:21.0281 0940 SYMTDI - ok
17:26:21.0312 0940 sym_hi - ok
17:26:21.0328 0940 sym_u3 - ok
17:26:21.0406 0940 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:26:21.0406 0940 sysaudio - ok
17:26:21.0515 0940 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:26:21.0515 0940 Tcpip - ok
17:26:21.0578 0940 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:26:21.0593 0940 TDPIPE - ok
17:26:21.0640 0940 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:26:21.0640 0940 TDTCP - ok
17:26:21.0718 0940 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:26:21.0718 0940 TermDD - ok
17:26:21.0796 0940 tifmsony (72aaa3343af62e02ae37001eea5c9a0e) C:\WINDOWS\system32\drivers\tifmsony.sys
17:26:21.0796 0940 tifmsony - ok
17:26:21.0828 0940 TosIde - ok
17:26:21.0890 0940 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:26:21.0906 0940 Udfs - ok
17:26:21.0921 0940 ultra - ok
17:26:22.0015 0940 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
17:26:22.0031 0940 Update - ok
17:26:22.0187 0940 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:26:22.0187 0940 usbccgp - ok
17:26:22.0265 0940 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:26:22.0265 0940 usbehci - ok
17:26:22.0328 0940 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:26:22.0328 0940 usbhub - ok
17:26:22.0375 0940 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:26:22.0375 0940 usbprint - ok
17:26:22.0484 0940 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:26:22.0484 0940 usbscan - ok
17:26:22.0515 0940 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:26:22.0515 0940 usbstor - ok
17:26:22.0562 0940 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:26:22.0562 0940 usbuhci - ok
17:26:22.0671 0940 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:26:22.0671 0940 VgaSave - ok
17:26:22.0703 0940 ViaIde - ok
17:26:22.0765 0940 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:26:22.0781 0940 VolSnap - ok
17:26:23.0062 0940 w29n51 (7a4a198462fe786ee3ce80721a16f5a9) C:\WINDOWS\system32\DRIVERS\w29n51.sys
17:26:23.0234 0940 w29n51 - ok
17:26:23.0328 0940 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:26:23.0328 0940 Wanarp - ok
17:26:23.0437 0940 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:26:23.0453 0940 Wdf01000 - ok
17:26:23.0468 0940 WDICA - ok
17:26:23.0562 0940 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
17:26:23.0562 0940 wdmaud - ok
17:26:23.0671 0940 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:26:23.0718 0940 winachsf - ok
17:26:23.0921 0940 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:26:23.0921 0940 WudfPf - ok
17:26:23.0953 0940 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:26:23.0953 0940 WudfRd - ok
17:26:24.0046 0940 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:26:24.0187 0940 \Device\Harddisk0\DR0 - ok
17:26:24.0203 0940 Boot (0x1200) (f8e0dbafa283e319c2aeb5f0ebe4a3e4) \Device\Harddisk0\DR0\Partition0
17:26:24.0203 0940 \Device\Harddisk0\DR0\Partition0 - ok
17:26:24.0218 0940 ============================================================
17:26:24.0218 0940 Scan finished
17:26:24.0218 0940 ============================================================
17:26:24.0234 0932 Detected object count: 1
17:26:24.0234 0932 Actual detected object count: 1

#8 redwriter99

redwriter99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 10 November 2011 - 05:52 PM

Currently I still have on-screen the Kaspersky screen - "Threats detected: Rootkit.Win32.access.g service: KILF high risk"

I have not clicked 'cure' since I wasn't sure how to proceed.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:54 PM

Posted 10 November 2011 - 05:52 PM

Hi,

did TDSS offer you to remove the infected threat? If so please accept (but either before or after you finished uninstalling norton, not in between). If not please let me know and we'll try something esle.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 redwriter99

redwriter99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 10 November 2011 - 06:37 PM

It offered to 'CURE' the file.
I went ahead and clicked on 'Cure'; it ran through and had to reboot.
I am now running a full scan with Kaspersky, but it seems as though there are still items found.

Let me know if there is anything else to try, otherwise I can give you the rundown from the kaspersky full scan when it finishes.

#11 redwriter99

redwriter99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 10 November 2011 - 07:36 PM

Here is the post 'Cure' Kaspersky Full Scan Report.
Not everything was removed; some things were quarantined. Let me know what to try next. thanks again.

Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/5/2011 11:30:25 PM Task started
11/5/2011 11:47:29 PM Detected: Trojan.Win32.Patched.mf C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
11/5/2011 11:54:12 PM Detected: Trojan.Win32.Patched.mf C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
11/6/2011 12:03:04 AM Task completed
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 12:11:29 AM Task completed
11/6/2011 12:11:03 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:17 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:10:13 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:10:03 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:02 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:02 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 12:18:48 AM Task completed
11/6/2011 12:18:09 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:45 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:16:40 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:16:32 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:32 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:31 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 12:43:57 AM Task completed
11/6/2011 12:43:31 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:42:58 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:42:56 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 12:52:36 AM Task completed
11/6/2011 12:52:09 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:29 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:51:27 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:51:23 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:23 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:23 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 12:57:55 AM Task stopped
11/6/2011 12:56:55 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 1:38:29 AM Task stopped
11/6/2011 1:38:09 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 3:20:51 AM Task completed
11/6/2011 3:20:25 AM Detected: http://www.viruslist.com/en/advisories/46113 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/6/2011 3:20:19 AM Detected: http://www.viruslist.com/en/advisories/45584 C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
11/6/2011 3:17:23 AM Detected: http://www.viruslist.com/en/advisories/23655 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/6/2011 2:59:35 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 2:59:03 AM Untreated: Trojan-Dropper.Win32.Delf.jkq C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe Postponed
11/6/2011 2:58:58 AM Detected: Trojan-Dropper.Win32.Delf.jkq C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe
11/6/2011 2:57:27 AM Detected: http://www.viruslist.com/en/advisories/34269 C:\Program Files\slysoft\anydvd\anydvd.exe
11/6/2011 2:54:35 AM Untreated: Trojan.Win32.FakeAV.bijh C:\Program Files\Mozilla Firefox\null0.10817696368204033.exe Postponed
11/6/2011 2:54:33 AM Detected: Trojan.Win32.FakeAV.bijh C:\Program Files\Mozilla Firefox\null0.10817696368204033.exe
11/6/2011 2:45:58 AM Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/6/2011 2:38:48 AM Detected: http://www.viruslist.com/en/advisories/43269 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll
11/6/2011 2:34:36 AM Detected: http://www.viruslist.com/en/advisories/41917 C:\Program Files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/6/2011 2:19:29 AM Processing error: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35
11/6/2011 2:19:29 AM Untreated: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35/data0000 Postponed
11/6/2011 2:19:29 AM Detected: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35/data0000
11/6/2011 2:17:48 AM Untreated: Trojan.Win32.FraudPack.cmip C:\Documents and Settings\Carrie\Local Settings\Temp\nlkkyn.exe Postponed
11/6/2011 2:17:47 AM Detected: Trojan.Win32.FraudPack.cmip C:\Documents and Settings\Carrie\Local Settings\Temp\nlkkyn.exe
11/6/2011 2:17:44 AM Untreated: Exploit.Java.Agent.u C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/Main.class Postponed
11/6/2011 2:17:44 AM Detected: Exploit.Java.Agent.u C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/Main.class
11/6/2011 2:17:44 AM Untreated: Trojan-Downloader.Java.Agent.eq C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/AppletPanel.class Postponed
11/6/2011 2:17:44 AM Detected: Trojan-Downloader.Java.Agent.eq C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/AppletPanel.class
11/6/2011 2:17:36 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Postponed
11/6/2011 2:17:35 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/6/2011 2:17:32 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Postponed
11/6/2011 2:17:32 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/6/2011 2:17:26 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Postponed
11/6/2011 2:17:25 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/6/2011 2:16:40 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe Postponed
11/6/2011 2:16:38 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 2:13:35 AM Untreated: Trojan-Downloader.WMA.GetCodec.n C:\Documents and Settings\Carrie\Incomplete\T-3877627-Miley Cyrus- Breakout.mp3 Postponed
11/6/2011 2:13:34 AM Detected: Trojan-Downloader.WMA.GetCodec.n C:\Documents and Settings\Carrie\Incomplete\T-3877627-Miley Cyrus- Breakout.mp3
11/6/2011 2:01:04 AM Untreated: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/cooter.class Postponed
11/6/2011 2:01:04 AM Detected: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/cooter.class
11/6/2011 2:01:03 AM Untreated: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/border.class Postponed
11/6/2011 2:01:03 AM Detected: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/border.class
11/6/2011 2:01:00 AM Detected: http://www.viruslist.com/en/advisories/41917 C:\Documents and Settings\Carrie\Application Data\Microsoft\Installer\{721C0B3A-3E8E-445B-B81E-651699B87945}\easyprint_FPO.exe
11/6/2011 1:50:14 AM Task started
11/6/2011 1:48:45 AM Task stopped
11/6/2011 1:43:44 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062207.ini Postponed
11/6/2011 1:43:43 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062207.ini
11/6/2011 1:43:42 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062180.ini Postponed
11/6/2011 1:43:42 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062180.ini
11/6/2011 1:43:41 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062164.ini Postponed
11/6/2011 1:43:41 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062164.ini
11/6/2011 1:43:41 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062147.ini Postponed
11/6/2011 1:43:41 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062147.ini
11/6/2011 1:43:40 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062127.ini Postponed
11/6/2011 1:43:40 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062127.ini
11/6/2011 1:43:39 AM Untreated: Trojan.Win32.Patched.mf C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062106.exe Postponed
11/6/2011 1:43:39 AM Detected: Trojan.Win32.Patched.mf C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062106.exe
11/6/2011 1:43:39 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062107.ini Postponed
11/6/2011 1:43:38 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062107.ini
11/6/2011 1:41:42 AM Detected: http://www.viruslist.com/en/advisories/45516 C:\Program Files\quicktime\quicktimeplayer.exe
11/6/2011 1:41:35 AM Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files\microsoft office\office12\onenote.exe
11/6/2011 1:41:03 AM Detected: http://www.viruslist.com/en/advisories/34269 C:\Program Files\slysoft\anydvd\anydvd.exe
11/6/2011 1:40:42 AM Untreated: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe Postponed
11/6/2011 1:40:42 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 1:40:39 AM Detected: http://www.viruslist.com/en/advisories/40937 C:\Program Files\microsoft office\office12\winword.exe
11/6/2011 1:40:07 AM Untreated: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe Postponed
11/6/2011 1:40:07 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 1:38:58 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 8:55:39 AM Task started
11/6/2011 9:00:14 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 9:03:04 AM Task completed
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 9:18:25 AM Task completed
11/6/2011 9:18:01 AM Deleted: Trojan.Win32.Diple.coqt C:\Documents and Settings\Carrie\Local Settings\Application Data\e6a756f5\x
11/6/2011 9:17:50 AM Disinfected: Trojan.Win32.Diple.coqt HKEY_USERS\S-1-5-21-3797448573-3364105993-1231677288-1006\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
11/6/2011 9:17:46 AM Detected: Trojan.Win32.Diple.coqt C:\Documents and Settings\Carrie\Local Settings\Application Data\e6a756f5\x
11/6/2011 9:17:15 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 9:16:23 AM Deleted: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 9:16:23 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 9:16:23 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/6/2011 9:26:04 AM Task completed
11/6/2011 9:25:37 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/10/2011 6:03:18 PM Task stopped
11/10/2011 6:03:15 PM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 222, objects: , time: 00:00:00)
11/10/2011 6:15:26 PM Task started
11/10/2011 6:16:55 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/10/2011 6:17:00 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/10/2011 6:17:07 PM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/10/2011 6:18:19 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062105.sys
11/10/2011 6:18:19 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062105.sys Postponed
11/10/2011 6:18:19 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062126.sys
11/10/2011 6:18:19 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062126.sys Postponed
11/10/2011 6:18:20 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062146.sys
11/10/2011 6:18:20 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062146.sys Postponed
11/10/2011 6:18:20 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062163.sys
11/10/2011 6:18:21 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062163.sys Postponed
11/10/2011 6:18:21 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062179.sys
11/10/2011 6:18:21 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062179.sys Postponed
11/10/2011 6:18:22 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062206.sys
11/10/2011 6:18:22 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062206.sys Postponed
11/10/2011 6:18:23 PM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/10/2011 6:18:24 PM Untreated: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe Postponed
11/10/2011 6:18:24 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062223.exe
11/10/2011 6:18:24 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/10/2011 6:18:24 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062223.exe Postponed
11/10/2011 6:18:24 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe Postponed
11/10/2011 6:18:25 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062229.ini
11/10/2011 6:18:25 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062229.ini Postponed
11/10/2011 6:18:25 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062228.sys
11/10/2011 6:18:25 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062228.sys Postponed
11/10/2011 6:18:28 PM Detected: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062226.exe
11/10/2011 6:18:28 PM Untreated: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062226.exe Postponed
11/10/2011 6:18:28 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/10/2011 6:18:28 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe Postponed
11/10/2011 6:18:28 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/10/2011 6:18:28 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe Postponed
11/10/2011 6:18:29 PM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062270.exe
11/10/2011 6:18:29 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062273.sys
11/10/2011 6:18:29 PM Untreated: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062270.exe Postponed
11/10/2011 6:18:29 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062273.sys Postponed
11/10/2011 6:18:30 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062274.ini
11/10/2011 6:18:30 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062274.ini Postponed
11/10/2011 6:18:30 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062294.ini
11/10/2011 6:18:30 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062294.ini Postponed
11/10/2011 6:18:31 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/10/2011 6:18:31 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys Postponed
11/10/2011 6:18:32 PM Detected: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062271.exe
11/10/2011 6:18:32 PM Untreated: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062271.exe Postponed
11/10/2011 6:18:33 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062501.ini
11/10/2011 6:18:33 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062501.ini Postponed
11/10/2011 6:18:33 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062500.sys
11/10/2011 6:18:33 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062500.sys Postponed
11/10/2011 6:18:35 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062522.ini
11/10/2011 6:18:35 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062522.ini Postponed
11/10/2011 6:18:35 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062521.sys
11/10/2011 6:18:35 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062521.sys Postponed
11/10/2011 6:18:36 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062539.ini
11/10/2011 6:18:36 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062539.ini Postponed
11/10/2011 6:18:36 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062538.sys
11/10/2011 6:18:36 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062538.sys Postponed
11/10/2011 6:18:42 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062591.ini
11/10/2011 6:18:42 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062591.ini Postponed
11/10/2011 6:18:42 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062590.sys
11/10/2011 6:18:42 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062590.sys Postponed
11/10/2011 6:18:44 PM Detected: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062603.exe
11/10/2011 6:18:44 PM Detected: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062602.exe
11/10/2011 6:18:44 PM Untreated: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062602.exe Postponed
11/10/2011 6:18:44 PM Untreated: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062603.exe Postponed
11/10/2011 6:18:45 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062614.ini
11/10/2011 6:18:46 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062614.ini Postponed
11/10/2011 6:18:46 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062613.sys
11/10/2011 6:18:46 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062613.sys Postponed
11/10/2011 6:18:58 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062646.ini
11/10/2011 6:18:58 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062645.sys
11/10/2011 6:18:58 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062646.ini Postponed
11/10/2011 6:18:58 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062645.sys Postponed
11/10/2011 6:19:04 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062664.ini
11/10/2011 6:19:04 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062664.ini Postponed
11/10/2011 6:19:04 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062663.sys
11/10/2011 6:19:04 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062663.sys Postponed
11/10/2011 6:19:05 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063670.ini
11/10/2011 6:19:05 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063670.ini Postponed
11/10/2011 6:19:05 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/10/2011 6:19:05 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/10/2011 6:30:44 PM Detected: Exploit.Java.CVE-2010-0840.eh c:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\field.jar-6fc64319-75f244f5.zip/json/Parser.class
11/10/2011 6:30:44 PM Untreated: Exploit.Java.CVE-2010-0840.eh c:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\field.jar-6fc64319-75f244f5.zip/json/Parser.class Postponed
11/10/2011 6:40:39 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/10/2011 6:40:39 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Postponed
11/10/2011 6:40:40 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/10/2011 6:40:40 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Postponed
11/10/2011 6:40:40 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/10/2011 6:40:40 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Postponed
11/10/2011 6:49:00 PM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/10/2011 6:58:42 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/10/2011 7:05:51 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/10/2011 7:06:41 PM Detected: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:06:41 PM Untreated: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe Postponed
11/10/2011 7:09:07 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/10/2011 7:25:05 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/10/2011 7:26:55 PM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/10/2011 7:27:25 PM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/10/2011 7:27:47 PM Detected: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:27:57 PM Deleted: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe Written to report
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe Written to report
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Written to report
11/10/2011 7:27:58 PM Task completed

#12 redwriter99

redwriter99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 11 November 2011 - 07:04 AM

Everytime I run a Full Scan with Kaspersky,I still get 'threats detected' although the main warning has gone away. Because I still get threats detected, I'm guessing not everything has been removed. Let me know if you have any further suggestions. thanks again.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:54 PM

Posted 11 November 2011 - 09:47 AM

Hi,

we are a long shot from running out of ideas :)

As TDSSKiller has not work, please try (the real) ComboFix instead:

Please download ComboFix from one of these locations:

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 redwriter99

redwriter99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 11 November 2011 - 09:14 PM

Here's the log... Combifix ran twice - it rebooted and ran again. This is the log it gave me.
During the run it said I had a rootkit(?) issue. Thanks again for the tremendous help.

ComboFix 11-11-11.06 - Carrie 11/11/2011 20:45:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.706 [GMT -5:00]
Running from: c:\documents and settings\Carrie\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\Carrie\Local Settings\Application Data\e6a756f5\U
c:\documents and settings\Carrie\Local Settings\Application Data\e6a756f5\U\80000000.@
c:\documents and settings\Carrie\Local Settings\Application Data\e6a756f5\U\800000cb.@
c:\windows\$NtUninstallKB20397$
c:\windows\$NtUninstallKB20397$\2650556639
c:\windows\$NtUninstallKB20397$\3869726453\@
c:\windows\$NtUninstallKB20397$\3869726453\L\anxaqoaa
c:\windows\$NtUninstallKB20397$\3869726453\loader.tlb
c:\windows\$NtUninstallKB20397$\3869726453\U\@00000001
c:\windows\$NtUninstallKB20397$\3869726453\U\@000000c0
c:\windows\$NtUninstallKB20397$\3869726453\U\@000000cb
c:\windows\$NtUninstallKB20397$\3869726453\U\@000000cf
c:\windows\$NtUninstallKB20397$\3869726453\U\@80000000
c:\windows\$NtUninstallKB20397$\3869726453\U\@800000c0
c:\windows\$NtUninstallKB20397$\3869726453\U\@800000cb
c:\windows\$NtUninstallKB20397$\3869726453\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\dasetup.log
c:\windows\kb835221.exe
c:\windows\setup.exe
c:\windows\system32\
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\WindowsXP-KB893056-x86-ENU.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb904706-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
c:\windows\windowsxp-kb905915-x86-enu.exe
c:\windows\windowsxp-kb908519-x86-enu.exe
c:\windows\windowsxp-kb909667-x86-enu.exe
c:\windows\windowsxp-kb910728-x86-enu.exe
c:\windows\windowsxp-kb912919-x86-enu.exe
c:\windows\ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-10 19:32 . 2011-11-12 01:29 -------- d-----w- c:\documents and settings\Carrie\Local Settings\Application Data\AskToolbar
2011-11-10 19:08 . 2011-11-10 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AskToolbar
2011-11-10 19:04 . 2011-11-10 19:04 -------- d-----w- c:\program files\Ask.com
2011-11-10 18:13 . 2011-11-11 00:29 -------- d-----w- c:\documents and settings\Carrie\Application Data\Sammsoft
2011-11-06 05:25 . 2011-11-06 05:25 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-06 04:22 . 2011-11-12 01:56 -------- d-sh--w- c:\documents and settings\Carrie\Local Settings\Application Data\e6a756f5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-06 04:30 . 2006-03-02 06:22 98304 ----a-w- c:\windows\system32\igfxext.exe
2011-11-06 04:30 . 2006-09-03 02:37 368640 --sh--r- c:\windows\mspcl.exe
2011-09-18 01:02 . 2011-09-18 01:02 641021 ----a-w- c:\windows\unins000.exe
2003-12-05 00:16 69632 --sh--r- c:\windows\lnchshll.exe
2003-12-05 00:16 49152 --sh--r- c:\windows\ScrnInt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-05 282624]
"MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2002-09-27 135168]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2011-11-06 577536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-13 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2011-11-10 208616]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"DSFHost"="c:\program files\Staples\easyprint\dsfhost.exe" [2008-12-12 4026457]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
.
c:\documents and settings\Carrie\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-8-2 344064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-9-2 172032]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/15/2006 8:59 PM 47360]
S2 mspcl;mspcl;c:\windows\mspcl.exe [9/2/2006 9:37 PM 368640]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2009-06-30 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4228186276.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
2011-11-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{354543D2-CCE0-4AC1-936A-F8C844797D79}: NameServer = 4.2.2.1,4.2.2.2
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Carrie\Application Data\Mozilla\Firefox\Profiles\tlb0x2um.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-<NO NAME> - (no file)
SafeBoot-36080871.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 20:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1300)
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-11-11 21:07:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-12 02:06
.
Pre-Run: 31,972,163,584 bytes free
Post-Run: 31,520,329,728 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2FD39452C9E4932B82EE4DA90A8BC579

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:54 PM

Posted 12 November 2011 - 08:49 AM

Hi,

well this is looking rather reassuring :) Can you please run the following script with ComboFix:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Carrie\Local Settings\Application Data\e6a756f5


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Afterwards please run a scan with Kaspersky and let me know what it finds.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users